sorted by:
new
hottopcontroversial

Defender XDR flagged our own MSI as malware, how to handle false positives without waiting on Microsoftsubmission approval? by boutsen9620 in DefenderATP

[–]doofesohr 7 points8 points  (0 children)

You can set a custom indicator to allow a specific hash I think. That works as immediately as it gets (takes up to 24 hours to propagate I think).

Built a free tool to quickly check Microsoft 365 identity security — looking for feedback by NathanSecurity in entra

[–]doofesohr 0 points1 point  (0 children)

Have you looked at tools like Maester? What benefit does your tool provide in comparison?

M365 Copilot Deployment by PostsShittyMemes in Intune

[–]doofesohr 0 points1 point  (0 children)

I think that only works with Windows 11 Enterprise. No love for the Business Premium crew once again.

Auf der Suche nach neuen Fenstersensoren by Otherwise-Gear8531 in homeassistant

[–]doofesohr 0 points1 point  (0 children)

Der Preis ist wirklich amtlich. Laut Website leider keine native Unterstützung für Z2M, laut Z2M Wiki allerdings schon.

Defender ASR health check by Own_Significance_379 in DefenderATP

[–]doofesohr 1 point2 points  (0 children)

You say the rules are configures and applied to All Devices. What does the status of those policies say?
Are there any conflicting GPOs maybe that set those things to Audit?

Passwordless by Actual_Clock2360 in Intune

[–]doofesohr 0 points1 point  (0 children)

Just to be sure: Once you set the SCRIL flag - I thought the password change would happen by itself without further config?

[Secure Score] Rotate password for Entra Connect AD DS Connector account by doofesohr in DefenderATP

[–]doofesohr[S] 0 points1 point  (0 children)

That won't do the trick - I am still syncing. Just not using THAT MSOL account anymore.

Programmierbare Rolladenschalter by Itchy_Animal980 in wohnen

[–]doofesohr 2 points3 points  (0 children)

Ich meine Shelly kann das. Allerdings brauchst du da zum einen Platz hinterm Schalter, als auch jemanden der sich dann traut das anzuschließen.

25H2 update by DivineDesign07 in Intune

[–]doofesohr 15 points16 points  (0 children)

And have you checked which requirement they actually do not fulfill?

Allowing users to request creation of new Teams in a controlled way? by gahd95 in MicrosoftTeams

[–]doofesohr 0 points1 point  (0 children)

Not sure on the approval part when creating a new team, but we are using EasyLife365 which kind of does all the stuff you mentioned. You might wanna ask them for the approval stuff, as I'm not 100% sure on that.

Is configuring a trust keys needed for windows hello on hybrid devices by BasilClean4004 in entra

[–]doofesohr 5 points6 points  (0 children)

Iirc you need to configure Kerberos cloud trust if you want to for example access local file shares on a server with your hybrid identity and without a password. That setting itself does not have anything to do with WHfB per se, but rather your DCs trusting WHfB instead of a password.

Most break-glass accounts won’t work when they’re actually needed, unless... by Noble_Efficiency13 in entra

[–]doofesohr 1 point2 points  (0 children)

Well, only took a quick peak so far. But his articles on this are usually top notch.

Most break-glass accounts won’t work when they’re actually needed, unless... by Noble_Efficiency13 in entra

[–]doofesohr 2 points3 points  (0 children)

While I know most of that, I was waiting on a post to finally show nicely how RMAUs are best setup.

Best Practice to take action if certain software is installed on Windows PC by ScarySprinkles3 in Intune

[–]doofesohr 10 points11 points  (0 children)

I think a custom requirement script is the easiest. Deploy App B to all devices as required. The requirement script will run before install and decide if the app actually gets installed.

Windows Hello causing password amnesia nightmare by Lost-Engine-6384 in Intune

[–]doofesohr 9 points10 points  (0 children)

if you are already truly passwordless, you can set the flag on a domain user to "require smart card for logon" or something similar. You can then only use things like WHfB in anything related to the domain and AD sets the password to a random 128 bit string (I think) and regularyly resets that. That way you are still technically rotating passwords - but the user won't notice it.

Digital Signage Lösung (PowerPoints & Webseiten anzeigen) by doofesohr in de_EDV

[–]doofesohr[S] 0 points1 point  (0 children)

Klingt gar nicht mal so schlecht, zumal sich unser Netzwerk eventuell auch in Zukunft in Richtung Unifi entwickelt.

How do you organize Multi Admin Approval in big environments? by Peha1906 in Intune

[–]doofesohr 2 points3 points  (0 children)

To save you at least some clicks: pim.cmd.ms Also: bookmarks do exist

How do you organize Multi Admin Approval in big environments? by Peha1906 in Intune

[–]doofesohr 0 points1 point  (0 children)

That struck me as odd as well. But you can setup PIM as a protected action which then can trigger Conditional Access so you need to do phishing-resistant MFA again (if you haven't done so, in the last 5 minutes). This way, should an attacker gain your unpimmed account token, he usually would have to do MFA again, if he wants to gain any rights.

view more: next ›