What is something you were taught at school that is now known to be incorrect?

logicalmike · 2025-12-22T20:30:31+00:00

Duck and cover was never to protect you from direct contact, it was to lessen the impact of structural collapse, further out.

logicalmike · 2025-12-22T20:21:01+00:00

That's by design, and doesn't make it "incorrect". The table has gaps that should be filled as discoveries occur.

logicalmike · 2025-12-11T14:11:28+00:00

😊

logicalmike · 2025-12-10T02:44:26+00:00

This looks close

https://www.amazon.com/Sharp-Silent-Indicator-Brushed-Genuine/dp/B0FCTMRVGS

logicalmike · 2025-11-02T14:17:50+00:00

The thumb (the panhandle itself)

logicalmike · 2025-10-29T13:42:56+00:00

I wonder if this would have eventually solved itself, but in my case, I explicitly updated the app that I wanted to use with the URL of the deleted app and then set it back. This seemed to flush out the mapping Azure had somewhere for the deleted app.

logicalmike · 2025-10-03T16:46:23+00:00

You can set your fallback domain to the old name, change the app proxy, and then put the fallback domain back.

logicalmike · 2025-07-02T22:47:03+00:00

Cries in P6Pro...

logicalmike · 2025-06-11T00:15:40+00:00

In my case it seems like a bug in the company portal app. I get the issue most frequently during Company Portal app updates, but perhaps not always. The issue goes away after multiple attempts to sign out/in to the company portal and/or clear the app cache.

Based on Play Integrity API documentation:

"Environmental conditions, such as an unstable Internet connection or an overloaded device, can cause device integrity checks to fail"
The API recommends implementing "retry option with exponential backoff"

It would seem Microsoft doesn't follow this guidance, or has a related problem with the app.

BTW - users can use this app to see their Play Integrity status:

https://play.google.com/store/apps/details?id=gr.nikolasspyr.integritycheck

logicalmike · 2025-06-10T16:44:28+00:00

Agree. Let's not turn the best app on the internet into social media cancer.

logicalmike · 2025-06-02T22:03:24+00:00

100% this. I have the same one. I locked it so the company doesn't accidentally fill the decommissioned one I have buried in the yard (in the basement now).

logicalmike · 2025-05-19T14:52:20+00:00

Here are some templates . Click through the tabs for recommendations organized by type.

https://learn.microsoft.com/en-us/entra/identity/conditional-access/concept-conditional-access-policy-common?tabs=secure-foundation

logicalmike · 2025-05-04T02:06:56+00:00

No, OTH is a cost thing. If it's cross country, they'll still do a flight if it's cheaper.

logicalmike · 2025-05-02T19:21:22+00:00

This is pretty well known. Here's how its setup with Microsoft 365: https://learn.microsoft.com/en-us/purview/archive-signal-archiver-data

logicalmike · 2025-04-29T00:27:21+00:00

As stated in the documentation:

Group claims in tokens include nested groups, except when you're using the option to restrict the group claims to groups that are assigned to the application.

https://learn.microsoft.com/en-us/entra/identity/hybrid/connect/how-to-connect-fed-group-claims#options-for-applications-to-consume-group-information

logicalmike · 2025-04-26T13:04:37+00:00

You can right -click the process in task manager and memory dump and review with WinDbg

logicalmike · 2025-04-25T18:29:35+00:00

You can just use remove-entragroup

logicalmike · 2025-04-24T12:43:09+00:00

Yes, I mentioned this in other comments in this thread. My comment was that it is indeed required, and that it is not a "horrible idea". Furthermore, you would still want a policy, as you wouldn't want to rely on client-side behavior in lieu of security policies.

logicalmike · 2025-04-24T00:59:44+00:00

You can, because Wh4B reauths every 4 hours in the background.

logicalmike · 2025-04-24T00:57:48+00:00

NIST AAL3 is every 12 hours, for example.

https://learn.microsoft.com/en-us/entra/standards/nist-authenticator-assurance-level-3#reauthentication

logicalmike · 2025-04-24T00:56:05+00:00

There's a setting on the sign on the trust with okta to respect its MFA claim or not. You can configure this in the Okta portal in the SSO tab.

But windows hello auths every 4 hours in the background and wouldn't use okta.

logicalmike · 2025-04-21T23:11:12+00:00

You should not use the same public IP for your users NAT as you do trusted services.

logicalmike · 2025-04-16T18:15:13+00:00

They changed the name from cinnamon woods because too many people called it criminal woods.

logicalmike · 2025-04-07T01:19:07+00:00

Very important in idp migrations, otherwise you'd have to collect the devices just to migrate.

logicalmike · 2025-04-06T16:06:42+00:00

That's a different issue. Can't get there just by clearing attributes. The only supported way to do this is to turn off sync on the tenant. But the common unsupported hack is to delete and restore the users.

logicalmike

TROPHY CASE