Admin
122 TopicsBlocking Personal Outlook and Gmail Accounts on Corporate Device
Hello Community, In my organization, we use the Microsoft 365 environment. We have a hybrid infrastructure, but we aim to deploy as many policies as possible through Microsoft 365 (Intune, Purview, Defender, etc.). One of our goals is to limit the use of corporate devices for personal purposes. We use Outlook as our corporate email service, and we would like to block employees from signing into their personal email accounts (either via web or desktop application). Additionally, we would like to block access to other email services, such as Gmail, both via web and desktop apps. Could you provide guidance on how to achieve this? I would greatly appreciate any help or suggestions. Thank you very much! Juan RojasMoving Microsoft 365 authentication to Entra ID Cloud Auth from On-Prem ADFS
Hi Identity Brain Trust, Assuming this would be the right place for my question as I couldn't find any other hub more relevant for this one. We have several applications configured to be authenticated via ADFS. We are looking to move these gradually to Entra ID Cloud auth and decommission ADFS, eventually. I would like to test out how Microsoft 365 can be moved to Cloud Auth from ADFS for a certain group of people. I have tried to use ADFS migration wizard in Entra but 365 app is not showing in the ADFS Application Migration section of Entra ID. I've read this official guide but still couldn't find how this can be manually done when App Migration section won't have the app appearing there. -https://learn.microsoft.com/en-us/entra/identity/enterprise-apps/migrate-ad-fs-application-overview Appreciate any of your inputs on this one! KevAzure Lighthouse: Updated Entra ID Group used for Authorization with new Users
With Azure Lighthouse and the managed tenant, when applying additional users to a related Entra ID group used for authorization, how do you identify the issues when those users show they do not have access to valid customer tenants and their resources, such as Log Analytics Workspaces?SolvedPASSKEYS being bypass or ignored by Windows
Admin: Good day. To anyone or anybody who has knowledge about this. I used passkeys in my personal laptop WINDOWS 11 it worked really great then my device needed to change its BIOS. It stayed in the repair shop for almost 3 months (odd, right? (November 2023-February 2024) Now I am using it again and it turned out its now under WINDOWS 10. Again, I set up passkeys in all my accounts to avoid the hassle of logging in again and again since I am the only one using it but then I noticed a strange activity. Passkeys aren't working right in some of my accounts from different webpages. Could it be that passkeys will work just right and excellent in our Digital Windows 11 over the WINDOWS 10? Pauline A. TuasonInactivating some of the builtin Microsoft Sensitive Information Types / SITs?
In Purview's CONTENT EXPLORER we see all 300+ built-in Microsoft SITs being discovered - about 2/3 of which aren't relevant to my org (i.e. identification numbers, social welfare numbers, passport numbers, revenue numbers, etc. from other countries - PNG attached with a few of them highlighted). Is there any way to inactivate or NOT search for/identify these irrelevant SITs?New Blog | Update on the Deprecation of Admin Audit Log Cmdlets
ByAngélique Conde We wanted to provide you with an important update to the deprecation schedule for the two Admin Audit Log cmdlets, as part of our ongoing commitment to improve security and compliance capabilities within our services. The two Admin Audit Log cmdlets are: Search-AdminAuditLog New-AdminAuditLog As communicated in a previousblog post, the deprecation of Admin Audit Log (AAL) and Mailbox Audit Log (MAL) cmdlets was initially planned to occur simultaneously on April 30 th , 2024. However, to ensure a smooth transition and to accommodate the feedback from our community, we have revised the deprecation timeline. We would like to inform you that the Admin Audit Log cmdlets will now be deprecated separately from the Mailbox Audit Log cmdlets, with the final dateset for September 15, 2024. This change allows for a more phased approach, giving you additional time to adapt your processes to the new Unified Audit Log (UAL) cmdlets, which offer enhanced functionality and a more unified experience. What This Means for You TheAdmin Audit Log cmdletswill be deprecated onSeptember 15, 2024. TheMailbox Audit Log cmdletswill have a separate deprecation date, which will be announced early next year. We encourage customers to begin transitioning to theUnified Audit Log (UAL)cmdlet i.e.Search-UnifiedAuditLogas soon as possible.Alternatively, you can explore using theAudit Search Graph API, which is currently in Public Preview and is expected to become Generally Available by early July 2024. Read the full post here: Update on the Deprecation of Admin Audit Log CmdletsSensitivity label for internal use and an external person
Hello everyone, I am looking for the most elegant way to classify a document as internal and still release it for one or two external persons. I have the following solutions in mind, does anyone know any better ones? Solution No. 1: I create an extra sensitivity label. Makes sense, for example, if it is a longer collaboration with auditors or something like that. Solution no. 2: I create a sensitivity label for "trusted people" and let the author decide. However, I have just tried this out and it looks as if all internal people are then also excluded from access, unless the author authorizes the corresponding group or domain - which I doubt for an average user. Many thanks for your suggestions and best regards, sophieWho uses the Microsoft Purview Governance Portal
Hi there, I am working with the Microsoft Purview Compliance Portal to protect sensitive data ect. and lately I've been coming across the Microsoft Purview Governance Portal again and again, but I can't really tell whether it's relevant for me in terms of information security and data protection or whether it serves a completely different purpose. Does anyone know more than me? Thank you very much 🙂Cannot login to Service Trust Portal
Hi, I'm trying to get some certificates from the service trust portal, but I keep getting "Service Trust Portal no longer support Microsoft Account (MSA) access." I'm using an account registeredon Azure and I checked the Azure Active Directory,and the user exists (seeing it's the owner of the account). What am I missing here?Unable to Disable User Quarantine Mails after enabling security presets
Hi, We have recently enabled security preset policies with Standard protection in our tenant. Since then, our users are receiving quarantine mails from Microsoft. We use AdminOnlyAccessPolicyfor quarantine in Anti-spam and Anti-phishing threat policies and in a couple of transport rules and yet users are receiving these quarantine mails. We did try creating a custom quarantine policy and assigning it toAnti-spam and Anti-phishing threat policies, hoping it would override the preset policies, but it didn't work. I know we can either turn off preset policies or block these using transport rules, but these are last resorts. Is there any way or policy to stop these mails keeping the security preset policies on? Thanks in Advance!!Solved