User Profile
ChrisP1975
Brass Contributor
Joined 5 years ago
User Widgets
Recent Discussions
Self Service Password Reset with Password Writeback
I am looking into exploring the option for Self Service Password Resets on Office 365, and since this is a hybrid I am going to enable password writeback. Everything works great but I have a question regarding the password writeback. What I have found is that once Password Writeback is enabled you don't necessarily need to be in the group to allow for SSPR. Therefore if you are able to logon to the account successfully, you can reset the password without answering any security questions, MFA, etc. I know you can restrict who can use SSPR, but is there a way to restrict who can reset their password via the portal? A few additional notes: Most (but not all) accounts are using an E3 license. Some only have a basic e-mail only license, or no license at all. MFA will be enabled but there are accounts where this won't work being a shared account. Those are the accounts I am concerned where someone can logon reset the password and have access to the local domain. Any thoughts or feedback would be appreciated.Re: Upgrading Win10 1803 to 22H2
Thanks for the feedback.The update was added last week. This is a brand new clean install of Windows 10 1803 that I did for testing on a VM. One thing to note is that I did set TargetReleaseVersionInfo to 1803 to ensure that it didn't upgrade before I switched to Intune. That was just removed Monday so at this point its only been a few days. It is co-managed and Windows Update for Business has Intune as the Workload. As for the Report it shows Offering, but a few things stand out but both of these could be related to running an outdated version of Windows 10 since you need 1903 or later for the Compliance Reports. Last Event Time - 11/18/2022, 11:32:33 AM Last Scan Time - Not scanned yet Johnny_Hauan34KViews0likes8CommentsUpgrading Win10 1803 to 22H2
I am trying to use Intune to upgrade my device from Win 10 1803 to 22H2. Perhaps the issue is there is no direct upgrade path, but I am not finding any info online to confirm this. Are there any settings that I can check to ensure this update goes through, or any logs on the local computer that I can see if there any errors? Any info would be appreciated. Here is my current setup: Device Current OS Version: Windows 10 1803 (OS Build 17134.2208) Policies Applied to Device are all showing through Mobile Device Management except for Do not Allow update deferral policies to cause scans against Windows Update which is via GPO. Feature Update to Deploy - Windows 10, version 22H2 Update Ring Settings Quality update deferral period (days) - 0 Feature update deferral period (days) - 0 Servicing channel - General Availability channel Feature Update Report shows Update State - Offering Update Substate - Offer Ready Update Aggregated State - In Progress Last Scan Time - Not Scanned YetSolved36KViews0likes10CommentsAzure Site-to-Site VPN Connection
Currently I have a Generation1 Basic SKU virtual network gateway setup for my site-to-site VPN. The on-prem side is currently running DH Group 2 and is asking about upgrading to DH Group 14. From what I can tell (please correct me if I am wrong) using the Gen1 Basic SKU will not support DH Group 14 so it will require an upgrade. I also found the only way to upgrade is to remove the entire network settings from Azure then re-build it from scratch. I have a few questions about this: Is there a way to run both networks simultaneously? I know there will be an IP overlap that could cause issues, but I am wondering if perhaps you can set it all up then change the network settings afterwards. Is there a way (other then manually) to document all the existing settings just in case it does need to be removed and re-built. Any guidance on getting this setup would be appreciated.1.1KViews0likes0CommentsRe: Universal Print Post Deployment
Saurabh_Bansal Thank you for this info. A few follow-up questions: 1. Is there a specific way that the user should manually add the printer? Right now you would connect to the print server \\printserver locate the printer and connect. I know that would still work, but is there a different method you would use for Universal Printing? 2. You are correct I did deploy the CSV and it did not have all the printers. I did create a new intunewin application package and deployed that. Sound like I will need to delete the old app and create a new one. 3. Yes I am checking for the printers.csv file, however its not looking for a newer version. It just says that it exists (which is true) but it sounds like I may need to check the date.2.5KViews0likes1CommentUniversal Print Post Deployment
I am just starting to test out Universal Printing as I am looking to move from GPO to Intune in my Hybrid environment. I was able to successfully deploy a printer, however I do have a few questions now that the initial deployment is completed. During the initial setup I have three printers deployed, and based on group membership I received one of them when I logged into my Win 10 computer. Now that the initial deployment was completed I went back and updated the permissions for one of those printers already setup with the expectation that it would also be installed. It's been almost 24 hours and it's still not displayed. In addition to updating the permissions for a printer already installed, I also added a fourth printer, granted permissions to that printer for my group and went through the deployment. This printer is also not showing up, and when I check my printers.csv on the Win 10 computer, the file isn't updated. What is the best way to handle both of these above scenarios? Any advise would be appreciated.Solved2.6KViews0likes3CommentsOffice 365 Admin Role Needed for MFA
I would like to assign members of the help desk access to manage MFA for non-admin users. I already assigned the Authentication admin role and this partially works. Right now the help desk can go into AAD, switch to Authentication methods and do everything that is needed there. However, as a Global Admin from the Microsoft 365 admin center I can see Users > Active Users > Multi-Factor Authentication and I can manage Manage multifactor authentication from the User itself. These options are not available for the help desk. Is there another role that I can use to grant access to the legacy MFA management portal?Solved103KViews4likes22CommentsRe: Self Service Password Reset with Password Writeback
Thanks for the info everyone. Sounds like the best workaround is to just enable MFA for everyone. Although I am wondering if you can use Active Directory delegation to restrict the password writeback, but my concern would be that it could cause other issues.1.8KViews0likes0Comments
Recent Blog Articles
No content to show