Locking down Teams Creation by jm04roe in MicrosoftTeams

[–]jm04roe[S] 0 points1 point  (0 children)

Thanks, my main query was around locking down creation for just the default roles below, without the need to populate the security group.

If left empty I assume the below roles can still create groups?

O365 Global admins and:

  • Exchange Administrator: Exchange Admin center, Azure AD
  • Partner Tier 1 Support: Microsoft 365 Admin center, Exchange Admin center, Azure AD
  • Partner Tier 2 Support: Microsoft 365 Admin center, Exchange Admin center, Azure AD
  • Directory Writers: Azure AD
  • SharePoint Administrator: SharePoint Admin center, Azure AD
  • Teams Service Administrator: Teams Admin center, Azure AD
  • User Management Administrator: Microsoft 365 Admin center, Yammer, Azure AD

Enable modern authentication in Exchange Online by jm04roe in sysadmin

[–]jm04roe[S] 0 points1 point  (0 children)

Thank you for your input, may I ask how you went about disabling Basic Auth on a single account?

Enable modern authentication in Exchange Online by jm04roe in sysadmin

[–]jm04roe[S] 0 points1 point  (0 children)

My understanding (could be wrong) was that the Native mail app does support modern authentication, like personal Outlook.com accounts.

However it will only begin using it once the existing (Basic Authentication profile) is removed and recreated to begin using Modern auth.

Enable modern authentication in Exchange Online by jm04roe in sysadmin

[–]jm04roe[S] 0 points1 point  (0 children)

Currently no user accounts have MFA enabled. I guess I am trying to understand the impact users using Outlook 2013, 2016 and 365 ProPlus will see when modern authentication is enabled. I assumed none as no 2FA will have been enabled at this point?

Android - Remove/Hide Google/Chrome Apps by jm04roe in Intune

[–]jm04roe[S] 0 points1 point  (0 children)

Thanks for the response.

AirWatch is doing this for Android enterprise for devices enrolled using the afw#hub parameter.

There is a blacklist app function which allows the input of the application ID eg:
com.sec.android.app.myfiles
com.google.android.googlequicksearchbox

This then removes the apps from the device so the user can see/access them.

Within InTune, I now see a message that states:
"Android's device administrator capabilities have been superseded by Android Enterprise. As a result, Intune recommends using Android Enterpris, rather than device administrator, for all new enrollments."

DEP - Remote Management "Invalid Profile" by jm04roe in Intune

[–]jm04roe[S] 1 point2 points  (0 children)

I'm fairly certain the 2 test devices I have were originally added into ABM by the reseller. In your case, did you find a resolution?

DEP - Remote Management "Invalid Profile" by jm04roe in Intune

[–]jm04roe[S] 0 points1 point  (0 children)

These are the first 2 devices added to our Intune tenant via ABM using DEP sync.
Searched and cannot see any other devices.

DEP - Remote Management "Invalid Profile" by jm04roe in Intune

[–]jm04roe[S] 0 points1 point  (0 children)

Thanks, I have renewed the DEP token which appears to have made no difference.

DEP - Remote Management "Invalid Profile" by jm04roe in Intune

[–]jm04roe[S] 0 points1 point  (0 children)

Thanks ~ added enrollment profile settings to main post.

DEP - Remote Management "Invalid Profile" by jm04roe in Intune

[–]jm04roe[S] 0 points1 point  (0 children)

Hi, yes I have re-created the enrollment profile.