@NathanMcNulty Hm.. We are getting sign-in log failure for App: Authenticator, Resource: Graph. “Application needs to enforce Intune protection policies”. Ok Android it prevents process from continuing and on iOS just shows in logs but works.
@NathanMcNulty have you come across any issues with adding Passkeys especially in Android when you have require app protection CA turned on for all apps? It appears it’s blocking Authenticator from adding passkey even if you are protected
@rucam365@jonathanbourke You can configure a lot of that out via MDM policies beforehand or even using the Edge Admin center for any account that signs into edge in your org. We disable a lot of it out of the gate.
@BrianReidC7@merill@azuread Same with the Shared Mailbox section. Can’t figure out how to give that view without Global Admin even though they have access to read and modify shared mailboxes.
@NathanMcNulty In Entra you can click on a license type and see who has it assigned and see in one quick view who has group assignment or direct AND for people that have both you can easily remove direct assignment and it leaves group assignment. I can’t find that in 365admin.
@NathanMcNulty@ThreatLentes Authenticator is a much easier experience since most our employees would have it already. Extra step of company portal for android is annoying.
@JefTek@FrankLesniak I’ve noticed something similar with Teams and MAM. Teams icon doesn’t update with badge change about new messages if I haven’t opened long enough to require PIN/ID. Not sure if notifications stop as well.
@robertgraham@UK_Daniel_Card I carry mine alone in pocket, nothing else goes in that pocket and my 15 also got a scratch within a couple weeks of purchase. None since then but very annoying.
@EricaZelic@NathanMcNulty User offboarding is terrible without SSO. We recently people leave with little notice and with a single disable had them locked out of most systems. The alternative is going through 15+ different systems admin areas or worse trying to reset passwords via forgot password process
@NathanMcNulty Ran discovery part first and it returned a lot. Ran a single user with format-list and entry showed True for AuditEnabled. Ran the full script and now it returns no one. My guess is since we have enabled as tenant default it is being weird?
@NathanMcNulty Strange. I ran this and it gave me a lot of results but when looking at the details AuditEnabled is set as True. But now I run it again and gives me no results.
Anyone know the latest on forcing bitlocker recovery or similar on Win11? Old manage-bde -forcercovery doesn’t seem to work anymore. Trying to determine best way to lock computer remotely. @NathanMcNulty@Mister_MDM@rucam365
@Dbenn3268 @NathanMcNulty Yeah it’s so dumb. It should be its own permission setting for this feature. Instead people use a random free WeTransfer account or something to request files from clients.