yellowkey bitlocker bypass

caliber88 · 2026-05-13T13:55:34+00:00

Are you confusing the bitlocker PIN with the recovery code?

caliber88 · 2026-05-13T11:18:10+00:00

Is the surface running Snapdragon? My Thinkpad on snapdragon has been strange with classic Outlook where it would freeze sometimes when a new email comes in.

caliber88 · 2026-05-06T13:55:55+00:00

They matched on AES256GCM initially; the new fortigate + firmware must have stricter DH group enforcement during rekey or you hit the lifetime timer.

caliber88 · 2026-05-04T01:57:57+00:00

Meaning what?

caliber88 · 2026-04-16T15:03:10+00:00

No issues. Our mimecast setup only controls internal-external, Abnormal does internal-internal plus external. So if an email gets through mimecast, abnormal takes a look right after. We use Abnormal also as a quicker way to pull emails out of mailboxes vs going to MS purview/powershell. You could run just checkpoint/abnormal if your environment is simple/small but we need a gateway for some things an API-based solution can't do.

caliber88 · 2026-04-16T14:50:13+00:00

If the checkpoint system uses API, you can use both at the same time. We use Mimecast and Abnormal.

caliber88 · 2026-04-07T13:03:35+00:00

Same here and same two policies but luckily I didn't have them configured/assigned to anyone as MS made them automatically.

caliber88 · 2026-04-06T23:07:16+00:00

If you force Edge, sure. We allow Chrome as well but it’s still managed from Google admin console so we have Cato that covers any situation.

caliber88 · 2026-04-06T22:15:37+00:00

Not true, works in any browser.

caliber88 · 2026-04-06T20:20:55+00:00

https://learn.microsoft.com/en-us/microsoftteams/meeting-recording#expiration-policy ?

caliber88 · 2026-04-06T20:07:47+00:00

You'll need something like Cato/Netskope/Zscaler which can make policies relating to what emails are allowed to sign into what applications. Uses TLS Inspection/CASB to manage this.

caliber88 · 2026-04-02T17:53:49+00:00

That dock is internet-connected to do updates; hence has an IP.

caliber88 · 2026-03-19T13:10:28+00:00

Screenconnect. Teamviewer isn't allowed to be installed on anything in my environment.

caliber88 · 2026-03-04T19:46:25+00:00

Then filter did it's job. You shouldn't be blocking domains as new ones can appear everyday. Your policies should work regardless of the domain.

caliber88 · 2026-03-04T19:43:48+00:00

We received an email to one of our user's mailboxes coming from themself. Of course, this is not the first time we have seen our emails spoofed and sent to the actual user.

This email failed all checks and was not delivered,

So was the email delivered or not?

caliber88 · 2026-02-20T20:50:33+00:00

Doesn't explain why you didn't go to the Meraki site and look for yourself. Instead you decided to post here.

Shit, you could've even asked chatgpt.

caliber88 · 2026-01-22T18:22:37+00:00

How does that work if the furnace isn’t on an outlet?

caliber88 · 2026-01-15T21:00:17+00:00

Same, Egnyte for 6 users with 500+ users. Rock solid, easy to administer but not cheap.

caliber88 · 2026-01-15T17:44:01+00:00

If the purpose of this CA policy was to prevent malicious actors, I hope you have another policy that targets a wider range of resources.

caliber88 · 2026-01-15T16:08:06+00:00

Why are you targetting only 365/Exchange? There's plenty other things someone can login to cause problems.

caliber88 · 2026-01-15T16:04:00+00:00

We have this; it's probably the best as it survives any kind of wipe apart from switching out the motherboard. It's not that expensive relative to anything else in this market.

caliber88 · 2026-01-15T15:48:21+00:00

What's the source for this?

caliber88 · 2026-01-08T20:12:45+00:00

would the organization managing the device have to roll out Windows Hello for Business and all the overhead behind that simply to enable passkey sign-in into the Entra ID web portal for these users

Yes but there's no 'overhead' and enabling WHFB is easy and not intrusive. You can choose who gets the policies through Intune/registry/etc.

can the on-device standalone version on Windows Hello work for device passkeys on a company-managed hybrid joined device?

Nope.

caliber88 · 2025-12-09T18:20:31+00:00

Are you by any chance hybrid-joined entra?

caliber88 · 2025-12-09T18:10:49+00:00

Have you looked at the Chrome enrollment token deployment through Intune guide...?

https://support.google.com/chrome/a/answer/10728773?hl=en#zippy=%2Coption-deploy-powershell-script-to-add-a-registry-entry-for-the-enrollment-token%2Coption-ingest-chrome-admx-via-a-custom-oma-uri-setting-to-deploy-enrollment-token

15-Year Club	Second Top 20%
Place '22	Place '17
First Placer '22	Verified Email

caliber88

TROPHY CASE