How to get MX a place at the MS Entra ID table

[needmorebrains]

A question for our network-savvy workers. I have encountered several episodes where I was denied access to large organizational servers (Govt, MS served server systems) because their Azure/Entra ID level MFA or 2MFA would not let MX in for file updates or viewing.

From what I could gather from MS, Azure AD (AKA ENtra ID now) will talk to certain distros (Debian, Ubuntu, Red Hat, etc,) if the server admin allows the Linux VM in the server to talk to your client in those distros. It does need setups on the admin side and client must meet their security protocols (which are diverse and look somewhat complicated). How difficult of a jump is it for MX to be allowed in the MS space for remote servers in this situation? Would we have to radically alter MX for that?

[dolphin_oracle]

better question is how do they tell the difference between MX and debian. we do not alter the debian_version file or the os-release, so most things should ID mx as debian.

unless they are checking something like lsb-release, which in that case that could be edited to match debian's os-release file.

basically anything that works for debian *should* work for MX. especially if mx is booted in systemd mode.

[needmorebrains]

@dolphin_oracle
Hi Big Guy,
Sorry to rattle your cage! I see where this is going, and I doubt they would deny access to a valid source OS (MX). The one agency I need access to is a US .gov, the other is a site in the .com domain that sometimes queries a .mil (US) site (not always, just in some limited circumstances). I will see if I can actually speak to their IT network people (they do have a manned support office) and see what they say. When I hear back, if it seems complicated or just unrealistic, I'll give you a heads-up, otherwise, I can try from home and report back here of successful access (i.e. no news is good news) Carl

[FullScale4Me]

Some general detail (fine detail not needed) on your actions would help.

1) What apps are you using to do this on MX? 2) What type of resource are you trying to connect to that is blocking you?

What I'm probing for - VPN, Citrix, WebMail Server, FileServer/FTP, MS proprietary server (Exchange, SharePoint, Teams, etc.)

My point is Azure/Entra ID is just the messenger for resources it protects. Knowing what is 'saying no' is the key here.

Twenty-three+ years out (first AD class) and I still can't escape the pains of MS Active Directory :-)

[davidy]

What you need is a dedicated pc that you use to access your site. Not being able to login to a govt website has nothing to do with MX itself. MS partners with the govt and neither will bend for anyone.

[needmorebrains]

Some general detail (fine detail not needed) on your actions would help.

1) What apps are you using to do this on MX? 2) What type of resource are you trying to connect to that is blocking you?

What I'm probing for - VPN, Citrix, WebMail Server, FileServer/FTP, MS proprietary server (Exchange, SharePoint, Teams, etc.)

My point is Azure/Entra ID is just the messenger for resources it protects. Knowing what is 'saying no' is the key here.

Twenty-three+ years out (first AD class) and I still can't escape the pains of MS Active Directory :-)

@FullScale4Me Hi Michael,
The person I gave the MX laptop to for this access has a current medical problem, and if I cannot get the laptop back in my hands (so I can do the needed checks) soon, I may need to put this on the back burner for awhile. Or, go ahead and buy another device and do this for myself. I am not sure at this point (as funds are limited) which way I'll go, but I will hop back here once I get a better picture. Right now we are hardware poor. As far as access with, just the browser, as everything we need is in that program (I think we were using chrome, but we tried firefox as well). It is the Dept. of VA (Veterans Affairs) and I do think they have Citrix on the backend, and maybe some Windows UNIX stuff, but I am not sure) Carl

[FullScale4Me]

Carl,

If you are on facebook see if you can find someone (Marketplace) to donate hardware to your help-a-vet small-scale venture. A dual-core PC with 2 GB of memory will run MX fairly well. An i3 or 4 gb is even better.

Depending on your ability you could show the person donating hardware how-to on Linux in exchange for H/W or transport of PC to Vet.

It might be as simple as installing Google Chrome or MS-Edge browser. The VA website might have some help area that states requirements & restrictions. My guess is an IT guy somewhere along the access path who's a Firefox hater.

[needmorebrains]

@FullScale4Me Michael,
Thanks for the advice. He is still on medical hold, but will send you a message as soon as I can (it may take some time) to get this resolved. I don't have social media anything unfortunately, it is a hinderance to my employment to have any, such is life! Carl