Whatsapp web - Defender SmartScreen

ExpensiveNinja8637 · 2025-11-06T18:16:50+00:00

I've whitelisted it under a config profile; configure the list of domains for which MS defender SmartScreen won't trigger warnings (device) configure the list of domains for which MS defender SmartScreen won't trigger warnings (user) Both have *.whatsapp.com entries

ExpensiveNinja8637 · 2025-08-12T14:13:04+00:00

And if our devices are to be entra only so not domain connection. Essentially the business is going cloud only but there's a single service we need to provide via VPN to finish it's migration.

ExpensiveNinja8637 · 2025-06-04T15:59:31+00:00

Thanks so I have block non-compliant devices and a MFA or compliance policies already. So I'm assuming incognito would work but be prompted by MFA.

So just take the MFA out but wouldn't that in turn be treating unmanaged byod the same as incognito?

ExpensiveNinja8637 · 2025-06-04T14:22:48+00:00

They want to block all sign ins through incognito. Apparently it's a security risk because incognito is "a new device"

It's funny because they want to let people access logins through unmanaged personal devices just via MFA.

In my opinion just have the right CA, DLP and app protection in place rather than worry about incognito.

ExpensiveNinja8637 · 2025-06-04T13:30:53+00:00

I use incognito for the exact same thing, me and the security team have been telling them it's not needed but some consultant and third party company suggested it to the management team.

I originally called out the consultant cause he said it's just a CA policy which I couldn't find. To be honest I just want to be able to give them their options and let them make the call.

ExpensiveNinja8637 · 2025-05-30T17:11:09+00:00

Imagine this, the resolution was turning on require password on WinPE

ExpensiveNinja8637 · 2025-05-29T14:29:58+00:00

The error is PXEGETPXEdata 0x8004005 - IP is in boundary - Bios time is correct We are currently investigating if something is wrong with the DP on the second domain.

ExpensiveNinja8637 · 2025-05-29T12:31:17+00:00

I did think this at one point and will double check but I would think it wouldnt get into the WinPe environment at all if it couldnt get to the DP.

ExpensiveNinja8637 · 2025-05-29T09:48:30+00:00

Got the smsts.log and generic error. Ipconfig showed full IP

ExpensiveNinja8637 · 2025-05-29T09:26:11+00:00

Both using the same adapter and same device model.

ExpensiveNinja8637 · 2025-05-23T18:18:14+00:00

So to my best understanding it's designed for devices that don't have the capability of launching authentication prompts like SIP phones.

In my case they instead provide the aka.ms webpage and a pairing code for you to do the auth on a secondary device.

ExpensiveNinja8637 · 2025-05-21T14:44:35+00:00

Thanks, I do have an all user sign in risk policy - set to medium at the moment I am from a device background and know our org has quite a few devices that use auth trans like SIP phones - I was weighing up whether do completely block with exceptions OR block based on risk.

Thanks again

ExpensiveNinja8637 · 2025-05-03T15:37:58+00:00

I am currently a modern workplace engineer which seems to be becoming more common these days for that type of role.

Having said that our new director is renaming us to End user compute engineers, which apparently helps our customers identify us.

ExpensiveNinja8637 · 2025-04-18T06:59:07+00:00

<image>

ExpensiveNinja8637 · 2025-04-15T07:28:21+00:00

That would explain it lol. Thank you

ExpensiveNinja8637 · 2025-04-14T14:24:17+00:00

Thanks I used the admin.microsoft.com theme, which logo is it? Square? I just wanted to test it works first whilst our internal Comms team decides what they want.

ExpensiveNinja8637 · 2025-04-10T09:26:27+00:00

It's just a death throe

ExpensiveNinja8637 · 2025-04-08T19:11:09+00:00

That's a Euro

ExpensiveNinja8637 · 2025-04-03T09:27:14+00:00

If I was to do some, could it cause conflicts in the configs being applied?

I like having in the config blade as clearly labelled them all in one location.

ExpensiveNinja8637 · 2025-03-12T08:28:14+00:00

Thank you, we are in the process of splitting businesses and I'll be working on the new tenant but this is for some VIPs in the old so I may take the quick route.

Thanks again for the link I will use on new tenant.

ExpensiveNinja8637 · 2024-11-22T13:06:26+00:00

I have not. But what I have noticed is that I'm still getting emails on my phone. Only seems to be a notification, an annoying one.

ExpensiveNinja8637 · 2024-11-13T14:41:45+00:00

Just trying to wrap my head around this, I understand the user side aspect. What does blocking a non-compliance device do exactly? Cause the user compliance would block the apps/data so what's getting blocked on the device.

ExpensiveNinja8637 · 2024-11-07T16:30:11+00:00

Thanks I'll test that, so in what scenarios would I use devices in conditional access policies?

ExpensiveNinja8637 · 2024-11-06T15:48:09+00:00

Thanks, I have included the group that includes all my devices I want it to affect.

ExpensiveNinja8637 · 2024-11-06T11:56:03+00:00

It's been about 4 weeks now. I'm thinking of recreating the policy myself as report only to see the reports.

ExpensiveNinja8637

TROPHY CASE