21Mar2019
19Dec2018
Why Microsoft 365 Business should include Azure AD Premium
I have written at length about this product; for the most part, I really love it for the SMB. But there is one thing that I wish Microsoft would have included in this bundle, even if it meant increasing the price point a little bit. And that one thing is:...
03Dec2018
How to require MFA for Azure AD Join, and enable Enterprise State Roaming
Hey folks! We have already covered a few posts on Azure AD Premium and Conditional access; and that's great--because you do things like enforce requirements like Multi-factor Auth, but only in situations where devices are unmanaged. This provides a way better user experience than enabling MFA across the board, and without...
29Nov2018
Leveraging Conditional Access to enforce either MDM or MAM–user’s choice
In some circumstances, you might want users to have their choice: Use the native mail apps and have their mobile devices managed via Intune MDM, OR, Use a managed application such as Outlook on their own personal devices, and opt out of full device management. The catch is, they must go...
26Nov2018
Coming soon to an Azure AD/Microsoft 365 subscription near you: Life without passwords?!
I previously commented when Microsoft released new password guidance, which is backed by their own research as well as that of NIST. A quick recap of that: Require passwords have at least 8 characters. Longer isn't necessarily better, as they cause users to choose predictable passwords, save passwords in files,...
21Nov2018
How to enforce the use of managed applications (e.g. the Outlook app for Exchange Online) using Conditional Access in Azure AD Premium
In a previous post I demonstrated how easy it is to create a Mobile Application Management policy in Microsoft 365. With the addition of Azure AD Premium P1, we can also leverage Conditional Access polices that will require users to interact with corporate data through the Microsoft applications such as...
20Nov2018
How to leverage Conditional Access policies to make MFA less annoying: Require only for unmanaged devices
Multi-factor authentication is something I strongly believe in and recommend to all of my customers. But no matter how much I harp on it, most of them don't want to implement it, or they try it out, then beg me to roll back, because... well... it's annoying. Users hate being...
15Nov2018
Showdown: Exchange Active Sync vs. Office 365 MDM vs. Intune (MDM and MAM)
The Microsoft 365 platform offers customers not one, not two, but three distinct Mobile Device Management solutions (well, technically four, as we'll see). In my experience, most small business customers will be fine with nothing more than a well configured Exchange Active Sync policy, requiring basics like a pass code,...
30Aug2018
(Mis)Adventures with Conditional Access in Azure Active Directory Premium (P1)
I have been playing with Azure Active Directory Premium (P1) features a lot lately. And I love to try as hard as I can to break things. Turns out, it isn't that hard to do with Conditional Access. But, having brushed up against a few obstacles, I can now share...
16Jul2018