Does InTune have some sort of check that goes "if over 1% of devices are wiped within a certain timeframe, stop all new device wipe requests"? Seems like it should be a feature, especially if these kinda attacks pick up.

▲

andmarios 4 hours ago | parent | next [-]

This raises the question: Are mass layoffs less frequent than a company's MS administrator account getting hacked?

▲

heraldgeezer 4 hours ago | parent | prev [-]

Everything is obvious in hindsight

And to be clear, SCCM and Intune is a gun.

MS will not stop you from blowing your foot off with the gun.

Remember https://www.itprotoday.com/windows-7/aggressive-configmgr-ba... ?

>During TechEd 2014, Emory University's IT department prepared and deployed Windows 7 upgrades to the campuses computers. If you've worked with ConfigMgr at all, you know that there are checks-and-balances that can be employed to ensure that only specifically targeted systems will receive an OS upgrade. In Emory University's case, the check-and-balance method failed and instead of delivering the upgrade to applicable computers, delivered Windows 7 to ALL computers including laptops, desktops, and even servers.

▲

spwa4 4 hours ago | parent [-]

That ANY kind of config change should be rate-limited has been pretty obvious and hammered on in SRE manuals for at least 10 years.

▲

heraldgeezer 4 hours ago | parent [-]

And who sets the limits? MS? What if a company WANTS to wipe their entire fleet?

	▲	mmsc 3 hours ago \| parent \| next [-]
		Require dual sign off
	▲	jiggawatts 3 hours ago \| parent \| prev [-]
		"Call support so they can turn off the safeties for an hour."