Technical

20Aug2019

Protecting extra-sensitive accounts and data sets in Microsoft 365, Part 1: Identity

As I have previously pointed out on this blog before, all of the best security products, like Microsoft Cloud App Security or Microsoft Defender Advanced Threat Protection, are held hostage in E5 plans. But there is a really big cost delta in the SMB space between the Business plan and...
Technical, , , , , , 0 Comments
Read more...
15Aug2019

Teams, SharePoint and OneDrive best practices? Part 3: Data governance

In part 1 of this series, we discussed external sharing and chat. In part 2, we dealt with access controls and notifications. Now, we turn our focus to Data governance, a very important conversation indeed when it comes to compliance. And when it comes to compliance, every organization is going to...
Technical, , , , , , , 0 Comments
Read more...
13Aug2019

Teams, SharePoint and OneDrive best practices? Part 2: Access control and notifications

In part 1 of this series we discussed how there is really no such thing as "best practices" on a rich and flexible collaboration platform like Office 365, which includes many applications--Teams, SharePoint and OneDrive to name just a few. However, you can certainly end up with some "bad" practices...
Technical, , , , , , , 1 Comment
Read more...
06Aug2019

Updated: Exchange Online baseline / best practices scripts

I recently updated the scripts that I use to provision new Exchange Online tenants and configure them according to best practices, and I just uploaded these edits to GitHub. The main script is Baseline-ExchangeOnline.ps1--this is like a "master" script that contains almost all of the others (with a couple of...
Technical, , , , , , 0 Comments
Read more...
31Jul2019

Replacing folder redirection and mapped network drives: Controlling the OneDrive client experience on Windows 10 with Intune

For as long as we can remember, the primary way to share files in an organization was mapped network drives. This may have included a "Public" or "Company" drive (e.g. P:\ for Public), as well as a "Home" or "User" drive (H:\ or U:\ respectively). As well, there may have...
Technical, , , , , , 28 Comments
Read more...
24Jul2019

Updates coming soon to the Azure AD Best practices checklist

Update: The best practices checklists and guides are now available. I will be updating the best practices checklist and guide for Azure AD again soon, but I wanted to post a couple of notes about the coming changes--since it may be a while before I get around to editing and publishing...
Technical, , , , , , , 0 Comments
Read more...
24Jul2019

How to manage and secure service accounts in Microsoft Office 365 (without MFA)

Okay, so hopefully everyone knows by now that MFA is not an "optional" thing that you can decide to turn on, or not, depending on your "feelings." It isn't a choice, and your feelings about it don't matter. You need to turn it on. I would recommend requiring MFA...
Technical, , , , , , 10 Comments
Read more...
18Jul2019

Reader question: How do I setup iOS devices after disabling app permissions consent for my users?

I continue to get great feedback and questions from our readership lately. Keep it up! I love to field these questions and use them to improve my literature. This person (who is also an MVP) also wished to remain anonymous, and had a couple of good questions regarding my Azure...
Question, Technical, , 2 Comments
Read more...
18Jul2019

A Reader’s input for your consideration: Blocking unsupported devices with Conditional access

Consider the following scenario (from a reader who wished to remain anonymous): Let's say you have implemented my recommended baseline policies for Conditional access, which require Windows & Mac computers to become managed/compliant with Intune, and iOS & Android devices to use approved client applications. In turn, you get control and...
Technical, , , , 5 Comments
Read more...

Helping IT Consultants Succeed in the Microsoft Cloud

Have a Question? Contact me today.

Contact Me