This write-up is a shining example of why I’ve been rebuilding my business slowly away from Microsoft technology. Entra as IdP is one of the last projects. I’m probably not going to escape Exchange Online, but I’m going to be happy to finally federate the tenant to our internally managed IdP.
My spouse’s employer mandated that everyone move off AWS “because they’re a competitor” (they’re absolutely not), and Microsoft was happy to roll out discounts for Azure.
To say that has gone poorly would be generous. Azure is impressive in its own right, but it’s not comparable to AWS. (Which has its own problems, to be clear.)
The stagnation in Azure is apparent everywhere you look. The capacity issues have only gotten worse. There are still change advisory callouts in the Azure Portal with dates in the year 2020.
The Domain Capture process cannot be canceled once it’s started. It’s also not required, unless by your company policy.
The point is to make sure there’s not a mess on the other end when you enforce SSO for MAIDs.
Apple’s documentation for ABM and ABE is atrocious, but they do manage to document a bunch of footguns, just poorly and in seemingly bizarre places.
For example, ABE doesn’t support MDM migration (either as source or destination), despite the fact that the feature launched with macOS/iOS/iPadOS 26 and is supported by other MDM solutions.
And you cannot push custom config profiles with ABE which declare a non-Apple preference domain. Utter nonsense.
If you’re using the full ABM-with-ADE and MDM stack, it’s expected that you push apps to employees.
You can also use Munki to make apps available to users. You can just push only Munki via MDM if you want, and let it manage app installs and self service installs for you. There are caveats.
> I remember how Google's internal guidelines for travel circa 2011 required to remove any material under NDA from your laptop when traveling to China or Russia; you had to restore it over the VPN after a safe arrival.
I made this suggestion when I served on the security team at a major cybersecurity player.
When we had our company-wide annual internal conference it was always in person. This meant that basically everyone, with basically cumulative access to everything, and all our code, would be traveling across a multitude of borders at once. Some of which were less friendly than the US (at that time).
This was rejected as impractical for developers and redundant for everyone else. So I suggested locking the accounts of everyone who was traveling between the time they left and the time they arrived. This would have the side effect of signing them out of our most sensitive systems and removing certain highly confidential data from laptops. This was also rejected as “unnecessary”.
That company now counts a healthy proportion of the Fortune 500 amongst their customer base. I hope things are not so cavalier anymore.
My spouse’s employer mandated that everyone move off AWS “because they’re a competitor” (they’re absolutely not), and Microsoft was happy to roll out discounts for Azure.
To say that has gone poorly would be generous. Azure is impressive in its own right, but it’s not comparable to AWS. (Which has its own problems, to be clear.)
The stagnation in Azure is apparent everywhere you look. The capacity issues have only gotten worse. There are still change advisory callouts in the Azure Portal with dates in the year 2020.