Microsoft Azure Active Directory and Office 365 uses open standards and protocols such as OpenID Connect (OIDC) for authentication and OAuth 2.0 for authorization. In Azure Active Directory, when a client application like Outlook connects to a service like Exchange Online, the API requests are authorized using OAuth 2.0 access tokens. By default, these access tokens are valid for one hour, when they expire, the client is redirected back to Azure AD to refresh them. The 1hr time period is long enough and there are possibilities for token exfiltration and other malicious activities can happen. This is not just a…
Author: Eswar Koneti
When a Configuration Manager client is installed and configured to use the software updates agent, it will automatically configured with a local Group Policy setting that specifies the Configuration Manager software update point. The Group Policy setting used is the intranet Microsoft update service location, specified as a Windows Update computer administrative template.The following snippet shows the local group policy setting for the client that is enabled with software update agent.GPO:In case you have a local Group Policy setting that is configured with Microsoft update service location which will always be overwritten by an Active Directory Group Policy setting, and…
Introduction:I was recently working on project performing the network assessment for teams call quality issues. The network assessment is being done using the free tool provided by Microsoft which is Skype for Business Network Assessment Tool (can be downloaded from Microsoft site).The Microsoft Network Assessment Tool provides the ability to perform a simple test of network performance to determine how well the network would perform for a Microsoft Teams or Skype for Business Online call. The tool tests the connection to Microsoft Network Edge by streaming a set of packets to the nearest edge site and back for approximately 17…
Microsoft has released update 2010 for Endpoint Manager Configuration Manager , the last build for this year with some great and enhanced features, for a complete list, please refer to https://docs.microsoft.com/en-us/mem/configmgr/core/plan-design/changes/whats-new-in-version-2010 This build version is currently available for you to install via opt-in method (fast-ring). You can download the script from and run it on your ConfigMgr site. To download the script, refer to https://docs.microsoft.com/en-us/mem/configmgr/core/servers/manage/checklist-for-installing-update-2010#early-update-ring With this update 2010, there are a bunch of new features added. This means that, there are also a number of SQL tables/views added which will help us to create some great custom reports to…
A year ago, Apple announced a new method of iOS/iPad device enrolment which is called User Enrollment. This enrolment method is available in iOS 13 and macOS 10.15 Catalina and later OS. with user enrollment, we can use federated authentication to link Apple Business Manager to your instance of Microsoft Azure Active Directory (Azure AD). As a result, your users can leverage their Azure AD usernames (User Principal Name) and passwords as Managed Apple IDs. They can then use their Azure AD credentials to sign in to their assigned iPad or Mac and even to iCloud on the web. Users can also…
I was helping a customer who was trying to set up an android enterprise personally enabled (BYOD) work profile configuration. In this blog post, I will try to explain the expected behavior (based on my testing) of the Android Enterprise work profile password. A work profile is something that you can be set up on an Android device to separate work apps and data from personal apps and data. With a work profile you can securely and privately use the same device for work and personal purposes. Using Intune, the work profile can be used in Android Enterprise personally owned…
Microsoft has released another update rollup (KB4575790) to fix client setup content download issue from CMG distribution point.The following listed issues and the rollup update is available in updates and servicing node only if you have installed the recently released update rollup KB 4578605 for Configuration Manager 2006 build.If you have not installed KB 4578605, then you will not see this update in the updates and servicing console.Issues:1. If you have configured cloud management gateway along with cloud DP and running the ccmsetup.exe (client installation) , the client will failed to download the client installation file (ccmsetup.cab) from Azure blob…
I was asked by a customer to find the devices with excluded apps in C2R products such as Office 365 Proplus or Microsoft 365 Apps or Office 2019 etc.When you create a configuration file for C2R products such as office 365 proplus/Microsoft 365 Apps, you can define which app in Microsoft 365 Apps product not to be installed such as Word, Excel, PowerPoint, Publisher, Visio, or Skype. If you don't want Publisher installed with those applications, use the ExcludeApp element to remove itFollowing are the allowed values to be used in the configuration for Exclude App element.ID="Access" ID="Excel" ID="Groove" ID="Lync"…