User Profile
JimmyWork
Iron Contributor
Joined 7 years ago
User Widgets
Recent Discussions
Automating User Tags
When we create a custom user tag we can select a group and have all the users in the group tagged. However if a user is removed or added to that group at a later stage the tag is not removed/added. Is there a way to automate this? Only thing I found is that this was before on the roadmap but seems to have been removed? https://m365admin.handsontek.net/microsoft-defender-for-office-365-tagging-support-for-groups/ https://learn.microsoft.com/en-us/defender-office-365/user-tags-about If you assign a group to a user tag, members of the group at the time of tag creation are assigned tag. Users later added to the group aren't automatically assigned the user tag.Customer voice secure data
Hi, This might be a strange question. But is there anyway to put a sensitivity or DLP policy/label on a specific customer voice project so the responses in this project are protected from sharing, viewing exporting. I know we can control access to the data but can we label it? The data is located in Dataverse for customer voice and I just want to see if anyone have done something like this or if it's possible?Sensitivity label not showing all items in purview
Hi I'm currently doing the following things. In Power Automate I send an email, i set the Sensitivity email to encrypt the email. This works perfect, i sent a couple of emails verified that they have the label and they are encrypted. Now if I go to Purview to check for all files with the label only 1 out 5 emails shows up under the label. I have triple verified that the labels are applied to the email. I then created a retention label, where i do a content query on Exchange mailboxes where i search for the sensitivity label using InformationProtectionLabelId:{labelguid} I run a Simulation, same thing here only 1 email found out of the 5 in my mailbox. Not sure why it's not picking this up. The retention label deletes the content after 24h but the items are not being picked up even if I clearly see they have the sensitivity label applied. I'm checking the emails and i can see tag applied using PowerShell even checking email message details I can see the label applied: MSIP_Label_25257012-567b-4c40-b48b-69d2ed233264 Not sure why emails are not being picked up except one, all are sent the same way. They all get encrypted.Safe Attachments Dynamic Delivery in Dynamics365
Hi, If you have dynamic delivery set on your policy in safe attachments and you email an attachment tracked to dynamics it will end up saying "Scanning of file in progress.eml" it never becomes the true file name and stays as a .eml file the user needs to download and then can open the original file. Language now in Swedish but attachment looks like this if dynamic delivery is set. Should look like this.Re: Custom regulations (Assessment templates)
I actually created a MS ticket and was told the feature was removed, you can no longer add your own templates. If you get any more info regarding this please let me know because I wonder why they would remove this feature, but again I was told that you can submitt regulatiosn to the team and they can add them if they decide to.Custom regulations (Assessment templates)
Hi Quick questions, if you have regulations that are not available in the selectable regulations, can you create a custom regulations for your organization? I have seen how you can download excel and modify and upload to add custom settings to already existing templates, but how can I create one from scratch? In this old video I can see something named Assessment Templates, however this button is not available in my tenant? https://www.youtube.com/watch?v=Am9lZoMv18I https://www.youtube.com/watch?v=48cjd0B5YKU Unique regulation requirements for our organization, basically i brand new custom template with manual controls.Re: Enforcing blank value in Settings Catalog, Local Security policies User Rights
The main problem is that event viewer will throw errors, even if you follow Microsoft Documentation on how to set blank values. I can set the values and make them stay, But I will recive errors in Event viewer or in Intune, I cannot achive both sides error free.Re: Enforcing blank value in Settings Catalog, Local Security policies User Rights
*UPDATE 2* The full XML file will only work until the device have been rebooted. Then the Event viewer will show the following errors. Intune will not display any error and the policy is applied correctly. Error in Event viewer. MDM PolicyManager: Merge string, Area: (UserRights), Policy: (LockMemory), EnrollmentID requesting merge: (CBFF7B6D-8C51-4498-BB37-338EFCB9892E), Result:(0x8000FFFF) Catastrophic failure. MDM PolicyManager: Merge of policy did not complete successfully, Policy: (LockMemory), Area: (UserRights), Result:(0x8000FFFF) Catastrophic failure. If anyone know how to set a blank value without generating errors please let me know, the Microsoft documentation does not work.Enforcing blank value in Settings Catalog, Local Security policies User Rights
When trying to enforce a blank value using settings catalog to set UserRights it will throw error in Event Viewer. Example: Settings Catalog - User Rights - Lock Memory. When trying to use any of the following values you will get an error back, in Event Viewer or in the Intune Policy report. Example values below. MDM PolicyManager: Merge of policy did not complete successfully, Policy: (LockMemory), Area: (UserRights), Result:(0x8000FFFF) Catastrophic failure. Value: </> (Fails in Event viewer and gives no change on the policy) Value: <Data></Data> (Fails in Event viewer and gives no change on the policy) Value: * (Fails in Event viewer and gives no change on the policy) Value: "" (Fails in Event viewer and gives no change on the policy) Value: <![CDATA[]]> (Works on Event viewer gives correct value on policy on the device, but Error on policy in Intune) OMA-URI Working but not Settings Catalog for same values. When using OMA-URI: ./Device/Vendor/MSFT/Policy/Config/UserRights/LockMemory Value: <![CDATA[]]> *UPDATE* Still testing values but <![CDATA[]]> works, but an error is displayed on the Intune policy, not in the Event logs. Using full XML file is currently the only way I can get this to work for both Event Logs and Intune policy, so no errors are displayed. This should not be the case. <SyncML xmlns="SYNCML:SYNCML1.2"> <SyncBody> <Replace> <CmdID>2</CmdID> <Item> <Meta> <Format>chr</Format> <Type>text/plain</Type> </Meta> <Target> <LocURI>./Device/Vendor/MSFT/Policy/Config/UserRights/LockMemory</LocURI> </Target> <![CDATA[]]> </Item> </Replace> <Final/> </SyncBody> </SyncML>Re: Users unable to change Wi-Fi settings on Dedicated Android Kiosk Devices
It's a permission issue, if you enable all notifications and status bar you will see a Android notification saying do you want to "Managed Home Screen suggested networks. Device may connect automatically. Allow , No thanks." I have informed MS about this a long time ago. Was asked to create a new ticket after some time to another Team. But worked around it by pushing the settings app and looking the settings menu down. In the Device Restriction Policy you need to set the following. System notifications and information Show system notifications and information in device's status bar The user will then get this Notification in the Status Bar, you need to pull from the top of the screen. Old reddit post where I posted my findings and the workaround. https://www.reddit.com/r/Intune/comments/10ehdp3/comment/j63j4qr/ Sriram10069 this is the solution. You also need to be aware that if you configure a network, and t´hat network is within range the user cannot switch, they need to be out of range of the configured network to allow this. But notifications etc needs to be turned on. This causes a bad KIOSK mode experience so i opt in for pushing the settings app and using samsung knox plugin to limit the menu.Re: Android Edge (Auto populate account sign-in)
Chuck1234 I have not included all settings like what apps are installed in the KIOSK screen etc. Azure AD Shared Device - Multi App KIOSK Device Configuration - Assigned to devices. App Configuration policy - Managed Home Screen Apps installed OneDrive Teams Edge --------------------- I do have a managed app config, but this only sets Edge startpage etc and does not need to be applied for this to work.Re: Android Edge (Auto populate account sign-in)
Right now I'm pushing an app config, but before during test I did not and it was still working. I'm using Managed Home Screen, Sessions. I'm using production Edge now thats 111.x it's working, also tested Dev and thats also working now. Later today I can collect all my configs and post them. But again this is working without app config
