User Profile
Tom-irp
Brass Contributor
Joined 3 years ago
User Widgets
Recent Discussions
Re: Entra ID only accounts with Entra Domain Services, and RDS - what CAL?
SPatkar_Blogs Thank you. We really needed the terminal server feature for the application as it is a legacy app that was originally released years ago to be run in terminal server mode. We changed our approach and made a domain with a primary/secondary domain controller, and then a server running RDS. Ultimately though, we bailed on it and let the existing vendor host it. Thx for the reply.463Views1like0CommentsEntra ID only accounts with Entra Domain Services, and RDS - what CAL?
I need a Server 2022 computer set up with RDS - a small system, can do all on one computer methinks. There is no Active Directory, only Entra ID (Azure AD). I deployed the Enterprise sku of Entra Domain Services and have a Windows 2022 server joined to AADDS.Contoso.com. (assume contoso is our domain). Details suggest fromhttps://www.beckmann.ch/blog/2024/02/01/azure-virtual-desktop-windows-server-2022-and-microsoft-entra-id-only/?lang=enthat RDS user CAL not supported by RDS due to no two way trust. But, this pagehttps://learn.microsoft.com/en-us/windows-server/remote/remote-desktop-services/clients/remote-desktop-web-client-adminsays the web client needs user cal only Are there any good write-ups on RDS with an Entra ID env? Do I instead need to create a vpn with access to the server?Re: Issues with setting up AiTM phish prevention using conditional access
This is a good read https://jeffreyappel.nl/aitm-mfa-phishing-attacks-in-combination-with-new-microsoft-protections-2023-edt/ Intune Compliance may be a way to go. Keep in mind that you can have different compliance policies and you determine what is compliant. Best to have the min than none. For example, you might want one for Windows AD Joined but if you have AD registered that are not hybrid joined, you may copy the joined policy and remove the score piece, that way you can get compliant faster. (AD registered will fail scoring-) You also don't want end users or hackers enrolling devices either, so block that. For compliance, set "non compliant immediately." Same thing for phones, only Intune enrolled devices. (F3 licensing for mobile only users, under 10.9 inch screen, or Business Premium for office people will get you there) Also, you may consider reading https://argonsys.com/microsoft-cloud/library/cloud-app-security-block-tor-browser-anonymous-ip/. This really is not as intuitive as it seems. To implement this I created a VM and used a user with other conditional access rules removed and signed in via Brave Browser's Tor mode to provoke the app to appear in Cloud Defender. This took me a few hours to get working. Let whomever monitors your stuff know alerts will come in during this process.2.3KViews0likes0Commentsemail address removed for privacy reasons email from website contact blocked by Standard Preset Security Policy1653658192934
Hello, We have a case where our standard rules for mail are blocking requests from our website. Our website's contact form emails email address removed for privacy reasons(replace with our domain). I am finding these mails quarantined in security.microsoft.com/quarantine.The email address removed for privacy reasons is a DL (not mailbox, not m365 group) that allows external senders. The quarantine entry shows blocked byStandard Preset Security Policy1653658192934. What is the best approach to allow these without increasing risk for all users.Forcing enrollment with M365 ID for supervised iPhone
Hello, I believe we have Intune set up correctly with ABM. We have the tokens, VPP, etc. While all this was happening, a user in a remote office got an iPad and must have used his personal apple id instead of the M365 one. The device appears in Intune but not AAD. It won't show the phone # or the enrolled by. How can we "force" new iPhones to require the M365 ID when enrolling. Since users will be using this phone for reasonable personal use, we want them to be able to add another apple id to buy personal stuff, as the work account only provides what is in the company store. Initial enrollment is the concern thx896Views0likes2CommentsDoes the Applicant actively monitor all administrator access for unusual behavior patterns?
One item that comes up in cyber insurance questionnaires, or oddly, even inside a company where the Cyber team works as a separate gatekeeper and apart of product is, "Does the Applicant actively monitor all administrator access for unusual behavior patterns?" What exactly is unusual behavior patterns? It is subjective and many may come up with different use cases and opinions. At what point does the number of alerts become overwhelming? I have enabled "Entity Behavior" in Sentinel, and have taken a subset of the 99 queries that come as part of the Active Directory Data Connector and applied ones appropriate for our organization. Can anyone recommend other queries (or repositories) that I can turn into alerts to demonstrate 'best effort' in complying with this subjective requirement? As a side note, I tried opening the link to the Sentinel blog from inside Sentinel but I don't have permissions. https://techcommunity.microsoft.com/t5/azure-sentinel/bg-p/AzureSentinelBlog1.2KViews0likes0CommentsBlock vulnerable applications beta and EUS:Win32/TvmWarn reported in Chrome
Hello, Passing this along for anyone whom it my assist. Due to all the recent Google Chrome vulnerabilities, I signed up for a trial of M365 Defender Vulnerability Management with the option to block vulnerable apps. I decided to block Chrome until users updated their instance. I pushed the latest one via MEM/Intune. Then, later I see all my users have malware -EUS:Win32/TvmWarn reported in Chrome. I uploaded the file to virustotal and nothing was detected. I submitted tohttps://www.microsoft.com/en-us/wdsi/filesubmission/ and the team reported back that no problem was detected. Tonight I scanned my computer again and it was listed as vulnerable. I then removed the "block vulnerable applications" feature from security.microsoft.com, scanned again and my system was clean. The version of Google Chrome and the version of the Defender updates did not change between the two scans. 2022-09-09T23:55:41.314Z DETECTION EUS:Win32/TvmWarn startup:C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2022-09-10T02:08:30.888Z Version: Product 4.18.2207.7 Service 4.18.2207.7 Engine 1.1.19600.3 AS 1.375.118.0 AV 1.375.118.0 2022-09-10T02:09:18.154Z DETECTION EUS:Win32/TvmWarn file:C:\Program Files\Google\Chrome\Application\chrome.exe 2022-09-10T02:09:18.154Z DETECTION EUS:Win32/TvmWarn file:C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2022-09-10T02:09:18.154Z DETECTION EUS:Win32/TvmWarn file:C:\Users\Public\Desktop\Google Chrome.lnk 2022-09-10T02:09:18.154Z DETECTION EUS:Win32/TvmWarn file:C:\Windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Intehaving multiple postmaster domains
Hello, We recently acquired some companies and merged their domains.email/accounts into a single M365 tenant. One acquisition was suppossed to be private. What happened though is a customer emailed the private comapany and a reply from postmaster at otherdomain replied. Now the customer is asking what is up. Is there a way to change the default postmaster per domain, or no? I see this Configure the external postmaster address in Exchange Online | Microsoft Docs but that seems to be only one address. thx1.2KViews0likes1CommentRe: AIP - running Execute-AzureAdLabelSync appeared to do nothing
I may have it. I had to go here https://docs.microsoft.com/en-us/azure/active-directory/enterprise-users/groups-assign-sensitivity-labels and then here https://docs.microsoft.com/en-us/azure/active-directory/enterprise-users/groups-settings-cmdlets4.8KViews2likes1CommentAIP - running Execute-AzureAdLabelSync appeared to do nothing
Hello I have Azure P1 licensing and M365 Business Premium. I would like to use Purview/AIP for Teams/Sharepoint. The "groups and sites" checkbox is not enabled when creating a new sensitivity label. I followed the steps, connecting with Powershell 7, WinRM as basic, connected to exchange poweshell, etc. I ran "Execute-AzureAdLabelSync" several times. It did not error and returned to the prompt with no feedback. It took maybe 4/10th or a second to run, so long enough to have done something, but no error and no confirmation of success. I am usually good at getting powershell errors, so I know one when I see it. I am running these commands as global admin. This page implies I have the correct licensehttps://docs.microsoft.com/en-us/office365/servicedescriptions/microsoft-365-service-descriptions/microsoft-365-tenantlevel-services-licensing-guidance/microsoft-365-security-compliance-licensing-guidance#information-governance. Any ideas as to what I am doing wrong? thxDoes Defender for Office P2 allow primary account protection for M365 business premium?
Does Defender for Office P2 allow primary account protection for M365 business premium? I have business premium and have the trial for P2. I see Add priority accounts from theSetup page. Go to the Microsoft 365 admin center athttps://admin.microsoft.com. Go toSetup>Organizational knowledge, and chooseViewunderMonitor your most important accounts. but the page shows ThePriority account protectionfeature that's described in this topic is available only to organizations that meet the following requirements: Microsoft Defender for Office 365 Plan 2, including those with Office 365 E3, Office 365 E5, Microsoft 365 E5, or Microsoft 365 E5 Security.979Views0likes1Comment