User Profile
Greg_C_Gilbert
Iron Contributor
Joined 7 years ago
User Widgets
Recent Discussions
Re: Office Hours - WUFB Security
My InfoSec team loves us for implementing WUfB. We moved from Ivanti to MEM with WUfB. We patch more quickly, more thoroughly, and with significantly less effort now. If they continue to push back, ask if they have any evidence of the 1+Billion PCs that use Windows Update being compromised by a hacked update ever. I've never heard of anything like that happening.1.1KViews0likes1CommentRe: Office Hours - Autopilot User Assignment Changes
Jason_Sandysjust to confirm, I should just have to delete the device record from Intune, not from AAD. I don't see anything in the documentation about doing AAD cleanup. I'll have to test again as my user apps didn't install when I tested this yesterday.936Views0likes1CommentOffice Hours - Autopilot User Assignment Changes
Microsoft has documented that with the recent change to user assignment for Autopilot, the user's UPN won't pre-populate when it's time for them to logon during setup. Can someone please clarify what other impacts this is expected to have. Example 1: When kicking off pre-provisioning I'm not seeing the user's email address populated on the pre-provisioning screen either. Is that expected? Example 2: It was my understanding that prior to the change if we assigned an autopilot device to a user and went through pre-provisioning, the software that was assigned as required for that user would be installed in addition to the device required software during pre-provisioning. That would significantly cut down on the user portion of the Autopilot process. Is this the way it worked prior to the change and was it intentional that this doesn't seem to work now? I've just been setting this up for the first time this last month and hadn't tested to confirm this behavior prior to the change.962Views0likes3CommentsSharePoint Protect files on download loophole?
I've created a CAS policy to "Control file download (with DLP)" on for Guest users. I have the policy set to apply a protective Sensitivity Label and to "Block download of any file that is unsupported..." This works fine when trying to download individual files from SharePoint. However if I select multiple files, SharePoint zips them all up and downloads the zip file with no protection on the zip or the files within the zip. Is this a bug, or am I missing something? For now I've created another policy that blocks all zip files from SharePoint as a workaround.Re: Is it possible for CAS to remove AIP labels on upload to SharePoint?
Thanks,Philip Büchler,I'm testing removing the classification label as you suggested with a File Policy, but that seems to take a very long time since I assume it only triggers once the file is scanned at some point in the future after it has been uploaded. My download policy that applies the label is a Session Policy which does it on demand. I was hoping there was a way to use those same File Policy Governance actions in a Session Policy so it would trigger immediately. Any other thoughts on how this might be done closer to real-time?1.1KViews0likes0CommentsIs it possible for CAS to remove AIP labels on upload to SharePoint?
I'm thinking I can probably do this by triggering a Flow on upload to SharePoint, but wanted to see if anyone else has done it. Assuming I'm not missing some other functionality, I've posted the following to UserVoice and would welcome upvotes. https://microsoftsecurity.uservoice.com/forums/905161-cloud-app-security/suggestions/38875237-ability-for-cas-to-remove-aip-labels-on-upload-to Ability for CAS to remove AIP labels on upload to SharePoint Office files offline, we have implemented a CAS policy to apply a Sensitivity Label on download so the Guest only has Reviewer access. We'd like the Guest to be able to edit the file then upload it back to the site. When the file gets uploaded, we'd like to remove the label so the protections don't prevent online collaborative editing and autosave.Re: What is the current and future state of UE-V (User Experience Virtualization)?
Micah HibdonI asked this question today and found out that UE-V has not been deprecated and is still a fully supported product. However, the product team that owns it don't seem to be doing any active development and there doesn't seem to be a current roadmap for any enhancements. I also asked if there was a roadmap for moving UE-V functionality to ESR and there doesn't appear to be. It seems ESR doesn't currently have any active work either.12KViews0likes0CommentsAre there more details on Search roadmap after removing Preview Users capability 3/15?
With the announcement in the Office 365 Message Center that the "Preview Users" capability will be retired on March 15th, 2019, it states "Microsoft Search in Bing is working towards a broader rollout of its capabilities". Are there any more details about what specific capabilities will be rolled out, or what additional integrations will be enabled? Does this mean that Search will be enabled for all tenants who don't set conditional access rules to prevent access? Is there a way to turn off "Microsoft Search in Bing" other than via Conditional Access if we were testing with "Preview Users" if our security department isn't ready for everyone to have access?1KViews0likes2Comments
Groups
Recent Blog Articles
Re: Promotional offer: Enable every employee in your organization with SharePoint agents
The promotion will go into effect January 6, 2025, and remain active until June 30, 2025. At the beginning of December 2024, admins can disable trial access at any point during the promotional perio...0likes0CommentsRe: Announcing more seamless collaboration in Microsoft Teams for multi-tenant organizations
It seems the issue with users still showing up multiple times is due to a limitation in Teams when a user was converted in Entra from Guest to Member. That conversion doesn't seem to also happen in T...0likes0Comments