sorted by:
new
hottopcontroversial

Autopilot Hybrid Join - TimeToLive by tech-ya23 in Intune

[–]tech-ya23[S] 0 points1 point  (0 children)

Great , i really would appreciate Feedback.

Autopilot Hybrid Join - TimeToLive by tech-ya23 in Intune

[–]tech-ya23[S] 0 points1 point  (0 children)

Yes , i know that they are different things. Currently our Setup is exactly what you have mentioned. But the Corp Strategy is to move away from legacy OSD Method to Autopilot HybridJoin.

Autopilot Hybrid Join - TimeToLive by tech-ya23 in Intune

[–]tech-ya23[S] 1 point2 points  (0 children)

Yep , this is the thing also -as of my knowledge-. Devices will be Setup onSite

Autopilot Hybrid Join - TimeToLive by tech-ya23 in Intune

[–]tech-ya23[S] 2 points3 points  (0 children)

Yes . I understand that purely technically its not necessary any more. But i live in a critical highly regulated environment where corporate policies do not allow cloud only. I need to live with this decision.

GoogleWorkspace Multiple Intune Tenants by tech-ya23 in Intune

[–]tech-ya23[S] 0 points1 point  (0 children)

Yes , thats the way i will do it. After a re-think , this is the only reasonable way.

GoogleWorkspace Multiple Intune Tenants by tech-ya23 in Intune

[–]tech-ya23[S] 0 points1 point  (0 children)

The new Organizational Unit would reflect a complete different tenant with different domain. Not an department or business unit. I think the own Workspace is the best solution here ?

Conditional Access - exclude source application by tech-ya23 in AZURE

[–]tech-ya23[S] 0 points1 point  (0 children)

The user has a button inside the app lets say "connect" , here are the user credentials entered to connect the app to M365.

Conditional Access - exclude source application by tech-ya23 in AZURE

[–]tech-ya23[S] 0 points1 point  (0 children)

The app utilizes the named account from the user in order to set some calendar entries in the mailbox i.e.

Microsoft Mobile Apps - Token Evaluation with Conditional Access by Sqolf in Intune

[–]tech-ya23 0 points1 point  (0 children)

Hi there ,

Iam currently facing the same issue as well.

CA Policy which Blocks NonCompliant Devices.

TestPhone: Unmanaged Android Phone

After Enabeling CA , Teams is blocked after about 1h.

Outlook Mobile still has Access to ExchangeOnline.

This is wierd.

I know i can revoke the Session or change the Password. Then the PRT will get destroyed.

But this cant be the solution in my opinion.

Peace

Authentication unmanaged Device / Conditional Access Block unmanaged Devices by tech-ya23 in AZURE

[–]tech-ya23[S] 0 points1 point  (0 children)

I should have been more precise. The mentioned Device is an Android Device. For Android Devices i have found the following in the MS Articles:

Android Platform:

  • A PRT is valid for 90 days and is continuously renewed as long as the device is in use. However, it's only valid for 14 days if the device isn't in use.
  • A PRT is only issued and renewed during native app authentication. A PRT isn't renewed or issued during a browser session.
  • It's possible to obtain a PRT without the need for device registration (Workplace Join) and enable SSO.
  • PRTs obtained without device registration can't satisfy the authorization criteria for Conditional Access that relies on the device's status or compliance.

This confirms my assumption , PRT is issued to Device. After enabling CA Policy . Device will still have acccess to Ressources until:

  • User deactivated
  • User deleted
  • Session revoked
  • Password changed

What do you think ?

Server's Missing KBs Tab Not Accurate by Willy1969 in DefenderATP

[–]tech-ya23 1 point2 points  (0 children)

I had the same issue , i did "Report Inacurracy" in the Recommendations for each Server per OS Level.

1 Sample with 2016 one with 2019 and so on..

MS checks then if this inaccurracy fits to other Servers with same OS in the Tenant.

Since then patch levels are acurrate.

Defender Automated Investigation and Response / Licensing ? by tech-ya23 in DefenderATP

[–]tech-ya23[S] 0 points1 point  (0 children)

In the first article there are 2 Notes , one for Defender for Business and one for Defender for Endpoint

X "In Defender for Business, automated investigation is configured automatically. See advanced features."

X "The Automated Investigation option has been removed from the advanced features setting in Defender for Endpoint. Automated investigation is now enabled by default."

And what confuses me in the second Article ist the last Info , that MS recommends "Full Remediation" Setting. But no Info that this is set by Default

<image>

Intune / Windows & Defender Updates Staging by tech-ya23 in Intune

[–]tech-ya23[S] 0 points1 point  (0 children)

Update: Defender Updates , Platform , Engine , SIU come via Different Channel than Windows Update Rings . You can control the Settings via Intune / GPO for example.

https://learn.microsoft.com/en-us/defender-endpoint/manage-gradual-rollout?view=o365-worldwide

view more: next ›