|
I've got a couple MS licensing questions I was given as homework and I don't understand the problem as explained. Contoso is currently assigning E5 licenses to all employees and wants to downgrade to E3 to save costs. Contoso is not using the security components of E5. The difference between E5 and E3 is the loss of PowerBI. If SSO is enabled across the organization, how could this complicate the downgrade? I don't get why SSO complicates the downgrade, it's included for both licenses?
|
# ? Apr 26, 2023 23:23 |
|
|
# ? May 30, 2024 12:07 |
SSO is dependent on the p1 sku iirc. Depends on your contract ime. Marketplace apps don't need the license to use sso
|
|
# ? Apr 26, 2023 23:27 |
|
E3 and E5 what? Office 365 E3 or Microsoft 365 E3?
|
# ? Apr 27, 2023 00:00 |
|
Thanks Ants posted:E3 and E5 what? Office 365 E3 or Microsoft 365 E3? Microsoft 365 E5 in the example.
|
# ? Apr 27, 2023 00:04 |
|
https://query.prod.cms.rt.microsoft.com/cms/api/am/binary/RE4TPAd It’s a downgrade from AAD P2 to P1, I’m not really sure how that would impact SSO though. Maybe if you’re doing risk based conditional access and remove the entitlement to that feature it could stop authenticating people to apps. Thanks Ants fucked around with this message at 00:12 on Apr 27, 2023 |
# ? Apr 27, 2023 00:10 |
|
you lose the ability to modify conditional access rules and a couple other things
|
# ? Apr 27, 2023 00:13 |
|
you edited, bah
|
# ? Apr 27, 2023 00:13 |
|
I don’t think I’d call it an impact on SSO, its a confusing way to ask the question
|
# ? Apr 27, 2023 00:16 |
|
Agreed, thank you all.
strangehamster fucked around with this message at 15:08 on Apr 30, 2023 |
# ? Apr 27, 2023 00:38 |
|
Also defender is weirdly old-school windows sided: I'm rolling it to my mac-only users (because the AV that was licensed before me is a literal crapshoot to deploy by hand in person, let alone remote for macs) and need to enroll at least one windows PC to complete the defender portal on-board. Not a show stopper for most of us, but found it weird.
|
# ? Apr 30, 2023 23:56 |
|
Wow what a lovely gotcha https://gsilt.blogspot.com/2019/12/avoid-microsoft-intune-if-you-use-g.html quote:Now comes the kicker. Installing a Work Profile on an Android device via Intune deliberately blocks you from adding a Google account and there's no workaround. This is by design... e: i'm an idiot they JUST added this last month. But the bad behavior is the default. incoherent fucked around with this message at 01:48 on May 9, 2023 |
# ? May 9, 2023 01:44 |
|
EoRaptor posted:Defender for Endpoints is very good, but it doesn't have a single pane of view for all its features (AV, AntiMalware, EDR, and DLP), and expects devices to be Intune managed. It will need more hands on than most other 'A/V' only solutions, but does offer a lot more if you put in the effort. we're at ~7k devices, our security team *really* likes crowdstrike. afaik we're all in with falcon complete.
|
# ? May 9, 2023 02:53 |
Anyone use Azure Site Recovery for disaster recovery? For our modest VMware estate I think it could be cost effective compared to replacing our current backup repository server and subscription to Veeam or similar. I'm putting together a POC and so far I like it, seems to do what it should. Any reasons it's Bad, Actually?
|
|
# ? May 16, 2023 16:05 |
It isn’t bad at all and has come a long way. Make sure you think about IP schemes and VPN/express route and DNS and poo poo if you actually need to use it Edit: to expand a bit, if you have an RTO or less than, say, eight hours you are going to want your network up and working prior to a DR event. This will also represent additional cost to consider and you want to make sure VPN SKUs and all that are lined up and accurate for your workloads i am a moron fucked around with this message at 16:16 on May 16, 2023 |
|
# ? May 16, 2023 16:14 |
i am a moron posted:It isn’t bad at all and has come a long way. Make sure you think about IP schemes and VPN/express route and DNS and poo poo if you actually need to use it Thanks, the SKUs are a good deal more expensive than I'd assumed. Given the gateway won't be used for anything else, we might have to do without and create as-needed if we had to failover to the Azure VPN; we won't lose money if any production VMs are down for a couple hours. That's a shame, it was looking like a real elegant solution.
|
|
# ? May 17, 2023 10:38 |
I’d say just have some IAC ready to fire up because at creation time it would take under an hour for provisioning, but then you may need a firewall which would increase the amount of time you’d need AND sometimes there are capacity issues which loving with during a DR event on a platform you only look at every now and then would be a potential nightmare.
i am a moron fucked around with this message at 15:51 on May 17, 2023 |
|
# ? May 17, 2023 12:16 |
|
Teams allows users to start calls and chats with unlicensed shared mailboxes, and that's causing problems with some of our internal support teams. Calls drop a voicemail in the mailbox, but chats just disappear. This is generating complaints about groups ignoring users. Has anyone encountered this and found a good solution or workaround? Hiding the mailboxes from the GAL works but has undesirable side effects.
|
# ? May 17, 2023 15:09 |
|
I need some Sharepoint 101 advice (let me know if there is a better place to ask): A team is creating test questions. We need a nice global view of all currently created questions, who created it, etc... Currently, there are 5 hands in an Excel 365 spreadsheet adding/removing/changing stuff and it's an absolute mess trying to track things. I don't know Sharepoint but it seems like it could be a better alternative to Excel (Forms won't work for reasons). I'm thinking I create a Sharepoint List. Each Item would be a test question. I just did quick testing and it appears that one can easily track who modified an attribute in a given Item. I'm guessing it's easy to convert that List to a Spreadsheet, or automate with Power Automate, or dump into Power BI etc... Should I try to convince the team to move to Sharepoint, or would Sharepoint be a mess too in this scenario?
|
# ? May 22, 2023 15:04 |
|
If you need answers to questions written to something readable by Excel, you could use Microsoft Forms (which creates an exportable .csv for the answers) or if you specifically want your answers written to a SharePoint list, you can use PowerAutomate to automatically write the answers to a SharePoint list once the Form is submitted.
|
# ? May 22, 2023 15:32 |
|
klosterdev posted:If you need answers to questions written to something readable by Excel, you could use Microsoft Forms (which creates an exportable .csv for the answers) or if you specifically want your answers written to a SharePoint list, you can use PowerAutomate to automatically write the answers to a SharePoint list once the Form is submitted. Thanks. My explanation is all over the place but mainly I'm trying to get my arms around organizing all of this. The Sharepoint List would be a staging area because ultimately the test questions will be loaded into a piece of testing software where it would be administered. I'm trying to get us out of our current Excel hell, with the main problem being a horrible spreadsheet being difficult to track changes. I just don't have enough Sharepoint experience to know if a Sharepoint List will be any better. I'll take a harder look at Forms.
|
# ? May 22, 2023 15:42 |
|
Hughmoris posted:Thanks. My explanation is all over the place but mainly I'm trying to get my arms around organizing all of this. The Sharepoint List would be a staging area because ultimately the test questions will be loaded into a piece of testing software where it would be administered. I'm trying to get us out of our current Excel hell, with the main problem being a horrible spreadsheet being difficult to track changes. I just don't have enough Sharepoint experience to know if a Sharepoint List will be any better. I'll take a harder look at Forms. How many people will be working within the list? If it’s only a few and sporadically, a SharePoint list is fine (you can take the forms route as well if that’s more your speed, Power Automate probably already has a template you can copy from). If it’s a lot and often, you can run into issues with people saving over each other/losing what they were working on when a change was made. It’s not ideal for heavy workflows for a few other reasons too.
|
# ? May 23, 2023 13:33 |
|
I’m not missing anything obvious here, right? I have approximately 100 users who use teams and outlook on their BYOD phone with MAM-WE policies. Otherwise they just use MFA with authenticator and SSO to sign into a third party enterprise app. They have a kiosk mode PC at their office they can log into webmail if need be, but that’s very rare. Any reason not to just go with the $6/mo Business Basic licenses for these users? We have AAD P2 already due to a few E5 licenses.
|
# ? May 24, 2023 17:22 |
|
Microsoft 365 F3 licenses might be better suited to the type of employee Thanks Ants fucked around with this message at 17:51 on May 24, 2023 |
# ? May 24, 2023 17:47 |
|
lmao we deleted 900 SCCM collections this week. Maybe collection evaluation updates won't suck nearly as hard.
|
# ? May 24, 2023 17:57 |
|
Won't each user need at least a AAD P1 license for MAM to actually apply to their phones?
|
# ? May 24, 2023 20:53 |
|
tehinternet posted:How many people will be working within the list? If it’s only a few and sporadically, a SharePoint list is fine (you can take the forms route as well if that’s more your speed, Power Automate probably already has a template you can copy from). Thanks for the info. It's about 5 other people. I don't think I can convince them to make the switch to Sharepoint, as they are happily mucking about in Excel and deleting each others' work. So, I'm just going to throw it in cruise control and go with the flow.
|
# ? May 24, 2023 21:06 |
|
klosterdev posted:Won't each user need at least a AAD P1 license for MAM to actually apply to their phones? Looks like F3 comes with AAD P1 and MDM for mobile phones if we ever need to provide a device, so it looks like that’s the way to go for us.
|
# ? May 24, 2023 23:03 |
|
I'm spilling over from the networking thread. My wife is a manager at a very small 10 person company. They don't have any IT...yet. They have an email server run by godaddy and they pull email using outlook. Apparently there's no email filtering in their current setup? I'm just so used to getting server side email filtering through gmail and other webmail. How does a small company setup email that has all the modern conveniences like spam filtering? Can you do it at the client side in outlook? Do you do it server side if that's even possible with some cheapo ISP email service?
|
# ? May 25, 2023 00:09 |
|
Pay for MS 365 directly instead of godaddy's garbage
|
# ? May 25, 2023 00:12 |
|
Shaocaholica posted:I'm spilling over from the networking thread. My wife is a manager at a very small 10 person company. They don't have any IT...yet. They have an email server run by godaddy and they pull email using outlook. Apparently there's no email filtering in their current setup? I'm just so used to getting server side email filtering through gmail and other webmail. How does a small company setup email that has all the modern conveniences like spam filtering? Can you do it at the client side in outlook? Do you do it server side if that's even possible with some cheapo ISP email service? Ideal effort: pay somebody to migrate your wife’s company to full Microsoft since you are using outlook and office apps already, and ditch the Google drive for sharepoint. Or find an MSP who sells a service like proofpoint and have inbound mail flow through that.
|
# ? May 25, 2023 00:16 |
|
The Fool posted:Pay for MS 365 directly instead of godaddy's garbage
|
# ? May 25, 2023 00:27 |
|
The Fool posted:Pay for MS 365 directly instead of godaddy's garbage
|
# ? May 25, 2023 16:50 |
|
The Fool posted:Pay for MS 365 directly instead of godaddy's garbage 1000 times this
|
# ? May 26, 2023 20:21 |
|
The Fool posted:Pay for MS 365 directly instead of godaddy's garbage Bit titan finally got their poo poo together and their tenant migration of godaddy finally works. It's literally the worst implementation of office365 SaSS offering you could get. I've helped guide a few out of that shitshow but never again.
|
# ? May 31, 2023 06:53 |
|
I just got told this morning that another part of the Agency is going full-steam-ahead on InTune, and didn't think to ask what would happen with our 500+ applications in MECM which are primarily PowerShell scripts as installers. I don't know anything about InTune, but according to a cursory inspection of Wikipedia, only .exe, .msi, and .msp are supported by InTune. This of course, is a problem, because (a) we'd have to completely change our software deployment strategy going forward and (b) the massive workload we'd incur from having to repackage/retest/redeploy a decade of existing apps. Is this correct? Is this advisable? Like, I'm not averse to change, but this seems like a massive amount of work for what seems like MS just wanting to sell their new shiny thing.
|
# ? May 31, 2023 19:18 |
|
You can do custom installs that just run a script. In fact, I'd say it's probably the most common way for any decent sized InTune deployment. You can literally just take your psappdeploytoolkit deploys from SSCM and move them to InTune.
|
# ? May 31, 2023 19:36 |
|
They can co-exist just fine, if you want them to. I think it's a somewhat common pattern to have InTune just install the ConfigMgr client and then rely on ConfigMgr (properly set up to allow connections from outside your private network) for software. There are a lot of benefits to intune outside of software deployment. But it's really not meant to be a drop-in replacement for ConfigMgr, it is a new paradigm of managing things, and I think if you try your old ConfigMgr paradigm with intune things are going to be rough. I think you'd be totally justified saying "Hey, wait a minute, what about our existing set of applications, are we going to be given time and staff to migrate those?" They might be planning on doing hybrid and still using that existing investment. Or be totally unaware of the huge pile of pain they're dropping on you. It sounds like you're pretty far away from where the decision is made though, so you might just end up eating poo poo. E: I've been out of the game a while, so listen to IE also about how easy or hard it would be to move your existing deployments to InTune. The stuff about hybrid is still true as far as I know, but InTune may have more functionality now to the point where it's much easier to ditch ConfigMgr altogether. FISHMANPET fucked around with this message at 19:42 on May 31, 2023 |
# ? May 31, 2023 19:39 |
|
The least disruptive way to run this would be to hybrid it but do new packages through Intune - the packaging tool is pretty decent, you can use it to wrap Powershell scripts and all their assets if you just want to move things across, and I assume you're already doing things like generating exit codes and catching failures. Lots of third party apps are available in winget now and Intune will be able to deploy those, so for a lot of things you might not even need to deal with packaging.
|
# ? May 31, 2023 19:51 |
|
Thanks for all the advice. I just got cold-cocked from this out of the blue today, and it was very frustrating. As far as packaging goes, yeah, everything I write currently is in PSAppDeployToolkit, but the only thing we run as-is from vendors is SUS (and I think we still do a lot of heavy repackaging on that). We'll likely never allow for vendor-provided apps to "just run", there's no expectation that we'll ever stop packaging our stuff, if for just logging/reporting purposes. I don't know what their plan for InTune is (and I've already told my boss how incredibly braindead it was not to have someone from my team in the meeting they were making these plans in, as who the gently caress do they really think their stakeholders are), but we're so absolutely locked down from outside access, I can't imagine that very much of this would ever work as-is (I remember the years upon years they spent getting SCCM to work across into our untrusted testing domain).
|
# ? May 31, 2023 20:02 |
|
|
# ? May 30, 2024 12:07 |
|
I think it's very reasonable to be frustrated that you weren't in the loop if you manage SCCM. That points to a larger issue that I would definitely want to get straightened out before moving forward with any sort of migration. You can keep doing what you're doing. And I'll actually disagree slightly with Thanks Ants in that in the migrations I have helped with, we moved over existing packages and just used the custom detection method to detect that they were already installed via SCCM. If you Google "PSAppDeployToolkit Intune," you'll see it's a fairly common thing that has been documented pretty well. In my experience, the things that trips up most SCCM->InTune migrations are actually ancillary to SCCM.
|
# ? May 31, 2023 21:36 |