Great content! For the "Consumer VPN" bypassing Trusted Locations, appears you need to have Apps deployed with CA App Control. Any chance you can expand on that in a video in terms of covering the M365 Apps as opposed to custom apps?
@imca_b_551719 күн бұрын
Their is two different between mf and mfa
@xCheddarB0b42x19 күн бұрын
Thank you for the Conditional Access content.
@prashantmishra569120 күн бұрын
Rod Trent's share sent me here. This was such an informative video. Thank you so much!
@st204rna22 күн бұрын
Great video. Does the "Block Downloads" for the Conditional Access App Control policy work for all applications which it is scoped for? (outside of M365 ecosystem)
@rucam36514 күн бұрын
Thanks! It will work for all web apps if you're using Entra ID SSO and Defender for Cloud Apps has been provisioned with them. For example, other SaaS apps, like Salesforce, Slack, and so on are all supported.
@Sergio-Here-In-Community26 күн бұрын
Excellent video. Very helpfull to begin the migration from Unknown devices (BYOD) to allow only corporate devices. as suggestion if possible, can you cover the portion to enroll the new BYOD to Intune, what could be the MUST to have compliance policy to evaluate the BYOD device? the Intune compliance policy should be different between corporate devices Vs. BYOD Then, if I plan to block all Unknown devices (for me is BYOD), however, I need to do an exception to accept one device as BYOD, can you please explain how can I use the Intune feature: "Corporate device identitiers" thansk for your sharing knowledge to the community.
@weyooz27 күн бұрын
Very good content! Love it
@sunkuvenkataganeshkumar7559Ай бұрын
Can we do for restart and shutdown a device for defender for endpoint using live response
@francisreidjr3788Ай бұрын
Great video
@ÐEALАй бұрын
9.W#=555:019/6
@francisreidjr3788Ай бұрын
great vido useful info
@nysus2Ай бұрын
ya.. uh... okay now explain it to me like i'm 4
@ernie3878Ай бұрын
Would the first policy have the same effect as ticking require device to be marked as compliant and hybrid joined and granting access? Thanks
@GuevaraCloudАй бұрын
I am going to say yes but I too had the exact question
@rucam365Ай бұрын
Correct - they'll both offer AiTM protection. The difference (and why I usually prefer filters instead of the grant controls) is using filters you explicitly block, and the users get that clear block message. If you use the grant option, it can guide the user through Intune enrolment, which unless you're supporting BYOD, probably isn't what you want.
@systemonitorАй бұрын
Excellent content, I'll delve deeper into it...
@FactorlabsInCloudАй бұрын
Hi Ru. Can you share the information about the console tool with you was using during the presentation? Will be possible to see the login details for windows hello login?
@rucam365Ай бұрын
Hey, it was Evilgynx. WHfB will offer FIDO2 protections, so if you use Conditional Access authentication strengths to require WHfB, the AiTM won't get those tokens.
@AntonMasyanАй бұрын
it's Evilginx2
@rucam36527 күн бұрын
Hey, I replied with the tool but I think KZbin censors it 👀 If you search 'aitm evil' you'll be on the right track.
@mhacklingАй бұрын
great video - do windows hello for business too!
@rucam365Ай бұрын
Great idea - leave it with me.
@1980telboyАй бұрын
Great video mate
@threatscapeАй бұрын
Glad you enjoyed
@AnthGags333Ай бұрын
What if- Literally saved my sanity
@Sergio-Here-In-CommunityАй бұрын
Brilliant presentation of TAP... Foundamental concept, How to enable, How to implement and live end-user experience. excellent video, very helpful to put in action this Microsoft feature. Thansk for sharing your knowledge with the community. 😁😁😁😁
@weyoozАй бұрын
when i try with TAP in out of the box experience OOBE it does not take the TAP password. would it be required with OOBE to first set up the security key on another devie and then configure OOBE with autopilot?
@madam-v3yАй бұрын
Same, I created a policy to enable web sign in and I was then able to use the TAP password...But I dont know if thats the right thing to do
@rucam36527 күн бұрын
Hey, when you say it doesn't take the TAP in OOBE, what specifically is the error dialogue? Just make sure the Entra login dialogue (not the Windows login screen) is prompting for a TAP and not a password; sometimes you may have to choose the option to sign in with TAP instead of password.
@RinkuVaghelaАй бұрын
great video thank you
@baldytyreАй бұрын
Excellent, thanks
@matthewlevy6759Ай бұрын
Amazing video Ru. Just a question about the VPNs, are you saying consumer VPNs are not evaluated or considered in location based CA policies? And so, in your UK example, if a user from the UK was connected to a VPN to access streaming video from the USA for example, they wouldn't be blocked by the CA policy? Hence the MDA policy requirement. Or are you saying a bad actor can use a VPN to appear to come from Ireland for example, when they are in fact in the far east and without the MDA policy would be able to sign in?🤕
@rucam365Ай бұрын
Hey Matt, it's the latter. For example, if I have a CA policy that only allows Irish IPs, CA will accept IPs of VPNs, data centres, VPSs, etc, as long as their IP matches Irish geo data. Using MDA, you can refine it by saying "also block if the category - not just location - of the IP is XYZ".
@MrArt9542 ай бұрын
Amazing video. Very informative and captivating content.
@PazGorbiz2 ай бұрын
Interesting thoughts, but not really addressing the video title "How to Secure Local Admins with Intune EPM"....
@eddiegerlach71212 ай бұрын
Another professional from the Entra ID group shared this video and I'm subbed! Excellent video! As an aspiring Cybersecurity Analyst, I appreciated the multi-layered approach to conditional access, especially where the principle of Least Privilege was illustrated. Also found the Conditional Access for Zero Trust Framework exciting, particularly where he addressed the multiple exclusions by naming conventions thru 'personas'. Thanks for sharing! 👍
@niranmanandhar85172 ай бұрын
The content is amazing expecti9nal the, but the background color that green background needs to be changed .we need new modern look
@ernie38782 ай бұрын
Really good video covering many common gaps
@threatscape2 ай бұрын
Glad it was helpful! Do let us know what you would like us to cover next.
@ernie38782 ай бұрын
@@threatscape Continuous Access evaluation (CAE) and Token protection please :)
@Sergio-Here-In-Community2 ай бұрын
Terrific video, That is a high level security for Conditional access.
@threatscape2 ай бұрын
Thanks Sergio! Glad you found it useful
@1991Argentino2 ай бұрын
Your tutorials are amazing, but...PLEASE, STOP USING VOCAL FRY. IT'S ANNOYING.
@will_ta55713 ай бұрын
Mde tester naw. Mda tester yeahh
@sunreindeerfog3 ай бұрын
You got a sub. I'll be back. BTW your mic 🎤 is a little crunchy making you a little hard to understand.
@threatscape2 ай бұрын
Thanks, we appreciate the feedback. Unfortunately we had sone technical issues with this recording but we will do our best with the future ones.
@Zachsnotboard3 ай бұрын
❤
@russel2424 ай бұрын
any demo how to simulate?
@threatscape4 ай бұрын
Thank you for the suggestion, we are working on a dedicated video for this.
@cirriustech4 ай бұрын
I would add to Colin's point that "if something goes wrong in IT, nobody dies, if something goes wrong in OT, someone might die". There are also examples in IT where that's the case too - example being Healthcare
@cirriustech4 ай бұрын
User Voice type sites tend to be where feature requests go to die - how do Microsoft combat that?
@hulstie4 ай бұрын
Can you put link to test exe file for testing?
@HitemAriania5 ай бұрын
Compared with microsofts recommended templates (CA001-CA016 set with the base being MFA for all on all apps) this persona approach is not doing much then adding more confusing to the customers. You want the amount of CA rules to remain low, with a good namingconvetion (CAxxx - BLOCK/GRANT - <app> - <condition> - <identity>. example: CA004 - GRANT: All apps - MFA - All users). Having 8 personas will round it of around 40 CA rules if you use all licensing and recommended security CA's vs the old 10-16. Dont get me wrong, persona is good! but its not an easy feat and the administration required just to do the memberships lifecycle is a MASSIVE task (could even require a team which most customers dont have - its easier to require MFA for everyone instead and create app/role based CA that has higher requirements, such as FIDO etc).
@jirayahatake7 ай бұрын
How do you change the information shown on the pop-up notification the end user get when the device gets isolated? For us the only thing the user sees is a notification telling them that an administrator has isolated the device. Would be sweet to customize that message with information/instructions for the end user
@ReapermanUK7 ай бұрын
or just avoid fucking cloud shit
@sscoconut126510 ай бұрын
how to switch to other drives when on live response? it seems that theres only C: drive?
@darrenjefferson6492 Жыл бұрын
Promo sm ❗
@footcare2394 Жыл бұрын
Hi, I tried to implement this yesterday but it still doesn't seem to be working for my organisation. We have all machines connected to AzureAD, intune licences, 365 Premium business licences & Endpoint trial. All of the options you have do show up but it just doesn't seem to want to work across the devices? Is there anything I might be missing? Thanks
@genesisbrito72093 ай бұрын
Were you able to fix it or do you know why it doesn't work?
@GeraldSalomo-fp6fl Жыл бұрын
Good description. Increasingly challenging challenges will result in developing and innovative products to be able to offer solutions and products to these challenges
@RichardGailey Жыл бұрын
This has been the bane of my life at work. Users going on AL and not informing anyone. Next thing we get are alerts for users being seen connecting (normally via Teams and Outlook or desk booking app on their mobiles) from foreign countries, alarms ringing and hackles rising. We expect to see users checking their emails on their mobiles and teams etc, but have been looking at a complete block for 99% of countries, so having this would be a much better way to manage this. Thank you for highlighting this. Amazed I didn't realise that we could do this via this approach.
@dpkseth22 Жыл бұрын
Hello, could you please advise on this, actually we isolate a device and the status will stay pending. Status just says “Action is pending for completion” and "Release from isolation" is grayed out.
@ahmeddiab25 Жыл бұрын
Hey, any way to bock without generating alert? there is no permission to edit the response action for the IOCs added by Cloud Apps
@holycow3355 Жыл бұрын
mate you are boring AF ???!!!! NO REPLY READ.
@gupirqamil5333 Жыл бұрын
Thank you for the video. I have checked on my system but it is just working for edge, how I will do for chrome and any other web browser
@georgewashington30127 ай бұрын
I realize you asked a year ago, but it only works for Edge. It will never work for other browsers so you have to either block other browsers or use a third party secure web gateway service like Zscaler that works across all browsers.