Yep that's the one!

> Has this already been the unseen default up until recently?

I believe the default was to allow which is why users never got prompts in the past on PC. I think that on macOS, one gets a prompt regardless of which browser is used due to the way the OS isolates apps and system resources.

> security people would not all have been in favor of it happening without any notification at least.

This is my understanding of why Chrome(ium) has introduced the change but there may be other motives.

> Seems like the article is complaining if the default in his setup tools no longer allowed local access by default (without permission) any more, and the collateral damage from that reduced attack surface caught him by surprise.

I think his issue is that there is a surprise un-managed - "managed" - policy on endpoints that came from nowhere.

In my opinion it is a decently effective solution from Microsoft to maintain the availability of OneDrive sync when using the offline sync capabilities. However, they didn't do the same for Teams (maybe because they preferred a lighter touch? I'm trying to be generous...) and probably should have put this under-the-hood change in their release notes so admins can be aware of it.

As it stands the un-managed policy can become managed simply by pushing out the same policy, which is pretty clean.

In an enterprise environment it's almost guaranteed for some end-users to click "block" on the pop-up without hesitation, and that would cause loss-of-time troubleshooting for service desks and admins, and possibly loss of data.

From a privacy perspective I don't think this is an issue as only the company SharePoint URLS are added to the allow-list.

Comments URL: https://news.ycombinator.com/item?id=46362457

Points: 3

# Comments: 2