Great video. Sadly this behavior is in ALL industries. Bought a car lately?
@nzmatt7786 күн бұрын
Nice vid! thanks.
@michaelpietrzak20672 ай бұрын
Great video! Love the content!
@emon0612 ай бұрын
But how do I know the corporate or office laptop as device per user into the Windows AD or AAD?
@toadbroz303 ай бұрын
This is the best and most in-depth explanation I've heard. Thank you sir.
@michaelslabolepszy47366 ай бұрын
The video i just needed after finding this great channel! -trinity ?😅
@lakergreat16 ай бұрын
how do I contact you to engage in a project?
@kb85707 ай бұрын
Hello, thank you for this video. We have some staff members who have used their personal laptops to access corporate data (Emails/Onedrive) and these are now appearing as 'Registered' laptops in Azure. I would like the policy to block all personal devices. Once I enable the settings you mentioned in the KZfaq video, will it block those personal devices even though they have been previously 'Registered' in Azure?
@faisalsharif88987 ай бұрын
Sir, I appreciate it. keep it up...
@bshwjt8 ай бұрын
Pls make similar kind of tutoriuls. Nice explanation .
@SecureCRC7 ай бұрын
Thank you. I'll try. I have to be the Jack of All Trades, so sometimes they're not that detailed. I appreciate it!
@bshwjt8 ай бұрын
Thank you for sharing. AWESOME explanatrion
@jcawl10 ай бұрын
Thank you this is great!
@SiBex_ovh Жыл бұрын
IdFix in settings have a SearchBase but how use a space for OU, ex: ou=!HQ Poland,ou=Corpo,ou=local ? I try ' or " in differ forms and not work.
@bnazim Жыл бұрын
how would you block Windows endpoint from registering to AAD (not intune) ?
@SigurdurKristofersson Жыл бұрын
Thank you so much. Great Video.
@SecureCRC7 ай бұрын
You're Very welcome. Sorry for the delayed response. You probably don't remember commenting! ;)
@GLis86 Жыл бұрын
First 5 minutes have been better explanation than I've found in last 2 hours! Thank you!
@ricklucas6216 Жыл бұрын
This was an extremely good overview of App Protection Policies. Thank you!
@MagicJoBlow Жыл бұрын
Thanks for these explanations. I better understand now what my colleages are doing. And by the way the guitars on your wall triggered me to do myself a pleasure. So I just bought me a Fender Vintera 60s Telecaster.
@donaldjeansonne8667 Жыл бұрын
Does this work inaddition to the 2FA that a bank or credit card service uses. My bank and cc uses such over my phone now. So would an authenticator app do a second verification after the bank does theirs? Or am I not understanding this?
@violaarcelay7780 Жыл бұрын
Do you have to get authenticator apps for different devices, or will one authenticator work on all devises? Android cell, tablets, PC desktop, etc????
@lachmans Жыл бұрын
Thanks for this tutorial !
@mohamedhussien9070 Жыл бұрын
Thank u!
@kjartanoskarsson9863 Жыл бұрын
What happens to devices that are already enrolled as personal devices in my environment after I set the personally owned Windows(MDM) to block? Can't seem to find anything concrete about that online.
@SecureCRC Жыл бұрын
The block only applies to devices at the time of enrollment. So, if they're already there, you're fine. But if you wipe them and they come in as personal again, they'll be blocked. Easy fix is to add them to the Autopilot device list by making sure all your existing devices (especially non-autopilot) are assigned an Autopilot profile that has the "Convert all devices to autopilot" checked.
@kjartanoskarsson9863 Жыл бұрын
@@SecureCRC Thank you so much for the quick response, much appreciated! Subscribed
@sachin2080 Жыл бұрын
@@SecureCRC would this block also affect OOBE Personal use or Setup for an Organisation without Deploying auto pilot? I just want to block azure Ad join and schoo/ work join from inside the windows under accounts for windows 10 and 11. Can it be done using your video?
@Southpaw07 Жыл бұрын
Thanks for the share. I use AD registered devices in many use cases for example consultants that require access to a particular application, also with registered device you can use conditional access to limit access to only what is required.
@SecureCRC Жыл бұрын
thanks Darren. How are you distinguishing the AzureAD Registered devices in the CA Policies. By Azure AD attribute?
@wkbdgeorge Жыл бұрын
Great explanations!
@wootle Жыл бұрын
Great video thanks very much!
@monchurmiah1229 Жыл бұрын
Hi I’m having some issues with synchroniza, so when I create an user on ad it’s should show on office 365 but it’s not I can’t add any user into group through ad because of synchroniza any solution.
@SecureCRC7 ай бұрын
There is a sync services tool on the AD Connect server. look for sync errors. you can see these in the Entra portal also under the Hybrid node. It's probably a sync issue because of more than one account that has a duplicate property like email address.
@CC-qt6sf Жыл бұрын
Excellent demonstration and explanation.
@SecureCRC7 ай бұрын
You're Very welcome. Sorry for the delayed response. You probably don't remember commenting! ;)
@kabookeo2 жыл бұрын
Excellent explanation. Thank you!
@JoyFos20242 жыл бұрын
Awesome video, thank you!
@SecureCRC7 ай бұрын
You're Very welcome. Sorry for the delayed response. You probably don't remember commenting! ;)
@otakuguild56032 жыл бұрын
Excellent video
@SecureCRC7 ай бұрын
You're Very welcome. Sorry for the delayed response. You probably don't remember commenting! ;)
@nimesis1242 жыл бұрын
I can see my local AD users in Azure AD but Azure AD users are not synced in local AD
@SecureCRC7 ай бұрын
AD Connect is a one-way sync. from AD to EntraID (azure AD)
@SecureCRC7 ай бұрын
AD Connect is a one-way sync from AD to EntraID (Azure AD). it does not sync backward.
@demetrioskasabalis55362 жыл бұрын
Thank you so much for taking the time to advise us on Authenticator Apps, but theory sometimes can be confusing. An example is way much better and solves many, if not all, questions.
@bernardbeale70402 жыл бұрын
My Microsoft Authenticator App is producing an 8 digit token instead of a 6 digit token…I need this 6 digit token to finalize my global entry card activation. This is very frustrating. Does anyone know how I can get my Microsoft Authenticator to produce the 6 digit code instead of this 8 digit codes that I’m getting?
@lusungukanchenche3922 жыл бұрын
Cannot log i to MS365. Getting message to protect my account and leading me to MS Authenticator. So annoying.
@annierauwerda34702 жыл бұрын
helpful explanation, thanks!
@ameyraj49472 жыл бұрын
Can We sync the ad group from azure ad group as it is easy to add users in azure ad group. And then sync with ad group on-premise.
@SecureCRC7 ай бұрын
you can turn on group-writeback in AD Connect wizard
@axis04012 жыл бұрын
Great video, though correct term is 'on premiseS' ...
@SecureCRC7 ай бұрын
You're Very welcome. Sorry for the delayed response. You probably don't remember commenting! ;)
@p.miguelsantos57362 жыл бұрын
Someday it will take us longer to "authenticate" with lots more "layers" than the time spent on the apps...
@marksd83102 жыл бұрын
Was stuck, followed so many sites. Came across you're really insightful video. Fixed my issue in a flash. Also what an awesome ImmutableID tool. Thank you so much!
@SecureCRC7 ай бұрын
You're Very welcome. Sorry for the delayed response. You probably don't remember commenting! ;)
@tbits012 жыл бұрын
Thank you for doing this amazing video. You’re brilliant!!! 😃
@SecureCRC Жыл бұрын
thanks!
@SecureCRC7 ай бұрын
You're Very welcome. Sorry for the delayed response. You probably don't remember commenting! ;)
@meghasharma78592 жыл бұрын
4 mins of explanation cleared my doubts I was trying to clear since 4 days....just wow. Why cant everyone explain like this....
@kabookeo2 жыл бұрын
My thoughts exactly.
@StreetSmartification2 жыл бұрын
Thanks a lot for this awesome video, very informative. Question: is that possible to reverse the process where we get our users from azure for example 20 of them and get it synced to on premise?
@SecureCRC Жыл бұрын
Microsoft has a process called SMTP mapping that might work.
@subhajitmitra44562 жыл бұрын
Well explained!!!!
@emraankhan99212 жыл бұрын
Hello ! I have project about Azure AD Users and On-premises users should sync both Environment like Same users in Cloud and On-premises ! and they will be able to log in different environment with same usermane and password . have any solution for that!
@SecureCRC7 ай бұрын
AD Connect will create the users in both places. user password hash and they'll have the same password. However, the sync is one-way from AD to Entra ID. Not backwards to the on-prem domain.
@arpitpeters19862 жыл бұрын
Please provide the difference between ms-dsi-consistancy-guid and source anchor and immutable ID. Also it's working
@SecureCRC7 ай бұрын
the guid is the attribute name within on-prem AD. the Immutable ID is the attributes name in Entra ID (Azure AD). the two systems just call it something different. So, Joe's MS-DS-Consistency-GUID (or just Object-GUID) has the same value as his Immutable ID. Since the AD attribute can be one of several things including object guid or ms-ds...guid, we refer to the attribute that we choose for this purpose as the Source Anchor. MS-DS-Consistency-GUID is the most flexible and widely used attribute.
@hosseinsabouri31213 жыл бұрын
Thanks for great explanation
@tatetrick3 жыл бұрын
Exactly what I needed. Thank you.
@SecureCRC7 ай бұрын
You're Very welcome. Sorry for the delayed response. You probably don't remember commenting! ;)
@bejaises13 жыл бұрын
Really great video, pointing me in the right direction, i have a user who was deleted from normal AD(Still showing in Azure AD), showing up in 365 but cant delete the mailbox/hide from GAL, error that the user is synced from on prem AD but there is no on prem AD account anymore ...argh
@SecureCRC7 ай бұрын
You're Very welcome. Sorry for the delayed response. You probably don't remember commenting! ;)
@bejaises17 ай бұрын
@@SecureCRC lol yeah, i...think it got resolved :)
@brent47703 жыл бұрын
Can you do this in a home virtual network lab for training? I can't figure it out?
@SecureCRC7 ай бұрын
I have a home lab created with Hyper-v. I have a domain controller installed and other servers/workstations. You can create a DEV tenant with microsoft and get AD Connect to sync the two.