User Profile
Eric_H
Iron Contributor
Joined Jul 22, 2016
User Widgets
Recent Discussions
Re: ZAP Failed to move the messages
theclaz77 don't think so in this case. No other ExO rules show as applied. In some cases, the same email that went to multiple people could fail a ZAP for just one user. Seems to have gone away in the last few weeks so I think it was Microsoft server issues.4.1KViews0likes0CommentsRe: Web content filtering and indicator aren't working on third party browser
Also still does not work for us. Works as intended in Edge, but not in Chrome and Firefox. I see we're on a much newer version than the bug was reported on back in 2023 (currently 4.18.24010.12). I verified my test machines have network protection enabled. From my perspective, this has never worked - I remember seeing this over a year ago when testing this product.2.2KViews0likes19CommentsRe: ZAP Failed to move the messages
mhmmdrn Same issue for us, lots of failures with the ZAP messages in the last few months. Please post here if you find more information. Probably need to open a Microsoft support ticket, but I simply don't have the patience for that right now.5.2KViews0likes2CommentsRe: Device Remediation status misleading
Rudy_Ooms_MVP Shout out to karbonx1 for the scripts detecting LLMNR and Netbios. https://www.reddit.com/r/Intune/comments/nqpi60/proactive_remediation_scripts_to_disable_llmnr/ Like I mentioned, they run fine and report to the Intune portal correctly on the first execution of the schedule. But on the second execution (day 2) Intune resets all the stats. In a way I suppose it is reporting correctly - on day 2 the detection script runs and finds no devices with the problem, so no devices are "remediated." However, just logically, I would think the portal would keep a count of devices that have been remediated over time. Appreciate you glancing at the script as I am new to this - maybe I'm doing something wrong.9.4KViews0likes1CommentRe: Turn off Teams Preview by Default
VNJoe Did you figure this out? I just discovered that all of our users are using the Teams Public Preview version, even though the default Global policy is not set this way. The Global update policy says that users should only get the Public Preview of Teams if their MS Office is set to Current Channel Preview, and our users are all on the Quarterly Enterprise channel for Office. I created a new Teams Update Policy and am applying it to users manually. So far the Policy does not force their client to downgrade their version to the GA release, but it does remove the "Preview" notice and I can see specific Preview features get turned off. We've been dealing with a bunch of weird bugs in the client lately and I am really frustrated that they were getting the Preview version despite our policy being set to avoid this.7.4KViews1like0CommentsRe: Device remediation - Device removed from the group but remains in the remediation
Agreed this would be great. This lack of cleanup ability is really a problem throughout Intune. We can't remove old configuration, compliance, or app statuses either, which makes it difficult for admins to know the true status.597Views0likes0CommentsDevice Remediation status misleading
Maybe I'm just missing something here, but when a Remediation script repeats on a schedule, how can we tell if devices were remediated? All devices report "Without Issues" and ZERO devices fixed, but I know the script ran and fixed the problem weeks ago. Say I have 100 devices assigned to the script: - If the script runs just one time, everything reports fine. The Remediation Status shows "Issue Fixed" for all 100 devices. - If the script repeats (say daily), the 2nd run clears out these statuses. All 100 devices now show Remediation Status of "Not Run". Remediation status overview show 0 devices. Is this by design? This just doesn't make logical sense to me. If a device got remediated, in my mind it should always show that status as "fixed" so that my admins know it had the problem at some point, and the script fixed it.10KViews0likes5CommentsRe: Status does not update (New Teams)
Same issue at our organization. We're having to roll back many to the old Teams. Not only are we seeing the status issue, but many people are also saying they have problems with calls. Sometimes users suddenly can't make any calls, and others say the ringer acts weird, like it keeps going even after you pick up a call. We spent several months testing the new client and things seemed good, so this is a major frustration. Appreciate those of you with Microsoft tickets keeping us informed.4.5KViews0likes1CommentRe: Deploying company portal app - new store (0x87D1041C)
H3nk13T I saw that same article, but it is talking about detection methods. The Company Portal app does not have the same options as a Win32 app, so we're relying on Microsoft to properly detect this Company Portal app. I am deploying to device, and seeing the problem for regular users (not shared devices). I ended up waiting over 24 hours and the script recommended above in the thread did end up running and worked. Then waited another 12 hours for the New Company Portal app in Intune to update, and it now shows the test devices as "Installed" instead of "Failed." So, in the end, I have a solution with the powershell script, but hopefully the Microsoft Team somehow builds this into the new app install.6.2KViews0likes0CommentsRe: Deploying company portal app - new store (0x87D1041C)
Mathg76 K_E Any updates on this issue? I see the reply from June saying a newer version resolved things, but I am seeing the exact same issue here in September. I'm trying to run the github script but struggling to get it to run at all (still troubleshooting how to deploy). Really surprised the core issue hasn't been fixed yet since it would seem like a ton of people would be in this same scenario (Company portal original deployed from old store, new deployment erroring on install).6.8KViews0likes4CommentsRe: Exclude MFA requirement temporarily
This - Thanks for the tip! It requires 2 steps - to enable TAP on the 365 admin side for users, but also to push a policy to all the devices allowing web sign in. Once deployed, it seems to be exactly what we need to avoid disabling MFA for the users. It also will prevent us from having to change the user's password to work on their computer, so an added time save!2.5KViews0likes0CommentsExclude MFA requirement temporarily
When we configure a replacement device, we disable MFA for the user temporarily so that we can work on the device/account. We add the user to an AAD group which is excluded in the MFA conditional access policy. When done working, we remove them from the group, and MFA is enabled again. We just had an incident where a large group of users was added to this exclusion by accident. We also find users added to this group that get forgotten for days/weeks. This is obviously not ideal. We can do a few things to improve our internal process, but I'm just wondering what others are doing to disable MFA in these situations? It would be really cool if we could disable MFA temporarily for a user and Azure automatically enabled it again after 24 hours or something.2.8KViews0likes2CommentsRe: Trouble authenticating ODBC driver to Azure AD
Just a thought - is it an option to disable MFA for just this app? You can use Conditional Access Policies to apply or exclude MFA for specific apps, so you could possibly disable MFA requirements for just SQL connections. You could add other requirements instead, like trusted IP's.1.1KViews0likes0CommentsRe: Defender Email threat detection and SCL different per recipient
Thank you for your reply. I have verified the example email is processed by the same anti-spam/anti-phish policy for each user, and there are no Outlook junk email overrides being applied. I also confirmed that different behavior is taken for the same network message ID (delivered to multiple recipients). Based on all of this data, this seems to be specifically to do with SCL header values being processed differently per user, and then Defender taking different threat actions based on the SCL. One person direct messaged me and had the exact same issue, and the exact same experience with Microsoft Support. If anyone else has this issue please post to help get this addressed.2.8KViews0likes1CommentIs SCL Spam Confidence Level determined per recipient
Is it true that Defender determines the SCL per individual recipient? So 1 inbound email to 10 different people can have different SCL values assigned, and therefore different threat analysis results? More details here https://techcommunity.microsoft.com/t5/microsoft-365-defender/defender-email-threat-detection-and-scl-different-per-recipient/m-p/3770229 Thanks!Defender Email threat detection and SCL different per recipient
We have been seeing phishing emails reach user inboxes when they shouldn't. A phishing email will be sent to several users, and Defender will quarantine it for some users, and deliver it to others. All the users have the same Anti-Spam and Anti-Phishing policies which have been reviewed by Microsoft Gold partners and Microsoft support several times. These emails also do not have any overrides (transport rules or user settings) that are changing the behavior. After many tickets with Microsoft support over the last 6 months (the current one open for over a month), I have discovered that the SCL is different per recipient for the same email. This doesn't show up very well in the security portal because the portal may only show one version of the header no matter which recipient you look at. But if I download the messages for each recipient I'll find that some of the recipients see the email as SCL 5 (is spam) in the header, and other recipients for the same email show SCL 1 (not spam) in the header. And it seems the SCL level directly affects the phish detection / Threat analysis. When the email comes in with suspicion of being phishing (spoofed domain), Microsoft adds the analysis to the header (SFTY:9.25). Now if the SPAM detection is SCL 5 for a recipient, they go ahead and look at the SFTY header and quarantine the message. If SPAM detection is SCL 1 for a recipient, they seam to ignore the SFTY header and do NOT quarantine the message. Can anyone tell me if the SCL is designed to be different per recipient?! One MS Support agent suggested that this is by design, and the Defender AI is deciding the SCL value based on the recipient's past behavior, but they also are not closing the ticket and keep analyzing samples I send them (apparently the ticket is with the "product team"). It seems crazy to evaluate the same inbound email differently per recipient, especially if the Threat/Phishing detection is directly dependent on the SCL level. If it is a threat for one user, it should be threat to all users. It also means that my anti-spam and Anti-phish policies are useless to fix this, because I cannot change the SCL level that Defender's AI assigns to the email, I can only act on that analysis. Just really frustrated with the product and support lately and looking for some clarification on how this is supposed to work. Thank You!3.2KViews0likes3CommentsRe: Outlook "Share to TEAMS" cant find certain channels
SaraQ7, Interesting. How did you do that? I cannot seem to delete the icon from the ribbon. I went to "Customize Ribbon" in the settings and it is greyed out and cannot be removed. I also looked for it from the add-ins menu but I did not find it listed or a way to disable it. Isn't this "Share to Teams" feature controlled from the admin side? I found this: https://learn.microsoft.com/en-us/microsoftteams/teams-outlook-share-teams and looks like I'd have to identify the app GUID and disable via powershell?6.3KViews0likes3CommentsRe: Teams Meeting recordings not accessible to invitees
manshu1905 Great idea! I remember when I use to believe MS support could fix problems, lol. I appreciate any info you find out. If they suggest that other users should open tickets to help show the issue is systemic, let me know and I'll open a ticket as well.6KViews0likes2Comments
Recent Blog Articles
No content to show