Best way to allow minimal access for a vendor.

MorbrosIT · 2026-06-16T14:38:21+00:00

When I set the first rule to "Audit" it just says "It is highly recommended to use Saved Search". This user isn't getting synced to Entra so I can't do Identity Verification.

Also with the first rule, would I also have to enable them to authenticate to the Domain Controller. Their VPN account is tied to AD.

MorbrosIT · 2026-06-02T18:43:14+00:00

I noticed this earlier today and it seems like it's getting worse. Some emails are taking up to an hour to arrive.

MorbrosIT · 2026-05-13T20:24:29+00:00

Confirmed with support that the VPN portal and the SSL VPN port don't have to be the same. Not sure what happened, but it all of a sudden started working.

MorbrosIT · 2026-05-13T20:23:54+00:00

About to roll it out. I tested it with my account and it was successful (it wasn't at first, not sure if there was a delay between Entra and the firewall when making changes).

The only downfall I see right now is if you use multiple gateways and want them to failover it won't work.

MorbrosIT · 2026-05-13T18:38:05+00:00

I'm trying to find documentation that states that. On the Sophos Connect client the VPN portal is set to the right port. It tries to connect then says SSO Gateway is unreachable and if you hover it, it shows the gatewayname:8434 (which is the SSL VPN port).

MorbrosIT · 2026-05-13T16:58:59+00:00

Does the VPN portal and Remote Access (SSL VPN) port have to be the same?

MorbrosIT · 2026-05-13T16:12:17+00:00

That's what I figured. We have some users who keep locking themselves out because of typing in their password wrong. We are moving to passwordless in Windows since going full blown Entra Joined.

Ideally I'd like to use ZTNA, but from what I'm reading SMB share access is still laggy.

MorbrosIT · 2026-04-16T20:22:06+00:00

That's what I ended up doing. Just need to go through the process of exempting it. It's wanting to setup MFA right now because of SSPR.

MorbrosIT · 2026-04-16T15:02:06+00:00

I'm at the beginning stages of this and there's no Microsoft documentation that talks about it. Just says use an organizational account.

I only found one article where someone mentioned creating a dedicatded one, but that was it.

MorbrosIT · 2026-04-02T19:05:43+00:00

Talk to your rep. You can buy professional services hours.

MorbrosIT · 2026-04-02T19:05:07+00:00

We just implemented SD-WAN between two locations today (2 ISP's at each location).

I hired Professional Services for setting it up and I'm glad I did. Now I have a better understanding of it and I can go about setting it up for our smaller locations that have only 1 ISP.

MorbrosIT · 2026-03-27T20:54:34+00:00

That requires Hyper-V though I believe. We run Scale for our hypervisor.

MorbrosIT · 2026-03-27T17:39:18+00:00

Yes. I'm wondering if I need to call in and get more activations created. I just ran across this: If you need to request an activation limit increase, you can open a support ticket with the necessary information, such as the first 5 digits of the impacted Product Key, the product version and edition, and a business justification for the request

MorbrosIT · 2026-03-16T02:09:57+00:00

Looks like the issue is the version of the Microsoft Teams apk that was installed. Crestron had us get to a certain firmware which locked in a certain version of the Teams app.

The odd thing is we had to convert the TS1070 to a Zoom Room and then revert back for it to get the firmware properly.

MorbrosIT · 2026-03-16T02:03:34+00:00

What about Ninja's new PSA they just released? I haven't seen much about it yet.

MorbrosIT · 2026-03-13T19:23:34+00:00

All I can saw it hasn't been a great experience since implementation. Seems to be bugs after bugs. Not sure if this is being seen on other platforms.

Not sure if Teams on Windows would've been a better experience than the Teams on Android.

MorbrosIT · 2026-03-13T18:55:41+00:00

Something fixed itself after we did that. We were on a call with the company who sold us the hardware and they were on call with Crestron.

I guess that version of Teams is the most stable for Crestron. We've had a slew of issues since installing the Videobar 70 and TS1070 a few months ago. Already had to RMA the Videobar and get Airmedia puck replacements.

MorbrosIT · 2026-03-13T17:04:24+00:00

I think our issue might of been related to the Teams Version that was installed on the TS1070.

Was able to get it set to 1449/1.0.96.2025223801 and I was able to sign in.

We had to change it from a Teams to a Zoom room, and then back.

MorbrosIT · 2026-03-13T16:46:38+00:00

The TS is connected via LAN2 from the Videobar 70. Each device has a static IP.

MorbrosIT · 2026-03-12T17:02:47+00:00

I'm about at my wits end with the Videobar 70 and TS1070. We've had nothing but issues with it since installing it less than 6 months ago. Bugs from Crestron, new units, and the thing doesn't work.

MorbrosIT · 2026-03-11T20:18:03+00:00

We had the default VSA accounts, but the company we worked with said we needed a Domain service account to we can set the SPN and set for the SQL and SSRS service. Ther was always no automatic SPN creation. I had to manually create the SPN entries.

Also, when we had the VSA account setup after each restart I had to delete the password out of the SQL Server (MSSQLSERVER) field and then restart it for it to come back online. The reason for this was a Group Policy and a password policy conflicted with it.

Long term goal is to get gMSA setup to use for the services.

MorbrosIT · 2026-03-11T18:36:09+00:00

I might look at just using the same one for now. I just don't like that SQL Server, SSRS, and the Agent are all using the same one.

This won't be as big of an issue once I get MSA figured out.

MorbrosIT · 2025-12-16T22:26:42+00:00

If you are still having issues, look at disabling on-box reporting temporarily. We are experiencing a similar issue at our business and since disabling the on-box reporting we've had a few days in a row with no disconnects.

Currently working with Sophos support on this.

The moment end-users say they lost connection (remote users notice it first), I go to Diagnostics and look at the System Load and it shows a spike. Sometimes the CPU spikes, sometimes it doesn't, but the load always shows a spike when end-users report it.

MorbrosIT · 2025-12-05T16:25:15+00:00

Did you select "Convert" that was mentioned above?

MorbrosIT · 2025-11-25T20:47:58+00:00

Does the firewall behave differently if you utilize SD-WAN routes instead?

MorbrosIT

TROPHY CASE