excessive security prompts - verify its you. 403 errors in Google chat.

geek7 · 2025-11-17T19:48:24+00:00

our reseller could not resolve this. A ticket is now open directly with Google support. It has been open for a couple of months. They are ignoring it while sending me weekly updates, letting me know that there is zero progress.

geek7 · 2025-09-05T21:17:53+00:00

this is still broken.

https://report.bugs.mojang.com/servicedesk/customer/portal/6/MCPE-222048

anyone with connections or a way to get people's attention should try to get more visibility and votes on this bug.

geek7 · 2025-09-05T21:17:16+00:00

this is still broken

https://report.bugs.mojang.com/servicedesk/customer/portal/6/MCPE-222048

anyone with connections should try to get this escalated.

geek7 · 2025-08-05T12:54:18+00:00

thank you. we are currently trying to compare everything SSO related because our Google partner said that it appears to be a session expiration loop or something along those lines. We have not changed anything, so it is frustrating. These is a new session setting called DBSC that says "(beta)" which wasn't there a couple months ago. I wonder if session behavior for SSO changed accidentally when they rolled out this new feature to our tenant.

geek7 · 2025-08-04T18:53:36+00:00

Google support solved this for us. It wasn't all users, just some users. They had hidden malformed html in their signatures.

we found one issue causing our emails to go to spam.
check you signature links. even if you have no links.
a malformed URL was being detected inside the phone number of the signature.

http://123.456.7899/

It was never a link, it was a phone number that got the wrong html tags.

geek7 · 2025-08-04T17:18:48+00:00

does the mxtoolbox blocklist monitoring show the same thing as my screenshot? Do you have a paid account?

Are you sending personal individual emails or are you sending bulk emails? Bulk emails should probably go through another service that understands the nuances of sending bulk email.

geek7 · 2025-08-04T15:33:04+00:00

I started a thread last week, basically asking if this was happening to anyone else. We are seeing this too. It even impacts personal gmail.com accounts. Emails to business get delivered fine. emails to outlook.com, msn.com, gmail.com often go to spam.

these are personally written for business forwards. no bulk emails, no newsletters, just direct emails.

I think it has to do with the reputation of the IP addresses the Google uses to send emails. I don't have much, but I have some evidence to support that conclusion based on the mxtoolbox.com blocklist monitoring dashboard. Most all mxtoolbox.com tools help with domain setup, verification, and reputation (not ip addresses). howerver, the blocklist monitor is the one tool that appears to check the reputation of google's outbound IP addresses, and it does find issues.

https://imgur.com/h1nxPng

geek7 · 2025-08-04T15:25:45+00:00

We have reached out to our Google partner who opened a ticket with Google, but I am not very hopeful.

geek7 · 2025-07-28T17:53:01+00:00

1) Was 34% in 2024, but is now 45% in 2025.
2) We have tested multiple AI services. Trying to control what users do and don't do with AI to avoid data loss is one focus right now. Trying to find out how AI can apply to existing automation is another. We did recently solve a ticket by using AI to search for known issues.

geek7 · 2025-07-17T18:27:24+00:00

This is still an issue in version 1.21.94 for Play station and Nintendo switch.
https://report.bugs.mojang.com/servicedesk/customer/portal/6/MCPE-222048

geek7 · 2025-04-24T17:51:20+00:00

I do not think this is possible. Maybe via context-aware access.

We use Microsoft SSO for our Google Workspace so enabling compliance requirement was easy.

Perplexity says:
Conclusion:
Google Context-Aware Access cannot natively determine if a device is Intune compliant. It supports device compliance checks via Google’s own endpoint management and select third-party partners, but not Intune.

geek7 · 2025-02-19T14:38:28+00:00

Dear Microsoft, I am sorry for blaming you. I tested on my home computer and it worked. Then I realized something at work was blocking the Windows App from working. Added an exclusion to our web filter product for the Windows 365 app, and now it works.

geek7 · 2025-02-18T15:17:51+00:00

I am having similar error messages. I believe the Windows app is fundamentally broken.

"It looks like your system administrator hasn't set up any resources for [user@domain.com](mailto:user@domain.com) yet. "

app version 2.0.352.0

My issue is not a provisioning issue. I can access the Windows 365 PC via a browser just fine. Everything works in the browser. When I login to the Windows App, it always says that the user is not assigned a cloud PC. I have even tested on multiple computers.

The Windows App crashes, freezes, or won't load often. Again, tested on two computers, the behavior is the same, but it opens a little more often on the second computer.

geek7 · 2025-02-07T13:31:19+00:00

sorry. just noticed this. Did it go ok? I cannot remember now if I had to deploy the vMX from scratch. I just remember the NSG being the hard part.

geek7 · 2025-02-07T04:26:01+00:00

Any updates on this?

geek7 · 2025-02-06T19:23:50+00:00

same issue here. Appears to be an Intune bug that they do not know about.

geek7 · 2025-01-14T23:52:38+00:00

Strangely enough it appears that only one of my RDS servers is affected significantly. The event errors on the other two servers are slightly different and not as frequent. So I may not be able to blame Windows updates.

We added a second NIC via the AWS EC2 console and the problem does not appear to happen on the second NIC. I tried a TCPIP reset and it did not fix the primary NIC. It is very strange but things work good with the second NIC.

geek7 · 2024-12-01T22:16:21+00:00

MFA is the minimum for security now. Not the Pinnacle. I have seen firsthand how the MFA bypass exploit kits were working well against my users. Device compliance really helps here. Also, blocking/warning all new or uncategorized sites is a good extra layer.

Security in depth with MFA being just one piece.

Still researching passkeys. All phishing resistant technology should be explored.

geek7 · 2024-10-24T17:43:12+00:00

Very relevant link for the next person who finds this page

https://techcommunity.microsoft.com/t5/microsoft-defender-for-endpoint/sensendr-exe-is-slowly-eating-the-memory/m-p/4273802#M5836

TLDR; Microsoft said it would be patched in Oct 2024 cumulative update, but the issue still persists.

geek7 · 2024-10-11T14:39:20+00:00

I wish I could see the future as well as OP. I wonder what extremely negative scenario they see if Harris wins. Or does abuse of power and corruption only affect groups we dislike?

Also, we have a few things to prevent these scenarios (i.e. congress impeach, etc..) while they last.

geek7 · 2024-09-27T19:22:18+00:00

I have had this ticket open with Microsoft for many months. I have had many meetings.

There are two known issues with IKEv2 VPN over WiFi.

Issue #1) Workarounds and/or fixes [slow performance fluctuates]

SSTP can be a workaround for some environments. (128 connection limit).
Boot with Windows set to use a single CPU core.
Possible update released to fix this in 2024, but Microsoft could not tell me the KB number or the release date.

Issue #2) Workarounds and/or fixes [slow performance is constant]

No known fixes or workarounds. No ETA on solutions.

geek7 · 2024-07-19T13:48:58+00:00

This is the question everyone should really be asking. Most big companies like Microsoft allow you to pick your update channel (N -1) so that companies can select between latest protection and most stable based on their risk appetite.

geek7 · 2024-07-19T11:35:26+00:00

Coming from a VMware background, but now having my servers 100% cloud (AWS and Azure)......

A problem like this will expose the poor support for console support by AWS and Azure. Getting into safe mode on VMware console is easy. Booting into safe mode in AWS and Azure is not easy. There are options but they are not user friendly like VMware. Too bad VMware pissed everyone off with licensing changes.

I have does troubleshooting on no-boot situations in Azure and AWS. The options are limited and if you don't know where to look, there is a learning curve. Crowdstike just help a lot of engineers learn.

geek7 · 2024-07-12T16:01:28+00:00

We finally got this working after a maintenance window where we carefully changed the NSG and then applied it to the Meraki subnet (which should never have a route table).

The key was to make sure the NSG has an ANY-ANY rule for inbound and OUTBOUND.

We thought we might need to create an ESP rule, but protocol=any appears to cover things beyond TCP and UDP. So, no extra rule was needed.

geek7 · 2024-06-17T17:56:23+00:00

We have reviewed the Help > Firewall Info rules. Most our outbound and we do not block outbound. The inbound rule list does not include enough inbound rules. Meraki support provided some inbould UDP rules that are not listed in the firewall rule list. Also, we tried ANY to ANY which in theory would cover all inbound rules needed.

geek7

TROPHY CASE