28Dec
24Dec
Thank you for your support in 2019
It has been quite a year for me, personally and professionally. A roller coaster, really. Back in February my wife was diagnosed with breast cancer, of the triple negative variety. So that's been the biggest thing we have had to face together so far. Still not through it, but we have...
17Dec
The many ways to prevent data leakage in Microsoft 365
Office 365 Data Loss Prevention (DLP), Windows Information Protection (aka Endpoint DLP), Conditional Access App Enforced Restrictions, Conditional Access App Control with Microsoft Cloud App security, Sensitivity labels, Retention labels--are you thoroughly confused yet? All of the above can help you to prevent the leakage of sensitive data under certain...
11Dec
Notes from the field: Windows 10 Device Compliance
One of the coolest features in Microsoft 365 is the ability to measure device compliance, and based on that reading, grant, deny or limit access to cloud resources. For mobile devices this works really well, and most compliance policies are fairly simple: make sure the device isn't jail-broken/rooted, require a...
04Dec
Still waiting for full Azure AD Premium P1 in Microsoft 365 Business…and other Christmas wish list items.
Update March 2020: Spotted today in the message center: Thank you for listening, Microsoft! I had written on this topic a while ago, and many of the components that we were looking to get from Azure AD Premium P1 have in fact arrived since that time (such as password write-back and Conditional...
01Dec
2020 Edition of the Recommended Conditional access policy design guide is available now
I just finished updating the Conditional access design guide, part of the Microsoft 365 Best practices checklists. The new updates reflect some carefully considered feedback from my clients (real-world scenarios), as well as some new additions and a better organizational structure, in three major groups: Authentication Baseline policies – Replaces the Security...
25Nov
Unpopular opinion: Do not restrict users from creating Teams (Office 365 Groups)
I realize that advocating for no (or very limited) boundaries on who can create Teams puts me in the minority. When I look out across the community, I mostly see consultants in this space suggesting the opposite is a superior approach for various reasons--that the privilege should be constrained heavily....
22Nov
Updates to my Exchange Online and Office 365 ATP scripts
Just a quick note--this week I updated the Exchange Online and ATP scripts that I publish and use to provision new tenants--to fall more in line with the new best practices that were published by the Exchange Online Protection and Office 365 ATP teams.* You can also use the new...
21Nov
When would I recommend Windows Virtual Desktop to a customer?
Call me crazy: I don't see the value in a Remote Desktop or Virtual Desktop experience for its own sake. The purpose of this kind of solution is to provide centralized management and remote access to specifically Windows-based applications. In short: Remove your dependency on Windows, and you've removed the...
19Nov