User Profile
sumo83
Iron Contributor
Joined Sep 20, 2023
User Widgets
Recent Discussions
Pop up window "Send blocked" for external users inconsistency with M365 E5
Hi experts, I would like to get an advice on the experience we have after switching to M365 E5 We are using Sensitivity labels and one of them is INTERNAL. This internal label is then used in DLP to block it from sending outside the organization. Before when with M365 E3, we had two different user experience when trying to send INTERNAL labelled data to external user: classic outlook - email was sent and after few moments, a notification email was received that the email was blocked for external recipients new outlook - a pop up window showed up when trying to send email asking to remove external user, etc - so the email was not even sent if a user didn't fix either label or recipients - and this was a great feature. Now, with E5, it is a bit inconsistent. Some users get a pop-up window (see attached picture), some receive a standard notification email once the email is sent.... etc. Using new outlook mostly so focusing on this one. Is there anything I miss here? I really liked the feature that user are not even able to send email if they hit our INTERNAL DLP policy. Would appreciate any help,.. as could not figure this out for quite some time now :/Windows Autopatch - monthly summary emails not received anymore
Hi, I am wondering whether anyone has the same experience -> I was receiving Monthly Quality Update Summary email from Windows Autopatch service configured in Intune. However, for last two months, this email has not arrived. I still receive the other notification email about Autopatch Advisory informing about how the updates will be deployed for the month, but not the summary email. Any idea if anything has changed? It was very useful for my monthly reporting....Blocking domain for group of users/or devices
Hi all, I am trying to find a way to block youtube for a group of users. We are using M365 E5 Security so can use Defender for endpoint or Defender for cloud apps. However, cant find a way to implement this. My idea was to create an INDICATOR in Endpoint that will be blocked, however I cannot select any group and "all devices" are included there in default. So not sure if this is a way. Neither Web Content Filtering cannot be used for my scenario Another idea was to use Defender for cloud apps. This looks promising but I am not sure how to target only specific users or devices? I managed to mark an app as "unsanctioned" but it applies for all devices. Any idea ? Thank you.Re: Audit of permission changes for SharePoint folder
Thanks a lot! I can see only "Shared file, folder, or site". There are lots for permission changes but linked to either site or group. I've tested this one and looks I can see what I was looking for....So thanks a lot! However, I only have 180 days of logs. Wondering if there is a way to extend retention of these logs somehow, or I need to upgrade to E5.Audit of permission changes for SharePoint folder
Hi all, trying to find a way to audit who has added users internally to some critical sharepoint folders. Trying via MS Purview > Audit, but no luck so far. Anyone could advise what exactly do I need to search for? (particular friendly activity for example). I’ve tried with no activities selected (so assume all are included) and specified Folder and set Workloads > SharePoint. However, it does not seem to return any permission changes… only events like file/folder access, creation, etc… any idea? We use have M365 E3 and M365 E5 Security subscriptionsRe: Guest accounts and MFA via Conditional Access in MS Entra
May I ask you somehting - as I am not 100% sure here and hope you may give me some more "light" into this. If I do not have MFA trust enabled, and I have GUEST user that completed MFA, I would expect I can see some details in "Authentication methods" in MS Entra for that user? If I understand it properly, MFA for those GUEST (who I do not have MSF Trust enabled) should be managed in our tenant.... so in case there is an issue at some point, I should be able to force "RE-REGISTER" MFA?Re: Guest accounts and MFA via Conditional Access in MS Entra
ok... This is an interesting one! Just FYI - I have migrated legacy per-user MFA to MS Entra just few days ago... Not sure however how the scenario you described could affect GUEST account in our tenant (MFA was not enabled for them). I have also deleted the GUEST user completely so that it is re-created when accessing our sharepoint again -> didn't help either... However, it may be an issue in their tenant with per-user MFA....who knows :) Anyway, I have enabled MFA Trust for their tenant and the issue is gone.... Was a strange issue, will try to investigate a bit more.... if I find anything, I will update here ;)Guest accounts and MFA via Conditional Access in MS Entra
Hi experts, trying to get some help on my scenario and issue that external users started to experience since I've enabled MFA for external identities & guest users via Conditional Access. We have lots of external partners that we share some documentation with from our SharePoint. Some time ago, I have enabled "MS Entra B2B Integration for SharePoint and OneDrive" so that any external user that access shared files/folders in our SharePoint gets a GUEST account created in our tenant. This was also preparation for enabling MFA for External users via Conditional Access. I believe these are called "B2B Collaboration guests" Now, few days ago, I have enabled MFA via Conditional Access for all external users and guests, enabled for all cloud apps and require MFA to grant access. Until now, I got feedback from two external partners that their existing access doesnt work anymore - and they need to go through MFA (which is expected). The problem is that when they go through MFA set up, it ends up in a "loop" - meaning, they go through all steps but when completing the last step they are returned back to the very 1st step again. So they: scan QR code successfully authenticate get the page that it was successful get back to the 1st step asking to install or use MS Auth app The user tried different browsers also with Incognito tabs... When I am checking sing-in logs: guest account is created fine the status is: "Interrupted" additional details: The user was presented options to provide contact options so that they can do MFA. conditional access forcing MFA is marked as FAILED as MFA was not completed Both external partners that reported this are using MS Entra and I see their IDENTITY as ExternalAzureAD. Have not heard back from anyone else using other than ExternalAzureAD so not sure if there is something extra that needs to be configured. Anyone experienced this issue? Any idea what can be wrong? I do not have any cross-tenant collaboration etc configured...Re: Enable MFA for external idetnities in MS Entra
Hi micheleariis I should have mention that before - I do have conditional access that requires all users to use MFA when accessing cloud apps. I am however not sure what will be the impact of enabling Authentication methods in MFA for internal users, as there is this "migration" in place and all guides I've read is that when you enable Authentication method in MS Entra, you should disable that method in legacy MFA portal.... However, I do not want to migrate internal users for now... and I just want to enable MFA for Guest/External users...Enable MFA for external idetnities in MS Entra
Hi all, I am planning to enable MFA for guest accounts and external identities using Conditional Access in MS Entra. I am however wondering how I can select what Authentication methods can they use - or what would be the default behaviour. Currently, I am still using legacy MFA for internal users. I will migrate MFA to MS Entra later this year however, not sure how this is working when enabling MFA for external users. As I do use legacy MFA, my setting in " Authentication methods > Policies" have MS Authenticator set to NO. Now, do I need to switch MS Authenticator to YES if I want guests to use that app? And if I enable it, how do I assign it to External identities only? I do not see that kind of option there at all... I can assign it to all, for example, but I am not yet ready to migrate internal users as well... Would be happy to get some clarification on this. Thank you'Fleisnam' malware was detected (Agentless) - false alarm?
Hi experts, I have started to see this alert some time ago on a VM sitting in Azure. Tried to troubleshoot it, made some research and turned out this is triggered by Defender reporting it's own log files as malicious. At least that's what I've found on several blogs. It will identify a "log" file looks like every time I run defender full scan. An example of the file and location is below: Last few days, few more devices started to report the same... and I start to be a bit "nervous" about it. Is it a real malware? Is it really a defender bug? Anyone experiencing the same issue? Thank you.Re: Best practice basics for Labels and DLPs to protect company data
this was a great help! I've tried to simulate the same and surprisingly, had the same results for gmail - when email is encrypted (can be even a different label than one used for attachment encryption), the attached encrypted document can be viewed in that temp outlook window. I did not even think to test it this way... 🙂 In this situation, I will put back "attachment to email" label inheritance as I have removed it due to issues with encrypted documents... However, looks like it will actually help 🙂 For Sharepoint - when sharing encrypted document externally with gmail account, I go through authentication, but then get error "Sorry something went wrong. An error has occurred on the server" looks like sharepoint encrypted document sharing via link with external users (specified users) is the last bit that does not work... 😕 it is shared to "specific users", and encryption is allowing all authenticated users to access with Co-Author permissions.Re: Best practice basics for Labels and DLPs to protect company data
Hi! ..thanks for your response! so the situation for scenario when sensitivity label encrypts document is: -when sharing externally with MS users, they can open it with no issue with their M365 desktop apps? -when sharing externally with non-MS users (e,g, google workspace), I simply need to change label to a one that does not encrypt data, and send as unencrypted is this how it works then? Do I understand it properly?Re: Best practice basics for Labels and DLPs to protect company data
Hello experts, I appreciate all your help so far... and wondering whether I can get some advice on the last part I am facing during my testing. I have Sensitivity labels configured, DLP configured, and been testing it all last few weeks... All works fine for MS users, however, facing issues with non-MS ones I am wondering how you are dealing with confidential information that needs to be sent to external parties. For emails it works fine via OTP, however for documents - if external partner is using Google Workspace, for example - they cannot open it. From what I've read on MS sites, this is a known limitation as the app opening encrypted document needs to be able to work with them - which google docs apparently does not. I am looking for some advice on how to deal with these situations....
