User Profile
0fflinedocs
Brass Contributor
Joined 7 years ago
User Widgets
Recent Discussions
Re: Patching machine on premises using Intune
Intune manages and patches regular Windows clients, not servers. As "springtoaster" mentioned, WSUS is the traditional alternative on-premises. The way forward for patch management of servers connected to Azure (using Azure Arc) is this methodology: https://learn.microsoft.com/en-us/azure/update-center/overview?tabs=azure-vms It would require Azure Arc onboarding of the On-premises servers.Re: recover ms authenticator without any backup on ios after factory reset
Is it work or school accounts, or private accounts, or maybe both? I'm afraid you need to start over, meaning reconfiguring your accounts in the MS Authenticator on your new device. Due to security reasons the iCloud backup only includes the account information anyway and not the Multi-factor authentication configuration (per account/tenant). So even if the backup had been successful, you still would've needed to configure your MFA again.Re: ASR (Attach Surface Reduction) Policies showing Error
Greetings! Have you double checked that these clients are fulfilling the requirements? https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/enable-attack-surface-reduction?view=o365-worldwide#requirements Specifically I would double check these first: - Microsoft Defender Antivirus as primary AV (real-time protection on) - Cloud-Delivery Protection on (some rules require that) - Windows Enterprise E5 or E3 License I assume it's working for some devices, but for others not? Are there any particular differences between these device types (in terms of licensing/configuration)?Re: Passwordless app notification not pushing into iOS notifications (app must be opened manually)
Use "Revoke multifactor authentication sessions" and "require re-register multi factor authentication" in Azure AD, on a particular users account (authentication methods). I have a post on the onboarding of Passwordless (but this is based on Temporary Access Pass) it might help you here: https://simonhakansson.com/passwordless-authenticator-configuration-ddb0fa70d32fRe: Local network connections to printing devices not working after Microsoft Defender Onboarding
Does not necessarily need to be onboarding into Defender for Endpoint (if that's the product you are mentioning here) that's causing this issue. Have you done any specific configurations in the product? Or could it be so that what you are describing is related to something else entirely, for example some other hardening or security related settings from the management tool you use to manage the devices?Re: How can protect/prevent Cloud PCs from being attacker/hacked
Check the new updated Security Guidelines here: https://docs.microsoft.com/en-us/windows-365/enterprise/security MFA and Compliance enforcement through Conditional Access and you can also configure security related settings in MEM which would increase the security even more. One starting point for the MDM-related security settings is the Windows 365 Security Baseline: https://docs.microsoft.com/en-us/windows-365/enterprise/deploy-security-baselinesDefender for Endpoint - Data Storage Location integrity question (GDPR/EU)
Hi, I have a question specific to Defender for Endpoint and its data storage within EU and the information provided on Microsoft Docs. The english text states customer data in psuedonymized form may also be stored and processed in US. Data storage location Defender for Endpoint operates in the Microsoft Azure datacenters in the European Union, the United Kingdom, or in the United States. Customer data collected by the service may be stored in: (a) the geo-location of the tenant as identified during provisioning or, (b) if Defender for Endpoint uses another Microsoft online service to process such data, the geolocation as defined by the data storage rules of that other online service. Customer data in pseudonymized form may also be stored in the central storage and processing systems in the United States. Once configured, you cannot change the location where your data is stored. This provides a convenient way to minimize compliance risk by actively selecting the geographic locations where your data will reside. <https://docs.microsoft.com/en-us/microsoft-365/security/defender-endpoint/data-storage-privacy?view=o365-worldwide> OK, I get that. What I don't get is that on the corresponding Docs site in Swedish, the machine-translation instead presents the word "anonymiserad" which in English is "anonymized" which is a completely different thing. Is this a bug? What is actually correct here and where can I find information about this? The following is in swedish, link/Source at the bottom: Datalagringsplats Defender för Endpoint fungerar Microsoft Azure datacenter i EU, Storbritannien eller USA.Kunddata som samlas in av tjänsten kan lagras i: (a) klientorganisationens geoplats som identifieras under etableringen eller(b) om Defender för Endpoint använder en annan Microsoft-onlinetjänst för att bearbeta sådana data, den geolokalisering som definieras av datalagringsreglerna för den andra onlinetjänsten. Kunddata i anonymiserad form kan också lagras i de centrala lagrings- och bearbetningssystemen i USA. När den har konfigurerats kan du inte ändra platsen där dina data lagras.Det här är ett bekvämt sätt att minimera efterlevnadsrisken genom att aktivt välja de geografiska platser där dina data ska lagras. <https://docs.microsoft.com/sv-se/microsoft-365/security/defender-endpoint/data-storage-privacy?view=o365-worldwide>Turn off Windows 10 Locate Device in Intune
Hi, The new function in Intune for finding lost devices is great in some use cases. However, at other use cases I want to be able to: - Turn this feature off IN Intune. - Restrict the usage of the feature by scope tags or by RBAC Is it possible to do, today? If not, is it on the roadmap? Find lost devices with Microsoft Intune - Azure | Microsoft DocsRe: ASR Rules block launching Teams meetings from Outlook
Tom13984 No problems. I haven't encountered this issue. I tested the rule and opened a Teams-meeting in Outlook on a Windows 2004 + with E5. Maybe it's related to your office-patch level somehow? Do you run O365 C2R SAC? If I were you I would open a case to Microsoft, this can't be expected behaviour. Anyway, when you have E5 you can exclude stuff here:https://security.microsoft.com/asr?viewid=exclusions https://docs.microsoft.com/en-us/windows/security/threat-protection/microsoft-defender-atp/customize-attack-surface-reductionRe: ASR Rules block launching Teams meetings from Outlook
Tom13984 Which Windows 10-version have you seen this one on? Multiple different versions? Your PC's have W10 E3 as license? Feels odd, I have this ASR-rule in block on multiple computers where this problem have not surfaced. In 124 examples only excel, powerpoint and word has been affected in an example environment and these users/computers have accessed teams-meetings from outlook.Prohibit standard users from adding exclusions to Windows Defender (Windows Security)
Hello there, How can I prohibit standard users from adding exclusions in Windows Defender? I would like to only control the Defender-exclusions from a central point and the standard users should not be able to add exclusions themselves. I've searched through GPO's and settings in Intune but can't seem to find the correct setting. Does anyone know if this is possible? If it is, where is the setting then? Windows 10 Enterprise, 1903 and 2004. Devices are Hybrid Azure AD Joined
