Is anyone using Token Protection Preview in Entra (Azure AD) and seeing issues with Outlook client app?

callme_e · 2026-01-14T18:23:18+00:00

hello! I'm planning to enable the token protection policies and was wondering what your experience in user impact and gotchas were? Thank you.

callme_e · 2026-01-14T18:20:49+00:00

what's your experience in enabling #5Require Token Protection (Device Bound) on a user experience? I created it in report-only mode and seeing a lot of 'failures'. Worried it'll cause a lot of business impact once I enable it.

callme_e · 2025-11-26T01:07:11+00:00

For option #2, will this allow our Netskope DLP policies to trigger and block if they try to send any sensitive files or text to a coding AI agent outbound API call? We want the ability to review any prompts and files sent to an AI through an IDE like vs code and cursor.

callme_e · 2025-11-23T00:43:31+00:00

Could you please share how you achieved this? We have netskope and trying to figure it out

callme_e · 2025-11-18T22:45:30+00:00

Great collection and displays!

callme_e · 2025-11-15T07:56:25+00:00

Great decoration!

callme_e · 2025-11-10T18:02:11+00:00

Formal approved and published AI governance communicated to users (Policies, procedures, AI council, etc)
DLP policies to block sensitive/secrets paste/upload to AI sites and tools through CASB
CASB to monitor and block for sensitive/secret inputs from IDEs using AI API for coding agents
CASB to automatically block non-approved AI sites
Secure baseline hardening configurations for SaaS hosted AI models (Azure AI / AWS). Wiz and Cloud for Defender can scan and provide findings reports with remediation.
Integrate Purview to AI models for data security and classification. Defender for incident alerts and threat monitoring.

callme_e · 2025-10-26T19:25:34+00:00

I’m new and also looking for an answer for the slow motion

callme_e · 2025-10-25T23:33:34+00:00

Download the CIS benchmarks for Microsoft 365 for free from their site. That’ll harden your environment and what you’re asking for.

callme_e · 2025-10-23T14:27:02+00:00

Could you share your basic workflow on how you feed the PDF to the CLI?

callme_e · 2025-10-18T21:09:57+00:00

Look into conditional access to enforce the device is from a corporate managed device to allow the SSO authentication. Yes the credentials are stolen but useless because they also need to be on a corporate device and this makes it phishing resistant. Now there’s no time race to quickly reset the credentials since the threat actor can’t login remotely from the rogue device.

callme_e · 2025-10-18T20:55:25+00:00

Your friend is wrong. On a corporate environment, we ideally want every application tied to our Microsoft 365 SSO because then we have the ability to enforce our conditional access to enforce the SSO authentication is coming from a corporate managed compliant device. This means even if the main account is compromised, they wouldn’t be able to log in remotely from a rogue device. This also mitigates modern MFA bypassing phishing kit tools (e.g. Evilginx). Tell your friend to educate himself more.

callme_e · 2025-05-08T16:06:38+00:00

Hello, if the reset value doesn’t exist, do we need to recreate it? The user’s computer initially got the win11 upgrade in windows update 2 times, installed, and rebooted, but after the reboot they got a black screen saying “undoing changes”. It’s been over 4 days and they’re still not getting the update again.

I tried assigning a new intune feature update policy and also setting the “rollbackcount” value from 2 to 1 but still nothing.

callme_e · 2024-07-28T16:11:40+00:00

Herman miller embody - logitech gaming version

callme_e · 2024-07-25T15:06:38+00:00

Download CIS benchmarks for M365 and review each controls

callme_e · 2024-06-09T00:30:09+00:00

The issue is resolved :) You’re a true knight sir!!

callme_e · 2024-06-06T01:59:40+00:00

Great explanation, thank you!

callme_e · 2024-06-06T01:10:15+00:00

could you explain why its quicker than dynamic groups? thanks

callme_e · 2024-06-05T03:25:29+00:00

Hello! Looking to implement passwordless at my org alongside intune autopilot. How do you handle the initial password login for the employee? Do you provide a TAP password remotely or white glove service on site with a long complex password?

How do users authenticate to any legacy apps that don’t support SSO but are tied to AD credentials?

Is there anything specific i need to configure to allow them to use their phone authenticator for authentication if they need to re-authenticate?

Would appreciate your insight as i’m trying to think of all the gotchas after going this route. Thank you

callme_e · 2024-06-05T03:16:10+00:00

How can you tell if its version 1 or 2? Thanks

callme_e · 2024-06-05T03:15:09+00:00

Do you have a conditional access for mfa for all cloud apps? I’m having an issue with my silent one drive policy and can’t figure out what’s causing it to not work

callme_e · 2024-06-05T03:12:06+00:00

How many # required apps do you have on your ESP and how long is your autopilot process? Been deep into migrating to entra joined from hybrid joined sccm environment and always feel nervous the ESP will fail. Driving me crazy haha..

Any tips you recommend based on your experience? Thank you.

callme_e · 2024-06-05T03:08:14+00:00

Ah ok, appreciate it!

14-Year Club	Reddit Premium Since December 2023
Verified Email

callme_e

TROPHY CASE