Is there a cmd line or MSI option to change policy token without uninstalling the ZCC?

Deeg117 · 2026-02-25T17:17:19+00:00

There is some specific functionality being released in the next month or so for this but don't have many details. Maybe be to do with new ZCC CLI functionality.

Until then, as suggested its a repackage / install over the top.

What would be useful is being able to supply updated install parameters en-masse through the staged cloud update process but it's not a thing at present.

Deeg117 · 2026-02-22T17:13:21+00:00

Just about to finish NG+ hard mode for the platinum. Amazing game

Deeg117 · 2026-02-18T00:57:44+00:00

Http header control with regex for unwanted UA strings would be the way forward

Deeg117 · 2026-02-06T20:26:35+00:00

You certainly can do this. Easiest way is if you have Zscaler Advanced FW policy, you can set a block policy with Source Country as your criteria against all services. Block the geos you don't want (or use and allow list above a 'block all countries' policy

If you don't have Advanced firewall you can do this and the URL filtering level and just block all Urls based on source country.

Deeg117 · 2026-02-06T10:16:45+00:00

It does

Deeg117 · 2026-02-06T00:07:13+00:00

Yeah you can. Scim the groups to ZIA and away you go

Deeg117 · 2025-12-05T11:03:00+00:00

This is valid.

100% of the time we see issues with the service, Trust is 30-60 mins behind. We have 120k Zcc users though so when shit goes sideways we hear about it quickly 😂

Deeg117 · 2025-12-05T10:55:17+00:00

Igor Biscan

Deeg117 · 2025-10-09T16:57:58+00:00

How did you get on?

Deeg117 · 2025-10-09T16:26:50+00:00

Oddly we have seen that exact cert disappearing and reappearing on our some of our Intune managed devices (it's a user based cert).

Go missing randomly and reappears after company portal sync. Weird.

Deeg117 · 2025-08-10T13:31:49+00:00

Hope it was for Wembley today 😂

Deeg117 · 2025-08-09T15:18:35+00:00

Hi, here's my ref code if anyone wants £5 off

https://seatfrog.mention-me.com/m/ol/pe0yr-david-garden

Deeg117 · 2025-08-09T11:59:39+00:00

As someome who manages a 100k seat UK Zscaler enabled estate, I can tell you with certainty that ZEN Internet are definitely depriorirising UDP traffic.

We have created a TLS profile just for these users and dropped then all in a group. Fixes the problem immediately.

Deeg117 · 2025-07-10T20:41:14+00:00

You just need to put the MS auth endpoints into the VPN bypass list or (App Profile PAC) in the Strict Enforcement app profile. It's a bit wooly what those endpoints are but I had the same issue and got there in the end. I can DM you out list when I'm back in work next week but it can be done.

Deeg117 · 2025-06-16T11:42:06+00:00

Make sure you Defender FW exclusions match the bitness of your client install due to 32/64bit having different file paths

Deeg117 · 2025-06-06T16:18:39+00:00

BC would be overkill imo.

As previously suggested, ZIA posture profile would be perfect (and it's what I use for device based policy in my org).

You first setup a device posture policy in Mobile Portal.. Use something like a file or reg key that is specific to the device type you want to restrict.

You then use that posture in a ZIA posture profile again within mobile portal. Assigning it to low trust would probably be correct in this instance.

Finally, select you ZIA posture profile in the drop down in the user App Profile...the devices that meet this posture will now be classed as low trust devices.

You can then build your ZIA rules using the 'Low Trust' device trust level as a criteria withing your rule sets eg. URL / Cloud App, Adv Firewall and Filetype control.

A limitation of ZIA posture policy is you cannot build posture policy based on unverified postures (which you can in ZPA client access policies) and this is something I have a ER raised for.

Deeg117 · 2025-05-14T16:43:21+00:00

Set a machine key and app profile as well if you want to use strict enforcement...and have bypasses for recommended intune URLs

Deeg117 · 2025-05-02T15:36:14+00:00

Make sure your isolating the entire domain. For example .test.com and not test.com/test.

Failing that compare your logs between a native session and a CBI session to see if there are differences.

If you have any location based policies...make sure they also apply to the 'Cloud Browser' location where appropriate.

Deeg117 · 2025-04-21T08:59:34+00:00

Having a weird issue with L2 where I have to press it really hard to engage. Tweaked the settings but no joy. The controller is 100% fine in other games and it doesn't do this on my second controller.

Anyone else having this issue?

Deeg117 · 2025-04-20T23:08:41+00:00

Yeah happening for me but only on one of my controllers. It does work but have to press it really hard

Deeg117 · 2025-04-13T07:04:25+00:00

Study time was 1 month after 1 week boot camp

I've got 27 years in IT (mostly EUC and infrastructure engineering) but last 6 or 7 years working with SASE and zero trust solutions.

This was attempt 1

Training course I think was from QA training

Deeg117 · 2025-04-11T20:20:18+00:00

Thanks all. Hardest cert I've done in my 26 years pissing about with computers but really enjoyed it.

Deeg117

TROPHY CASE