|
Thanks Ants posted:Remote Help will be one of those things that I just license (almost) regardless of cost, unlike Universal Print which I hate. Can I ask what you hate about Universal Print? We're considering adopting it, and I'd like some feedback from those that have actually used it.
|
#
¿
Jan 3, 2022 22:39
|
|
|
|
| # ¿ May 14, 2024 04:19 |
|
|
Is it possible to get machine-based wifi auth working while using a cert self signed by the NPS server? Just trying to gauge whether I should bite bullet and buy a cert from a CA since I don't really want to stand up a whole new PKI just to auth 50ish computers.
|
|
#
¿
Feb 11, 2022 20:23
|
|
|
Thanks. I'm trying to lock down this wifi so that only members of an AD security group can auth to it. In my testing, it works with no issues if the security group contains users, the user just gets prompted for the AD creds and access is granted. However, if I switch to a group that contains computer objects, it no longer works. Same self-signed cert used for both network policies. I've tried manually importing the cert into the computer's Trusted Root CA store and into the Personal store for the computer. I've also tried distributing the same cert via a GPO and run into the same issue.
|
|
#
¿
Feb 11, 2022 21:05
|
|
|
SEKCobra posted:You need to set the client to use computer authentication manually or through policy. You can debug by using the computer account instead of certificates. That was it! Had the authentication set to 'User'. Rookie mistake on my part, thanks for helping me get it sorted!
|
|
#
¿
Feb 12, 2022 22:18
|
|
|
Internet Explorer posted:Use Windows Update for Business. This. I turned off WSUS a year ago and it's the best decision I've made in awhile.
|
|
#
¿
Feb 18, 2022 17:55
|
|
|
I'm looking for a way for an Azure AD joined machine to ONLY allow logins from local accounts. This is for a machine that some of our computerless users will use to login and do their mandatory trainings. I'd like to have them log in using a local 'Training' account, then once logged in, launch a browser and log into the training system using their personal credentials. These are older machines (with no budget to purchase anything new) so I'd prefer to not have a bunch of user profiles taking up space on the machine if possible. Any ideas?
|
|
#
¿
Mar 24, 2023 22:20
|
|
|
Thanks y'all, I'll give kiosk mode a shot!
|
|
#
¿
Mar 27, 2023 22:16
|
|
|
GreenNight posted:Like how you can get one azure ad p2 license and then enable the features for your whole org. lol, this still works?
|
|
#
¿
Apr 20, 2023 23:26
|
|
|
The contract for our current AV solution - Kaspersky Endpoint Security for Cloud - is up for renewal in a few months and we're looking to get a couple of quotes from competitors. We have a couple contracts that stipulate that our endpoints need to have AV software installed so this is an organizational requirement. What is the MS equivalent? Any other recommendations?
|
|
#
¿
Apr 25, 2023 23:30
|
|
|
The Fool posted:Pay for MS 365 directly instead of godaddy's garbage 1000 times this
|
|
#
¿
May 26, 2023 20:21
|
|
|
I recently started a new job and I've been asked to get us set up with an Azure subscription so we can create VMs and do some WUfB reporting. We currently have a perfectly functioning (ha) Azure AD tenant, so that part is already squared away, it's the subscription part that is stumping me. According to MS documentation here: https://learn.microsoft.com/en-us/windows/deployment/update/wufb-reports-prerequisites we've got everything but the Azure subscription. I went through the process of creating a free one, but that one seems to be associated with my individual account, as in my email address and info appears in the billing section and that's not what I want since I aint paying the bill. I've got global admin rights in our tenant so that shouldn't be a problem. When I log into the Azure portal I see the 'Subscriptions' link and I see the option to add a sub there, but when I click it...it has my name and email for the billing and wants me to add a credit card. Does everyone just use a company CC when setting these up? We have a CSP (CDW), am I supposed to go through them? I managed our Azure stuff at my old job but the subscriptions were already set up when I got there so I've never actually had to do this portion before. Is there something else I'm missing here?
|
|
#
¿
Aug 24, 2023 03:25
|
|
|
Cyks posted:A director requested the ability for staff to have a dial-in number for Teams meetings and from what I can tell, this was made free last year, I just need to purchase the free license (that’s called dial-out) and assign to users. Similar scenario and question from me. I need to accomplish the same thing, but when I try to purchase the required free license, I get a message stating that I'm not eligible to purchase it :|  Any ideas?
|
|
#
¿
Oct 7, 2023 16:23
|
|
|
snackcakes posted:Do you have any of the following licenses already? That's kinda what I figured. We buy our O365 E3 licenses through a CSP I'll reach out to them next week. Thanks.
|
|
#
¿
Oct 7, 2023 18:07
|
|
|
Is there a way to prevent standard users from creating subscriptions within an Azure tenant? We've had a few incidences lately where random employees have created subscriptions and we're looking to prevent that. I've already set AllowAdHocSubscriptions to false but that seems to have no effect. I've talked to our SIEM (ArcticWolf) to see if they can at least alert on this, but they can't...because they can only do monitoring per subscription, not at the management group level. I've restricted access to the Azure portal for non-admin users as well.
|
|
#
¿
Oct 14, 2023 19:32
|
|
|
Thanks, I'll take a look at roles and related RBAC stuff tomorrow. I just started this job 3 months ago and I'm finding all kinds of messed up poo poo security-wise so it wouldn't surprise me at all.
|
|
#
¿
Oct 15, 2023 16:47
|
|
|
AreWeDrunkYet posted:Pretty much. If you're building a new environment Entra (or a non-Microsoft IDP that easily wires into Entra) is the cleanest path for user account management in an M365 environment that gives you all of the other user services including file shares. Assuming no legacy app integration this all wires into on-prem AD pretty easily, but chances are the reason this org is asking these questions is legacy app integration. This has piqued my interest. Does Okta fit this definition?
|
|
#
¿
Jan 5, 2024 04:53
|
|
|
Is it possible to make a group in Entra and have a non-admin user add/remove members? I know that I can assign the user as an owner and have them approve membership requests, but I need to have the user add the members without having the members request membership if that makes sense. Dang I used the word 'member' a lot in that sentence.
|
|
#
¿
Feb 6, 2024 05:00
|
|
|
|
| # ¿ May 14, 2024 04:19 |
|
|
There's also Security Defaults, which work pretty well for a baseline of security if you don't want/need to get into managing a bunch of CA policies, etc. Works well for smaller businesses with simpler needs, so it's not for all situations.
|
|
#
¿
Mar 21, 2024 17:30
|
|