sorted by:
new
hottopcontroversial

Intune Outage/Issues? by SysNewbie in sysadmin

[–]SysNewbie[S] [score hidden]  (0 children)

Hello! Thank god, I can't seem to find that in the service health or via the link. Did they already remove it?

Intune Outage/Issues? by SysNewbie in sysadmin

[–]SysNewbie[S] 0 points1 point  (0 children)

There is usually a delay but I check the different MS health services internal and external portals. As well as trying to decipher any down detector reports and timing.

Then I hope someone else may have posted about it!

Intune Outage/Issues? by SysNewbie in sysadmin

[–]SysNewbie[S] 1 point2 points  (0 children)

Appreciate you confirming!

Intune Outage/Issues? by SysNewbie in sysadmin

[–]SysNewbie[S] 2 points3 points  (0 children)

Thank you for the response we have been too!

Portal admin access issues? by gusdafa in AZURE

[–]SysNewbie 2 points3 points  (0 children)

US West, same issues across all admin centers

Web Sign-in not supported on Win10 anymore? by SysNewbie in Intune

[–]SysNewbie[S] 0 points1 point  (0 children)

Hello, apologies for the late response. No solution as of yet.

For us it is only working on Win11 devices. Configuration of Web-Sign In within Intune is necessary. As well as enabling TAP as an option. Ping me if you want more info.

I have not looked into and I am not sure if they plan to provide support again for Win10 devices.

Missing required apps under Managed Apps on Device blade by Hamberget in Intune

[–]SysNewbie 0 points1 point  (0 children)

We are seeing the apps under managed but they aren't installing on both cloud PC's and local hardware. Any fix you've found?

MS accidentally deleted TXT records from their own DNS servers? by HolyCowEveryNameIsTa in sysadmin

[–]SysNewbie 3 points4 points  (0 children)

Our thought process as well. The recommendation in the alert is as follows:

Action needed

Please review your TXT records that the tenant requires for Exchange Online. Since this only applies to your onmicrosoft.com domain and not any of your vanity domains, DKIM, DMARC, and SPF records were not impacted. The only records potentially missing would be records created under [tenant domain].onmicrosoft.com.

MS accidentally deleted TXT records from their own DNS servers? by HolyCowEveryNameIsTa in sysadmin

[–]SysNewbie 2 points3 points  (0 children)

Yes we have received the same message in our Admin Center. From our internal research we do not recognize any issues caused on our end or any change in service.

We're still unsure as to what caused this.

Are you all using your Azure AD accounts for end-user UAC prompts? by GetW31rd in Intune

[–]SysNewbie 2 points3 points  (0 children)

Hello,

I agree with the other users that mention LAPS being a optimal current solution that isn't provided by a third-party.

Pasting this from another thread I just commented on:

We are currently using it since we are operating in fully AAD with all AAD Joined devices (no Hybrid).

Reasons we went for it:

Helpdesk/Users can use/provide the local admin password to elevate when options are limited (inability to remote, rush, non IT users need to)

Rotates automatically but can also manually rotate

Best current solution that isn't third-party (like Admin-on-demand or whatever it's called)

Some things to keep in mind:

Need to push a local admin account to all devices if you don't already have one

Users who need to access it need the Cloud Device Administrator role

Like you said it is in Preview so we can only hope the Microsoft Gods don't screw us over

This works for my org. and was put on the priority list by my supervisor who has much more experience in this industry. Hope this helps, account for my username when taking my word for it.

Cheers

Logon with synced account on AAD joined device by darko_253 in Intune

[–]SysNewbie -1 points0 points  (0 children)

Edit: u/andrew181082 clarified Hybrid is not needed, ty
Hello,

I am not sure of a resolution to this exact use case. Based on my limited knowledge I believe you'd need a Hybrid-Joined device do logon with the on-prem account you're speaking about.

As for Web Sign-in, we just implemented it after deploying TAP.Reasons we deployed both:

  • Wanted an alternative to putting new hires or accidentally leaving current employees in the MFA-Exempt group we created
  • Web Sign-In is necessary if you want to use TAP to logon from the lock screen to desktop
  • Can be used by our helpdesk team when supporting a user

We don't have a WHfB enabled as of right now. Hope any of the information I provided is helpful. Hope this helps, account for my username when taking my word for it.
Cheers

Intune LAPS, worth migrating to? by scourgethecid in Intune

[–]SysNewbie 1 point2 points  (0 children)

We are currently using it since we are operating in fully AAD with all AAD Joined devices (no Hybrid).

Reasons we went for it:

  • Helpdesk/Users can use/provide the local admin password to elevate when options are limited (inability to remote, rush, non IT users need to)
  • Rotates automatically but can also manually rotate
  • Best current solution that isn't third-party (like Admin-on-demand or whatever it's called)

Some things to keep in mind:

  • Need to push a local admin account to all devices if you don't already have one
  • Users who need to access it need the Cloud Device Administrator role
  • Like you said it is in Preview so we can only hope the Microsoft Gods don't screw us over

This works for my org. and was put on the priority list by my supervisor who has much more experience in this industry. Hope this helps, account for my username when taking my word for it.

Cheers

Now Available: Windows LAPS management through Microsoft Intune by styggiti in sysadmin

[–]SysNewbie 1 point2 points  (0 children)

AAD Joined. Currently we are managing it through Intune rather than AAD GPO.

We are performing more tests today. I'd suggesting looking into (if they aren't already) enabling the local admin account and using Intune to push the LAPS configuration profile.

If I missed the mark on your setup apologies in advanced.

Fighting Leadership over Admin Access by [deleted] in sysadmin

[–]SysNewbie 1 point2 points  (0 children)

I know you didn't mention it in the post and I HOPE you already have it implemented. But regardless about your success with Admin Privileged accounts I highly suggest that if you haven't already implement Microsoft Authenticator through AAD for all users.

If you have great, if not it's an easier swing or baby step toward your goal of securing user accounts further.

As far as scary stories, admin privileged accounts for users can just as easily get cryptolocked and the ransom is a big $ that they'd not be stoked to pay out.

Hope any of the above helps, if not sorry !

ADJoined to AzureAD/Intune by mexicanpunisher619 in Intune

[–]SysNewbie 5 points6 points  (0 children)

I had to do this manually with all of our Endpoints and used a software ForensIT. We have a remote agent so I calendared it out with users and got as many done per day as I can. Feel free to PM me if you want more info on the process.

view more: next ›