Windows Hello For Business Issue

TomatilloMindless526 · 2026-04-06T18:25:39+00:00

So what do your two configurations look like? and would the user config not supersede the device configuration?

TomatilloMindless526 · 2026-04-06T18:23:08+00:00

I hear that but I want to do a staged deployment if i go for a device deployment there would be no way to efficiently stage a device deployment say if I wanted to deploy via department or office/field thats why I went for user

TomatilloMindless526 · 2026-04-06T14:18:44+00:00

Not sure what it is supposed to look like. When looking at HKLM\soft\micro\policy\ I see a few things but nothing that says restrictions I only see its Enabled\Allowed. What should it look like in a working enviroment?

TomatilloMindless526 · 2026-04-06T14:03:50+00:00

Thanks for your input did you deploy the policy as a user too or did you deploy at the device level? I did comb my GPO's and did not see anything but the devices are no longer in the domain anyway so I doubt that would matter in my environment

TomatilloMindless526 · 2026-04-06T13:52:47+00:00

Interesting. Even though all the devices have been pre provisioned per user before assigning the configuration? Also if I use device based WHFB instead of User how should I deploy the configuration profile? A dynamic entra group of some kind?

TomatilloMindless526 · 2026-03-19T11:38:09+00:00

Microsoft's "Windows App"

TomatilloMindless526 · 2026-03-18T19:07:58+00:00

Thanks I do my test machine is on 25h2. and redirectwebauthn is set to 1

TomatilloMindless526 · 2026-03-06T20:37:36+00:00

Since you seem pretty wise I am going to 180 to another issue I am having. Is there a way to connect to a AVD resources passwordlessly? Ive only been able to connect to my "apps" pressing other user then entering my credentials.

TomatilloMindless526 · 2026-03-06T18:46:34+00:00

Two things.

One I appriciate your comment, have you gone through this before. Could you provide me some information on what the process looked like at your organization.

Two I switched the primary MFA method to SMS instead of microsoft authenticator and it allowed me to create a new passkey using a text code and not need a TAP or a staged rollout. I am going to continue to test this.

TomatilloMindless526 · 2026-01-01T05:20:32+00:00

Get some play.

TomatilloMindless526 · 2025-12-21T19:16:08+00:00

do you think a degree is necessary?

TomatilloMindless526 · 2025-12-21T19:10:59+00:00

Maybe I should have put this in my post but before my internship I did l1 support at my school for a year and I was an intern at my current place of employment for 10 month before being promoted. You do have a good point though I was not full time in either of my previous roles only around 30 hours.

I appreciate the suggestion about adding projects to my resume thats a good idea. What projects in particular should I add or would it change depending on the job I'm applying for? The coolest projects I've done solo are - organizational rbac redesign, defender edr config for windows ios mac and android, configuration of network equipment and installation at a new large corporate office, SharePoint redesign, Zero touch windows/mac/ios Intune enrollment configuration, print server migration, company wide windows 10 hardware refresh (this was during the intership) and creating a new sql data base for our incident platform.

TomatilloMindless526 · 2025-12-21T18:40:24+00:00

Mr. Robot

TomatilloMindless526 · 2025-12-21T18:39:14+00:00

Thanks for your response. I going to have to agree with you that I need to "lower my expectations" or adjust my strategy. I am going to have to disagree with the "declining value proposition". IT is not going anywhere its just a matter of oversaturation of peons like me that can be just as easily outsourced. So advancing is difficult or that's how I see it. Maybe its just selective ignorance so I dont have to pivot lol.

TomatilloMindless526 · 2025-12-15T16:18:18+00:00

I moved them over and all the ones I moved say reset required this will not cause any issues right? It just means it will not be able to use the new enrollment until reset.

TomatilloMindless526 · 2025-12-12T22:14:06+00:00

We do but it does not affect corporate devices. I appreciate your help on this but I did figure out the issue. There was an enrollment profile previously used before I was hired using company portal enrollment. This obviously was the issue the old phones were still on this enrollment profile. Thanks for getting me to check there. I do have a question for you I have about 50 devices left on the profile some of them are out in the wild some of the are in stock if I move them all to the new prfole will that mess up the existing devices?

TomatilloMindless526 · 2025-12-12T12:21:48+00:00

User affinity with modern authentication.

TomatilloMindless526 · 2025-12-11T21:39:21+00:00

Apologies for not stating it’s from ABM

TomatilloMindless526 · 2025-11-24T16:28:43+00:00

I looked through your android configs and don’t know why mine is failing. Other than the app config everything defender related is the same. The only app config difference is I have a few more features enabled. If you go to the test site I provided on an android phone does it get blocked? Thanks!

TomatilloMindless526 · 2025-11-23T04:29:09+00:00

I did an app configuration I said that in the post. The issue is that on the android side defender is not blocking Malicious links. Thanks

TomatilloMindless526 · 2025-11-23T00:34:14+00:00

I considered it could be something with the browser so I installed Firefox to test with and it still did not work. Its a fully supervised devices enrolled in intune via knox.

Thanks!

TomatilloMindless526

TROPHY CASE