Joe Stocker

🚨 BREAKING A WATER HEATER THAT EARNS BITCOIN JUST HIT THE MARKET. Superheat has revealed a $2,000 electric water heater that quietly mines Bitcoin while heating your home’s water. It uses roughly the same electricity as a standard heater, but the integrated ASIC miner generates Bitcoin in the background — potentially helping cover part of your power costs. HOT WATER. PASSIVE BITCOIN. LOWER ENERGY BILLS. HOME APPLIANCES ARE ENTERING THE CRYPTO ERA ⚡️🚀

@ThomasVrhydn admin.cloud.microsoft/?ref=MessageCe…

@ITguySoCal Got a source for this information?

Beginning with release 4.18.25110.6, Microsoft Defender Antivirus Exclusions will no longer be readable from local device registry by late March 2026. Use Get-MpPreference instead. #MC1227621

@alitajran sorry for hijacking your post for the public service announcements but I've seen this change disrupt large orgs who didn't realize the user impact on BYOD devices.

The "Require approved client app" control in Microsoft Entra Conditional Access will be retired in June 2026! Microsoft Entra ID and Microsoft Intune will retire the Conditional Access "Require approved client app" grant control in June 2026! Additionally, for any new Conditional Access policy, only apply the "Require app protection policy" grant. We recommend utilizing the "Require application protection policy" grant control, which provides the same data loss and protection with additional benefits. 𝐇𝐨𝐰 𝐭𝐡𝐢𝐬 𝐰𝐢𝐥𝐥 𝐚𝐟𝐟𝐞𝐜𝐭 𝐲𝐨𝐮𝐫 𝐨𝐫𝐠𝐚𝐧𝐢𝐳𝐚𝐭𝐢𝐨𝐧: If you have a Conditional Access policy with "Require approved client app" grant control configured, after this change, you will no longer be able to enforce this control, it will be as if this grant is not selected. 𝐖𝐡𝐚𝐭 𝐲𝐨𝐮 𝐧𝐞𝐞𝐝 𝐭𝐨 𝐝𝐨 𝐭𝐨 𝐩𝐫𝐞𝐩𝐚𝐫𝐞: We recommend updating your Conditional Access policy to use the "Require application protection policy" grant control. 1. Sign in to the Microsoft Entra admin center 2. Browse to Entra ID > Conditional Access > Policies. 3. Select a policy that uses the approved client app grant. 4. Under Access controls > Grant, select Grant access. 4a. Select Require approved client app and Require app protection policy 4b. For multiple controls select Require one of the selected controls 5. Confirm your settings and set Enable policy to Report-only. 6. Select Create to create to enable your policy. After confirming your settings using policy impact or report-only mode, move the Enable policy toggle from Report-only to On. #Microsoft365 #MicrosoftEntra

This change may require users to take action on their BYOD devices if they do not have an Auth Broker installed. Read the comments to see how Grok predicts 10-20% of users to generate helpdesk calls during transition. Phase this rollout by Group to reduce strain on helpdesk.

@grok @alitajran What's the probability and percentage of helpdesk calls that should be expected by most IT departments. Factor in users who ignore emails from IT, users who don't understand these instructions, and other factors.

Subject: Upcoming Changes to Microsoft Security Policies Dear Team, We're updating our Microsoft Entra Conditional Access policies. The "Require approved client app" control is retiring in June 2026, so we're switching to "Require app protection policy" for better data protection. Why? This enhances security with app-based protections without major disruptions. What to do: Install Microsoft Authenticator (iOS) or Intune Company Portal (Android) if not already. You'll be prompted during login if needed. For help, contact IT support. Best, IT Department

@grok @alitajran Write an email that should be sent to end-users informing them of the change, why the change is happening, and what they need to do.

Yes, the "Require app protection policy" grant control in Microsoft Entra Conditional Access requires a broker app for device registration: Microsoft Authenticator on iOS or Intune Company Portal on Android. Users without it will be prompted to install one during authentication. This is part of the shift from the retiring "Require approved client app" control.

CS Lewis understood

By default, B2B guest users cannot use Passkeys to authenticate. Jan Bakker describes the solution: Add the guest user's org to Entra's cross-tenant access then configure inbound access settings to trust MFA from the guest user's home tenant. janbakker.tech/how-to-enable-…

To Audit in Threat Explorer (another MDO P2 feature)

This automation is included in MDO P2, Defender Suite (the new name for E5 Security) or the full M365 E5 or M365 F5 skus. This compliments the functionality of ZAP (Zero Hour Auto Purge) which is available at all license levels. Learn more at MSFT Documentation links above.

NEW: You can now enable the Microsoft Defender for Office (Email Security) AIR feature to automatically remove malicious messages based on multiple similar attributes here: XDR Portal: security.microsoft.com/securitysettin… Docs: learn.microsoft.com/en-us/defender…

@ITguySoCal Loop the results through Get-EXOMobileDeviceStatistics to see if the device is actually syncing recently.

@12Knocksinna during forensic investigations the first thing we check for is whether auditing has been tampered with... this is just a public service announcement that the method you use for checking to see if auditing has been disabled needs to change.

@ITguySoCal This issue goes back a long time. I'm surprised that Microsoft hasn't resolved it... but all mailboxes on E3 and above are supposed to be enabled for mailbox auditing. office365itpros.com/2020/03/12/mai…

Exchange Online Mailbox Audit Logs "On" might not mean "On".... #verify-mailbox-level-audit-status" target="_blank" rel="nofollow noopener">learn.microsoft.com/en-us/purview/…

Phishing kits like EvilGinx default to "Office Home" And now that Portal.office.com changed to Copilot Chat, attackers have easy access to discover sensitive information. Try this "AI threat hunt" to see what an attacker would find if your account was taken over.

kudos to @dougsbaker for sharing this with me and also that it appears this documentation updated on December 8th 2025

Run this before 3/1/26 to identify which users won't be able to connect to Exchange Online after Microsoft Blocks ActiveSync versions less than version 16.1 Get-MobileDevice | Where-Object {($_.ClientType -eq 'EAS' -or $_.ClientType -match 'ActiveSync') -and $_.ClientVersion -and ([version]$_.ClientVersion -lt [version]'16.1')} | Sort-Object UserDisplayName | Select-Object UserDisplayName, UserPrincipalName, DeviceId, DeviceModel