User Profile
Rob-CTL
Iron Contributor
Joined Sep 07, 2016
User Widgets
Recent Discussions
Column Filter by Date, dates are listed numerically not date order?
Hi, I've noticed a new "feature" when filtering a date column by Date, when the filter check boxes appear they are in numeric order and not date order. I have access to a couple of tenants and it only appears to be happening on one, so is this a feature rolling out or one being retracted. A bit more details, when selecting the "Date" column I am selecting "Filter by" Then when the flyout appears all the dates are ordered numerically, which is about as much use as a chocolate tea-pot. If I do the same on another tenant the "Filter by 'Date"" check boxes are sorted by calendar date Could this be a setting thing or maybe another column type causing this behavour? Any help gratefully received.Azure Logic apps and Azure Alerts - Getting info from the logs
Hi, I have been migrating from legacy log alerts to scheduled query rules which I use for monitoring our on-prem server. The process was painless but the new email alerts compared to the legacy ones are missing important fields like computer name, event data and description which means we have to go into Azure, drill through the logs and find the issue - time consuming. I then found I could use Azure Logic apps for the alert notifications and following this Microsoft guide (https://learn.microsoft.com/en-us/azure/azure-monitor/alerts/alerts-logic-apps) I got that setup and it is working but I am still missing the fields in the email. My questions is how do I pull in the data from the Log query result into the Logic App, ideally I'd want the following columns from the logs - Computer, Eventlevelname, RenderedDescription. Any pointers gratefully received. Cheers RobRe: Cross-Tenant Access - Security hole? or am I missing a setting?
juliansperling thanks for the reply. I don't remember having a guest account on the tenant and checking now there is nothing showing for the user (checked deleted items as well) but you are right this seems to be the issue, if I use a different account from the tenant B it blocks access properly. So I can only guess there is something in the bowels of Entra where the user I was testing with used to have access and that is allow them to see all of Entra - not good. For info the guest access permission is set to "limited access" but as you suggest I don't know if these are respected by the B2B connections.Cross-Tenant Access - Security hole? or am I missing a setting?
Hi, I am just having a play with cross-tenant access as we'd like to use Shared Channels in Teams. I've setup a test connection between two tenants. Tenant A is configured for inbound access from Tenant B and then Tenant B is configured to outbound access to Tenant A. This appears be working. The part that makes me very nervous is if I sign into Azure using Tenant A's URL i.e. https://portal.azure.com/TenantA and then login with my Tenant B credentials I can see all the Azure Entra settings including user names, email, enterprise apps, devices etc. Is this by design? Can I do anything to prevent this kind of access? Cheers RobExcel Online - Row numbers missing?
Hi, I've just opened an Excel sheeting online and noticed the row numbers are missing? Thinking this might be specific to a particular spreadsheet I created a new one and the same issue is present, it looks like a view configuration issue but there aren't many settings in Excel Online so I am not sure what has caused it. I've tried clearing out cookies and using a different browser but the issue is still present. Any help gratefully received. RobMFA Authentication Method - Displays previously removed mobile number on password reset request
Hi, Very odd one today, a user just contacted me as they just had to reset their password. When they were prompted with the methods to verify identity they saw that their old mobile number was still available to send the verification code to. The background is this user had their SIM card cloned some time back, at the time we reset the MFA authentication on their account, removed the cloned SIM card's number and updated with their new number (this was all done through the Entra admin console). At the time everything looked to be configured correctly. Today when the user reported this I checked the authentication methods in Entra and it was correct, by that I mean that the new mobile number was the only number on the account. Has anyone seen this before? I am not sure where Entra dragged this number up from but it was a bit of a worry as in theory this compromises the security of the users account. Any thoughts gratefully received. RobRe: Endpoint Privilege Management - "Run with elevated access" only required once?
Thanks for taking the time to test this. I've been playing around adding other apps and they are working as you describe so I can only assume the first issue I had was a bit of a hic-up (or a issue between the seat and keyboard). Thanks for the help.Re: Endpoint Privilege Management - "Run with elevated access" only required once?
Hi Rudy_Ooms_MVP Thanks for the response, yes the policy is set to automatic but the question I was trying to ask, apologies if I wasn't clear, is why on first clicking of a approved privileged app it would cause the UAC prompt to appear and require the user to use the "Run with elevated access" command then after that the user can just double click the app and it will load i.e. not having to go through the "Run with elevated access" process. I am trying to document the process for users so I am just trying to understand if this behaviour is by design.Endpoint Privilege Management - "Run with elevated access" only required once?
Hi, I am just evaluating EPM and I just wanted to clarify the functionality. I've deployed my settings policy and created a rule to allow a specific app to run with evaluated privileges. The policy was deployed successfully to the PC. When I clicked on the test application (that requires elevated privilege permission) I got the UAC prompt, which is what I was expecting. Next I right click the app and this time select "Run with elevated access". For info the policy sets the application evaluation type to "Automatic" so the app loads with out the user having to enter a justification. I then close the app and this time just double click it to open it and it opens no UAC prompt or with the need to me to click "Run with elevated access" . I can see with Procmon that the application is running under the EPM account so I believe it is working OK. My question is once a application has been run once with the "Run with elevated access" command is it then approved to run all the time with out the need to select the "Run with elevated access" command? It not a massive issue as the app is authorised but it would be good to understand if this behaviour is correct. ThanksActive Malware Status - PC Clean?
Hi, Bit of an odd one, we had a PC that was infected with malware after the user downloaded some dodgy app. We have since run a full scan on the PC and removed the malware, follow up full scans confirm that there are no infections. However the dashboard is still showing this PC has active threats, it has been over 48 hours since the clean was done. Is there some other step we need to do to clear the status? Any help gratefully received. Thanks
