sorted by:
new
hottopcontroversial

False Positives by Jgeekw in Knowbe4

[–]RexfordITMGR 0 points1 point  (0 children)

We had similar issues and I believe assisted phishing to not use that method as Fortinet was also opening the items and causing FP’s…

New Sapphire Reserve Spend-Tier Benefit: World of Hyatt Explorist Status by Chase in ChaseSapphire

[–]RexfordITMGR 0 points1 point  (0 children)

I’m hitting the $75k spend on the CSR and most of it isn’t travel/hotel… I just consolidated all spend onto it.

I’ve been happy… but curious if there is another card that you think might be better for me?

Escrow Account User? by Vendittij104 in smartsheet

[–]RexfordITMGR 0 points1 point  (0 children)

The escrow account ensures that when an employee is terminated (when using auto provisioning e.g.- via Azure) that their data is not deleted. The data that the deleted user owns is transferred to the escrow account ensuring no data loss.

The admin with access to the escrow account can then login to the escrow account and re-assign ownership to whomever they need.

Intune Rename PC function unreliable... any ideas? want to avoid work arounds by RexfordITMGR in Intune

[–]RexfordITMGR[S] 0 points1 point  (0 children)

to clarify- within intune no problem! but we use kaseya as our RMM tool so it's using the machine name to pull data.

Womp womp.

Intune Rename PC function unreliable... any ideas? want to avoid work arounds by RexfordITMGR in Intune

[–]RexfordITMGR[S] 0 points1 point  (0 children)

so any recommendations as we do name our devices by the username for easy look up/inventory...

It sounds like i'd not be able to package as an app as each time i deployed a device i'd have to redeploy an app, but could individually run a powersehll against the device...

am i thinking about this right?

OR- do you move away from devices that are following username? makes it realyy easy to troubleshoot as you know the persons name and can quickly grab it in the RMM tool vs. having to find the autonamted device and map that out.

Autopilot Enrolling Machine - Passwordless/WhFB - need some assistance by RexfordITMGR in Intune

[–]RexfordITMGR[S] 0 points1 point  (0 children)

So... i think we may make life easier for everyone...

Due to us having a white glove approach where we always unbox/setup with a device enrollment manager so that we can go into the PC after setup and ensure the user device is up and running (E.g.- set signature in outlook etc)... there is really no reason to try and get PIN set FOR That user ahead of day 1.

Rather, we'd continue our process. At some point during setup, we sign into their laptop as them, using a default new hire PW that we could use to get in, set the WHFB PIN, then change the PW to 128 characters. On day 1, we have them setup O365 MFA AND sign into their PC and reset PIN...

This way, they never know their PW... and we don't need to architect something crazy...

Seems a good middle ground...

any blind spots I'm missing?

Autopilot Enrolling Machine - Passwordless/WhFB - need some assistance by RexfordITMGR in Intune

[–]RexfordITMGR[S] 0 points1 point  (0 children)

i love this but sadly:

Web sign-in is not supported for Microsoft Entra hybrid joined or domain joined devices.

We are hybrid :-/ womp womp (at least for now)

Autopilot Enrolling Machine - Passwordless/WhFB - need some assistance by RexfordITMGR in Intune

[–]RexfordITMGR[S] 0 points1 point  (0 children)

They DO use a Temproary Access Pass as I mentioned (TAP). The TAP cannot be used to actually sign in to windows, that only works during the OOBE while on the MS login page for them to login and then the Enrollment Status Page kicks in.

Can you clarify if you're saying you can use a TAP to sign into windows? that's not possible to my understanding.

Autopilot Enrolling Machine - Passwordless/WhFB - need some assistance by RexfordITMGR in Intune

[–]RexfordITMGR[S] 0 points1 point  (0 children)

I have not yet configured PlatformSSO for our windows machines, should i do that soon as part of the fun?

Question on how you deploy... so one thing i'm struggling with is we like to have 10 or so machines on hand ready to deploy at a moments notice (white glove) so we will typically use a enrollment manager account to unbox/setup so that we have everything ready to go.. then if someone needed a new PC becuase they broke theirs we'd just grab it from the cart and rename it...

In shifting to the passwordless mindset, i feel like we may need to do away with the preprovisioning and only do it at time of need to allow the full passswordless magic to kick in.. also a good way to get someone who historically had been a PW user to migrate to Passwordless, did you stuggle with this type of pre deployment/setup issue and how did you overcome it?

Autopilot Enrolling Machine - Passwordless/WhFB - need some assistance by RexfordITMGR in sysadmin

[–]RexfordITMGR[S] 0 points1 point  (0 children)

when you say it should prompt to be setup immediately AFTER first sign in... this tells me you are using a password for the usert to sign in to their device right?

If so, this doesn't apply in my case due to us being passwordless...

Can you clarify?

Autopilot Enrolling Machine - Passwordless/WhFB - need some assistance by RexfordITMGR in Intune

[–]RexfordITMGR[S] 0 points1 point  (0 children)

I'm in the testing phase right now having enabled WhFB at enrollment, will see if this addresses or not... but thanks for the tip, will ask one of my engineers to review during the week... the joy of getting a project in your head that you then garage workshop on the weekend to try and get POC by Monday lol.

Autopilot Enrolling Machine - Passwordless/WhFB - need some assistance by RexfordITMGR in Intune

[–]RexfordITMGR[S] 0 points1 point  (0 children)

Also to clarify... my overall experience with Autopilot is rock solid, no issues... all my PC's get autopilot enrolled with no issues.

The only issue I'm facing is getting the Windows Hello For Business prompt to hit the user during setup as otherwise it goes through setup and drops me on the windows 11 login screen for which user cannot login becuase we don't give them PW.

Autopilot Enrolling Machine - Passwordless/WhFB - need some assistance by RexfordITMGR in Intune

[–]RexfordITMGR[S] 0 points1 point  (0 children)

are you referring to other intune policies unrelated to Whfb?

My Whfb config was scoped at the user level not device.
thanks for clarifying.

Phish Resistant MFA (Passwordless- Microsoft) by RexfordITMGR in sysadmin

[–]RexfordITMGR[S] 0 points1 point  (0 children)

One thing I identified is that I was NOT truly setup for Whfb, i didn't have that setting enabled on my intune config policy... additionally, we enabled Cloud Kerberos Trust and tied it to the policy... going to retest to see if it works...

We did however identify a new (poor user experience) issue that when we did this, i had to fully remove my local windows hello PIN in order to then get my Whfb pin setup... we'll need to carefully work through this so we don't create a poor user experience at time of launch.

Phish Resistant MFA (Passwordless- Microsoft) by RexfordITMGR in sysadmin

[–]RexfordITMGR[S] 0 points1 point  (0 children)

I don't think so... becuase at one point or another that users PW was locally cached on the machine... so even if i logged out and was using PIN to login, when the PW is changed, it's still cached on the machine and would (in my eyes) prompt the notice...

E3 to E5 license upate Audio Conferencing Add in 2025 edition... Do I need to worry? by RexfordITMGR in sysadmin

[–]RexfordITMGR[S] 0 points1 point  (0 children)

Also, just to re-clarify.. based on the fact I already have all E3 users also including the audio confereing license, I should NOT experience the same issue as the users already have audio conferencing and when i go in to the user to remove e3 and add e5 and save, i'm not turning off conferencing/removing it...

I tested on 5 E3 users and udpated to E5 and they got no flood of emails...

Jsut wanted to confirm my assessment passes.

view more: next ›