I've added these both to one post in an attempt to shorten the amount of request posting, but let me know if you would rather them separate.
For intune:
A rather small addition that might be useful would be a setting that could enforce license verification. This is only really used to enable remediation scripts.
For Entra:
Because we manage tenants, most all are standard users. to ensure the one-off explorer doesn't get to far, we enable the setting "restrict access to microsoft entra admin center". wondering if this could be set in the entra solution baseline?
Intune and Entra solution baseline requests
0
Loving these ideas for our solution baselines, Aidan. Keep them coming! 😎
Intune
We have the ability to report on Intune licenses, but we're not currently enforcing them because that requires additional licensing for the remediation scripts.
Are you currently using Remediation with the majority (or all?) of your customers or just the larger ones?
Entra
I'm not sure if the baseline would be the best spot for this setting or not.
Looking at Microsoft's documentation on it, it seems like the setting is more of a deterrent than a security measure.
If we add a Conditional Access Policy template/example, do you think that'd be more in-line with what you're trying to accomplish?
For intune: we have activated remediation scripts in the past for some one off events like updating apps, automatic timezone fix, and uninstalling user installable apps like chrome. It's been used less and less, so pretty low on the needs right now.
For Entra: hmmm okay I did notice that. I assume the CAP would exclude at the role level, that way our (and nerdio) GDAP access wouldn't be hindered. This might be it.
Please sign in to leave a comment.
Comments (2 comments)