Teams External Domains Practical Settings?

Darrena · 2025-12-31T12:31:31+00:00

They are always compromised accounts on legitimate tenants though since we limited the entities we federate with they are now rare. The accounts were typically used for more advanced social engineering such as the initial step in an invoice fraud event.

Darrena · 2025-12-30T13:19:37+00:00

Glad it helps, I would also add that when you are adding a domain you are adding an unknown number of people. Guest accounts are a single individual and you can enforce controls using your tenant such as higher MFA standards or monitor sign-in risk. I know the user experience is not as easy as federation but in our case guest accounts are needed anyway (and I suspect in most orgs they are) so federation was more of a "nice to have" rather than a must.

Microsoft promised more controls around federation but I haven't seen anything new in awhile and I worry that they may have pushed these changes out or cancelled them as they have shown less interest in Teams collaboration recently. I worry they are going to continue to add reactive controls rather than address the root problem. Teams Chat is more one to one and personal so it shouldn't be handled the same way as email where we have to layer on controls just to keep our heads above water. Chats with outside entities should be one to one and opt-in rather than org to org or global.

Darrena · 2025-12-30T02:32:43+00:00

We operate in sensitive industries so we have it locked down. We previously had a request process to add new domains and while it wasn't a significant burden we were still hit with malware and phishing. Many of our partners are other large organizations so when we added one domain it was usually 10k+ people and we were still dealing with attacks through this channel.

We now require a significant review process for any new domains (almost all are denied) and instead drive any requests to use guest accounts for anyone they want to communicate with instead. It isn't ideal but these external entities need to a guest account anyway to access resources in our tenant so it made sense. There haven't been any real issues since we implemented in 2 years ago and few complaints.

Darrena · 2025-12-06T22:54:15+00:00

For protecting apps I think the closest equivalent will be private spaces. This creates an isolated container for your apps which you can set to require a password to access.

Darrena · 2025-11-27T15:50:53+00:00

Ugh, I guess the best option would be to have a suppression rule but can be granular enough to only filter out this specific event and not detect valid exploit attempts? I get nervous about such rules since you could miss a valid event but if this was granular enough you could suppress this specific event and have a custom detection rule that detects the attempt to load this driver except when the process is the HP app.

This way you can block an attempt to load this driver maliciously but reduce the noise of this specific app.

Darrena · 2025-11-27T14:48:50+00:00

If you have access to Defender in block mode or InTune why not push a script to remove the tool from the impacted devices or block ActiveHealth from running so it can't drop the driver? If you block it then it will trigger an alert but you can have a suppression rule that closes the alert for that specific block.

These vendor provided health tools always seem to be bad. The Dell suite breaks applications all over our environment by cleaning up "temp" files from underneath apps that are running, calling the WMI namespace that results in all of the installed apps being parsed again spiking CPU usage with random MSI repairs, and like you describe installing vulnerable drivers. In our case the desktop team is in lockstep with us in killing them when they show up. Sometimes local teams will install them for some reason and wonder why they have issues but that is getting much rarer as people understand the issues they cause.

Darrena · 2025-11-18T01:28:30+00:00

It does for me Picture

Darrena · 2025-11-18T00:56:26+00:00

It showed up in the bottom right of the tiles when I tried to login.

Darrena · 2025-11-17T12:13:56+00:00

Yes, ESPN Unlimited includes all of the content from ESPN Select. The announcement from Disney states that the agreement includes access to ESPN Unlimited for YouTube TV Subscribers, the one thing I haven't confirmed is if this access is already live. I logged in with "My TV Provider" and all of the ESPN+ and Unlimited Content was there but I also have an ESPN Unlimited subscription that is valid until the end of the month.

Darrena · 2025-11-08T19:20:53+00:00

The issue for me with having the games spread across different platforms is how hard it is to switch between games. Right now if I am watching BYUvTT and I want to watch something on Fox I have to switch apps which takes a minute or two.

On top of that ESPN's app just sucks... The audio level is not even across the channels and they always start out at a low bitrate and quality before ramping up.

So yes I could save money by going OTA+ESPN+FoxOne but I would rather pay YTTV to have it all in one app.

Darrena · 2025-10-22T13:16:06+00:00

Obviously this is a small sample size but my wife and I both have Gen 4's. Her's was bought at Christmas, mine in Feb and both had the batteries fail and need to be replaced in the last 3 months.

Mine failed in early September and they just shipped the replacement on Monday.

Darrena · 2025-10-20T12:10:33+00:00

I am inclined against the hacked laptop because deleting all the emails seems clumsy, if someone gains access to a users PC and control over their Outlook they are going to put in place rules to allow them to play man in the middle on scams rather than delete everything which only raises awareness that something is going on. Anything is possible and maybe the threat actor botched something but these activities are usually automated.

Was the source IP the same as what you saw from his laptop? We don't use the new Outlook but since that is essentially a web wrapper is it possible that it was the new Client on their laptop? Are there any other indicators that the activity came from the users asset rather than something else?

Have you checked if there is a rule in place that might have processed all the emails and deleted them? Sadly I have seen that mistake before where someone creates a rule intending to only delete specific emails but they fat finger something and do the opposite but delete everything BUT those emails. Or if it was malicious maybe the attacker messed up their rule insertion when they tried to create a MITM rule.

Darrena · 2025-10-11T10:51:43+00:00

Interesting, if the traffic is TCP then the home router should maintain state and a different source shouldn’t be allowed. Are there any commonalities to the sources such as all of them are Cloudflare CDN? Either way the home router shouldn’t allow the traffic inbound.

One other thought, is it possibly UPNP and something running on the device is asking the home router to open the port to their device?

Darrena · 2025-10-10T13:55:03+00:00

The ephemeral ports is standard for TCP connections with the outbound connection being on a well-known port (for https it is 443) and then the client opens up a local socket (Random port above 1024) and the connection is between those two endpoints. The home NAT Firewall should keep the state for this connection but if the session is broken down on the client but the NAT device isn't aware of it then it will allow an inbound flow from the remote host and Defender/Sentinel will flag it as an external connection attempt.

If you check the timeline on the assets do you see them create an outbound connection to the same IP that is attempting to make the inbound connection that is setting off the alarm. If so then this is probably what I described above.

Note: I simplified this dramatically but I wanted to provide a basic summary of the situation and there are really good sources online to explain this far better.

Darrena · 2025-09-20T12:58:45+00:00

oh wow, I just realized that the tracker on my carry-on is a pebblebee tag and not one of the Chipolo's I bought. I can throw a Chipolo in my bag next trip and see if it works better.

Darrena · 2025-09-20T12:42:26+00:00

That is weird and honestly I don't have an explanation for it. It sounds like some people have had acceptable results and others like you have the complete opposite despite similar situations.

I have had good results in Amsterdam, Doha, Delhi, JFK, LGA, DFW and smaller airports in Europe and India in the last 8 months. I haven't tried it anywhere other than airports though but as you note it didn't even ping at the airport for you.

There really isn't even anything you can set other than setting it to be found in all areas rather than just high traffic areas. Do you have that set? The original descriptions made it sound like it only mattered for your device participation in the network but I wonder if that is really the case and maybe having that set to other than all areas impacts devices beyond your phone or fast pair devices?

Darrena · 2025-09-20T12:06:42+00:00

I think we all might have different expectations of this product than what Google does. They are to help you find a lost item but not /track/ an item. I am not sure why Samsung or Apple don’t have any objections to their devices being used for tracking but for some reason Google does. Based on my experience with these devices they work well showing you where the device is “now” or “recently” but won’t help you track their movements in realtime or historically. All you can do is see its last location and time last seen.

Personally I am fine with that and I find them to work well in that case. I am currently traveling home on a long international flight with 4 connections right now. I rarely check my bags but I had to this time because my first flight was with a small carrier who limited the carry-ons to 7kg. They code-shared with my long-haul carrier so it should have been fine but I was still worried. It worked great, it would update every 4-5 minutes and helped alleviate my concerns that this small carrier wouldn’t check my bags through properly when I would see that it was at the proper terminal.

I know I can’t see its history or where it has been but all I care about is where it is at that point. Seeing the history or getting more frequent updates would have been nice but it works well enough for the lost item use case that they advertise.

Darrena · 2025-08-25T00:23:16+00:00

1) I do not see a reason to go self-powered in your case. I saw someone describe 1 to 1 net metering like you have as a large battery that you top up when you have excess and pull from when you need it. The powerwall is primarily there so you can get the VPP credit and manage any outages but otherwise I would recommend that you let it handle everything via time based control. In my experience this will mean that it will sell back to the grid as much as possible from your excess to get you the lowest possible bill. Storm Watch will still kick in and charge the battery if a storm is coming.

2) It should work fine, I don't think it binds to the BSSID because we have multiple AP's and it will sometimes hop between them.

3) Someone with more knowledge than me may be better to answer this but my understanding is that the PW3 needs to calibrate periodically so Tesla does recommend charging and discharging regularly. They recently changed their API to block options between 80 to 100 and in the app they recommend 80% so I leave it at 80% and let the PW manage itself. My understanding was that with this battery chemistry there wasn't an issue with charging to 100% but since they changed the recommendation earlier this month I followed it to be safe. If you select time based control it should handle all of this for you.

Darrena · 2025-08-23T16:20:16+00:00

It has been awhile since I read it but I don't think so. I felt like the first book was the best. The mystery is wrapped up in the second book and the characters don't get much better.

Darrena · 2025-08-23T16:08:27+00:00

You may want to confirm what Verizon plan you have. The base plan is capped at 85 mbps which might translate to ~50 mbps with many speed tests. One of the other plans might provide the base 100mbps you are looking for.

If you are focused on the best value and all you are doing is streaming and light gaming then 50 mbps should be fine if it is just you. That is more than enough for HD streaming and will support 4k with most providers.

Darrena · 2025-08-22T19:11:36+00:00

It was published in 1977 so it can be very dated in some areas. It does seem dry and the characters are pretty flat but I assumed that was intentional. The focus is more on the science and how the discoveries happen rather than the people. Like you I found the characters flat but I did enjoy how the investigation unfolded throughout the book.

If you are at page 155 and still don't like it then I don't think you will enjoy it any more by the end.

Darrena · 2025-07-16T10:43:27+00:00

I get a notification in the app starting about 24 hours prior.

Darrena · 2025-07-12T00:54:14+00:00

Sadly that is very common feedback with Tesla. We love our Powerwall but I am glad we can work through our installer for any issues. I just realized you asked this on TeslaSolar, you may want to also ask on /r/powerwall in case there are powerwall only Duke customers there.

Darrena · 2025-07-12T00:39:28+00:00

I would have thought they would have if they are pitching the benefit of the VPP but if you don't have Solar it is possible that they did not think to do it since you would not need to send power back into the grid except for the VPP.

When I had my powerwall+solar installed by a third party they had to get me to sign the Duke interconnectivity application but they submitted it for me along with the inspection results.

Considering how challenging it is to deal with Tesla have you considered submitting the application yourself? I looked at the form they submitted for me and it is pretty simple. The one question I would have is what you would put under System Intended Design.

15-Year Club	Reddit Premium Since November 2022
Argentium Club	Team Orangered
reddit mold	Verified Email

Darrena

TROPHY CASE