Would this be an good alternative to log as an user such as in a case where you have to deploy an computer for someone without getting their actual password?
If I understand you correctly, then no. There is never any reason why you should logon as another user other than yourself. For deploying computers you would use something like Windows Autopilot, or perhaps JAMF for Macs.
@@peterrisingM365 Gotcha, was thinking more of situations of executives where they want their profile an certain way to even the minor things like icons layouts etc and also some clients dont' have the licenses for intune or any deployment tools
The problem is most folks that work at a service desk will not have a role in entra that would allow them to access data in the authentication methodes menu
Do you know if TAP is available when Entra Connect with Pass-Through Authentication is in place or does this only work if Password Hash Synchronization is used?
@Peter - might be good to blur also the phone at 9:04 at the default sign in phone if that is somehow a valid phone number ;) Thanks for the video - subbed right away!
Thanks for the sub, most appreciated. And thanks for the heads up on the phone number. Blurred it out now - may take an hour or so to take effect but it's not my main number so not too worried.
Well yes, the service desk needs to set the TAP and then need to tell Stella what it is so she can use it to get back in, then she can setup her auth info again - on a new mobile device for example.
that's alot of clicking to do very little. All the admin really has to do is click. 'require re-register MFA''----> user can log in with their password and reset their MFA themself. I was hoping for a workaround to deploy a new computer for someone without having their password. (use case- user gets a new computer) but this won't work.
Would this be an good alternative to log as an user such as in a case where you have to deploy an computer for someone without getting their actual password?
If I understand you correctly, then no. There is never any reason why you should logon as another user other than yourself. For deploying computers you would use something like Windows Autopilot, or perhaps JAMF for Macs.
@@peterrisingM365 Gotcha, was thinking more of situations of executives where they want their profile an certain way to even the minor things like icons layouts etc and also some clients dont' have the licenses for intune or any deployment tools
Great video Peter. Finally it is a clear solution for me. Great to see you again!
Glad to help!
It's good to see you again Peter.
Thank you Albano. New members video is also now live with the topic you recently requested.
The problem is most folks that work at a service desk will not have a role in entra that would allow them to access data in the authentication methodes menu
PIM could be the answer to that perhaps?
Do you know if TAP is available when Entra Connect with Pass-Through Authentication is in place or does this only work if Password Hash Synchronization is used?
Yes it works with PTA as well. A kind colleague of mine tested this for me successfully.
@Peter - might be good to blur also the phone at 9:04 at the default sign in phone if that is somehow a valid phone number ;)
Thanks for the video - subbed right away!
Thanks for the sub, most appreciated. And thanks for the heads up on the phone number. Blurred it out now - may take an hour or so to take effect but it's not my main number so not too worried.
Thanks mate👍👍
You are very welcome!
Can this work in bulk?
Yes. You can target groups to achieve this.
Does TAP (Temporary Access Pass) put more responsibility on the service desk to get the things correctly? If I'm phone how can I authenticate Stella?
Guess this will not change.. how would you authenticate your users normally?
Well yes, the service desk needs to set the TAP and then need to tell Stella what it is so she can use it to get back in, then she can setup her auth info again - on a new mobile device for example.
@@peterrisingM365 True.. Misunderstand the question.
that's alot of clicking to do very little. All the admin really has to do is click. 'require re-register MFA''----> user can log in with their password and reset their MFA themself.
I was hoping for a workaround to deploy a new computer for someone without having their password. (use case- user gets a new computer) but this won't work.
Sound like you may need to use Autopilot?