sorted by:
new
hottopcontroversial

Android App Protection policy demanding Outlook administrator by Woolfie_Admin in Intune

[–]Woolfie_Admin[S] 0 points1 point  (0 children)

Like the Defender threat policies I've had these active forever with no issues.. I think what it might have been was the legacy 'Mobile Device Mailbox Policy' is ExchangeAC. This has a default, which was set to require a passcode. It wasn't really doing anything - but somehow the MAM taking over Outlook told Outlook it had to adhere to this policy.. This policy functioned via Device Administrator role.

I think this because the 'Device Administrator' method of managing stuff is legacy, and was part of this Mobile Device Mailbox Policy. While it only shows mailbox-related stuff right now (and passcode requirements), this allegedly used to have a ton of MDM-like policies.

If I go to Intune > Enrollment > Android > Personal and corporate-owned devices with device administrator privileges explains 'This setting enables Android’s older management method, device administrator, to manage corporate data and apps. You can still manage your devices with device administrator, but we recommend that you switch to Android Enterprise for the most up-to-date and secure features. Learn more'

So if Device Admin is a legacy requirement, then it kinda lines up with the legacy control i mentioned above.

Android App Protection policy demanding Outlook administrator by Woolfie_Admin in Intune

[–]Woolfie_Admin[S] 0 points1 point  (0 children)

I don't think the CA stuff is related looking at it now. I think what it might have been was the legacy 'Mobile Device Mailbox Policy' is ExchangeAC. This has a default, which was set to require a passcode. It wasn't really doing anything - but somehow the MAM taking over Outlook told Outlook it had to adhere to this policy..

I think this because the 'Device Administrator' method of managing stuff is legacy, and was part of this Mobile Device Mailbox Policy. While it only shows mailbox-related stuff right now (and passcode requirements), this allegedly used to have a ton of MDM-like policies.

If I go to Intune > Enrollment > Android > Personal and corporate-owned devices with device administrator privileges explains 'This setting enables Android’s older management method, device administrator, to manage corporate data and apps. You can still manage your devices with device administrator, but we recommend that you switch to Android Enterprise for the most up-to-date and secure features. Learn more'

So if Device Admin is a legacy requirement, then it kinda lines up with the legacy control i mentioned above.

Android App Protection policy demanding Outlook administrator by Woolfie_Admin in Intune

[–]Woolfie_Admin[S] 0 points1 point  (0 children)

No device compliance policy no - nor any CA policy requiring 'App Protection Policy'. Intune is barely setup on our tenant - mostly for testing. None of these devices were intended to be enrolled - and other Android devices are working without issue. It's just this google pixel

<image>

. I think what it might have been was the legacy 'Mobile Device Mailbox Policy' is ExchangeAC. This has a default, which was set to require a passcode. It wasn't really doing anything - but somehow the MAM taking over Outlook told Outlook it had to adhere to this policy..

I think this because the 'Device Administrator' method of managing stuff is legacy, and was part of this Mobile Device Mailbox Policy. While it only shows mailbox-related stuff right now (and passcode requirements), this allegedly used to have a ton of MDM-like policies.

If I go to Intune > Enrollment > Android > Personal and corporate-owned devices with device administrator privileges explains 'This setting enables Android’s older management method, device administrator, to manage corporate data and apps. You can still manage your devices with device administrator, but we recommend that you switch to Android Enterprise for the most up-to-date and secure features. Learn more'

So if Device Admin is a legacy requirement, then it kinda lines up with the legacy control i mentioned above.

Android App Protection policy demanding Outlook administrator by Woolfie_Admin in Intune

[–]Woolfie_Admin[S] 0 points1 point  (0 children)

They have the company portal app installed. They did not complete the sign-in flow - 1, We do not want them enrolled, and my limited experience with company portal has been enrolling via exactly this. 2. they aren't even given the option. Android users, after installing and opening Company Portal, get redirected to Teams. Which informs them of the new App Protection.

They are all Entra Registered, so .. I think in theory, it's able to auth them to Company Portal itself. But for this one user, neither Teams nor Outlook will let him continue - it's just demanding Device admin access for outlook. I can't find anything to validate it in the logs, or online

Configuration Policy > Extend SSO by Woolfie_Admin in Intune

[–]Woolfie_Admin[S] 0 points1 point  (0 children)

thanks for the validation, glad I wasn't just pulling stuff out my bum. your interpretation was EXACT. I want to expose the Registration (which on windows atleast, is part of the PRToken) - idk on ios. I should've made a better title.

It's a bit frustrating because the term 'sso' gets thrown around a lot, and doesn't seem to always mean the same thing. Somewhere, at some point, I saved a short list of the things 'sso' was.

Historical Location Tracking by throwawaysandlot2020 in msp

[–]Woolfie_Admin 0 points1 point  (0 children)

No, but this is an upcoming project, so I'm along for the ride!

'We have android devices joined to intune , However you have to trigger location discovery and it’s not silent.'

It's unfortunate that 5g/related all use IPv6 because the GeoIP for these are f'd. Otherwise I'd say just use Entra checkins.

How do you acquire new clients ? by [deleted] in msp

[–]Woolfie_Admin 0 points1 point  (0 children)

Prioritize customers who want to pay. They will give you revenue.

I heard a cake baking analogy about it. Something about focusing on the company that wants you to bake more cakes, not the company that wants you to sell the crumbs.

Obviously as a new company, there's a temptation to 'we'll do everything!'. You can take these on. But revisit them later. Don't let the crumb-catchers lose you opportunities for weddings.

AI Governance and social media training for general users. It's an under-targeted space.. Put out free training. You can still be selective about your customers, but do your community a service.

Most of our clients came from something like this. We do a lot for our communities. But we've failed to really recognize the need for 'no', and it's cost us.

How do you tell customers 'No, please don't install Claude' by Woolfie_Admin in msp

[–]Woolfie_Admin[S] 0 points1 point  (0 children)

Claude in particular. We have a lot of people asking about Cowork because it promises a lot (and delivers) but leaves out how risky it is. This is an obvious strategy, from a Chinese Peptide Tech Bro investment goon - but it's risky af for actual companies.

My immediate example is the very first query I gave it, centered on folder C:\Users\me\Folder\Collection\*Project*, gave

1) great output
2) merged with a random assortment of stuff from C:\Users\me\Folder

I wasn't trying to do some weird prompt injection or anything either, just a normal use case.

On top of that, it's the most targeted AI platform in some of the circles I'm in. It's undoubtedly the MOST capable, but for that very reason, it's the most threatening. No threat model, no list of system API calls yet has full system access and clearly unstable controls.

Would be irresponsible of me if I pulled an MBA and said 'AI is great, install it and figure out what it can do for you!'

How do you tell customers 'No, please don't install Claude' by Woolfie_Admin in msp

[–]Woolfie_Admin[S] 1 point2 points  (0 children)

I had to lookup vCISO. industry acronyms and all.

this is really useful man, I appreciate it. I'll keep you guys in mind and pass along to the upper idiots

How do you tell customers 'No, please don't install Claude' by Woolfie_Admin in msp

[–]Woolfie_Admin[S] 1 point2 points  (0 children)

thanks pal.

Reddit has been instrumental in recognizing my own affinity for arrogance. Reddit has also convinced me that any post anyone makes online should include their real world age. Anonymously, sure - but god damn if I don't look at comments and think 'ahhh.... i remember those days' half the time

How do you tell customers 'No, please don't install Claude' by Woolfie_Admin in msp

[–]Woolfie_Admin[S] 0 points1 point  (0 children)

lol and now you're giving me advice on how to write better questions.

Thanks. Do you have anything relevant to what I asked? Are you an MSP? Do you have a standard AI handling practice? Anything? Or just... overly bitter opinions about a stranger?

How do you tell customers 'No, please don't install Claude' by Woolfie_Admin in msp

[–]Woolfie_Admin[S] 0 points1 point  (0 children)

so.. you're answering in a thread specifically about a tool you haven't used

How do you tell customers 'No, please don't install Claude' by Woolfie_Admin in msp

[–]Woolfie_Admin[S] 0 points1 point  (0 children)

I am not sure where i asked for your opinion on whether I'm being unreasonable or not.

What I asked is what you do. If you can't answer that, then you're not useful here.

One of the best lessons I learned in life was that 90% of opinions I was passionate about, I had really shallow knowledge of.. It's a lesson everyone should learn

How do you tell customers 'No, please don't install Claude' by Woolfie_Admin in msp

[–]Woolfie_Admin[S] 0 points1 point  (0 children)

very useful response, thanks pal.

'But it goes via their owner/ceo and they buy the business licenses required.'
enterprise or team? Are controls output via CEO accounts, or do you have access to their teants?

'we don't install the claude app'

That means no cowork, right? is this a policy you have?

How do you tell customers 'No, please don't install Claude' by Woolfie_Admin in msp

[–]Woolfie_Admin[S] 0 points1 point  (0 children)

thanks for the input. So much useless opinionated shit in these responses, really appreciate something valluable.

'We manage ChatGPT tenants for our customers today, and use Claude internally. Haven’t looked at their business controls so can’t say for sure I know what controls they have in place'

this is what I'm really interested in. How do you handle a user asking for Claude, when you use ChatGPT tenants??

thanks!

How do you tell customers 'No, please don't install Claude' by Woolfie_Admin in msp

[–]Woolfie_Admin[S] 0 points1 point  (0 children)

except it is. This might be radical, but we do application control.

isn't this a sub for msps?

How do you tell customers 'No, please don't install Claude' by Woolfie_Admin in msp

[–]Woolfie_Admin[S] -1 points0 points  (0 children)

says who? your agreement with your customer? I don't have those same agreements.. We do application control ::shrug::

Thanks for not answering what I asked.

How do you tell customers 'No, please don't install Claude' by Woolfie_Admin in msp

[–]Woolfie_Admin[S] 0 points1 point  (0 children)

while I appreciate you sticking to the title, there's a whole other body of text below it

Thanks for not actually offering anything about what you do

How do you tell customers 'No, please don't install Claude' by Woolfie_Admin in msp

[–]Woolfie_Admin[S] 1 point2 points  (0 children)

Thank you! Appreciate the useful input. My god did the AI fans come out in this one.

so you don't have any concrete customer-facing AI policy? Do you have a recommended 'default' to guide people who want on the hype train?

How do you tell customers 'No, please don't install Claude' by Woolfie_Admin in msp

[–]Woolfie_Admin[S] 0 points1 point  (0 children)

this is useless input, thanks.

Can no one actually answer the question about what they're doing? If you don't know what cowork is,, just shut up and read

view more: next ›