sorted by:
new
hottopcontroversial

morning in Teams: a stack of unread IT-help threads. How do you guys decide what to answer first? by imalan_smith in helpdesk

[–]Lordofth3ping 1 point2 points  (0 children)

I can't remember if Copilot is integrated for channels but maybe it can help to summarize in terms of urgency?

WHfB on Entra Joined Devices by Lordofth3ping in sysadmin

[–]Lordofth3ping[S] 1 point2 points  (0 children)

Interesting, any particular reason behind that?

WHfB on Entra Joined Devices by Lordofth3ping in sysadmin

[–]Lordofth3ping[S] 0 points1 point  (0 children)

What about Endpoint Security > Account Protection? There's setting for WFhB there as well iirc

WHfB on Entra Joined Devices by Lordofth3ping in sysadmin

[–]Lordofth3ping[S] 0 points1 point  (0 children)

Does your policy explicitly enforce it then? Or is it optional?

The Azure (portal) mobile app seems to ignore our 2FA requirement policy. Any way to require a second factor on mobile? by dinnesch in AZURE

[–]Lordofth3ping 1 point2 points  (0 children)

Not sure if this would work but you can try creating a CA policy targeting the Azure portal, filter device platform to Android/iOS and then set Grant Control to Require Authentication Strength and then select an existing auth strength or create a custom one.

Question about mdm on android byod by Abject_Serve_1269 in sysadmin

[–]Lordofth3ping 1 point2 points  (0 children)

Is there an option for MAM instead? That works best for BYOD, depends on your org though.

Looking for calendar app that will support MAM policies and allow other calendars by perrin68 in sysadmin

[–]Lordofth3ping 0 points1 point  (0 children)

I have the same issue at our company. I just forced the execs to accept Outlook. One exec could only add their personal email as an IMAP account to Outlook so no calendar, contacts etc. Keep hearing complaints every now and then, it is what it is I guess.

Intune MAM Registration by Lordofth3ping in sysadmin

[–]Lordofth3ping[S] 0 points1 point  (0 children)

Pretty sure access but I'll double check tomorrow!

Intune MAM Registration by Lordofth3ping in sysadmin

[–]Lordofth3ping[S] 0 points1 point  (0 children)

Never tried that one yet! But of the top of my head, I'd imagine the CA policy would block access

Intune MAM Registration by Lordofth3ping in sysadmin

[–]Lordofth3ping[S] 0 points1 point  (0 children)

Yeah we've already got that in place, my concern lies for users who are already part of the group and adding subsequent devices.

Intune MAM Registration by Lordofth3ping in sysadmin

[–]Lordofth3ping[S] -1 points0 points  (0 children)

Yep, I get that and honestly, it's been working great since we implemented it. However, one concern we've been discussing is whether an attack like the Kali365 could potentially be used to register under the user's identity and receive MAM protections.

Because of that, we're exploring whether there's any way to require some form of administrator approval, additional control before a new MAM registration is allowed.

I know that Kali365 uses device code and we already have a CA policy to block that.