Considering it hasn’t happened in the US yet…
Considering it hasn’t happened in the US yet…
The company makes the rules under which you are employed. If you don’t like it, legislate against it or find another employer. Also, like I said, there are no 3rd party authenticators that are more secure with entra ID.
Like I said, M$ auth literally does not report location while authenticating. It only pulls location requests when signing in through the app to create the authentication token and even then it is not a requirement. Entra pulls location using your IP address on the device you are signing in with.
It is using windows hello on compatible machines and through persistent tokens on Mac and Windows machines not compatible with hello. You have to create that token with a known factor such as a mobile device but outside of that, users almost never have to sign in with persistent tokens.
Ms auth is a mobile only application. Not even available on windows or macOS. The point of it is to provide a second factor of authentication in the for of “something you have”. There are a few factors that can be used for authentication. Something you know (password), something you have (hardware like a key or a phone), and something you are (iris scan, DNA, fingerprint, other biometric). Ms auth uses something you have and something you are to authenticate most users. You provide a password and then you prove you have your cellphone and your cellphone checks your biometrics to see if you are you. In that way, it is effectively checking all 3 factors.
It doesn’t change anything for the company with exception to billable IT time used when the authenticator confuses users which is already high with only one authenticator.
It doesn’t report location, Entra login reports location regardless of authentication method used.
I work for an MSP servicing 5k users all of whom I force to use M$ Auth app. Because it is the best Authenticator on the market, their company is paying for it, and because I look at the sign in logs for 3-4 different organizations every day to see literal hundreds of foreign sign-in attempts that fail due to M$ MFA. Yeah fuck monopolistic megacorps but understand when they provide an actual good product that is safe to use and actively protects you as an individual better than anything else out there.
All that said, the most likely reason is that they don’t want to make a document explaining how to set up MFA for each of the dozen+ apps out there and they certainly don’t want to talk to users who don’t know what they are doing with which ever app their kid set up for them
I’m sure you know what you’re doing better than 80% of the other employees in your office in this regard but I can tell you from experience, when one person gets their way, everyone wants theirs too.
They actually just decoupled teams from o365 in preparation for this exact situation. As of April 30th you no longer get teams with your tenant skus anymore unless you are grandfathered in to the older skus that bundled it.
for enterprise!
This is a metaphor for life in general. If you find that all your interactions are negative, check yourself. Are you the problem in your relationships and interactions? How can you fix that? Clean your shoes.
If everywhere you go smells like shit, check your shoes.
RAID is not a backup, NAS is not a backup. Obviously there is no reason to backup readily available torrents but it doesn’t sound like you’re backing up at all. Self hosting data integrity is a much harder task than implied.
What’s wrong with Manjaro?
They’ve literally had 2 of them. The Vive, built by HTC and sold by Valve on Steam and its sucessor The Valve Index. Anyone who would consider themselves even mildly interested in VR Gaming probably knows about at least one of them.
Do you off-site backup as well? I don’t have the kind of money necessary to self host an on network and an off-site backup of my data…
If you brute force using single iterations of all possible combinations sure. But people don’t do that. They use fully readable passwords and letter substitutions. This makes dictionary attacks viable. There are a known number of readable words and phonetic combinations that are significantly easier to brute force. And also the vast majority of numbers are also guessable because most numbers are dates. Series of 2 or 4 or 8 numbers to form important dates means there are lots of numbers between 1940-2024. People don’t usually unconditionally random alphanumeric passwords. Therefore peoples passwords will never be fully secure against sufficiently advanced brute force methods.
But don’t use lastpass, they are the most popular, and with the largest breach history. In fact, if you are capable of the admittedly high bar of self hosting, use bit warden instead.
It’s a really pain in the rear to configure for anyone who doesn’t have a dedicated IT or an MSP. You have to get these DKIM and DMARC records from your exchange provider and then you have to configure them on your DNS host. If your DNS host isn’t modifiable you have to send requests to their support to get those records put in place and then they want to verify your records from your provider as well as a security measure. I’ve had clients that took us a week because of all the song and dance of DKIM and DMARC all because I couldn’t go in and add the records myself.
Fuck you LOGIX you garbage company from the stone age. Let me manage my clients DNS records. 😤
DKIM is the standard for verification right now. This isn’t an anti-competition play. I manage DKIM records for my clients all the time. Yahoo, SB global, and At&t enforced DKIM requirements a few months back and it’s been a headache but it has made a huge difference in spam emails.
For anyone who doesn’t know what DKIM is, it’s a method of an email provider getting a sort of green flag from the host domain name. So if you have an email address whatever@mybusiness.com and your email provider is Microsoft 365 and your domain provider is goDaddy, Microsoft says to goDaddy, “hey I’m sending this email, can you verify that I have permission to send from the domain my business.com?” And go daddy checks for DKIM records from Microsoft and sees it and says “yes sir, this is approved.” Then M365 sends the email, and if the recipient requires DKIM to receive the email at whomever@yahoo.com, Yahoo looks at the domain and asks, “hey goDaddy, it says you host this, is this email legit?” And goDaddy says “yep it’s all legit, give it to the recipient.”
This effectively eliminates messages sent from a domain without DKIM records as well as spoofed emails because those spoofed emails never checked in when sending.
I appreciate the skepticism but this is a security play, not a business one.
Money is always cheap for capitalists. Even the hardest of times is only hard for people without money.
Windows 11 pro OOBE > get device online either via WiFi or wired network or bypass via commands > set up for school or work > sign in options > Domain Join. This asks you for local account name and password for a local administrator account and then drops you on the login screen.