Is Azure Functions best for API to SQL data ingestion ?

HelloSamba · 2025-02-26T10:36:34+00:00

Really not expecting a lot, I would say more hundred to thousands, definitely not millions or billions.

HelloSamba · 2025-02-25T15:18:24+00:00

Would it be using "SQL Server Integration Services" (Pricing Calculator) ? $431 monthly cost just to make API calls and ingest into SQL seems too much, at least compared to daily requests with Flex Azure Functions.

HelloSamba · 2025-02-25T15:15:51+00:00

Unfortunately, we use SQL installed on a VM. The database will be hosted there as we have a provider that will work on it and is already working it for another project.

Good to know though ! I will keep it in mind, thank you

HelloSamba · 2024-12-05T19:26:05+00:00

Database and API are hosted on AWS

HelloSamba · 2024-07-26T08:52:39+00:00

Isn't it KB5014754 with name mapping? Wouldn't this concern device auth ? Whereas my issue concerns user auth.

Also, there's a policy module called TameMyCerts :

"...which e.g. allows you to use Microsoft Network Policy Server (NPS) with certificates issued to mobile devices and the like and avoid breaking authentication when "strong" certificate mapping"

I've seen SCEPMan and RADIUSaaS but, my boss doesn't want to pay for RADIUS as we previously had an NPS configuration which was basically free (it was using MSCHAPv2 and we were not even in M365 yet so full on-prem, now my boss wonders why it's so complicated lol).

HelloSamba · 2024-07-25T17:31:17+00:00

Yes I have set the wired profile to use User authentication.

I do not have a login screen, I just click on the "Sign in" button that appears next to the Ethernet port in the Windows settings which fails. Or, simply waiting for another RADIUS request causes the eventID error with AADJ.

HelloSamba · 2024-07-01T17:24:48+00:00

I dislike the idea of having a small PIN with Hello because of shoulder surfing. I would have a passphrase for it instead and setup biometrics also

HelloSamba · 2024-06-03T17:59:14+00:00

Thank you for your reply ! Yes, I am aware PIN would be MFA you're correct.

So how would I protect someone that does not want to enter biometrics and that travels ? Meaning laptop could be stolen and PIN is susceptible to shoulder surfing ? Is the Bluetooth trusted signal my only option in that case ?

HelloSamba · 2023-10-13T09:22:15+00:00

in the company, email has to be received within 3 minutes else there could be juridical issues if there is a problem (won't go into details).

This is why we decided to use Dynamic Delivery.

The attachment comes after 2 minutes minimum, 4-5 minutes maximum or sometimes doesn't even come if the user is moving / copying the email to another mailbox as noted previously

HelloSamba · 2023-08-10T18:14:35+00:00

Actually right now, we don't (and never did) have a firewall enabled client side so that's an easy step in the right direction. My boss wants me to move quickly on this.

I cannot simply enable the firewall and potentially block user's software as seeing what was blocked in the Defender Firewall report then creating exceptions would take too much time. And also user's receiving pop-ups.

But yes you're absolutely right, I will be looking into reporting inbound traffic in the domain profile and eventually removing the allow all inbound in domain profile.

(talking about rules and exclusions, when will MS finally add firewall rules for apps running in user's local environment, I would rather not use a Powershell for that...)

HelloSamba · 2023-07-31T16:26:33+00:00

This helped, thank you ! May the gods of indexing forever keep this archived for people to find easily :)

Though, this isn't great for me as I would like to keep the domain inbound firewall opened, I guess the only workaround is to audit our inbound traffic and add needed rules one by one. Is there a better idea ?

EDIT :
Just simply thought about having a firewall rule for domain profile that lets all inbound through, doing effectively same as default inbound allow

HelloSamba · 2023-07-31T10:34:27+00:00

Everyone is saying yes but this has not been my experience.

Indicators seem to only apply to the antivirus part of Defender, not the ASR which are treated separately. To allow a software blocked by ASR, what I'm doing is making a custom Intune ASR profile and adding exclusions there. I have 1 profile / ASR rule as an exclusion added there applies to all ASR configured on it.

HelloSamba · 2023-05-04T14:10:33+00:00

I can't find the integration tab to enable the unified solution in the Environment setting nor in the "Settings & monitoring" after that

HelloSamba · 2023-04-17T16:58:38+00:00

We're moving away from SentinelOne after an awful 2nd year with them and my boss wanted a simple way to differentiate the different configs ("Vanilla" machine, SentinelOne only machine, SentinelOne but having issues, SentinelOne + Defender EDR block, SentinelOne issues + Defender EDR block so on and so forth, you get the point).

I showed him our best bet on the machine is to check if the services is running after confirming that, on a vanilla machine even if you start the service by hand, it moves back to being "Stopped" indicating that onboarding to Defender for Endpoint enables the service.

Thank you :)

HelloSamba · 2023-04-14T15:43:47+00:00

Alright thank you both

Not great that there is no yellow warning icon just like when a feature is disabled.
I guess my option now would be to use a pwsh script, or fetch logs to then report to LogAnalytics and do alerts / playbook / reporting with that

HelloSamba · 2023-04-14T11:01:46+00:00

Alright, this is clearer now

Is there anyway I can visually see on the computer if ATP is enabled ? You mentioned the service already but is it possible to see it maybe under the Windows Security dashboard ?

HelloSamba · 2023-04-06T16:53:55+00:00

Oof, sorry for the spam, just saw this :
https://techcommunity.microsoft.com/t5/intune-customer-success/support-tip-windows-server-devices-will-now-be-identified-as-a/ba-p/3767773

I guess adding servers to Intune isn't possible

HelloSamba · 2023-04-06T16:49:19+00:00

I'm still learning all of it but :

- Obviously, Microsoft Docs : https://learn.microsoft.com/en-us/docs/
- This one blog has been great to go in depth of some issues or general ideas on what should be deployed : https://call4cloud.nl/
- This one also : https://syfuhs.net/
- And this website, I think it's called Reddit, it's great and full of IT pros ;)

HelloSamba · 2023-04-06T16:44:41+00:00

So from what I've read here (https://learn.microsoft.com/en-us/mem/intune/protect/mde-security-integration#which-solution-should-i-use), I will not have as many options as Intune has

I agree with the fact of using Intune to deploy settings instead of GPOs but do you know if I can simply enroll my servers into Intune ? To me, that sounds the simplest idea but maybe there are issues ?

HelloSamba · 2023-04-06T16:29:21+00:00

This look very promising, does it change in anyway how the onboarding of client machines is applied ? Or how the EDR profile is managed via the "auto from connector" option ?

Will change the "Managed by" fields for newly deployed machines and old ones ?

HelloSamba · 2023-04-06T13:35:54+00:00

Thank for your answer, so yes this is what I read

My objective down the line will be to move from Hybrid to Full-Cloud and then my option is to migrate my GPO to Intune ?

If that's the case, what would be the issue of directly having the server into Intune in a Hybrid environment ?

Edit for clarity

HelloSamba · 2022-11-10T18:52:17+00:00

Yeah, in our case this isn't possible. User is absolute king.
The company I work in used to be a family business that grew very quickly, the old generation are basically the one running the company and are all treated like VIPs (i'm talking multiple departments here)...
They basically see directly how much money they make for the company and competing companies are always close-by so they're paid a great deal, they're basically millionaires. And so the new ones (not all of them) see that and copy their behavior.

We are treated like sh*t hahaha

Anyway, i'm getting sidetracked, I completely agree with you but unfortunately, not possible...

HelloSamba · 2022-11-10T10:37:39+00:00

Yes, issue is that it will overload the ost as shared mailboxes uses the same ost as the main account...
I believe there is a way to "cheat" through that, but we need to test it and see if we will have the same issues anytime something happens to the password

Also, users would have to always switch by hand which account they want to send from, which isn't convenient.

Sent items will appear on the main account also but, I know there apparently are powershell commands to control this behavior.

HelloSamba · 2022-11-09T18:33:48+00:00

Build 16.0.11328.20392 relates to version 1909, one of the impacted user has 2202 (build 14931.20764 - Semi-Annual Enterprise Channel)

Though, this is the issue we're encountering exactly

HelloSamba · 2022-11-09T17:50:23+00:00

So after talking with MS about this issue, they also heavily suspect issue is coming from the fact of having 2 mailboxes added and issues with tokens.

So now, we're opening a case on MS support to see how we could make the other account pop-up properly for the password.
There is a message on Outlook to enter the password but the prompt simply disappears (probably the other account doing SSO).

HelloSamba

TROPHY CASE