[Banditoz]

Does InTune have some sort of check that goes "if over 1% of devices are wiped within a certain timeframe, stop all new device wipe requests"? Seems like it should be a feature, especially if these kinda attacks pick up.

[andmarios]

This raises the question: Are mass layoffs less frequent than a company's MS administrator account getting hacked?

[namibj]

Question the concept of mass layoffs?

[heraldgeezer]

Everything is obvious in hindsight

And to be clear, SCCM and Intune is a gun.

MS will not stop you from blowing your foot off with the gun.

Remember https://www.itprotoday.com/windows-7/aggressive-configmgr-ba... ?

>During TechEd 2014, Emory University's IT department prepared and deployed Windows 7 upgrades to the campuses computers. If you've worked with ConfigMgr at all, you know that there are checks-and-balances that can be employed to ensure that only specifically targeted systems will receive an OS upgrade. In Emory University's case, the check-and-balance method failed and instead of delivering the upgrade to applicable computers, delivered Windows 7 to ALL computers including laptops, desktops, and even servers.

[spwa4]

That ANY kind of config change should be rate-limited has been pretty obvious and hammered on in SRE manuals for at least 10 years.

[heraldgeezer]

And who sets the limits? MS? What if a company WANTS to wipe their entire fleet?

[mmsc]

Require dual sign off

[jiggawatts]

"Call support so they can turn off the safeties for an hour."

[mapotofu]

You can set dual authorization for resets, wipes, and deletes. Normally CISA would pipe in with this kind of guidance. Anyone know what they’re up to now?