Local Admin Rights
Hi Experts, I have a customer running a Hybrid Azure AD Join environment with all Windows devices enrolled in Intune. Currently, Domain Users are being added to the local Administrators group on all devices via an on-premises Group Policy from the Domain Controller (Restricted Groups / Local Admin configuration). This effectively gives all users local admin rights. I want to remove Domain Users from the local Administrators group on endpoints while not modifying the Domain Users group itself in Active Directory. What is the recommended / best-practice approach to handle this in a Hybrid + Intune setup? Specifically: What is the safest migration strategy to avoid device or admin lockouts? Any Hybrid-specific gotchas when transitioning from on-prem GPO to Intune? Looking for advice from those who’ve implemented this in production environments.
Microsoft Authenticator help
keep getting Microsoft Authenticator attempts on my Hotmail account every 15 mins or so from an overseas location that im not aware of. I have changed my password, however im still getting attempts. I deny the request every time, and when i look at security section under my account > view my sign-in activity. it doesn't appear here .
My microsoft account got hacked: Need actual support (Not copy and pasted ones)
My account got hacked, i dont know how but im sure 2fa is turned on and hackers still got in. I dont understand why there wasnt any emails about it going through my email that someone logged in in my microsoft account. I had things connected to that account such as school and some game like minecraft. Currently my java minecraft is non existence and is deleted from minecraft forever because i cant find it in namemc, but my xbox gamer tag is still alive so it also confirms that it indeed had an association with my account before. The hacker changed the email of my account that cause my email to be non-existence in the microsoft system. (This is very huge flaw of microsoft, i hope before we do any changes in the account, it is first confirmed in the email address if this email should really be added to that microsoft account) But i do have evidence that it was indeed associated with it before the hacker change the email and its even confirmed by microsoft website, i also got the full email of the hackers email that was used on my account. I tried everything from contacting support to the account recovery form. But nothing works, i tried cursing the fake email of the hacker that was currently occupying my account, but recieved no response. I am in dilema on what to do now, this account has been with me ever since my email was created. I just hoped that i get it back, i could provide evidences. But its been getting ignored apparently.
Shared OneDrive for Charity Management Team
We are a small charity running a Village Hall in the UK. A few of the trustees form a Business Team that run the hall day to day. All of these have Office 365 personal or family subscriptions to use word outlook etc on their own laptops. The charity itself has Office 365 Business Basic Grant subscription. This give us Exchange email, OneDrive, Teams and SharePoint plus a few other bits. We currently store all our charity documentation on a free 15Gb OneDrive dating back to SkyDrive when first adopted. Each member of the team has their own charity Microsoft account and email e.g. email address removed for privacy reasons or email address removed for privacy reasons etc, etc. I want to migrate this data onto an Office 365 Business OneDrive that is shared with this Business Team Here's the rub. As most users have a personal subscription and data saved on their own OneDrive keeping the two separate is problematic. Because Microsoft credentials are so tightly integrated between the OS and Office if they try and sign in to the existing OneDrive it takes them to their own private OneDrive. To work around this they have to use an Incognito browser session in order to log in. I am aware you can create a shared OneDrive for teams as described https://support.microsoft.com/en-gb/office/create-a-new-shared-library-from-onedrive-for-work-or-school-345c8599-05d8-4bf8-9355-2b5cfabe04d0 which should allow them to access this OneDrive by using their own credentials as above (email address removed for privacy reasons etc) but if they log in to this shared OneDrive once, and on the prompt that comes up at log in select "Stay logged in", can they keep visiting the site without logging in again and will they then have to use an incognito browser session to access their own personal OneDrive? Sorry this is so complicated but its been a nightmare trying to keep this working Many thanks John
Microsoft 365 Copilot Bought on Play Store not Received
I bought MS 365 Copilot from Play Store. When Google Play Store couldn't deducted my sub from my primary payment method (from Country A), they used my backup payment method (from Country B) - which wasn't a problem for me. The money was deducted and still appears on my play store subs. However, my MS Account does not show any MS 365 Copilot subscription, which effectively means that I can't use the service. What's frustrating is I'm now being tossed around the two companies. Play Store says I should contact MS Team (devs of MS 365 Copilot) while MS Team doesn't reply to my emails sent to the emails on their Play Store app page. I tried regional phone numbers and I'm referred back to MS Team. I'm now left with no money and without the service that I've paid for. Anyone who knows how I can resolve this. I tried Play Store refund and they said my purchase does not qualify for a refund citing their policy. Additional Context: My account is registered in Country A, together with my primary payment method. My backup payment method is from Country B). I signed up for the trial version intending to buy. So, it's me not anyone else who purchased on my behalf. The transaction appears on my Google Play account and I've no problem with that. The challenge is: My money is gone, I’ve no access to the service for which the money was deducted. What frustrates more is all emails from Google Play team were sent through no-reply emails. So, effectively, I can't contact them back to clarify the challenge I'm facing. On the other hand, Microsoft team is unreachable. I sent several emails and none was replied. Worse, one of the emails on their Play Sore page returns: email does not exist... Until now, the product isn't on my MS account but appears on my Google Play account. The reason I'd tried the refund route was to get the money back so I can purchase an alternative service or retry with my primary payment method. It wasn't because I thought someone had purchased by mistake. Here is my MS Account subscription site showing expired sub Here is my Play Store showing my active sub: Has anyone had a similar challenge. If so, how was it resolved.Introduction – Microsoft Certified Trainer and Solution Architect
Hello everyone, I’m Patrizio Tardiolo Bonifazi, a Microsoft Certified Trainer (MCT), Solution Architect, and Senior Engineer. I work extensively with Microsoft Azure, Microsoft 365, Microsoft Graph, Power Platform, Microsoft Teams Premium, Microsoft Entra ID, and DevOps practices, combining hands-on engineering with training delivery. I joined the Microsoft Tech Community to learn from others, share real-world experiences, and contribute with practical insights and best practices. Nice to meet you all!
