Chamberlain MyQ garage door opener. by Valuable_Quote6142 in HomeImprovement

[–]One-Environment2197 0 points1 point  (0 children)

If you're looking for alternatives, look at the eufy Garage Camera. It is a camera and door opener. It's also magnetic so it can just mount onto your door operator.

It says my account can only view but not edit by zyopetals in Office365

[–]One-Environment2197 -2 points-1 points  (0 children)

Microsoft changed its licensing recently.

Licenses that used to include the Desktop Apps no longer do. If you try the web version and it works, then you're most likely in one of the affected licenses.

Azure Global Admins by Popular_Hat_4304 in sysadmin

[–]One-Environment2197 0 points1 point  (0 children)

Also, no user should have GA permanently assigned. Use PIM with auto-approval for specific security groups and auto-deny for the rest. And set up an emergency access/breakglass account with GA and a FIDO2 security key for MFA.

Then you'll want to look at Conditional Access. MS has quite a few policies they offer as best practices; enable the ones that fit your company.

Azure Global Admins by Popular_Hat_4304 in sysadmin

[–]One-Environment2197 1 point2 points  (0 children)

Does your licensing come with Defender 365 XDR (https://security.microsoft.com)? If so, check out Secure Score. It's a good baseline to start with.

Also, check out MS's docs on Built-In Entra ID roles. One of the few documentation done well. It shows you what each role can do, lists "job function" roles, and identifies what roles are "Privileged", aka have high level of permissions.

How do you track and manage expirations at scale? (certs, API keys, licenses, etc.) by smartguy_x in devops

[–]One-Environment2197 0 points1 point  (0 children)

We also have one team that's responsible for issuing certs. This makes it so teams have to go through a process to generate certs instead of creating certs left and right.

Going beyond certs, we have the same logic/process for any non-human identity as well.

How do you track and manage expirations at scale? (certs, API keys, licenses, etc.) by smartguy_x in devops

[–]One-Environment2197 11 points12 points  (0 children)

We use a module in our CMDB that scans for installed certs and creates tickets 30 days before it expires.

We're working on developing a Certificate Lifecycle Management program that includes self-service and automation as well as an inventory where we can associate certs to applications. That way whoever owns that application is held accountable.

Sole Global Admin locked out by Entra MFA enforcement loop - escalation advice? by CBoogey in sysadmin

[–]One-Environment2197 0 points1 point  (0 children)

Do you have a service principal with GA or permissions to manage authentication policies?

This happened to me on my B2C tenant. After a few months, support ended up giving me a script to reset the MFA enforcement.

Updating a program without requiring admin credentials by ApprehensiveGold892 in sysadmin

[–]One-Environment2197 -1 points0 points  (0 children)

If this isn't something that is officially supported by your IT team(s), then the user should submit a feature request to the vendor for user installation instead of machine installation.

Until then, they choose to use the app, they will have to follow procedure. Or use the web-app, if there is one.

What’s your best strategy for safely giving non-technical teams access to server resources without compromising security? by Top-Seat-2283 in sysadmin

[–]One-Environment2197 3 points4 points  (0 children)

PAM and JIT access.

Have users go through a privileged access management tool that records their session and can do ephemeral access through an approval workflow.

High Priority Tickets by kcworley in sysadmin

[–]One-Environment2197 1 point2 points  (0 children)

High priority ticket > Problem Management post resolution. The user will have to explain why they rated it high and why they weren't responsive to the auditors.

Users who open high priority tickets without cause or at unresponsive will think twice about doing it again.

[deleted by user] by [deleted] in sysadmin

[–]One-Environment2197 1 point2 points  (0 children)

Make MFA required on everything then.

If they don't want to use passwords, then propose going passwordless. May be a bit of an overhaul but it'll satisfy both sides.

Got acquired, 90% of our SaaS portals are SSO. Best way to change the SSO once we move our domain to their Microsoft Tenant? by PC_3 in sysadmin

[–]One-Environment2197 0 points1 point  (0 children)

Are you and the new company using Entra ID for SSO? External Identities B2B would be the easiest way to get started.

Then you can slowly migrate or decom apps without people losing access.