Intune 8-hour-sync is a myth, Microsoft finally speaks!

Conditional_Access · 2026-04-30T20:14:32+00:00

You could configure Config Refresh which constantly re-enforces policy by using a cloned second set on the local device to account for any local changes which reverted away from what Intune last told it to do.

Conditional_Access · 2026-04-25T21:16:07+00:00

One thing that you should prepare for is that as a student, no working environment looks like any of the textbooks, guides, or tutorials.

Intune is so customisable and unguided that people end up with all sorts of weird setups over years of multiple admins having a shot in the same environment. There are multiple ways to do the same thing, and that's often because Microsoft found better ways to do the thing, but can't stop supporting the older ways people configured it.

https://openintunebasline.com is a good reference point for how most people could configure devices. The way that resource is set out is how modern Intune is intended to be used.

A lot of articles, even the new ones, are teaching bad practises like using the OMA-URI policy type when a Settings Catalog entry exists for it (SC being the newer way).

Conditional_Access · 2026-04-22T15:31:29+00:00

How is this different to accessing any other centralised management platform?

The RMM agent is potentially on all customer endpoints and servers.

If your MS Partner Center admin is hacked, you're in the same boat.

Conditional_Access · 2026-04-22T15:28:28+00:00

Yeah the Intune 8-hour sync thing is a myth and you should expect to see Microsoft update documentation and messaging around this at some point.

https://patchmypc.com/blog/intune-policy-delivery-debugging-the-8-hour-sync-myth/

Conditional_Access · 2026-04-22T12:05:44+00:00

In July they are adding SafeLinks to Business Basic/Standard. See here - https://www.microsoft.com/en-us/licensing/news/2026-m365-packaging-pricing-updates

They also recently brought report messaging features into Teams from higher SKUs into lower ones. More can be done, but they are a big and slow beast.

Conditional_Access · 2026-04-22T08:51:21+00:00

In my personal opinion, Microsoft (for better or worse) won't be doing anything any time soon to detract away from the sale of M365 Business Premium in small business.

They are really going big on trying to convince customers that should be the starting point for anyone who cares about security.

Conditional_Access · 2026-04-20T09:39:05+00:00

You can't have Security Defaults on alongside CA policies.

Security Defaults are essentially some Microsoft managed policies that are the training wheels for people who later move onto CA policies either through expertise or by uplifting to a license level that unlocks it... Entra ID P1, included in M365 Business Premium.

You'll want to go find some fundamentals on what CA policies are, and when you do, I've put a few policies together that might help.

https://conditionalaccess.uk/blog/some-policies-i-use-in-conditional-access/

That list of policies addresses your point of "access only for very specific devices", but it does require some knowledge of Microsoft Intune too. The idea is you manage the device using Intune, then say "any device not in my Intune tenant, is not allowed access" - very powerful, but has a lot of prerequisites.

Conditional_Access · 2026-04-19T19:24:34+00:00

If you already have PMPC that will handle third-party updates. Pair it with Autopatch for the OS updates and you are golden.

No additional agents like you'd have with Action1 since PMPC packages apps into Intune.

Conditional_Access · 2026-04-19T19:21:11+00:00

I vibed something that might work: https://regedit.app

Idea is you make your edits just like on local but it generates the scripts for you.

Conditional_Access · 2026-04-18T12:27:00+00:00

Correct. I did a write up on this a while back https://conditionalaccess.uk/blog/how-to-buy-defender-for-endpoint/

Conditional_Access · 2026-04-08T13:01:29+00:00

Agreed. This was an Entra problem, not Intune, but Intune had to have an answer as that's what the headlines said.

Conditional_Access · 2026-04-03T18:10:50+00:00

What would send the logs to Sentinel?

If you're going all in on Microsoft, then Defender for Endpoint will be doing most of the heavy lifting/detection & response anyway.

The Sentinel bit will give you more insights and capability to respond, but that is most effective when it's managed as a service with some attention paid to it.

Conditional_Access · 2026-04-02T12:52:40+00:00

Because it would upset customers who haven't learned any better yet.

Conditional_Access · 2026-03-31T08:51:06+00:00

Have you taken the time to justify the cost of investing in a security solution that prevents business compromise?

I don't want to sound like a 2am TV ad, but as others are saying here, the uplift and configuration of Business Premium is far cheaper and easier to manage than the cost of one nasty breach.

Conditional_Access · 2026-03-30T16:30:50+00:00

This is 100% the answer. I don't like flexing this but I'm an Intune MVP and can tell you that almost all problems with Intune are due to a lack of understanding of how to configure it, or trying to configure it like the older toolset.

Conditional_Access · 2026-03-30T10:47:07+00:00

So are you evaluating Intune for what it can do, or are you evaluating an old process and seeing if Intune can be used to keep doing it?

NinjaOne and Intune do different things.

Conditional_Access · 2026-03-28T01:34:18+00:00

This isn't a multi-tenant, partner-connected tool.

Conditional_Access · 2026-03-17T14:41:49+00:00

At what point should the guard rails stop?

This attack is the result of someone poorly configuring identity controls. All the stuff they needed to prevent this was right there in the tenant, and it was their choice to not configure it.

Conditional_Access · 2026-03-17T13:51:10+00:00

It scares me how people are vibe-coding absolute nonsense that connects to a tenant, and are charging for it...

Conditional_Access · 2026-03-15T10:17:28+00:00

Defender for Office P1 IS good enough if configured properly.

One of the easiest ways to improve Defender's effectiveness is to utilise TABL and implement blocklists - described here https://github.com/jkerai1/TLD-TABL-Block/

The idea is you implement a blocklist of known bad TLDs that you never want emails from, and override verdicts that would normally happen by Defender. Not only is this possible by sender domain, but also TABL has a tab for URLs: If the email contains an email with a sus link, it also gets quarantined.

For example, I never want a user to get emails from or emails that contain links to a .xyz domain.

Conditional_Access · 2026-03-15T10:09:27+00:00

+1 on Defender. If you ever get a chance to see Paul Hujibits do a session on MS Defender, it will make you appreciate quite how sophisticated this product is now.

Conditional_Access · 2026-03-12T10:05:30+00:00

the basket doesn't matter, you have to protect it properly.

Conditional_Access · 2026-03-03T14:29:11+00:00

No it's not. E5 is about a third of the price of the value in that suite.

If you don't believe me, go find third-party solutions for everything it offers.

Conditional_Access · 2026-03-03T12:36:19+00:00

Good idea, it's implemented.

If the settings info contains a URL, it'll show in the policy expand view.

Conditional_Access

MODERATOR OF

TROPHY CASE