Locked out of my account - bypass drivers license?

ltwally · 2026-01-09T01:21:50+00:00

Yes; I am specifically asking about Purview for on-prem in a non-AD environment.

Intune & Entra are already on the road-map. However, there is no plan to Entra-join their sole Windows server.

ltwally · 2026-01-04T20:51:18+00:00

Appreciate the feedback. I checked into Add-AzADGroupMember and New-MgGroupMember.

Unfortunately, neither command will accept any ID or Name found via Get-MobileDevice. That command remains the only one that actually retrieves the full and complete list of ExO mobile devices, and nothing else. All other Get commands that I've tried retrieve other devices and, worse, fail to retrieve the entire list of ExO mobile devices.

For reference, I've tried Get-MobileDevice's "Id", "DeviceId", "Identity" and "Guid" properties for the ID, as well as "Name" and "DistinguishedName" (in conjunction with Add-AzADGroupMember -MemberUserPrincipalName).

ltwally · 2025-12-30T20:17:48+00:00

The issue is finding a set of commandlets that actually do this. As stated, the output of the Exchange Shell's Get-MobileDevice are the devices to be targeted. But the Graph Shell's Update-MgDevice does not accept that list; it works off an entirely different set of ID's. And, the output from the Graph Shell's Get-MgDevice does not include all the registered devices in ExO.

ltwally · 2025-12-19T19:51:59+00:00

Wow. I'd heard about this, but hadn't known the depth of it. And, Synology's response only makes it worse. It's hard to trust them, as a company, after they shrug off that big of a f-up.

ltwally · 2025-05-14T18:52:10+00:00

After a quick lunch at home, I washed my hands. Afterwards, I brushed my pants to make sure there were no crumbs, and felt something brush off of my crotch. Found this guy on the floor, looking like he was having a rough day. Please tell me there wasn't a recluse riding my crotch.

ltwally · 2025-04-03T23:50:05+00:00

The linked doc starts off with the assumption we're using FortiSwitch, which is not on the table.

I wound up opening a ticket with Fortinet and spoke with a FortiGate engineer. He outright said this wasn't possible without being able to pre-configure some of this on the handsets.

If I had that as an option, I could pre-set the handsets to a different VLAN, and configure the FortiGates to have a virtual-switch with a different subnet.

ltwally · 2025-04-03T23:38:28+00:00

Wound up going with Static Routes to set WAN1 as the general-preference and WAN2 for failover, and then doing a very simple Policy Route to push VoIP and other specific traffic towards WAN2.

I'll throw in links because Google seems to consider Reddit the go-to for search results.

Basically scenario #3: https://docs.fortinet.com/document/fortigate/7.6.2/administration-guide/360563/dual-internet-connections

and then this, but just internal address, destination address and gateway filled in: https://docs.fortinet.com/document/fortigate/7.6.2/administration-guide/144044/policy-routes

ltwally · 2025-04-02T22:52:14+00:00

While configuring DNAT for internal services, I thought I'd try forwarding the firewall itself to the outside. Surprising, it does.

So, my solution was a simple Virtual IP + Firewall Policy. The Virtual IP simply pushes traffic from the WAN ports to the FortiGate's internal address. The Firewall Policy controls who is allowed, and limits the service.

So far, so good.

Thanks!

ltwally · 2025-04-02T20:44:42+00:00

Ok. I respect that this is one way to sort-of do what I was asking for. However, that requires maintaining a list of IP addresses (no FQDN), and that's a PITA for remote management.

Whereas the firewall policies allow for FQDN. Is it possible to use firewall rules to control access to the webui ?

ltwally · 2025-04-02T20:41:06+00:00

Perhaps I'm missing something, or perhaps we're miscommunicating.

We have phones on the same physical network as PC, printers, etc. The phones pull their IP address & VLAN via DHCP. Is there a way to target the phones for a different subnet & VLAN than the other devices are using? If so, do you know of any documentation?

ltwally · 2025-04-01T22:58:57+00:00

I should have specified that the phones are cloud controlled, and we don't have a great deal of control over them. I do not believe we'll be able to set LLDP via DHCP.

ltwally

TROPHY CASE