https://2849e3c5.tplant.pages.dev/tags/rev/ Recent content in Rev on Tom Plant Hugo en-us Tue, 31 Jan 2023 00:00:00 +0000 https://2849e3c5.tplant.pages.dev/blog/tenant-restrictions-v2/part-2/ Tue, 31 Jan 2023 00:00:00 +0000 https://2849e3c5.tplant.pages.dev/blog/tenant-restrictions-v2/part-2/ For background info on tenant restrictions, check out my previous post. Cloud Identity Service Taking a look in Event Viewer, there’s a new log Microsoft-Windows-TenantRestrictions/Operational with some events: 1004: The endpoint sync service (cloudidsvc) started succesfully [sic]. 1005: The endpoint sync service (cloudidsvc) succesfully [sic] synced the latest list of endpoints. That service has an interesting description: Supports integrations with Microsoft cloud identity services. If disabled, tenant restrictions will not be enforced properly. https://2849e3c5.tplant.pages.dev/blog/tenant-restrictions-v2/part-1/ Thu, 27 Oct 2022 00:00:00 +0000 https://2849e3c5.tplant.pages.dev/blog/tenant-restrictions-v2/part-1/ The Windows 11 ADMXs released a while back, and there’s an interesting new category - “Tenant Restrictions”. It shares a name with an Azure AD feature for restricting endpoints to specific tenants, but that typically requires a beefy TLS decryption appliance and expensive supporting infrastructure (VPNs etc). The ADMX category only has one policy, “Cloud Policy Details” (ID trv2_payload), but fortunately it has a detailed description: This setting enables and configures the device-based tenant restrictions feature for Azure Active Directory.