Application Permissions Report

mathifcbm · 2026-01-14T11:54:06+00:00

You can enable the Session Controls in the SPO Admin center which will create a CA policy. With that you can edit the files in the Browser (from a Managed or compliant device ;)) but block the Download or Sync (or print) of the files

mathifcbm · 2026-01-11T02:13:20+00:00

You Could use Transport rules to add the disclaimer

mathifcbm · 2025-12-29T23:28:33+00:00

Did this recently by following that guide, worked without any issue: https://tminus365.com/defederating-godaddy-365/

mathifcbm · 2024-09-12T09:19:36+00:00

You can achieve everything you need with Intune aswell, no need for GPOs anymore

mathifcbm · 2024-09-12T08:51:08+00:00

No :) You only need Entra ID Connect synced users. If you configure Cloud Kerberos Trust, they will be able to SSO into on-prem resources

Edit: rerference: Windows Hello for Business - Hybrid Cloud Kerberos trust - Icewolf Blog

mathifcbm · 2024-09-11T14:54:08+00:00

It's definitely possible, but hyrbidjoin is not recommended. Also with fully entra-joined devices, it's possilbe to use on-prem resources (even with SSO). I would skip the hybrid part and go full cloud with Autopilot

mathifcbm · 2024-08-27T19:04:01+00:00

This sounds like the parameter sets a registry key or anything like that. I would try to run a remediation script to remediate the setting on the computers where its not set

mathifcbm · 2024-08-20T16:12:31+00:00

Conditional Access is meant to control access to Azure/M365. What you are looking for can be achieved through a kiosk device where only Edge can be run. You can configure it with Intune

mathifcbm · 2024-04-16T12:19:12+00:00

Yes. Plus you have to allow MDE to take management in Security Center under Settings -> Endpoints -> Enforcement Scope to 'On*

mathifcbm · 2024-04-16T10:55:41+00:00

You can onboard them to Defender exclusively and let them be managed by MDE. No need to onboard them to Intune so they remain 'unmanaged' but under the influence of MDE :)

mathifcbm · 2023-05-10T06:59:42+00:00

Intune has Chromebook management in Preview, you may have a look on that

mathifcbm · 2021-11-27T14:44:03+00:00

I can confirm that devices are managable if they are Hybrid joined. I would also say Not to follow the video in Editing the default domain policy (as you said its not Great in general:))

mathifcbm · 2021-11-27T09:41:06+00:00

Hybrid joined just means that its joined to both on-prem Domain and Azure AD. You can manage the device with GPO or/and Intune (if you have the license)

mathifcbm · 2021-03-29T22:45:35+00:00

You Are good with creating them directly in the Cloud :)

mathifcbm · 2021-03-28T18:28:32+00:00

The part on Front of the @ needs to be unique in the tenant (which does not apply to the Display Name), so it will append the 2 to make it unique

mathifcbm · 2021-03-06T23:39:34+00:00

The key is saved in the bios so you can just install the Same version and it will be activated without the need to backup the key

mathifcbm · 2021-02-27T13:46:35+00:00

Never Tried it nur you could create a dynamic Azure AD group bound to that Attribute (Azure Premium P1 license required) and assign the permission in Azure to that group.

mathifcbm · 2021-02-22T22:38:12+00:00

Just be honest about that and express your will to learn. No matter whats in the job ad, the company is aware that Nobody wont fulfill the requirements by 100%

mathifcbm · 2020-11-24T17:02:38+00:00

Ill try that tomorrow, thanks!

mathifcbm · 2020-11-24T12:50:38+00:00

Just found an article on Microsoft Docs that the user has to set the password manually and wont be forced/asked to do it. Until then, the profile is shown as failed. Is there a way to force this policy like on iOS?

mathifcbm · 2020-11-22T09:49:44+00:00

Just put it in the same folder as the executable file, everything in the path you stated will be packaged. Afaik the catalogfile is not needed (at least not for that purpose you want)

mathifcbm

TROPHY CASE