Windows Hello - DisablePostLogonProvisioning Intune CSP fails on some client
Hello, we're about to deploy Windows Hello for Business (WhfB) in our Hybrid environment. For that, we're using the Account Protection policy to enable WhfB scoped on user groups. At first, we don't want to force users to enroll WhfB, for which we like…
My laptop is locked with a BitLocker. I need a recovery key to access my laptop again, but I don't have access to my key or I get a message that there is no key for my laptop. How can I solve this without having to reset my laptop? All my documents are on
My laptop is locked with a BitLocker. I need a recovery key to access my laptop again, but I don't have access to my key or I get a message that there is no key for my laptop. How can I solve this without having to reset my laptop? All my documents are…
Please be aware that multi-factor authentication will become mandatory for all tenants on October 15, 2024...
I need to enable multi-factor authentication (MFA) for my tenant by October 15, 2024. All my users are already using MFA for their individual accounts. Do I still need to take any action at the tenant level? If so, would the following steps be…
I am getting notifications that MFA will be required, but I already have it "enforced" via a CA policy
Not sure what I need to do, but I keep getting the notification stating that MFA will be "enforce" for Admin access but I already have MFA enabled via conditional access policy (per a Microsoft recommnedation for security). What is it I need to…
Conditional Access Policy Frustration
I do what I am asked. I was asked to build a policy that would prevent using Office 365 apps or access to Online apps unless the device was either Entra Registered or Entra Joined. I have this working 99%. The issue is that I cannot enroll new devices…
I added my new security key to my MS Account in an enterprise setup of Hybrid joined AAD (Entra ID) and I am able to login using the Security key into microsoft applications but not onto my device.
Hello there, I registered my new Yubico 5c Security key into my Microsoft account, which is working fine to logon to many MS resources. My MS account is on Hybrid-joined AD (Entra ID). I am unable to use Security key to logon to my windows 11 device…
Mandatory MFA enablement by Oct 15th required if MFA is enabled for Microsoft Account?
I received an email for a tenant I have w/ a single subscription that MFA is required to be enabled on the tenant by Oct 15th. I only use this subscription currently for the cloud storage. I access it through the Azure Portal using a Microsoft Account…
Conditional access policy for risky sign-ins
I am trying to create a conditional access policy to require multifactor authentication for risky sign-in attempts. I am following the instructions on this article but there is no section to define user or sign-in…
Enabling KQL Query for the risky users without Entra ID Premium P2?
Does the Entra ID Premium P2 required to be able to query the risky users with KQL (Kusto) and then send the email alert to the relevant team? Thank you in advance for any help and suggestions.
How to trigger Defender Antivirus scan on endpoints
Hello! I am having trouble deploying an action from the Defender backend (https://security.microsoft.com/) that I believe should be fairly straightforward, but I am not seeing how this is configured. I want to created an automated response for endpoints…
How to remove Bitlocker recovery keys from Entra ID on Autopilot devices
In our tenant we have a hybrid AD joined setup. We have around 50-60 devices that have failed a bitlocker enrollment back in 2021 and have now accumulated 200 recovery keys on their Entra ID's. So far our only fix is to: Delete device in Autopilot Delete…
Verification of Step-by-Step Methods to Prevent Account Sharing in Microsoft Office 365
Hello, I’m looking to implement security measures in Microsoft Office 365 to prevent users from sharing their accounts externally. I have compiled the following step-by-step methods based on information I received from Microsoft AI. Could you please…
certificate not getting updated
I have done the below exams and the certificates are not yet updated SC-400: Administering Information Protection and Compliance in Microsoft 365 Exam MS-102: Microsoft 365 Administrator Please advice
BYOD / personal equipment
google traduction : Hello, I would like to post a question about the concept of BYOD. I have consulted numerous documentations and training courses on the subject and I admit that I am a little uncertain about the position to take when it comes to…
Whfb broke after CRL expired
Hi, We have a hybrid environment configured. Servers on 2019. CRL expired but was renewed. We are now unable to use whfb to authenticate in our domain. Our smart card seems to still work. We run a passwordless system so smart card is the only way we are…
Enable multifactor authentication for your tenant by 15 October 2024 ???
Hi, I received an email requesting that I enable multi-factor authentication (MFA) for my tenant by October 15, 2024. I am unsure about the specific steps involved and have a few questions: License Requirements: Do I need a Microsoft Entra ID P1…
Remotely approve application installs when users are not local admins.
I want to remove all users from being part of the local administrator group. This will prevent them from being able to install apps on their own. What we want to do is to have a means of granting permission for applications to be installed remotely and…
Unable to receive Authenticator code in app
Hello, I am unable to login into teams since I'm not getting Authenticator code in my Microsoft Authenticator app. I've already added to the Teams and Microsoft365 account is enabled. Any suggestions would be highly appreciated to solve this issue.
How to Manage Windows Devices Across Multiple Schools: Seeking Advice on Microsoft Intune and Tenant Creation
Hi everyone, We are currently working with several charter schools, and we need a solution to effectively manage their Windows PCs and laptops. We tried signing up for Microsoft Intune for Education for testing as it appears similar to Apple School…
Policy for Updating google chrome
I needed to create a policy in Intune to always update Google Chrome to the latest version automatically on all my registered devices. Is this possible?