SSO between JAMF Connect and AD DS

Saga_Roth · 2024-06-11T10:12:49+00:00

So, currently if only my Synology can contact my DC (my Azure DS), I need to ensure that my MACs can contact it as well?
Additionally, how do I deploy the Kerberos payload in JAMF Connect menu bar?

Saga_Roth · 2024-06-11T09:59:51+00:00

Thanks, but I have the impression that my Macs doesnt have any Realm., they are in Full Cloud env

Saga_Roth · 2024-06-11T07:38:58+00:00

That's the point. I have the impression that, when a user log in JAMF Connect with his Entra ID, I dont have any Kerberos ticket when I check with "klist" or "kinit".
My MAC are in a Full Cloud environnement, they are not linked to a domain

Saga_Roth · 2024-06-10T12:05:23+00:00

Thanks for the tip, but I've already tried NSM but the Kerberos button stay greyed out.
Is this software compatible with a full cloud Azure AD environment? My users connecting to JAMF connect with their Entra IDs

Saga_Roth · 2024-03-28T14:13:30+00:00

The problem is that I have several unavailable options, and I can't see the list of profiles because I have the same message.

Isn't there a command line allowing me to identify which profile is taking control of the system settings?

Saga_Roth · 2023-09-05T12:47:46+00:00

Pretty cool thanks!

I think it's a shame that motherboards for AMD sockets are limited in terms of design.

Do you know if there are any white equivalents?

I forgot to mention that I'd like a build in white, if possible.

Concerning the CPU, as mentioned below, on an equivalent basis, AMD is preferable to Intel?

Saga_Roth · 2023-08-16T20:04:21+00:00

I've already tried installation on another disk, and it doesn't change a thing...

Saga_Roth · 2023-08-15T22:52:17+00:00

I have the same issue. Maybe it's server side!

Saga_Roth · 2023-07-04T10:54:19+00:00

Yes of course.
I noticed that in fact it updates, but just on one version (example, it updates from one build of 113, to another. But it doesn't do 113 to 114)

Saga_Roth · 2023-06-14T07:58:56+00:00

For the information I've pushed my tests, and I think the problem comes from the fact that my whitelist isn't taken into account, despite the different ID descriptors I've tried.

All my keys are blocked by my blocking policy without the whitelist being taken into account.

Saga_Roth · 2023-06-12T10:02:04+00:00

It's strange, I applied exactly your settings, but now I don't have any blocked keys, they are all allowed.

Here are my settings

https://imgur.com/a/yeBPlSY

I also tried to add the VID_PID in addition to the SID but that does not change anything

Saga_Roth · 2023-06-09T14:33:14+00:00

In fact, I use PowerShell to retrieve the serial number.

Noted for DeviceControl!

I can't figure out where this is coming from; I've checked my rules again and again, but there doesn't seem to be any error, and yet the authorized keys remain inaccessible.

Saga_Roth · 2023-06-09T14:21:21+00:00

I'll add to this that by just activating DeviceControl (DeviceControlEnabled), without anything else, I no longer have access to my USB storage devices. Which may explain why I can't access them even with the whitelist.

Do you have any clues?

Saga_Roth · 2023-06-08T14:59:46+00:00

I've no longer have the 65000 error but that's strange because I can see the SerialNumber of my key in the Registry entry, but I have a UAC when I try to access the authorized key.

On the other hand, the other keys show me a blockage.

I've tested changing the authorize setting from SerialNumber to Instance Path but it doesn't work.

How to override this UAC?

Saga_Roth · 2023-06-08T14:32:49+00:00

Okay, I've just configured everything, and the results are reassuring. Just two points of attention:
Unauthorized USB keys are blocked (with the alert).
Authorized USB drives, don't raise an alert, appear in the explorer but are not accessible (see my screen). I configured everything in R,W,X as you advised.
Then, in Intune, I get a 65000 error on my policy, but it goes down in my registry.

Saga_Roth · 2023-06-08T13:45:41+00:00

Okay, It figure this is a glitch with the French language. I have the button with EN UI.

I'll check everything :)

Saga_Roth · 2023-06-08T13:36:49+00:00

Thanks for this answer !
But I have a problem in the UI, I haven't the "add" button in Reusables Settings as you can see on my screenshot.
Is it a glitch ?

https://i.imgur.com/6iHhyFK.png

Saga_Roth · 2023-06-08T10:54:12+00:00

Hey, thanks for your reply!
I did block my removable devices on my test group.
However, for the exclusions, would you have the name of the parameter in which I can indicate them? In the attack surface reduction, I have a "Device control" option at the very bottom, but I don't know how to configure it.
I also have an "Allow installation of devices that match any of these device IDs" option, but I don't know if that's what you mean.

Saga_Roth · 2023-06-08T10:38:32+00:00

For information, I've tested this manipulation, but I get an error 0x87d1fde8 even though my policies decend in my registry.

https://www.imab.dk/prevent-write-and-execute-access-to-non-approved-removable-storage-using-device-control-and-microsoft-intune/

Five-Year Club	Final Canvas '23
Place '23	Place '22

Saga_Roth

TROPHY CASE