Microsoft 365 endpoints are the set of destination IP addresses, DNS domain names, and URLs for Microsoft 365 traffic on the Internet. To optimize performance to Microsoft 365 cloud-based services, these endpoints need special handling by client browsers and the devices in our edge network. These devices include firewalls, SSL Break and Inspect and packet inspection devices, and data loss prevention systems. By default, there are 3 core services Exchange Online, SharePoint Online & OneDriveForBusiness, and Microsoft Teams. Apart from this, there is a very critical service which is a must needed for Office 365 which is Microsoft 365 Common…
Author: Eswar Koneti
Microsoft Azure Active Directory and Office 365 uses open standards and protocols such as OpenID Connect (OIDC) for authentication and OAuth 2.0 for authorization. In Azure Active Directory, when a client application like Outlook connects to a service like Exchange Online, the API requests are authorized using OAuth 2.0 access tokens. By default, these access tokens are valid for one hour, when they expire, the client is redirected back to Azure AD to refresh them. The 1hr time period is long enough and there are possibilities for token exfiltration and other malicious activities can happen. This is not just a…
When a Configuration Manager client is installed and configured to use the software updates agent, it will automatically configured with a local Group Policy setting that specifies the Configuration Manager software update point. The Group Policy setting used is the intranet Microsoft update service location, specified as a Windows Update computer administrative template.The following snippet shows the local group policy setting for the client that is enabled with software update agent.GPO:In case you have a local Group Policy setting that is configured with Microsoft update service location which will always be overwritten by an Active Directory Group Policy setting, and…
Introduction:I was recently working on project performing the network assessment for teams call quality issues. The network assessment is being done using the free tool provided by Microsoft which is Skype for Business Network Assessment Tool (can be downloaded from Microsoft site).The Microsoft Network Assessment Tool provides the ability to perform a simple test of network performance to determine how well the network would perform for a Microsoft Teams or Skype for Business Online call. The tool tests the connection to Microsoft Network Edge by streaming a set of packets to the nearest edge site and back for approximately 17…
Microsoft has released update 2010 for Endpoint Manager Configuration Manager , the last build for this year with some great and enhanced features, for a complete list, please refer to https://docs.microsoft.com/en-us/mem/configmgr/core/plan-design/changes/whats-new-in-version-2010 This build version is currently available for you to install via opt-in method (fast-ring). You can download the script from and run it on your ConfigMgr site. To download the script, refer to https://docs.microsoft.com/en-us/mem/configmgr/core/servers/manage/checklist-for-installing-update-2010#early-update-ring With this update 2010, there are a bunch of new features added. This means that, there are also a number of SQL tables/views added which will help us to create some great custom reports to…
A year ago, Apple announced a new method of iOS/iPad device enrolment which is called User Enrollment. This enrolment method is available in iOS 13 and macOS 10.15 Catalina and later OS. with user enrollment, we can use federated authentication to link Apple Business Manager to your instance of Microsoft Azure Active Directory (Azure AD). As a result, your users can leverage their Azure AD usernames (User Principal Name) and passwords as Managed Apple IDs. They can then use their Azure AD credentials to sign in to their assigned iPad or Mac and even to iCloud on the web. Users can also…
I was helping a customer who was trying to set up an android enterprise personally enabled (BYOD) work profile configuration. In this blog post, I will try to explain the expected behavior (based on my testing) of the Android Enterprise work profile password. A work profile is something that you can be set up on an Android device to separate work apps and data from personal apps and data. With a work profile you can securely and privately use the same device for work and personal purposes. Using Intune, the work profile can be used in Android Enterprise personally owned…
Microsoft has released another update rollup (KB4575790) to fix client setup content download issue from CMG distribution point.The following listed issues and the rollup update is available in updates and servicing node only if you have installed the recently released update rollup KB 4578605 for Configuration Manager 2006 build.If you have not installed KB 4578605, then you will not see this update in the updates and servicing console.Issues:1. If you have configured cloud management gateway along with cloud DP and running the ccmsetup.exe (client installation) , the client will failed to download the client installation file (ccmsetup.cab) from Azure blob…