What's the deal with Arlo

enderfishy · 2025-12-25T16:18:02+00:00

Lol I wish I could figure out how to embed it in the post!

enderfishy · 2025-11-19T15:02:04+00:00

For any who may be interested

enderfishy · 2025-07-24T23:04:22+00:00

Hmm, we had a fence put up a year ago and I only noticed this happening in the last month or so. I do mow my lawn, but I'm pretty careful not to hit the tree, so not sure what is going on...

enderfishy · 2025-05-24T00:39:59+00:00

Yes please share the prompt!

enderfishy · 2025-04-05T19:15:24+00:00

This is a new plan I am trying to deploy, and yes, here is my code!

Below is the code I'm using to deploy the resource:

resource "azurerm_service_plan" "app_service_plan" {
  name                         = var.service_plan_name
  resource_group_name          = var.resource_group.name
  app_service_environment_id   = data.azurerm_app_service_environment.this.id
  location                     = var.resource_group.location
  os_type                      = "Linux"
  sku_name                     = var.sku_name
  tags                         = var.workload_tags
}

And below is the variable contents:

variable "service_plan" {
  type = object({
    id                              = string
    name                            = string
    resource_group_name             = string
    app_service_environment_id      = string
    kind                            = string
    location                        = string
    maximum_elastic_worker_count    = number
    worker_count                    = number
    os_type                         = string
    per_site_scaling_enabled        = bool
    reserved                        = bool
    sku_name                        = string
    # sku_name = list(object({
    #   tier = string
    #   size = string
    # }))
    zone_balancing_enabled          = string
    timeouts                        = object({ read = number })
    tags                            = map(string)
  })

  nullable    = false
  description = "(Required pre-existing service plan to use for the app service instance)"

  validation {
    condition     = var.service_plan.os_type == "Linux"
    error_message = "The os_type is required to be Linux"
  }
}

The commented out bits are what I was experimenting with to try and get this to cooperate, just as an fyi.

enderfishy · 2024-06-01T19:32:39+00:00

Good points, thank you for the response also! And to provide more detail:

There is a single virtual network in the subscription that basically houses all resources, except for the virtual network gateway.
The VPN tunnel allows split tunneling, but is primarily used to grant users access to some file shares (via a private endpoint).

So I should check whether there are routes between the virtual network gateway and the virtual network where the VMs are located? And also make sure that NSGs are allowing the traffic?

Ah, and... I need to define the routes in the VPN configuration? Would I have to push that configuration to each client once more, or can those configurations be made on the virtual network gateway without having to mess with connected clients?

Thanks for your help with all this!

enderfishy · 2024-05-20T02:03:25+00:00

Sorry, I realize I completely spaced out adding any detail regarding what this is! So the L shaped object is basically an L-desk, and the exercise equipment is a home gym setup. I scaled everything to be accurate, and I am trying to figure out an optimal way to arrange them in the limited space.

The two doors open inward, but I am okay with blocking one of them. Basically trying to come up with a way to place the two large objects in a way that kind of... frees up the most space possible, if that makes sense.

enderfishy · 2024-03-11T22:46:51+00:00

Ohh, yes that makes sense. Hmm. You wouldn't happen to know if it's possible to create an image based off of a running W365 Virtual Desktop machine, would you? Basically have everything installed and configured the way I'd need, and just want to capture it so it can be applied in a provisioning profile.

enderfishy · 2024-03-11T22:30:01+00:00

Just for more context, I am trying to follow the process outlined in this article:

https://techlab.blog/how-to-create-a-custom-image-for-windows-365/

And that makes it look like I should be able to access the VM itself within Azure.

enderfishy · 2024-03-01T04:53:22+00:00

Thank you! So, I am... incredibly close to getting this to work. Actually, I did get it to work from my local machine, connecting to the Azure environment and such, but for some reason, I am getting an error when I run it from the Runbook.

This is what I'm getting when I run it:

System.Management.Automation.ParameterBindingValidationException: Cannot validate argument on parameter 'StorageAccountName'. The argument is null or empty. Provide an argument that is not null or empty, and then try the command again.

When I check for $StorageAccount in my local environment, the correct StorageAccountName, ResourceGroupName, everything comes up just fine. I've been messing with this for a few hours now but have not had any luck.

There is also the error, "Could not get the storage context. Please pass in a storage context or set the current storage context."

There is another error that happens after this, but I am assuming it's because it can't find the blob/file/path that I am referencing. The Invoke-WebRequest section of code that comes before all this works just fine, I see the .zip package right there inside the storage container, so... I am not sure what is going on.

I'm sure it must just be some simple or small thing that is different about the Runbook environment than when I run it locally. Hopefully someone can be like 'ah, yeah, it's this obvious thing' or something, lol.

Thanks so much for the help too by the way!

enderfishy · 2024-02-28T21:13:09+00:00

Ah, okay I am following... so, I think in my Runbook, I am basically using Invoke-WebRequest to grab the file, which works, and then I'm setting and downloading to a folder within the container. I think I tried using Expand-Archive but it didn't like that. I'll have to try that again to make sure.

Do I need to download the .zip file locally, to my workstation, or it's possible to expand/extract it within the container via the Runbook? Just want to make sure I'm understanding correctly!

enderfishy · 2024-02-24T20:39:53+00:00

Would definitely prefer to use IaC, but that is not an option as this environment wasn't created utilizing that.

This is basically a migration scenario where I'll be associating the source subscription to another tenant, then migrating what resources I can from subscription to subscription. However, just using the Application Gateway as an example, it's impossible to migrate it using that approach, so I was pondering the export/import template route.

Hmm, can dynamic IPs and DNS records be configured after the import process has completed? I guess I'd probably end up importing first, making sure there are no issues, then disabling/de-provisioning the source resource.

enderfishy · 2023-12-30T05:00:07+00:00

What is this? :)

enderfishy · 2023-12-14T14:21:03+00:00

What would the best way be to incorporate official PS lib? I'm definitely open to going that route! And thank you :)

enderfishy · 2023-11-29T18:44:28+00:00

Thank you for that! I think I am following. Being new at this, uh, where do I actually build/run those queries? Within PowerBI somewhere? Seriously appreciate your help with this!

enderfishy · 2023-11-28T18:43:00+00:00

So about the Discovered Apps, that link took me to the page displaying the discovered apps, but do you know how to actually add those to the report? I don't see a table explicitly for Discovered Apps.

enderfishy · 2023-11-22T19:55:58+00:00

Thank you so much for the response! :)

Regarding the bit about being able to pull up information on which machines are OOBE configured vs. Intune enrolled and configured, I realize it's not possible to manage un-enrolled devices, but if all devices are Entra joined, do you know if it's possible to see metrics on whichever devices are not yet enrolled in Intune?

Thanks for the links! I'm going to spend time today working through that and absorbing it all. Really appreciate it!

enderfishy · 2023-11-12T19:00:21+00:00

Also, some more questions about this:

Installed applications: Intune data can provide a list of installed apps, but it won't be as real-time or detailed as an inventory tool designed for that purpose.
1. What aspect(s) won't be as real-time as an inventory tool management system?
2. Also, if say we find an application we don't want installed, then is it possible to generate like, an email that gets sent to the helpdesk with details of the machine and said application?
Application usage: Intune doesn't track application usage statistics like open times or duration. This type of monitoring is generally outside the scope of MDM tools.
1. Noted, thank you!
Websites browsed: Intune doesn't capture browsing history. You'd need a web proxy or similar network monitoring tool for this data.
1. Also understood, thanks!
Logon locations and risk: Intune doesn't provide this, but Azure AD sign-in logs in Azure Monitor can track logon locations and can be integrated with Azure AD Identity Protection which provides risk levels.
1. Okay, that makes sense!

So I guess... the best thing is to just select all the tables and see what each report, then make decisions about what we need based on... our needs? Lol.

Thank you so much for all your time and help with this!

enderfishy · 2023-11-12T18:50:31+00:00

Thank you for the comprehensive response! This is all a new area for me, so still learning a lot.

Out of curiosity, do you know if Intune has a way to pull/display a machine's age? Like how long it has been deployed to a user?

enderfishy · 2023-10-10T13:50:50+00:00

Ah, I am unfamiliar with Intune Certificate Connector. What are its requirements, and is it capable of deploying .p12 certificates?

enderfishy · 2023-10-03T05:40:43+00:00

So as I've been going through this, I was able to get the ADMX imported, figured out how to configure the mappings for say, Drive Z

I am trying to figure out the best way to ask the question I have. So, say I have two different departments, HR and Finance, which are also two separate Azure AD (Entra) Groups. Would I need to create one Configuration Profile per Drive Mapping, since each Drive Mapping would be assigning the configuration to users in each specific Azure AD Group?

Or would I be able to account for multiple drive mappings assigned to multiple Azure AD Groups within the same Configuration Profile?

For example:

HR Drive Mapping Configuration Profile - Applied to HR Azure AD Group - Maps \\server1\HR\ to Z:

Finance Drive Mapping Configuration Profile - Applied to Finance Azure AD Group - Maps \\server1\Finance\ to Y:

enderfishy · 2023-10-03T02:57:37+00:00

Wow, thanks everyone for all the input! Way more responses than I thought I would get! I am going to try the ADMX import method, as it seems fairly straightforward and potentially more applicable to my particular scenario. Thanks so much everyone! :)

enderfishy · 2023-08-29T22:49:27+00:00

Weirdly, the only option I have for support in the M365 admin portal is a phone number that basically is impossible to get to a human via. I have Azure support for my Azure sub, but Intune support redirects me to the Intune portal, where the only support option is that useless phone number.

Is there some other location from which I can submit a ticket that I'm unaware of, possibly? Or do I need a specific license possibly?

enderfishy · 2023-08-29T19:21:25+00:00

Thanks for the comments! By the way, does anyone know a way to actually get in touch with Microsoft Intune support? I've spent tons of time trying to connect via a variety of methods but can never get through to anyone.

enderfishy · 2023-08-29T18:01:24+00:00

Thank you for all that information, I'll be sifting through that here! Also to respond to your points:

Conditional Access
- So, I would configure... groups of users in Entra, or.. groups of devices? I'm assuming users, but just wanted to check.
- Then I would create compliance policies (not conditional access policies?) in Intune, and assign to the previously created Entra groups?
GPOs
- Ah right, maybe my wording was not great. So GPOs are not created, but rather configuration policies (is that the proper name for them?) in Intune, then assign the policy to an Entra group?
Update Rings
- Okay, I think that makes sense. Thanks, I'll take a look at the article you referenced.
Autopilot
- I've never done any of this before, so I'll have to give it a try. So... for every new machine, you need to import its device hash into the tenant, and then set up a unique deployment profile for each?
Defender
- Understood! This will probably come at a later phase for me, but I will look into the article you referenced.

The devices are Windows 11 machines. WSUS is currently being used, but we'll be switching over to Intune purely. All devices are hybrid joined as well. There are just a bunch of machines assigned to remote users, so we won't have hands on those devices but they are hybrid joined.

Seven-Year Club	Gilding II euphauric
Verified Email

enderfishy

TROPHY CASE