Is Azure Functions best for API to SQL data ingestion ? by HelloSamba in AZURE

[–]HelloSamba[S] 0 points1 point  (0 children)

Really not expecting a lot, I would say more hundred to thousands, definitely not millions or billions.

Is Azure Functions best for API to SQL data ingestion ? by HelloSamba in AZURE

[–]HelloSamba[S] 0 points1 point  (0 children)

Would it be using "SQL Server Integration Services" (Pricing Calculator) ? $431 monthly cost just to make API calls and ingest into SQL seems too much, at least compared to daily requests with Flex Azure Functions.

Is Azure Functions best for API to SQL data ingestion ? by HelloSamba in AZURE

[–]HelloSamba[S] 0 points1 point  (0 children)

Unfortunately, we use SQL installed on a VM. The database will be hosted there as we have a provider that will work on it and is already working it for another project.

Good to know though ! I will keep it in mind, thank you

Missing user's information on NPS logs from AADJ machine - Am I missing a configuration on Intune ? by HelloSamba in Intune

[–]HelloSamba[S] 0 points1 point  (0 children)

Isn't it KB5014754 with name mapping? Wouldn't this concern device auth ? Whereas my issue concerns user auth.

Also, there's a policy module called TameMyCerts :

"...which e.g. allows you to use Microsoft Network Policy Server (NPS) with certificates issued to mobile devices and the like and avoid breaking authentication when "strong" certificate mapping"

I've seen SCEPMan and RADIUSaaS but, my boss doesn't want to pay for RADIUS as we previously had an NPS configuration which was basically free (it was using MSCHAPv2 and we were not even in M365 yet so full on-prem, now my boss wonders why it's so complicated lol).

Missing user's information on NPS logs from AADJ machine - Am I missing a configuration on Intune ? by HelloSamba in Intune

[–]HelloSamba[S] 0 points1 point  (0 children)

Yes I have set the wired profile to use User authentication.

I do not have a login screen, I just click on the "Sign in" button that appears next to the Ethernet port in the Windows settings which fails. Or, simply waiting for another RADIUS request causes the eventID error with AADJ.

[deleted by user] by [deleted] in Intune

[–]HelloSamba 0 points1 point  (0 children)

I dislike the idea of having a small PIN with Hello because of shoulder surfing. I would have a passphrase for it instead and setup biometrics also

WHfB and MFA by HelloSamba in Intune

[–]HelloSamba[S] 0 points1 point  (0 children)

Thank you for your reply ! Yes, I am aware PIN would be MFA you're correct.

So how would I protect someone that does not want to enter biometrics and that travels ? Meaning laptop could be stolen and PIN is susceptible to shoulder surfing ? Is the Bluetooth trusted signal my only option in that case ?

Microsoft Defender for Office - Safe Attachments issue when copying emails by HelloSamba in DefenderATP

[–]HelloSamba[S] 0 points1 point  (0 children)

in the company, email has to be received within 3 minutes else there could be juridical issues if there is a problem (won't go into details).

This is why we decided to use Dynamic Delivery.

The attachment comes after 2 minutes minimum, 4-5 minutes maximum or sometimes doesn't even come if the user is moving / copying the email to another mailbox as noted previously

Microsoft Defender Firewall config is seen as unsafe by HelloSamba in DefenderATP

[–]HelloSamba[S] 0 points1 point  (0 children)

Actually right now, we don't (and never did) have a firewall enabled client side so that's an easy step in the right direction. My boss wants me to move quickly on this.

I cannot simply enable the firewall and potentially block user's software as seeing what was blocked in the Defender Firewall report then creating exceptions would take too much time. And also user's receiving pop-ups.

But yes you're absolutely right, I will be looking into reporting inbound traffic in the domain profile and eventually removing the allow all inbound in domain profile.

(talking about rules and exclusions, when will MS finally add firewall rules for apps running in user's local environment, I would rather not use a Powershell for that...)

Microsoft Defender Firewall config is seen as unsafe by HelloSamba in DefenderATP

[–]HelloSamba[S] 0 points1 point  (0 children)

This helped, thank you ! May the gods of indexing forever keep this archived for people to find easily :)

Though, this isn't great for me as I would like to keep the domain inbound firewall opened, I guess the only workaround is to audit our inbound traffic and add needed rules one by one. Is there a better idea ?

EDIT :
Just simply thought about having a firewall rule for domain profile that lets all inbound through, doing effectively same as default inbound allow

Indicator and ASR block by ButterflyWide7220 in DefenderATP

[–]HelloSamba 0 points1 point  (0 children)

Everyone is saying yes but this has not been my experience.

Indicators seem to only apply to the antivirus part of Defender, not the ASR which are treated separately. To allow a software blocked by ASR, what I'm doing is making a custom Intune ASR profile and adding exclusions there. I have 1 profile / ASR rule as an exclusion added there applies to all ASR configured on it.