User Profile

alschneiter

Brass Contributor

Joined 7 years ago

19 Posts6 Likes2 Solutions

View All Badges

User Widgets

Recent Discussions

Re: AAD Break Glass Account: Hardware key & MFA
Hi Niklask, there was a recent change on that topic. Before, it was not recommended to use MFA for emergency (Break Glass) accounts but for sure to monitor logins using Sentinel or Alert rules. On the newer docs article, there is a recommendation for not to use the same MFA factor. But still monitor the login. https://docs.microsoft.com/en-us/azure/active-directory/roles/security-emergency-access Also make sure to exclude at least one account from all Conditional Access policies and disable per user MFA (anyway if Conditional Access is in place).
Dec 13, 2021 Place Microsoft Entra
11KViews
0likes
0Comments
Re: Subscription Expiration Notification
If you use Azure Free Services, they expire after 12 month. Others don't. Microsoft will send you an email notifying you when it's time to upgrade. Note: Once your free services and quantities expire, you're charged pay-as-you-go rates for any services you're using. You can use the Azure portal to delete the resources for the services that you don't use. If you don’t intend to use any Azure service, you can cancel your subscription.
Dec 11, 2021 Place Microsoft Defender for Cloud
4.6KViews
0likes
2Comments
Re: Azure Active Directory backup
Indeed. I would also recommend to secure your Azure AD Tenant using P2 together with PIM and Least Privilege. Also go in Governance in General for Azure and Microsoft 365 Services.
Dec 11, 2021 Place Microsoft Security
2.3KViews
1like
4Comments
Re: Subscription Expiration Notification
There is a script available here: https://o365reports.com/2020/03/04/export-office-365-license-expiry-date-report-powershell/ You could use also Azure Automation to run the script on schedule and send some notification to Teams or by Mail. Cheers, Al
Dec 10, 2021 Place Microsoft Defender for Cloud
4.7KViews
0likes
4Comments
Re: Disable using chrome, edge and office apps via intune
It depends on the licensing. But easy blocking browsers is Defender for Endpoint together with Endpoint DLP https://docs.microsoft.com/en-us/microsoft-365/compliance/endpoint-dlp-using?view=o365-worldwide#unallowed-browsers
Dec 10, 2021 Place Microsoft Intune
15KViews
0likes
0Comments
Re: AutoPilot White Glove
In this case, you can use GPOs. However, I would recommend to move all configurations to Endpoint Manager instead of GPOs.
Jun 09, 2020 Place Microsoft Intune
4.5KViews
0likes
0Comments
Re: Intune License for Device Enrollment Manager accounts
DanielNguyen Hi, A good practice would be to create a dedicated user and assign an Intune license to this user. Then assign the Device Enrollment Role to it. This allows you to enroll up to 1000 devices. If you have Azure AD Joined devices, they are already enrolled in Intune (Endpoint Manager). You maybe need to configure the proper settings first (Autoenrollment, DNS). But it requires Azure AD P1. Also have a look at the device enrollment restriction policies. They do not apply to Device Enrollment Managers for Windows: https://docs.microsoft.com/en-us/mem/intune/enrollment/enrollment-restrictions-set#create-a-device-limit-restriction Each user who is using Intune (Apps, Profiles, Policies, etc) needs a license. If you have shared devices, Kiosk or Signage for example, you can use "Intune Device-only" licenses. This licenses do not need to be assigned to any device or user. https://techcommunity.microsoft.com/t5/microsoft-endpoint-manager-blog/microsoft-intune-announces-device-only-subscription-for-shared/ba-p/280817 Hope this helps, Cheers, Al
Jun 08, 2020 Place Microsoft Intune
33KViews
1like
3Comments
Re: AutoPilot White Glove
Nip17 Hi, If you use Azure AD Join you won't be able to use GPOs. You can use Device Config Profiles in Endpoint Manager together with "Administrative Templates" Profiles. If you use Hybrid Azure AD Join during Autopilot (with White Glove or not), you can use the GPOs you have provided already. Hybrid is joinig your device into your on-premises Active Directory. https://docs.microsoft.com/en-us/windows/deployment/windows-autopilot/white-glove#preparation Hope this also helps. Cheers, Al
Jun 08, 2020 Place Microsoft Intune
4.5KViews
0likes
2Comments
Re: Cloud app security
Hi Mother_nature465 Do you get an error message? I assume, licenses are there Cheers, Al
May 09, 2020 Place Microsoft Defender for Cloud Apps
1.1KViews
0likes
0Comments
Re: Large Win32 Applications - Company portal deployment
Hi JossCurnuck The limit is actually 8GB of any app. Have you ever tried to download the app trough another connection? Do you use a proxy with SSL inspection? Also, can you have a look at this page: https://docs.microsoft.com/en-us/intune/apps/troubleshoot-app-install and https://docs.microsoft.com/en-us/intune/apps/troubleshoot-app-install#win32-app-installation-troubleshooting Collecting the logs? Any logs in the Intune Management Extention: "%ProgramData%\Microsoft\Intune Management Extention\Logs\IntuneManagementExtention.log" Cheers, Al
Mar 10, 2020 Place Microsoft Intune
6.6KViews
1like
1Comment
Re: Large Win32 Applications - Company portal deployment
Hi JossCurnuck Glad to hear. Let me know if you need further help. Cheers, Al http://blog.alschneiter.com Twitter: https://twitter.com/alschneiter
Mar 09, 2020 Place Microsoft Intune
6.7KViews
0likes
4Comments
Re: Large Win32 Applications - Company portal deployment
I have several applications with 500-600 MB (Example, Dynamics Client). I reccomend to configure Delivery Optimization for sure. Have you tried this? It will allow you to peer the data.
Mar 08, 2020 Place Microsoft Intune
6.9KViews
1like
6Comments

Recent Blog Articles

No content to show