Monthly Archives - November 2018

Leveraging Conditional Access to enforce either MDM or MAM–user’s choice

In some circumstances, you might want users to have their choice: Use the native mail apps and have their mobile devices managed via Intune MDM, OR, Use a managed application such as Outlook on their own personal devices, and opt out of full device management. The catch is, they must go...
Read more...

Coming soon to an Azure AD/Microsoft 365 subscription near you: Life without passwords?!

I previously commented when Microsoft released new password guidance, which is backed by their own research as well as that of NIST. A quick recap of that: Require passwords have at least 8 characters. Longer isn't necessarily better, as they cause users to choose predictable passwords, save passwords in files,...
Read more...

How to enforce the use of managed applications (e.g. the Outlook app for Exchange Online) using Conditional Access in Azure AD Premium

In a previous post I demonstrated how easy it is to create a Mobile Application Management policy in Microsoft 365. With the addition of Azure AD Premium P1, we can also leverage Conditional Access polices that will require users to interact with corporate data through the Microsoft applications such as...
Read more...

How to leverage Conditional Access policies to make MFA less annoying: Require only for unmanaged devices

Multi-factor authentication is something I strongly believe in and recommend to all of my customers. But no matter how much I harp on it, most of them don't want to implement it, or  they try it out, then beg me to roll back, because... well... it's annoying. Users hate being...
Read more...

How to configure Mobile Application Management (MAM) with Microsoft 365 Business (and Intune)

With a traditional MDM solution, the goal is typically to impose management controls at the device level--enforcing policies like pass code with automatic screen lock, encryption, and remote device wipe. It can also be helpful in tracking inventory of mobile devices. All of these "MDM" features are important, especially when...
Read more...

Three Azure solutions to SMB problems: The first rule of Azure is you don’t sell Azure

Different MSP's out there embrace the cloud to more or less extent. Most providers are doing Office 365 nowadays, but Azure (or IaaS solutions like it) is still nebulous or even a little scary: Some providers feel threatened by services like Azure, because deploying and managing on-premises servers still makes...
Read more...

Showdown: Exchange Active Sync vs. Office 365 MDM vs. Intune (MDM and MAM)

The Microsoft 365 platform offers customers not one, not two, but three distinct Mobile Device Management solutions (well, technically four, as we'll see). In my experience, most small business customers will be fine with nothing more than a well configured Exchange Active Sync policy, requiring basics like a pass code,...
Read more...

Deploying Microsoft Office applications using Microsoft 365 Business (and Intune)

Microsoft 365 Business is an excellent subscription--the best bundle available for the money in my opinion (in the SMB space).  One of the benefits of this subscription is the ease of deployment for Office 365 Business (the desktop apps)--shaving precious time off any new PC setups. It is a trivial...
Read more...

Exciting: Teams sites now visible in SharePoint admin center!

I just ran across this and had to share. I'm sure it was previously announced somewhere and I've just been behind the times on reading up, BUT--there are new Admin center updates coming soon to a tenant near you, and... THE NEW SHAREPOINT ADMIN CENTER EXPOSES SITES CREATED VIA MICROSOFT TEAMS!!! Yes, I...
Read more...

Helping IT Consultants Succeed in the Microsoft Cloud

Have a Question? Contact me today.