When granting access to resources such as files, it's best practice to apply the principle of least privilege. This means granting the user the minimum access necessary to perform their job and no more. However, this can sometimes lead to unexpected behavior when users attempt to open files. For example, a user may have explicit "Write" permissions on a file, but applications may open the file in read-only mode. Behavior like this will quickly lead to a user creating a help desk ticket.

Overview​

A seasoned IT Pro might see this help desk ticket and immediately suspect NTFS permissions as the culprit - and they would be correct to suspect this! However, what they may not immediately realize is why the application is opening the file in read-only mode. Once the IT Pro discovers that the user has "Write" permissions on the file itself, and yet the file still opens in read-only mode, it's time to roll up the sleeves and dig deeper. 🕵️‍♂️ In this guide, we'll use a tool that should be in every IT Professional's toolbox: Process Monitor (ProcMon). ProcMon can be used to troubleshoot may issues within the Windows OS; however, in this guide, we'll focus on using ProcMon to monitor what's happening under the hood when an application opens a file in read-only mode.

Traditional environments using Palo Alto GlobalProtect for VPN access have relied on using methods such as usernames and passwords, as well as certificates to authenticate users. However, in a Zero Trust world, it's important to verify explicitly, enforce least privilege, and assume breach. This is where Microsoft Entra ID comes in - enabling organizations to secure GlobalProtect with Single Sign-On (SSO) and Conditional Access (CA) policies.

On-premises environments that have been utilizing Folder Redirection with Group Policy Objects (GPOs) and now shifting to a cloud-native approach, will need to ditch redirecting users' files and folders to a network share and start using a more modern approach such as OneDrive Known Folder Move (KFM).

When deploying applications using Microsoft Intune, installing applications using the line-of-business (LOB) deployment method can make the process of deploying applications easier. However, once installations being deployed using LOB start failing, very little logging information is available to troubleshoot the issue. This is where Win32 app deployment shines 🤩

One of the first things organizations do once they upgrade to a M365 license type that includes Microsoft Entra ID P1 is to start rolling out Conditional Access Polices to incorporate fine-grained security polices. However, after that, an attractive feature, especially for organizations with a hybrid environment, is the Self-Service Password Reset (SSPR) feature.