User Profile
sumo83
Iron Contributor
Joined 2 years ago
User Widgets
Recent Discussions
Guest accounts and MFA via Conditional Access in MS Entra
Hi experts, trying to get some help on my scenario and issue that external users started to experience since I've enabled MFA for external identities & guest users via Conditional Access. We have lots of external partners that we share some documentation with from our SharePoint. Some time ago, I have enabled "MS Entra B2B Integration for SharePoint and OneDrive" so that any external user that access shared files/folders in our SharePoint gets a GUEST account created in our tenant. This was also preparation for enabling MFA for External users via Conditional Access. I believe these are called "B2B Collaboration guests" Now, few days ago, I have enabled MFA via Conditional Access for all external users and guests, enabled for all cloud apps and require MFA to grant access. Until now, I got feedback from two external partners that their existing access doesnt work anymore - and they need to go through MFA (which is expected). The problem is that when they go through MFA set up, it ends up in a "loop" - meaning, they go through all steps but when completing the last step they are returned back to the very 1st step again. So they: scan QR code successfully authenticate get the page that it was successful get back to the 1st step asking to install or use MS Auth app The user tried different browsers also with Incognito tabs... When I am checking sing-in logs: guest account is created fine the status is: "Interrupted" additional details: The user was presented options to provide contact options so that they can do MFA. conditional access forcing MFA is marked as FAILED as MFA was not completed Both external partners that reported this are using MS Entra and I see their IDENTITY as ExternalAzureAD. Have not heard back from anyone else using other than ExternalAzureAD so not sure if there is something extra that needs to be configured. Anyone experienced this issue? Any idea what can be wrong? I do not have any cross-tenant collaboration etc configured...Enable MFA for external idetnities in MS Entra
Hi all, I am planning to enable MFA for guest accounts and external identities using Conditional Access in MS Entra. I am however wondering how I can select what Authentication methods can they use - or what would be the default behaviour. Currently, I am still using legacy MFA for internal users. I will migrate MFA to MS Entra later this year however, not sure how this is working when enabling MFA for external users. As I do use legacy MFA, my setting in " Authentication methods > Policies" have MS Authenticator set to NO. Now, do I need to switch MS Authenticator to YES if I want guests to use that app? And if I enable it, how do I assign it to External identities only? I do not see that kind of option there at all... I can assign it to all, for example, but I am not yet ready to migrate internal users as well... Would be happy to get some clarification on this. Thank you'Fleisnam' malware was detected (Agentless) - false alarm?
Hi experts, I have started to see this alert some time ago on a VM sitting in Azure. Tried to troubleshoot it, made some research and turned out this is triggered by Defender reporting it's own log files as malicious. At least that's what I've found on several blogs. It will identify a "log" file looks like every time I run defender full scan. An example of the file and location is below: Last few days, few more devices started to report the same... and I start to be a bit "nervous" about it. Is it a real malware? Is it really a defender bug? Anyone experiencing the same issue? Thank you.Updating MS Teams - different versions + vulnerable version showing in Defender
Hi experts, for months... I've been struggling with understanding how MS Teams is present/installed on our company and laptops and why I see 20 devices out of 65 total in defender marked as "Update Microsoft Teams" as the number 2of "TOP SECURITY RECOMMENDATIONS". It looks like the rest of the devices are just fine... but for few months... I still have 20 devices there... including mine. So lets try to focus on mine. I am using "NEW MS Teams" version below(checking this via TEAMS > Settings) When I check via "Add / Remove programs", I see the below: So I guess the Microsoft Teams on the top is the NEW TEAMS that I use... The other two are not reported as vulnerable in Defender - picture will be below. Now, this is what I see in Defender SW inventory for my laptop when I search for TEAMS: My Questions: why I can't see the version of TEAMS there that I see when checking my TEAMS > Settings? the two other TEAMS (add-in and machine-wide) are not marked as vulnerable, so thats fine what are the other TEAMS that are displayed in DEFENDER SW inventory for my laptop? and the most important one - HOW DO I PATCH the vulnerable ones? If I do not seem to have them installed? I am so confused by this.... and it is really frustrating as it affect negatively the Vulnerability Score that is one of our key indicator for checking our overall security 😕 thanks for any adviceSuppress DEFENDER alerts for endpoint (Windows 10/11)
Hello, I am trying to find out whether there is a way to suppress Defender for endpoint notification in Windows 10/11. The reason is that we run security testing regularly and I do not want to get end users disturbed by Defender notifications on their computers. I was able to suppress alerts in "Microsoft Defender XDR > Rules > Alert tuning", but this only affect the alerts generated in Defender portal. We use M365 E3 with M365 E5 Security Thank you.App Protection Policy not pushed to iPhone for one user
Hi, I am wondering whether I can get any advise on the issue I'm experiencing when testing app protection policy. I do not have phones onboarded/managed. I have configured one policy for Android and one for iPhone and assigned these policies to a group of testers. Now: I have 3 users with iPhone that all works fine (Teams, Outlook, etc) I have one user with an Android and iPhone. His Android has synced fine and apps protection works. However, his iPhone, the app protection was not pushed at all. He uses Outlook on Android and TEAMS on iphone as protected apps In App protection > monitor > app protection status - I can see his Android device listed there accessing Outlook or onedrive... But there is no record of his iPhone he upgraded iPhone software to match the one I got (the latest one) in Intune > Tshoot + support > searching his name > App protection policy - I can see both policies (Androdi and also iPhone) assigned to the user. Anyone experienced this issue? Why it is all working fine on his Android and does not work at all on his iPhone?Scanning for Network Devices
Hello! I'm trying to set up the Network Devices scans in Defender under Assets > Devices, and it is just not working at all. From what I've learnt, there is a "passive" discovery that all onboarded devices will be listening for network devices and they should be then shown in Network Devices. I could see them several weeks ago (months maybe)... but can't see anything there now.... I believe I have all set up properly... Managed to install network scanner for active probing which works fine (found aruba and cisco devices using SNMP), but the passive listening not working as expected. What do I miss here? Was there any change in the default behaviour that affected the functonality?Sensitivity Labels not working as expected
Hi experts, I've been playing with sensitivity labels recently and I'm in testing phase currently having few ppl testing it for me before I officially deploy to all. However, it looks like there are few things that do not work as expected and I'm not sure why. Hope I can find some help here. Here is what I have configured and what is the experience during our testing Email should inherit sensitivity label form attachment I have label for documents set as required , and email is set to no default label and selected "inherit" label from attachment I have "Confidential\View Only" label that has allowed only "Viewrights / Reply / Reply all" allowed permission. Testing experience:For emails, when I attach a document with this label assigned, there is no restriction at all and I can forward, download, etc... and the recipient can forward with no issues. Looks like inheritance of label from attachments to email is not working at all. When I (as a recipient) download the attachment, I see that the document has restricted permissions (can't print, save, etc) so it looks it is working on the document level. "Confidential\Internal" label should be blocked I can share with external users via SharePoint ...and can even open it as external user with no issues at all.. Label access control nor DLP prevents this!!! Is there something I miss here? Not sure if important - I have "MS Entra for Sharepoint enabled" DLP is configured to check Sharepoint, Emails, OneDrive for "Confidential\Internal" for "content shared outside the organization" and "sensitivity label Confidential\Internal" and BLOCK it DLP works fine for emails with attachments labelled with this label, and it is blocked as expected Confidential\Internal is blocked in the outlook when trying to send email when I am sending an attachment with Confidential\Internal document in Outlook (New Outlook), I see a note about external users that needs to be removed. When trying to send anyway, it is blocked and I get a message below. Which is great however, another two testers do not get this experience and their email is blocked with DLP (mentioned above) only - which is nice, but the experience I get is much better as users can correct recipients instantly (FYI - I am using NEW Outlook - need to check later this week with the testers if they are on Old or NEW one) Its a bit of text, and I apologize... Wanted to describe is as best as I can 🙂 ... and hopefully help anyone else facing the same... Would be grateful for your help.... As the testing is super time consuming due to the fact that any change I make to sensitivity label and policy, I prefer to wait recommended 24 hrs to see if it had any effect.... Update: forgot to ask, why I see some "built-in" labels when creating emails? When I go to "More Options", in new email, I can see the below: When I go through New Email > Options > Sensitivity - I can see the labels I configuredDownload huge amount of data from SharePoint external folder
Hi all, wondering what is the best way to download data from a SharePoint folder shared with me from external user. The folder contains thousands of subfolders and files and the size is approx 50GB. I've tried standard "download" feature but it did not work properly. It downloaded only approx 4.6GB and finished. I have also created a VM in Azure to avoid issues with my laptop and connections... expected the Azure VM will be more stable for this task, but the result was very similar - approx 4.6 GB downloaded.... Looks like there may be some limitation? I do not have a "sync" in that shared folder option to go that way... Any ideas of how to download the data? It is a bit critical as I'm under time pressure to download those data so would be grateful for any help.
