announced that the Azure AD conditional access baseline policies will not make
it out of their current preview status. The functionality of the baseline
policies will be made in available in a new feature called “Security
Defaults”, Microsoft will remove the
baseline policies on February 29th, so if you are using them you need to
take action in order to make sure to keep their functionality in place. Here is
what you need to know.
discussed the baseline policies in part
5 of my blogpost series “Conditional
Access Demystified“, while they provided a welcome addition, one of
the main disadvantages of the baseline policies in its current preview form was
that there was no option to exclude accounts from the policy, which was in
contradiction with the best practice for break glass accounts and therefore
made the policies not usable in some scenario’s.
Disclaimer: Please test and validate this in your test environment, don’t take the information i provide for granted. This article describes a method to determine correct settings and doesn’t supply the answer to your specific environment !
When you are installing System Center Configuration Manager (ConfigMgr) in environments where group policies are used to control the User Rights Assignment and Security Options security settings of the Servers, you have to be extra carefull.
You can expect some strange behavior after the installation because when the companies policy is applied again, it removes some entries made by either the prerequisite installation (roles and features) and installation of ConfigMgr itself, and this can result in some interesting scenario’s. Therefore my advise would be:
If you know the environment in which you are going to install ConfigMgr in, has a lot of restricing group policies make sure you do the installation of ConfigMgr while the servers are member of an OU with minimal policies applied.