User Profile
Dphyme76
Copper Contributor
Joined 9 years ago
User Widgets
Recent Discussions
Block content uploads between work and personal accounts in Teams desktop app
Since there is no mechanism to keep users from logging into their consumer instance of Teams or another work tenant I wanted to see if there was a way possibly using Intune App Protection policies to block uploading enterprise data when users switch accounts in the Teams desktop app. Win10 devices are enrolled and compliant at this point and the functionality is there to separate out work and personal on mobile devices such as iOS and Android, but I am having trouble finding if this is possible for Win10 endpoints. I realize there is the option to block authenticating to only our tenant by injecting headers with our tenant ID, but that's taking a giant hammer to the issue and we're afraid it may cause more issues than it's worth. So this option would be a last resort. Thanks1.1KViews0likes0CommentsEnabling Azure MFA causes user account to lockout in AD
Currently we are in a hybrid environment where we utilize ADConnect to sync passwords up to our Azure AD tenant. All user mailboxes are on Office 365 with an Exchange 2010 SP3 environment on prem. We also have Skype for Business on prem as well. Please don't ask why we are setup this way. Management and their infinite wisdom. The users we are testing with have Office 2016 and I've enabled modern authentication for Exchange Online and verified they are connecting that way. Well anytime I enable a user for MFA after about an hour or so they start getting prompted in Outlook and Skype for their credentials. Entering them do not work nor does the app password. What it turns out to be is their accounts are locked out in our on prem AD. We've tried clearing out all credentials and that works sometimes. My question is has anyone run into a scenario such as this where the users account locks out a while after MFA is enabled? If so did you find a resolution? We can't move forward with this until this won't happen everytime we enable someone. Thanks in advanced.11KViews0likes9CommentsSkip multi-factor authentication IP whitelist
Hello, We are currently testing out Azure MFA, but want to skip requests when the users is on our corporate network. I have the "Skip multi-factor authentication for requests from following range of IP address subnets", but notice it has a limit of 50 subnets. Well we have more than 50 subnets at multiple locations. We do not have ADFS in our environment and use password sync via ADConnect. I also have modern authentication enabled for Exchange Online. I've been searching, but could not really find a definitive answer on how we could go about skipping MFA requests when users are on our corporate network. Any help or guidance would be appreciated.143KViews0likes14Comments