Monthly Archives - December 2019

The many ways to prevent data leakage in Microsoft 365

Office 365 Data Loss Prevention (DLP), Windows Information Protection (aka Endpoint DLP), Conditional Access App Enforced Restrictions, Conditional Access App Control with Microsoft Cloud App security, Sensitivity labels, Retention labels--are you thoroughly confused yet? All of the above can help you to prevent the leakage of sensitive data under certain...
Read more...

Notes from the field: Windows 10 Device Compliance

One of the coolest features in Microsoft 365 is the ability to measure device compliance, and based on that reading, grant, deny or limit access to cloud resources. For mobile devices this works really well, and most compliance policies are fairly simple: make sure the device isn't jail-broken/rooted, require a...
Read more...

Still waiting for full Azure AD Premium P1 in Microsoft 365 Business…and other Christmas wish list items.

Update March 2020: Spotted today in the message center: Thank you for listening, Microsoft! I had written on this topic a while ago, and many of the components that we were looking to get from Azure AD Premium P1 have in fact arrived since that time (such as password write-back and Conditional...
Read more...

2020 Edition of the Recommended Conditional access policy design guide is available now

I just finished updating the Conditional access design guide, part of the Microsoft 365 Best practices checklists. The new updates reflect some carefully considered feedback from my clients (real-world scenarios), as well as some new additions and a better organizational structure, in three major groups:  Authentication Baseline policies – Replaces the Security...
Read more...

Helping IT Consultants Succeed in the Microsoft Cloud

Have a Question? Contact me today.