Blog

Updated Intune Scripts and a Security Profile for the SMB

Updated Intune Scripts and a Security Profile for the SMB

Some years ago, Microsoft published a repo on GitHub describing how to use PowerShell to interact with the Microsoft Graph and create/manipulate objects within Intune. This was soon followed by another project, where they published three "Security profiles" as pictured below: Image credit: Microsoft Most of the configurations required...
Read more...
Global Secure Access for the SMB

Global Secure Access: Is it for the SMB?

A couple of months ago, I presented a session on Microsoft Entra's Global Secure Access (GSA), which is really two products under a single unifying banner. Image credit: Microsoft Almost nobody in the audience had heard of Global Secure Access before. Granted, it was (and still is) fairly new, but I was...
Read more...
Multi-tenant 365

My Favorite Multi-tenant Tools for Microsoft 365 Cloud

Today I want to address something that Managed Services Providers in particular struggle with daily. And that is managing dozens if not hundreds of Microsoft tenants, each of which represents a unique security boundary, with its own set of users, devices, licenses, security configurations, and so on. This problem is...
Read more...
Cross-Tenant Access Restrictions

Understanding Cross-Tenant Access Settings: Inbound & Outbound Settings Vs. Tenant Restrictions

Before we dive headfirst into the Cross-Tenant Access Settings including the new Tenant Restrictions, let us just quickly review one other area in the Microsoft Entra portal that deals with External collaboration. Based on some recent questions received, I think folks often get these all these concepts jumbled up and...
Read more...
Adopting the Traffic Light Protocol with Sensitivity Labels

Adopting the Traffic Light Protocol (TLP) with Microsoft 365’s Sensitivity Labels

I have previously written about Sensitivity labels, along with a template of the core labels that I like to use when introducing Small Businesses to the concept of data classification. Recently, I decided to update this standard to align more closely with the Traffic...
Read more...
The Underwhelming MAM for Edge

The Underwhelming MAM for Edge and What Else We Can Do

A while back I had written about a solution that I have been anxiously awaiting since its announcement: MAM for Edge on Windows. Let me explain the background a bit. We used to have Windows Information Protection (WIP). Well, we still have it for enrolled...
Read more...
Hybrid Azure AD Join or not?

Should I use Hybrid Azure AD Join or not?

I consulted with an MSP recently about one of their larger customers, and whether or not to implement Hybrid Azure AD Join for existing Windows workstations (joined to traditional Active Directory). The classic consultant answer of course is, "It depends." In certain cases, perhaps. But in truth and in practice,...
Read more...

Helping IT Consultants Succeed in the Microsoft Cloud

Have a Question? Contact me today.