• 0 Posts
  • 7 Comments
Joined 1 year ago
cake
Cake day: July 9th, 2023

help-circle

  • We disable IPv6 often when troubleshooting a network issue. Nothing that I have seen requires IPv6, and turning it off solves more issues than we would expect even today. It’s not the first thing I’m going to try, but I’ll often do it if I have to reboot anyway.

    I also uninstall Dell Optimizer and Dell Optimizer Service on sight regardless of the issue because that evil will cause problems eventually. Best to just eradicate it on sight.


  • When you start the MFA registration process for a Microsoft account and select the Authenticator as the method there is a link at the bottom of the page about using a different app. Sure it will only generate a rotating code instead of the “easier” method of just entering a 2 digit number when prompted on the phone, but entering 6 numbers isn’t that much more difficult than 2.



  • This can be configured for the Microsoft tenant. The admin can allow all possible MFA vectors or restrict it to just a single one such as the Microsoft Authenticator. Microsoft themselves are also pushing the Authenticator, which is actually fine. I haven’t done any packet captures to see what it is sending back to Redmond, but the most secure method is great. The service you are logging into generates a two-digit number that you must enter when prompted in the Authenticator app.

    Still, I’ve seen issues arise when an employee only has a flip phone or flat out refuses to install any app required for work on their personal devices. IT departments will typically fold to pressure and allow a call or text for MFA because they did not want to buy, configure, and send out phones to employees refused.

    I’ve also seen IT send a company phone to a specific user that refused to allow Microsoft to have their phone number for calls or texts too. Legal told them they could not require the employee to use their personal property or reveal personal details to Microsoft in order to work.