Wow, that is pretty genius, and look like it is going to be my next steps of getting things working a bit better. With so many apps in the cloud, I have tons of users that never log into GlobalProtect, especially at the sign in screen (most people don’t even know that you can set up the vpn to connect on that screen. If you have any tutorials that you followed to se this up, I’d love to look them over.
I do this and it works. If you’re using whfb How Windows Hello for Business works | Microsoft Learn then that will insure your files shares, print server things etc will auth properly when using pin or face unlock.
The only caveat I still find is support from firewall makers for user based policy things, things requiring radius and certs is a PITA or very expensive for the pure cloud solutions. So make sure if you need those things to do your complete picture digging.
We’re actually fully remote, so we don’t have print servers anymore.
I would personally set up Azure Universal Print though. Check it out
Any articles you reference that help
So we can use same MSI detection and logic for different config files for different environments
Sure we followed along here
Cloud kerberos trust is very easy to set up - easy win!
This, just watch out for lack of MFP support.
Lol wait, they really don’t support MFPs? Or only specific ones?
Only specific ones. There are MFPs from certain manufacturers that have native universal print support if you have older/ non supported ones you can set up the print connector on a print server and still use the azure universal print but features that are available are really dependent on the driver and if they expose them correctly to the connector.