u/QuietlyDifficult

Morning,

Quick question on Access Scopes.

We have multiple teams in our environment and we want them to be able to manage thier own hosts and investigate alerts accordingly. We've switched to SCIM and scoped out their endpoints using dynamic host groups (endpoints are all domain jointed).

I've been looked at creating an access scope to restrict event searches etc to just their domain. I've checked the online guidance but it's not provided much insight.

Am I looking at this all wrong? Is it even possible to do what I'm asking (using Access Scopes or any other methods).

Appreciate any pointers.

Thanks!

Does anyone else feel unsupported by their account manager and/or support?

Our ISPSS tenant was misconfigured and I was seeing another clients tenant. Apparently fixed, but cant remove their Identity Connectors, so I'm thinking it's not as "fixed" as they say. It's not good.

Then there's licence issues for EPM. We just tipped over our count, so I did a massive cull of disconnected endpoints. Now when they come back online they only appear in the "My Computers" view. Not under Endpoints. Being told to wait for sync is tedious and unhelpful. How many hours/days should it take?!

I want to like the product, I really, really do, but when it goes wrong it's so hard to resolve.

I can't be the only one, surely?!

Hello,

We currently have WEC/WEF configured on domain joined endpoints using Kerberos Auth.

We're moving to Entra joined only devices so we've been looking at using certificates to Auth over https and having an Azure App Gateway to manage the traffic.

Has anyone done something similar?