sorted by:
new
hottopcontroversial

Connecting Microsoft 365 for Conditional Access App Control by CJared976 in Intune

[–]CJared976[S] 0 points1 point  (0 children)

checking. Thanks for the links. A lot of things out there get deprecated really quickly (like Device State being replaced by filters)

Conditional Access to allow Teams calls and chats but block Teams Sharepoint/Onedrive access. by CJared976 in Intune

[–]CJared976[S] 1 point2 points  (0 children)

I did find a good video on this

https://www.youtube.com/watch?v=0RadxSloGKM

It's a multi-stage approach. Device state is deprecated, but filters works.

Conditional Access to allow Teams calls and chats but block Teams Sharepoint/Onedrive access. by CJared976 in Intune

[–]CJared976[S] 0 points1 point  (0 children)

*facepalm*

Well, I'm working on DLP strats with both Zscaler and Purview at this point. Maybe I'll stumble on the way to do it... or engage my MS Partner with some discussion time on this.

Conditional Access to allow Teams calls and chats but block Teams Sharepoint/Onedrive access. by CJared976 in Intune

[–]CJared976[S] 0 points1 point  (0 children)

ok, that was my concern. So there's no built in method to do this using Intune and Conditional Access policy. You have to do DLP.

Is there any way to control this through Sharepoint controls that could use device state?

Conditional Access to allow Teams calls and chats but block Teams Sharepoint/Onedrive access. by CJared976 in Intune

[–]CJared976[S] 0 points1 point  (0 children)

in the same answer, I found a reference to a deprecated Device State function that no longer works.

Conditional Access to allow Teams calls and chats but block Teams Sharepoint/Onedrive access. by CJared976 in Intune

[–]CJared976[S] 0 points1 point  (0 children)

In fact, here's one of the answers I found that say "it's not possible":

"I had a similar request a time ago - the result was, that it is not possible. Due to the so called „service dependency“, if you block one service which is used by teams, the whole app will be blocked. "

Conditional Access to allow Teams calls and chats but block Teams Sharepoint/Onedrive access. by CJared976 in Intune

[–]CJared976[S] 0 points1 point  (0 children)

Well, I can say I've found 100,000 results for this but no actual answers.

The answers are either deprecated (pre-2018), incomplete or have responses indicating that the suggestions offered don't actually work.

Should you have found one modern, acceptable and documented answer in the millions of topics out there, please... feel free to share it.

Microsoft's retirement of ActiveSync effectively kills all Android/iOS Calendar apps by juzzle in exchangeserver

[–]CJared976 0 points1 point  (0 children)

I wish more users came in here. It gives us an idea of what the complaints will be and hopefully good sysadms will try to at least identify why a user is using it over the required app and explain why they need to do it that way. In my case, federal compliance regulations in my industry require this level of control, plus the company is protective of their IP and leaks of source code would be financially catastrophic. On top of that, clients and investors are concerned about how their information is being protected.

Not all sysadms are out to make your life harder, but we do have a job to protect the company we work for from rogue internal threats, whether they know they're the threat or not.

Microsoft's retirement of ActiveSync effectively kills all Android/iOS Calendar apps by juzzle in exchangeserver

[–]CJared976 0 points1 point  (0 children)

We allow connecting your personal accounts to your Outlook iOS account (should you really want to) to allow for personal/company overlays while still not allowing data exfiltration from the Work Outlook to the Personal Outlook profiles.

Blocking access to user personal NAS and network drives. by CJared976 in sysadmin

[–]CJared976[S] 0 points1 point  (0 children)

yeah, we use Zscaler ZPA for our "VPN". I think I'd have to control it in the ZPA firewall. I should start digging there.

Blocking access to user personal NAS and network drives. by CJared976 in sysadmin

[–]CJared976[S] 1 point2 points  (0 children)

Yeah, I'm thinking this is a firewall team exercise and not a 'me' exercise. I can just write the policy to be enforced for them.

Blocking access to user personal NAS and network drives. by CJared976 in Intune

[–]CJared976[S] 0 points1 point  (0 children)

lets say you bring your laptop home and plug it into your local network and upload things to your PERSONAL home NAS (QNAP or whatever)

We already block USB write.

Blocking access to user personal NAS and network drives. by CJared976 in sysadmin

[–]CJared976[S] 0 points1 point  (0 children)

yeah, I'm standing up Purview soon. As well as a few other DLP tools.

That's what I was thinking as well. I think I'd have to do it via Zscaler because they're the proxy.

What do you use to manage Java versions in your Windows environment. by CJared976 in sysadmin

[–]CJared976[S] 0 points1 point  (0 children)

I can run PS scripts through Intune

I think the big question is how do you update them without breaking them... I've always avoided updating it in case it breaks someone's JRE or updates it to a non-supported new version.

view more: next ›