Disable "Windows Hello"
I am an admin, and attempting to disable "Windows Hello for Business" also referred to as 2-step authentication. From what I gather, this option is set as "disabled" by default. I confirmed this. However Whenever I join a device to Azure AD, it is always prompted with "Windows Hello" and to create a pin. Where can I find the option that allows me to disable this?
Endpoint Fraud / Stalking
Hi everyone Im not a developer however I have a complicated crazy situation where all my devices were auto enrolled in an MDM without my consent which I believe someone I used to know did to stalk me , for the past 6 months Ive tried to figure it out as It makes me have very little privlidges and it auto deploys on brand new devices , It also refuses to ping back to anything but still under full control , I believe its controlled via azure and a server domain I tried to see if I had an azure account even though I never made one and I somehow have one but everything says unknown and a bunch of errors on everything I try to access does anyone have any advice for how to go about this ? Also note I never was a part of an enterprise of any kind
Repeated requests to approve 3rd party app consent
Hello - I am coming across an issue in an environment where Azure Cloud App Admins / Global Admins are receiving repeated email approval requests to approve permissions for 3rd party apps when admin access on behalf of the tenant has been previously approved and granted. Does anyone know why this happens or a way to stop it? The tenant is configured with this: This issue occurs for multiple apps. When the second or third request from an end user comes in for the same app, I have already gone into the Enterprise App in Azure AD and confirmed that the permissions the end user and app is requesting have already been granted by an admin. Example: Thank you!
Azure AD Direct Connect access denied
Hi. We've set up Direct Connect for the first time between two of our tenants. We've configured the External Identities -> Cross-tenant access settings exactly the same on both. But on both we get this error message when attempting to access a Sharepoint site from each tenant: Here're the settings (same for both tenants): I cannot figure out why access would be blocked as these settings seem to be the most permissive possible. Thanks for your help.
Check Windows Hello for Business usage for the last 30 days
I am trying to get the logs for users who is using Windows Hello for Business and I want to check if the user hasn't use the WHfB for the last 30 days. Is there a way to get this data from Azure AD and via graph API endpoint? Thanks in advance!
Azure subscription policy
Hi, https://learn.microsoft.com/en-us/azure/cost-management-billing/manage/manage-azure-subscription-policy there are two options to disallow subscriptions entering/leaving Azure AD. Unfortunately I don't have a test environment to test but am wondering: * Can a user create a new subscription successfully even if the subscription is not allowed to enter Azure AD? * If the answer is no, does it make sense to use the options to prevent new subscription creation? Thanks,Azure AD Join - Supported Configurations
I'm currently looking into setting up an environment that would consist of AVD Session Hosts that are running Windows 11 Enterprise Multi-Session in their own Host Pools and are Azure AD Domain Joined. Ideal scenario is that we do not require Active Directory Domain Services for this solution, management will be handled solely using Azure AD, Intune and Microsoft Endpoint Manager. User Profiles will be delivered using FSLogix from an Azure Storage Account (preferred) or Locally-Stored. My question however, is the "Supported Configurations" that are mentioned in the documentation. The use-case we have above would be Pooled Desktops that are Azure AD Joined but the article states that only configurations as a Jumpbox or where-by no Data is stored on the machine are supported. Why isn't it supported to have Data/Apps on an AVD Session Host that's AADJ? General File Data (Word, Excel, PDFs etc) can be located on SharePoint but Applications need to be installed on the AVD Session Host and some need to store data on the Virtual Machine for them to work. What's not supported about this?How to restrict multiple users access to specific subscription under multi subscription Model?
Elaborated question: How to restrict multiple users access to specific subscription when they are a member of the management group ? Scenario : I am having a Multi-subscription which is organised by management group for easy governance and management under a single tenant. When i Say Multi-Subscription , i mean 500+ subscription under a single tenant, Now i have all 500+ subscription whose IAM is inherited with Management AD group that is created on Azure Active Directory . I want to restrict few users from this Management AD group getting access to few subscription which has sentitive data. How to achieve this is my question ?
