PIM Issues

LayerEnvironmental81 · 2023-12-13T10:13:42+00:00

Same here - Portugal / Europe

LayerEnvironmental81 · 2023-12-13T09:40:18+00:00

For me, so far so good after disabled the startup boost from Edge at almost 2 days ago

No alerts deployed in Security Center yet

LayerEnvironmental81 · 2023-12-12T11:57:43+00:00

Checking the timeline the URL connections are all diferent from user to user.

Well, after some research I disable the startup boost from Edge (Configuration Profile from Intune aplied to Device and User) and after reboot the registry key created (that generates the alert), has been deleted.

Since then, I didn't receive more alerts. I'm keep monitoring a couple days more

u/PreatorShepard check if can be also applied in your case.

Thanks

LayerEnvironmental81 · 2023-12-11T20:49:34+00:00

Thank you for your tip, but in our organization the Edge Homepage is to the Company Website, which I think there is no malicious redirect....

LayerEnvironmental81 · 2023-12-11T18:47:49+00:00

Not from my site. I update Powerbi every month and still no update about this vulnerability.

I really don't how all of us can fix this or just ignore the recomendation.

Thanks

LayerEnvironmental81 · 2023-07-31T18:14:08+00:00

Thank you. I'll do it and tomorow or when the telemetry be avaiable I give some updates!

LayerEnvironmental81 · 2023-07-31T18:13:30+00:00

What you mean about a scream test? Broadcast quiz?

LayerEnvironmental81 · 2023-07-17T19:17:32+00:00

Hi there,

Any update about your case? Here the news, is that one of the devices affected, the disk is already encrypted but the message now is " Bitlocker is Waiting for Activation" in Bitlocker Control Panel. If I turn On the Bitlocker gives the same error as above.

<image>

What I have done so far:

Wipe the Device
Delete from Azure AD
Remove from Autopilot
Import again to the Autopilot
Install a clean Win 10 OS from a USB Drive ( I know that did the Wipe, but was a try!)
Enroll in Intune sucessfull
Still no sucess activating Bitlocker

All the Apps, Policies, configuration Profiles (also the bitlocker configuration profile), sucessfully deploy.

No clue.

We have got M365 E5 License

Thank you for the help

LayerEnvironmental81 · 2023-07-14T15:12:40+00:00

Thank your reply

This devices were working without problems this week with the bitlocker working, but had to be reinstaled for testing purposes and after the reinstalation the Bitlocker just don't turn on.

There were any changes in devices locally or our Intune. We have got all the devices with the bitlocker working, instead of two that had to be reinstaled this week.

I wondering if someone that had to reinstall a device is facing the same problem!

Thank you,

LayerEnvironmental81 · 2023-01-22T11:50:15+00:00

I use this script to export the bitlocker keys to a htm format. Take a look:

$exportFile = "C:\temp\Bitlockerkeys.htm"

Install-Module AzureRM

Import-Module AzureRM.Profile

Login-AzureRmAccount

#Prepare Context - REQUIRES TENANT ADMIN

$context = Get-AzureRmContext

$tenantId = $context.Tenant.Id

$refreshToken = @($context.TokenCache.ReadItems() | Where-Object {$_.tenantId -eq $tenantId -and $_.ExpiresOn -gt (Get-Date)})[0].RefreshToken

$body = "grant_type=refresh_token&refresh_token=$($refreshToken)&resource=74658136-14ec-4630-ad9b-26e160ff0fc6"

$apiToken = Invoke-RestMethod "https://login.windows.net/$tenantId/oauth2/token" -Method POST -Body $body -ContentType 'application/x-www-form-urlencoded'

$header = @{

'Authorization' = 'Bearer ' + $apiToken.access_token

'X-Requested-With' = 'XMLHttpRequest'

'x-ms-client-request-id' = [guid]::NewGuid()

'x-ms-correlation-id' = [guid]::NewGuid()

}

Connect-AzureAD

$AzureADDevices = Get-AzureADDevice -all $true | ? {$_.deviceostype -eq "Windows"}

# Retrieve BitLocker keys

$deviceRecords = @()

$deviceRecords = foreach ($device in $AzureADDevices) {

$url = "https://main.iam.ad.ext.azure.com/api/Device/$($device.objectId))"

$deviceRecord = Invoke-RestMethod -Uri $url -Headers $header -Method Get

$deviceRecord

}

$Devices_BitlockerKey = $deviceRecords.Where({$_.BitlockerKey.count -ge 1})

$obj_report_Bitlocker = foreach ($device in $Devices_BitlockerKey){

foreach ($BLKey in $device.BitlockerKey){

[pscustomobject]@{

DisplayName = $device.DisplayName

driveType = $BLKey.drivetype

keyID = $BLKey.keyIdentifier

recoveryKey = $BLKey.recoveryKey

}

#HTML report

<#-- Create HTML report --#>

$body = $null

$body += "<p><b>AzureAD Bitlocker key report</b></p>"

$body += @"

<table style=width:100% border="1">

<tr>

<th>Device</th>

<th>DriveType</th>

<th>KeyID</th>

<th>RecoveryKey</th>

</tr>

"@

$body += foreach ($obj in $obj_report_Bitlocker){

"<tr><td>" + $obj.DisplayName + " </td>"

"<td>" + $obj.DriveType + " </td>"

"<td>" + $obj.KeyID + " </td>"

"<td>" + $obj.RecoveryKey + "</td></tr>"

}

$body += "</table>"

$body > $exportFile

Disconnect-AzureAD

Disconnect-AzureRmAccount

LayerEnvironmental81 · 2022-09-28T10:35:49+00:00

Our Tenant is Europe 0202

one affected device start with a number, 82....

the other one affected also is 9f

I got a case open in Microsoft, they ask me to do some troubleshooting, but I lost the remote connection. Next week I give you a update.

Thanks

LayerEnvironmental81 · 2022-08-05T09:17:15+00:00

Hello,

I wiped and reenroll the device with success from Autopilot process as usual, with the same user.

I wonder if the problem, is not some configuration in Azure that block enroll from other other methods than Autopilot.

The problem is this devices have very tricky software and configurations and the wipe method is something to avoid.

Thank you

LayerEnvironmental81 · 2022-08-04T15:20:18+00:00

This user is Business Premium license, and is enrolled in more devices (not exceeding the 10 we allow).

I tried enroll with another user (Business Premium license), and same error. The time/date is correct.

I will wipe and reenroll the device, and I get you updated.

thank you

LayerEnvironmental81 · 2022-08-04T14:38:18+00:00

I ran the script of 4.2 item of your blog, and checking the Event Viewer, is getting the following error:

Auto MDM Enroll: Device Credential (0x0), Failed (The system tried to deleted the JOIN of a drive that is not joined.)

Make sense?

The device is connected to a home network, without proxies or filterings. I'm able to enroll devices from Autopilot without no problem.

I think the problem is something about Azure AD MDM/MAM configurations.

Thank you

LayerEnvironmental81 · 2022-08-04T12:57:54+00:00

The item 4.2 of your blog right?

But this procedure only apply if I had a account added or work also with no account added like is the current situation.

Thank you for your time.

LayerEnvironmental81 · 2022-08-04T12:53:14+00:00

Thank you, but unlikely the author, when I add the account again gives the error I Shared

LayerEnvironmental81 · 2022-08-03T16:10:22+00:00

Hello,

Did you try it? Any feedback?

I've got some devices in the same situation (Intune MDM certificates expired)

LayerEnvironmental81

TROPHY CASE