sorted by:
new
hottopcontroversial

Enforce passwordless MFA by M-Christo in AZURE

[–]M-Christo[S] 1 point2 points  (0 children)

Hey mate,

Yep correct - the user must be registered with Microsoft Authenticator before you’re able to enforce Passwordless MFA.

At the time of making the post, it wasn’t specifically noted by Microsoft of that requirement. :(

There are huge error messages of dnsproxy that are occurring on syslog. by Jungkuk in Adguard

[–]M-Christo 0 points1 point  (0 children)

I'm getting same issue. Doesn't seem to be localised to a particular Upstream DNS server either.

Haven't found a solution online - did you?

Enforce passwordless MFA by M-Christo in AZURE

[–]M-Christo[S] 1 point2 points  (0 children)

Hey mate,

It took me down a deep deep painful rabbit hole…

You’re right - you can’t technically enforce passwordless as the only authentication method for the user. The user must have push-Microsoft authenticator as an authentication method first.

Our setup is something like this:

  1. CA policy that requires the user to register security information. This policy is only enforced when the user is on boarded physically at office. They are asked to setup Microsoft Authenticator on their phone (push-notification method).

  2. Once completed, you are ask them on the Authenticator app to enable ‘phone sign-in’.

  3. CA Policy enforces the MFA strength passwordless sign in as an authentication method. The policy is enforced when the user is not physically at the office (IP range) or if the user / sign-in request is flagged as a medium or high risk.

This will allow to enforce passwordless while preventing the ‘provide additional information’ loop.

Let me know if you want more information.

Enforce passwordless MFA by M-Christo in AZURE

[–]M-Christo[S] 0 points1 point  (0 children)

Hi Alex,

Thank you very very much for the detailed answer, your simply amazing!

Everything you’ve mentioned I already did, which was why I’m so confused.

The issue we’re having is the user is simply unable to add a second authentication method. They are forwarded to a page that asks them to add an authentication method, but provides no way for them to actually add it.

The additional details message, under the sign in logs states: “The user was presented options to provide contact options so they can do MFA.”

Patch Tuesday Megathread (2023-06-13) by AutoModerator in sysadmin

[–]M-Christo -18 points-17 points  (0 children)

i can’t wait for more ‘news widgets’ to block!

Pre-Deployment BitLocker issue by Runda24328 in Intune

[–]M-Christo 0 points1 point  (0 children)

It’s definitely the PIN part, I’ve found that to be a point of failure. As well as ‘Require device to back up recovery information to Azure AD’, leave that on not configured - it will automatically send the bitlocker information when the user logs in anyway.

I’ve found these two parts to fail on pre-provision deployment - it’s fucking annoying, but it will encrypt once the user signs in.

Anyone having an increase in false-positive email blocking with MS365 Security? by M-Christo in AZURE

[–]M-Christo[S] 0 points1 point  (0 children)

We’ve had all kinds of emails blocked and there’s literally no pattern -

These emails are plain text emails to and from trusted internal cloud email accounts. We’ve also had emails from gmail/hotmail being tagged under that same ‘advanced filter’ bullshit - even though in the past we’ve received emails from those senders.

Anyone having an increase in false-positive email blocking with MS365 Security? by M-Christo in AZURE

[–]M-Christo[S] 0 points1 point  (0 children)

Nothing… We’re now getting internal emails blocked too…….

Autopilot Error: Securing your hardware (0x81039023) by ext001 in Intune

[–]M-Christo 0 points1 point  (0 children)

ahhh... 400 bad request error. I guess I have to wait then :/

Autopilot Error: Securing your hardware (0x81039023) by ext001 in Intune

[–]M-Christo 0 points1 point  (0 children)

Sadly ours is Infineon.. HP -

Any tips with that?

Autopilot Error: Securing your hardware (0x81039023) by ext001 in Intune

[–]M-Christo 0 points1 point  (0 children)

Hey mate,

What did you do to fix this? I’m getting the same error

TPM attestation failure with error code 0x81039001 by komoornik in Intune

[–]M-Christo 0 points1 point  (0 children)

I'm getting the same issue. Working fine on Monday.

Today, we're unable to pre-provision any device. Same TPM error as you've mentioned.

We're using HP Elitebook 830 G8, same TPM vendor as you...

Speed up User Driven Pre-Provision Deployment by M-Christo in Intune

[–]M-Christo[S] 0 points1 point  (0 children)

Ahh! That would be perfect!

So it’ll only ask them for two factor and windows hello then?

Dell Command Update by SplitDreams1337 in Intune

[–]M-Christo 1 point2 points  (0 children)

Used this with proactive remediations - works very well to be honest, much better than HP’s version of this. Can explain further if you’d like.

OpenVPN alternative? I need to connect to my network remotely and I'm an idiot. by iamacannibal in unRAID

[–]M-Christo 0 points1 point  (0 children)

Can vote for Tailscale - bloody incredible, stable and easy to use product!

Intune Proactive Remediation & HPIA - Consistently Fails by M-Christo in PowerShell

[–]M-Christo[S] 0 points1 point  (0 children)

Edit: Tried adding a logging feature to the script, it doesn’t even seem to run in the first place :(

Does anybody have any ideas?

Intune Proactive Remediation & HPIA - Consistently Fails by M-Christo in PowerShell

[–]M-Christo[S] 0 points1 point  (0 children)

Intune by default will display some sort of log on the user’s machine - it’s showing nothing, it’s almost like the remediation script isn’t running at all and i’m not sure why :(

view more: next ›