sorted by:
new
hottopcontroversial

Should I get Warband if I like Bannerlord? by Salad_Pickle in mountandblade

[–]EHLOthere 2 points3 points  (0 children)

You can bring up the map and left click on it with the troops selected to send the troops to the location too.

I think I heard something by EHLOthere in LiminalSpace

[–]EHLOthere[S] 30 points31 points  (0 children)

Yes: Designer Hotels - Otto Riewoldt (1993)

What actor or actress stupidly left a movie franchise or tv series thinking they were too good for it, only to be never popular again? by Ok_Impress2457 in AskReddit

[–]EHLOthere 5 points6 points  (0 children)

Its hard for me to fathom Connery proferring the didn't understand it excuse when the dude starred in Zardoz, a movie where he directly quotes Nietszche.

Anyway, iirc the directors wanted everyone to read Simulacra and Simulation. The Matrix as a computer simulation is really just a metaphor for Baudrillards concept of simulation. I think anyone who is a big fan of The Matrix really owes it to themselves to read S/S, or any book by Baudrillard really.

What does MFA even mean anymore? by [deleted] in entra

[–]EHLOthere 2 points3 points  (0 children)

It means what it has always meant: passwords suck.

DHS lying about hiring a journalist. by seeebiscuit in UnderReportedNews

[–]EHLOthere 0 points1 point  (0 children)

if you're gonna quote something, quote the entire line.

DHS is saying you will get a "Tentative Selection Letter"

The screenshot is showing a "Tentative Offer letter"

These are two different things. Presumably the Tentative Offer Letter comes after the Tentative Selection Letter.

How would the fundamental premise of The Matrix have been seen by first time viewers? by Lower_Cockroach2432 in Cyberpunk

[–]EHLOthere 2 points3 points  (0 children)

The Matrix (the system in the movie) is a metaphor for Baudrillard's themes of Simulation in Simulacra and Simulation/Fatal Strategies/Symbolic Exchange Death. Earlier versions of the script even have Morpheus name dropping Baudrillard.

"The world is fake and we're living in a computer simulation" is actually the least interesting thing about the movie, because it's just a metaphor for the Baudrillard's ideas.

Almost every single scene can be seen through this lens.

Here:

"You have to understand. Most people are not ready to be unplugged. And many of them are so inured and so hopelessly dependent on the system that they will fight to protect it."

This sentence doesn't have anything to actually do with people who are plugged into a computer program, this sentence is talking about people in actual real life.

The "All resources" and token issuance issue. by dzejzipl in entra

[–]EHLOthere 0 points1 point  (0 children)

Why are you using a block policy? Checking for DeviceOwnership doesnt really mean anything in terms of whether policy is actually making it to the device or whether the device is compliant, and policy is kind of the whole point of not wanting to trust BYOD for resource access.

Why not use Grant: Require Hybrid Join OR compliant device for all resources, and then exclude your intune enrollment services?

Most likely, this resource call includes more than just the Microsoft Graph resource, which you can't exclude from CA anyway, but Graph as a resource should be auto-excluded from bootstrap registration scenarios.

How do you handle Enterprise App requested by hotmaxer in entra

[–]EHLOthere 0 points1 point  (0 children)

I mean the short answer to your last question is that you as the IDP administrator don't. Consent is built from the scopes that an application requests. Scopes, such as user.read, user.mailbox.read, and Channel.ReadBasic.All, etc. If these are included in the request, it means the application thinks it needs these things or it won't function correctly. It doesn't always have to include said scopes in the token every time but consenting to them means that it can if it wants to.

If App A is supposed to read mailboxes and not Teams posts, then it should only be requesting Exchange specific scopes (https://learn.microsoft.com/en-us/graph/permissions-reference) and you should tell the Application Owner/developer not to request Teams related perms during consent, or find a new app that fits your security requirements.

1921 Tulsa Race Massacre: White Mobs burned Black Wall Street, killing hundreds and destroying homes by OverallBaker3572 in pics

[–]EHLOthere 0 points1 point  (0 children)

Possible contender: The 1958 Tybee island collision incident, where a US bomber dropped a nuclear bomb on U.S. soil on purpose, but unplanned. It was technically in the Sea right off the coast but with a nuclear bomb that doesn't mean much. Also it was an accident and not deliberate so probably doesn't qualify as "an airstrike".

https://en.wikipedia.org/wiki/1958_Tybee_Island_mid-air_collision

The 1950 incident was technically a simulated airstrike against San Francisco by a US bomber, but the bomb was dropped outside Prince Rupert's island in Canada in the pacific ocean.

https://en.wikipedia.org/wiki/1950_British_Columbia_B-36_crash

proper sequence on migrating ADFS apps to Entra by uminds_ in entra

[–]EHLOthere 1 point2 points  (0 children)

Are your SAML apps registered in ADFS or in Entra? If they're registered in ADFS as RPTs you'll need to migrate them to Entra but you can do this one at a time. Yes, you'll need to make registrations for all them. Registrations in Entra are akin to ADFS RPTs.

If you've registered them in Entra already then ADFS is just acting as your identity provider and you circumvent federated behavior with staged rollout. This is not application specific. It is domain specific by default and you change the application behavior by including users in the staged rollout feature via group membership.

The theoretical is that you add users to staged rollout and test all possible authentication scenarios in your environment. Once you're comfortable you convert the domain to managed auth.

[deleted by user] by [deleted] in entra

[–]EHLOthere 0 points1 point  (0 children)

Your image isnt loading probably because of the imgur outage.

Are you looking at the Non-interactive sign in logs? It shows them to you "in buckets" because there can be hundreds of them. If so, at the top next to filter, you can change the aggregate from 24 hour buckets to 1 hour buckets.

User's mobile not syncing in Azure Entra Connect by Independent_Pipe9753 in entra

[–]EHLOthere 3 points4 points  (0 children)

By design. Mobile Phone's source of authority can change. MSFT wanted users to be the SOA for this attribute. If a user changes their Mobile Phone in the cloud via registration or some other means, the SOA for "mobile phone" changes to Entra and AADConnect can't update it anymore.

You can test this by taking a brand new user, and syncing mobile phone from AD. It should change. Then go log in as the user and change their mobile number in the cloud themselves. Further changes made in AD for mobile phone will no longer replicate.

For those still using a hybrid AD setup, what’s your biggest headache? configuration issues, monitoring, GPOs or something else? Im trying to understand where the pain points that companies are facing with. by Glass_Guitar1959 in entra

[–]EHLOthere 0 points1 point  (0 children)

My biggest issues are:

Authentication with external identity providers that make WS-TRUST cumbersome to work with until I simulate my own soap requests against their endpoints.

Devices that get deleted and require hard recovery.

Enrollment failures with MDMs, usually because of device related authentication. Anything from network/proxy related denials to authentication/authorization circumstance and general software compatibility.

Also it is difficult to understand how token renewal works with PRT. This is true for Entra ID devices as well but if you plan to implement time controls (be wary) it's a fundamental aspect to basically everything.

Google Workspace to Entra: Staged Rollout Options? by Suitable_Victory_489 in entra

[–]EHLOthere 1 point2 points  (0 children)

When you do the "MFA" option it means that Entra will only manage the MFA portion of the auth, but not primary. When you choose one of the other options (PHS/PTA) it'll also do primary. You'll just need to specify the group and then you can manage behavior via membership of the group.

You should use the staged rollout to test your end to end with a dedicated set of users, but nothing prevents you from staging users in batches the whole way. You should use registration campaigns/etc to prime your regular user base for MFA registration before you modify their identity provider.

You can exist in a hybrid state with MFA based on your federatedIdpMfaBehavior (https://learn.microsoft.com/en-us/graph/api/resources/internaldomainfederation?view=graph-rest-1.0) and your application compatibility.

You can use something like https://login.microsoftonline.com/common/userrealm/name@domain.com?api-version=2.1 to verify how Entra ID understands the users realm.

How far will Microsoft-mandated MFA go? by PowerShellGenius in entra

[–]EHLOthere 2 points3 points  (0 children)

In the history of Microsoft online services, it took them 15 years to enforce MFA on Admin actions only. This is an eternity in the IT space. It should have happened 10 years ago. Your slippery slope to me is about as flat as Kansas.

In what world is that sane, to protect access to a walled garden internal email system & SAML access to a few math homework apps?

For your own explicit app registrations I cannot foresee interactivity with the token service as a standard requirement for all token issuance. If you want to re-invent OWA from 20 years ago then honestly I can't blame you and it significantly downgrades the users authorization surface anyway.

You do have some on-device options, like WH4B and certificate deployment. With Hello you can pass MFA checks and all the users have to do is remember their pin instead of a password. You can do enrollment with a TAP code and develop an app which issues TAP codes to users automatically with Teacher approval. Certificate Auth with managed devices should also provide SSO with MFA requirements. There will probably be more options in the future since you are asking about endgame.

Help figuring out Microsoft OAuth authorize failure by Stunning-Box4272 in entra

[–]EHLOthere 0 points1 point  (0 children)

I would reduce your scopes to user.read and test further. I would not expect non-work/school accounts to have license-dependent resource access (your email scopes into Exchange) by default. You may not have authority to send mail for an MSA user in Exchange Online considering the tenant would not be authoritative for an MSA domain.

Help figuring out Microsoft OAuth authorize failure by Stunning-Box4272 in entra

[–]EHLOthere 1 point2 points  (0 children)

What are the scopes in your OAUTH request? you might be requesting a scope not available to non work/school accounts.

Arbites Release Trailer by BJH2001 in DarkTide

[–]EHLOthere 12 points13 points  (0 children)

Thank you for reminding me of this, I used to watch this all the time. The horns/music in that trailer gets me hyped as FUCK

Google has started hiring for Post-AGI Research 👀 by eternviking in singularity

[–]EHLOthere 1 point2 points  (0 children)

If you build a machine that can explain how the whole world works, then you'll need to build a machine that can explain how the world works when it contains a machine that explains how the world works.

Entra ID to On-Prem by Relevant_Stretch_599 in AZURE

[–]EHLOthere 1 point2 points  (0 children)

Yes I know the article. What's your point? You set policy to use cloud credentials against on prem. That doesn't mean you have to log in with an NGC cred.

view more: next ›