User Profile
bpoindexter
Copper Contributor
Joined 5 years ago
User Widgets
Recent Discussions
OneDrive for Business requiring occasional logon after migrating to using Conditional Access policie
We use OneDrive for Business very extensively. A couple of months ago, we implemented some new security policies using Conditional Access policies; the big change here was that all logins must originate from either an Azure Hybrid Joined workstation or from a compliant device enrolled in Office 365 MDM. This all worked fine. Since implementing that, however, OneDrive occasionally will require you to sign in again in Windows. This was never an issue before. The symptoms are files saved to OneDrive in the cloud directly never sync back to our workstations. This happens when an end user saves a document from Word or Excel and chooses OneDrive as the location. It saves to cloud, but never syncs back locally. The OneDrive icon in the system tray will be perpetually showing the "Syncronizing" symbol (blue cloud with the arrows in a circle). It looks mostly normal but when you click on the OneDrive icon, it will tell you it needs to sign in. If you click Sign In it does not ask for your password; apparently seamless single sign on can supply that, but it does require answering an MFA prompt. This doesn't seem to happen with Teams or Outlook. Also I'd think that seamless single sign on (which we have enabled) ought to take care of this. My end users don't really understand how OneDrive works since it's all mostly automatic so it never, ever occurs to them to check on its status until something weird starts happening like they are missing files. I need to get OneDrive back to normal where it can stay logged in like Outlook and Teams does. Since this seemed to become a problem once conditional access policies were implemented, I'll detail that setup a little bit. We have a blanket policy that requires MFA for all logins. The policy targets "All cloud apps" in Target Resources. The Access Controls section, under Grant simply requires MFA. In Access Controls -> Session section, we have selected Persistent Browser Session -> Always Persistent. We are not using Sign In Frequency in the CA policies. What other settings should I be looking at?242Views0likes0CommentsHow to control Teams Peer-to-Peer calls
One of my end users reported poor video and audio quality during a call today. Upon investigation and trying a video call with this end user, I observed that audio and video media was being sent peer to peer directly between this end user and my own workstation. Ordinarily this would be fine, however, we are in different physical locations which are linked together by site to site VPN. VPN is not the best medium for real time video traffic. I like the idea of having peer to peer connections for end users who are in the same physical network but I would like for Teams media to NOT cross a site to site VPN link. What is the best way to accomplish this?4.2KViews0likes2Comments