User Profile
JimmyWork
Iron Contributor
Joined 6 years ago
User Widgets
Recent Discussions
Automating User Tags
When we create a custom user tag we can select a group and have all the users in the group tagged. However if a user is removed or added to that group at a later stage the tag is not removed/added. Is there a way to automate this? Only thing I found is that this was before on the roadmap but seems to have been removed? https://m365admin.handsontek.net/microsoft-defender-for-office-365-tagging-support-for-groups/ https://learn.microsoft.com/en-us/defender-office-365/user-tags-about If you assign a group to a user tag, members of the group at the time of tag creation are assigned tag. Users later added to the group aren't automatically assigned the user tag.Customer voice secure data
Hi, This might be a strange question. But is there anyway to put a sensitivity or DLP policy/label on a specific customer voice project so the responses in this project are protected from sharing, viewing exporting. I know we can control access to the data but can we label it? The data is located in Dataverse for customer voice and I just want to see if anyone have done something like this or if it's possible?Sensitivity label not showing all items in purview
Hi I'm currently doing the following things. In Power Automate I send an email, i set the Sensitivity email to encrypt the email. This works perfect, i sent a couple of emails verified that they have the label and they are encrypted. Now if I go to Purview to check for all files with the label only 1 out 5 emails shows up under the label. I have triple verified that the labels are applied to the email. I then created a retention label, where i do a content query on Exchange mailboxes where i search for the sensitivity label usingInformationProtectionLabelId:{labelguid} I run a Simulation, same thing here only 1 email found out of the 5 in my mailbox. Not sure why it's not picking this up. The retention label deletes the content after 24h but the items are not being picked up even if I clearly see they have the sensitivity label applied. I'm checking the emails and i can see tag applied using PowerShell even checking email message details I can see the label applied: MSIP_Label_25257012-567b-4c40-b48b-69d2ed233264 Not sure why emails are not being picked up except one, all are sent the same way. They all get encrypted.Safe Attachments Dynamic Delivery in Dynamics365
Hi, If you have dynamic delivery set on your policy in safe attachments and you email an attachment tracked to dynamics it will end up saying "Scanning of file in progress.eml" it never becomes the true file name and stays as a .eml file the user needs to download and then can open the original file. Language now in Swedish but attachment looks like this if dynamic delivery is set. Should look like this.Custom regulations (Assessment templates)
Hi Quick questions, if you have regulations that are not available in the selectable regulations, can you create a custom regulations for your organization? I have seen how you can download excel and modify and upload to add custom settings to already existing templates, but how can I create one from scratch? In this old video I can see something named Assessment Templates, however this button is not available in my tenant? https://www.youtube.com/watch?v=Am9lZoMv18I https://www.youtube.com/watch?v=48cjd0B5YKU Unique regulation requirements for our organization, basically i brand new custom template with manual controls.Enforcing blank value in Settings Catalog, Local Security policies User Rights
When trying to enforce a blank value using settings catalog to set UserRights it will throw error in Event Viewer. Example: Settings Catalog - User Rights - Lock Memory. When trying to use any of the following values you will get an error back, in Event Viewer or in the Intune Policy report. Example values below. MDM PolicyManager: Merge of policy did not complete successfully, Policy: (LockMemory), Area: (UserRights), Result:(0x8000FFFF) Catastrophic failure. Value: </> (Fails in Event viewer and gives no change on the policy) Value: <Data></Data> (Fails in Event viewer and gives no change on the policy) Value: * (Fails in Event viewer and gives no change on the policy) Value: "" (Fails in Event viewer and gives no change on the policy) Value: <![CDATA[]]> (Works on Event viewer gives correct value on policy on the device, but Error on policy in Intune) OMA-URI Working but not Settings Catalog for same values. When using OMA-URI:./Device/Vendor/MSFT/Policy/Config/UserRights/LockMemory Value:<![CDATA[]]> *UPDATE* Still testing values but<![CDATA[]]> works, but an error is displayed on the Intune policy, not in the Event logs. Using full XML file is currently the only way I can get this to work for both Event Logs and Intune policy, so no errors are displayed. This should not be the case. <SyncML xmlns="SYNCML:SYNCML1.2"> <SyncBody> <Replace> <CmdID>2</CmdID> <Item> <Meta> <Format>chr</Format> <Type>text/plain</Type> </Meta> <Target> <LocURI>./Device/Vendor/MSFT/Policy/Config/UserRights/LockMemory</LocURI> </Target> <![CDATA[]]> </Item> </Replace> <Final/> </SyncBody> </SyncML>Allow Cortana settings shows as conflict, even if no other policy says conflict.
Today something weird happened. The settings Allow Cortana shows as Conflict. No other policy says conflict, so it's not conflicting with anything. If I exclude a device from everything except the Allow Cortana settings, it will still show up as Conflict. All I have as a policy based on settings catalog. Anyone else experiencing this? I have not other policy and no other policy says conflict.Tamper Protection Not turing on on newly deployed devices
I have no issue with device deployed before. Now new devices with Windows 11 22H2 Build 22621.525 are having this issue. Tamper Protection is enabled in Defender 365 Portal for all Endpoints. Intune configuration policy: Windows Security Experience. TamperProtection (Device) On Fails with error type 2 Error code 65000. Checking Event logs. MDM ConfigurationManager: Command failure status. Configuration Source ID: (C127515F-5427-49C7-B6AE-4275FB1AE464), Enrollment Name: (MDMDeviceWithAAD), Provider Name: (Defender), Command Type: (Add: from Replace or Add), CSP URI: (./Vendor/MSFT/Defender/Configuration/TamperProtection), Result: (The system cannot find the file specified.). I only have this issue on newly deployed devicesAndroid Edge (Auto populate account sign-in)
Android - Azure AD Multi App Kiosk Device Sorry for the bad image quality (policy not allowing screenshots) Trying to configure so Edge auto-populates the account with the current logged in user. I have tried multiple ways but not able to get this to work. Teams will auto sign-in with out any issues. Add app configuration policies for managed Android Enterprise devices - Microsoft Intune | Microsoft Learn None of the values will work using JSON or Configuration designer. First thing is if you use Configuration designer then the option Allow only Intune Accounts will fail with error no matter what you do. This is the same for the rest. Using the variable{{userprincipalname}} for this settings will not work. Sample JSON of values tested. All will fail. { "kind": "androidenterprise#managedConfiguration", "productId": "app:com.microsoft.emmx", "managedProperty": [ { "key": "com.microsoft.intune.mam.managedbrowser.PasswordSSO", "valueBool": true }, { "key": "com.microsoft.intune.mam.managedbrowser.enableKioskMode", "valueBool": true }, { "key": "com.microsoft.intune.mam.managedbrowser.account.syncDisabled", "valueBool": true } ] } Policy checked on the device in edge, results in Error - Unknown Policy
