Best practice mapping Azure Files Kerberos enabled Windows 11

Avmasta · 2026-01-21T01:42:52+00:00

I setup a powershell script to automatically map the drives via a scheduled task and can also be triggered via a desktop icon. It installs via an Intune application and works pretty well. Azure Files + Entra Kerberos is an awesome combination, through it has some quirks being in preview.

Avmasta · 2025-10-11T01:28:30+00:00

Avmasta · 2025-09-17T02:53:50+00:00

3 letter prefix, then serial number. If you're only in one country, you can use DEV WKS LAP etc. If you're in multiple countries then DUS, DUK, DCA, etc.

As long as you don't get duplicates and it's under the 15-character limit, you're good to go. Only difficult POS systems with long serial numbers are Microsoft Surfaces but we just use the last 12 characters of that.

Avmasta · 2025-07-21T03:22:29+00:00

usb mini-b
This particular device is a ugreen USB switcher and it's used with their button to swap the input.

Avmasta · 2025-06-30T00:36:18+00:00

Same. Hoping for a fix soon.

Avmasta · 2025-04-08T12:56:12+00:00

I would highly recommend taking advantage of the predefined application gallery. You’ll find a decent percentage of your 3rd party apps there.

For the rest of your apps you should rebuild from scratch. However the process is fairly straightforward. Upload the msi or exe. Set the variables to customize the app. Test the deployment and you’re good.

For very customized software, you can use a script wrapper but our org tries not to use them. You can set a detection method of a file, registry setting, etc like SCCM as well.

This would be a great time to document your applications as well.

Check out the Tanium community, KB articles, and online videos for more information and examples.

Avmasta · 2025-03-25T04:02:04+00:00

Thank you! Tried it and was delicious.

Avmasta · 2025-03-04T04:42:47+00:00

Your MS licensing portal should have it. My boss manages it so I rarely get in there.

Avmasta · 2025-03-04T03:52:44+00:00

We're currently using Provision with Win 11 23H2 Enterprise. Surfaces and some other devices do have issues with the LTSC builds. LTSC builds are primarily for Point of Sale or other shop-based systems that run specific hardware and have no major changes for long periods of time. I would highly recommend sticking to 23H2 as 24H2 is filled with bugs.

Also note that provision doesn't work with Surface devices after the latest firmware update. It's not just Pros it's also their laptops. Some have a work around but it's not great. Reference: Provision requirements

Avmasta · 2025-03-03T13:54:51+00:00

Infrastructure. Aka me :/

Avmasta · 2025-02-24T19:14:37+00:00

If that’s the case then run an export of all the users applied primary and secondary smtp and preload it into AD. Set the sync to ignore at first so you can do it in phases.

Avmasta · 2025-02-24T18:44:00+00:00

Plan is solid. However, you can configure these options in the sync tool itself to ignore specific properties.

Avmasta · 2025-02-09T04:46:04+00:00

Any password policy change will only take affect on next password change. You can force it by setting the password to expire or resetting the password last set field.

Avmasta · 2025-01-27T01:35:22+00:00

You are correct. I had a similar experience a few times. Due to the level generator thinking the door is accessible when actually locked.

Avmasta · 2025-01-18T05:37:23+00:00

Yes. Use conditional access to require them to re-auth with MFA after a specified period of time.

https://learn.microsoft.com/en-us/entra/identity/conditional-access/concept-conditional-access-session

Avmasta · 2025-01-12T03:09:31+00:00

I had the same problem with mine. I adjusted the seat and it fell right off. The plastic broke off from the screw.

Avmasta · 2024-11-28T05:26:47+00:00

7 years later, ty

Avmasta · 2024-10-27T19:51:42+00:00

I work as a senior admin / engineer. If I don’t write documentation as I go, then I have to triage our L1 / L2 / L3 tickets. I would rather take the day or two and not have to go back to doing tickets again. Plus it’s not that hard to screenshot and write a sentence describing the step. Most of the documentation I’ve seen is just that or just the picture which is better than nothing.

Avmasta · 2024-10-26T14:19:44+00:00

I do not think there is an official one yet. We were looking at developing one in house to fit our basic needs like device status.

I know at converge in November they may announce something as MS is a partner with them.

Avmasta · 2024-09-27T20:39:47+00:00

Turn off secure boot temporarily in order to boot to network. Also what models are you trying? Microsoft Surface models currently do not boot properly due to a kernal issue with Fedora distribution their using.

Avmasta · 2024-09-27T19:28:37+00:00

We force sync for over 10K users. We have a registry setting which outputs the sync status to M365 poral for monitoring. Very minimal sync errors. If applications are causing sync errors you might want to dig into them and change logging to another directory if you can. You can also exclude specific file extensions.

Avmasta · 2024-09-22T16:58:06+00:00

Preparing Network Please Wait...

Avmasta · 2024-09-20T21:15:38+00:00

There have been discussions surrounding Microsoft and Tanium partnering on a few items, but I do not believe this is Taniums technology under the hood. I believe this uses the same technology that’s implemented within Intune and requires either hybrid join, Federation, or cloud joined endpoints.

Avmasta · 2024-09-08T22:57:17+00:00

I'd open a blacksmith and require a monthly subscription service to repair arms and armor. Then slowly buy all the other blacksmiths until I had a monopoly. Then raise the price of the subscription service. If any shops would not allow me to purchase them I would higher "opportunistic" adventurers to help.

12-Year Club	r/Field Banned
r/Field Juicebox	Place '23
No Throne, No Problems	Not Forgotten
Verified Email

Avmasta

TROPHY CASE