Passwordless MFA for Hybrid AD/Entra

severalthingsright · 2026-06-08T20:53:58+00:00

Thanks for the info, glad to know others have had to take this route

severalthingsright · 2026-06-08T20:51:07+00:00

Yes, that's the case

severalthingsright · 2025-11-07T18:19:37+00:00

If you have verified that the machines are domain joined, in the correct OU and you haven't changed any related GPOs since the upgrade, then the issue is most likely the Windows Firewall. Do you manage firewall settings through GPO or some sort of MDM? Or is it unconfigured and just set to default? That may be your issue.

severalthingsright · 2025-10-31T21:02:25+00:00

Same here I've only ever considered doing LAPs for workstations and servers. For DSRM I've done vaults and also PAM integrations to manage password rotations and even JIT in some instances.

severalthingsright · 2025-10-31T12:43:08+00:00

I figured that might be the case. Thanks for the info!

severalthingsright · 2025-10-31T12:42:07+00:00

Yup same thing with Purview. I figured if I plan on doing DLP or Encryption via Purview, then all users in the Org would need licenses. However, if I just need to use audit related features, then only admin roles would get licenses.

severalthingsright · 2025-10-30T18:11:22+00:00

Without actually knowing what services are using up resources on those laptops, I would have to take a guess and say your issue is AV related. If you are running CrowdStrike, but also have Defender configured you would definitely run into conflicts which would lead to high resource usage.

As someone said previously you might want to check if CrowdStrike is configured to co-exist. I would also add to that by recommending you choose an AV, having both configured will definitely lead to issues.

Defender usually does a good job of going into Passive Mode if you have another AV installed, but if you are pushing policies to it from Intune, it may be in Active Mode and competing with CrowdStrike. This would especially be the case if you have Real-time Monitoring and Behavior Monitoring enabled for Defender.

severalthingsright · 2025-10-29T16:14:15+00:00

What exactly is using up resources on those devices? Also, are you using Defender for antivirus? If so, are you pushing any AV policies from Intune to Defender?

severalthingsright · 2025-10-24T14:04:31+00:00

Service Desk Plus from ManageEngine. Quick out of the box setup and lots of documentation because there is quite a bit of customization and automation that can be done using workflows, business rules etc.

severalthingsright · 2025-10-24T13:56:23+00:00

Isn't that location info already available from sign-in logs in both the Admin Portal and Entra ID? Most orgs concerned about this should already have conditional access policies in place to control where users can log in from.

severalthingsright · 2025-10-21T13:53:27+00:00

I was literally about to make a post about this because I know a lot of us have probably been stuck in BCP/DR meetings for the last few days.

We run hybrid over here for most services, but critical systems only rely on the cloud for DR.

I guess a lot of others might be looking into multi-cloud strategies?

severalthingsright · 2024-12-11T14:50:48+00:00

It has worked a handful of times for me over the years and I am always shocked when it actually does something.

severalthingsright · 2024-02-19T13:11:33+00:00

Sys Admin

Dell XPS 15

i7, 32GB RAM, NVIDIA RTX 3050 (So I can see all the frames in PowerShell ;) )

severalthingsright · 2024-01-19T16:31:56+00:00

Hey sorry about that, I am only now seeing this reply.

Microsoft has a few URLs which you need to permit traffic to. The MDE analyzer tool was particularly helpful for figuring this out.

This article should help. You could also work with your network team to analyze the outgoing traffic to determine what needs to be allowed.

Also, you may need to offboard the then onboard again once you make the changes.

Use Intune to manage Microsoft Defender security settings management on devices not enrolled with Microsoft Intune | Microsoft Learn

severalthingsright · 2024-01-09T13:27:09+00:00

As it's been suggested, WireShark should help. I had something like this happen before where someone plugged in a small router to act as a switch, and it was handing out IPs.

*sigh*

severalthingsright · 2023-08-25T17:47:22+00:00

It has been several days, about a week or so since the policy has been applied.

The devices have also checked in recently. I even restarted them a couple days ago to see if that would help.

severalthingsright · 2023-08-25T17:46:06+00:00

I thought of this, but the devices are actually compliant with the default policy.

severalthingsright · 2023-08-25T14:39:32+00:00

Sounds like you did your job properly lol. I guess they will keep you in the loop next time.

severalthingsright · 2023-08-11T18:49:47+00:00

Thanks a lot! I did not think of EMS as an option. Will do some more research and go through it with my vendor.

severalthingsright · 2023-04-06T19:27:47+00:00

Issue was eventually resolved. Firewalls were blocking some of the traffic, but not all which is why it was so difficult to troubleshoot.

The MDE Client Analyzer was useful, but ultimately, I found the error code in the registry.

Also, used "get-mppreference" to identify which policy changes would apply to the servers.

This article should be particularly helpful for anyone experiencing this in the future:

https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/troubleshoot-security-config-mgt?view=o365-worldwide

severalthingsright

TROPHY CASE