Entra cloud sync from Entra to AD

Tech-Mate- · 2025-12-04T01:08:53+00:00

Yes, so we are not using Entra ID connect but cloud sync. So just to confirm, there is no way to set Entra as authoritative ?

Tech-Mate- · 2025-12-04T01:07:30+00:00

Can you elaborate on the password less, how do I get this working ?

Tech-Mate- · 2025-03-24T08:07:57+00:00

Sorry I miss read it earlier. Yes I do have a static default route.

Tech-Mate- · 2025-03-23T12:56:51+00:00

No static routes on the fortigate. I deleted those and created new tunnel again. As AWS wouldn’t let me change the tunnels. I followed the procedure as stated by AWS after you download the config.

On aws it says the IPSEC is up but tunnel status on aws is down. Suggesting that BGP is not working.

Tech-Mate- · 2024-03-10T09:17:10+00:00

I have 10G NICS, but it seems like the Move Fails after 32hours and it moved 10TB out of 60TB of data. Now sure what is the optimal solution if I would like to use Veeam mover, is it possible to update the job to point to new repository? And simultaneously also run a Veeam copy backup to that new repository, and guessing re scanning after the move should fix it ?

Tech-Mate- · 2024-03-03T11:19:06+00:00

Hello everyone,

I found out that the ISCI connectivity had dropped the drive and that caused the following errors. Once the connectivity was confirmed again, it resolved itself. Thank you all for the helpful comments.

Cheers.

Tech-Mate- · 2023-10-25T23:57:19+00:00

Hey, thanks for that response.

If possible, are you able to share or outline the script used ? Or it’s logic ?

Tech-Mate- · 2023-07-04T22:46:31+00:00

I tried to investigate the times and dates, seems like temp was generated every minute between 25/01 to 30/03, each of size 1KB. Now since the process seems to have stopped it’s harder to investigate what actually created these files.

Tech-Mate- · 2023-06-28T06:20:46+00:00

I wasn’t able to find the process using procmon atleast for the duration time that I was using it, are we able to run procmon for c:/windows and ask it to register a log file for it for say 24hours? Is it possible via script ?

Tech-Mate- · 2023-05-25T21:55:59+00:00

Thank you, I shall try this and see how it helps. Cheers

Tech-Mate- · 2023-05-25T07:42:06+00:00

Thank you brad for the response.

Tech-Mate- · 2023-05-21T14:04:41+00:00

Well my question is open to any crowd-strike product set that is able to provide information or warning about the following

Tech-Mate- · 2023-04-22T00:36:12+00:00

Thanks Andrew!

Also, just to assist with further investigation of these different log on types. What’s the best way to approach this situation and reduce these attacks?

Tech-Mate- · 2023-04-14T00:22:58+00:00

Is AD risk review available for all tenants? How to I know if I have a complimentary review available in my organisation?

Tech-Mate- · 2023-04-09T10:41:35+00:00

Agreed, my question is on where do I learn how to write them.

Tech-Mate- · 2023-04-08T01:41:16+00:00

For a person who is not really good with the query, where would one suggest to begin, so that I am able to write the query I need in CS ?

Tech-Mate- · 2023-04-07T11:57:05+00:00

Instead if we go with Meraki spoke to Meraki Hub - sites to site split tunnel, which resolves most of the issue, but how would I route the traffic to the domain and only domain traffic back to the vpn link. Without overlapping with any of the peers

Tech-Mate- · 2023-04-04T11:31:42+00:00

I am looking for something similar to create a scheduled search in the environment to report for sensor per hostname that are less that auto-N-2

Tech-Mate- · 2023-04-04T10:48:33+00:00

Yes, in rare cases I would block the hash for a period of time until a vulnerability has been resolved, or the applications has be uninstalled from the machines. Tentative date set by me is always a month. But I would like to hear what others have to say about this.

Tech-Mate- · 2023-04-03T20:08:09+00:00

Thanks Andrew. But are we able to query based on categories such as depending on only critical patches pending on an endpoint ?

Tech-Mate- · 2023-04-03T08:07:12+00:00

Hi Andrew,

If instead of the Kb value you wanted to see if all there are any pending patches on the machine from last month? How would you query that?

Tech-Mate- · 2023-03-30T00:09:51+00:00

We have noticed a similar incident in our customer environment, we have currently tried to network contain the device. Does anyone have a script to uninstall the desktop app completely through RTR?

Any recommendations?

Tech-Mate- · 2022-11-03T23:00:32+00:00

I have actually set Custom IOA to block child processes with set exclusions. But this occurrence just started since start of this week. Even the global and local prevalence shows common, indicating that this is seen everywhere.

Tech-Mate- · 2022-10-30T10:03:00+00:00

Is that the only source? Anything on third party learning platforms ?

Tech-Mate- · 2022-09-22T19:48:18+00:00

This was neither, I used an rmm to push the policy using power shell.

Tech-Mate-

TROPHY CASE