06Jan
30Jun
Troubleshooting weird Azure AD Join issues
If you are starting to do more Azure AD Join (or disjoin/rejoin) operations, you may run into some issues at times where the computer reports an error. These can take several forms, but generally the message is, "Sorry dude, but you can't join/register this device." Here are a few scenarios that...
11Feb
Boost your security with Hybrid Azure AD Join: From Zero to Conditional Access in one afternoon
"Alex, I work at a non-profit and I would love to take advantage of the better security in Microsoft 365 Business (we have Business Premium now), but it sounds like it is for "cloud-only" customers? Is that right?? We are using Office 365 for Exchange, but we can't go cloud-only...
01Dec
2020 Edition of the Recommended Conditional access policy design guide is available now
I just finished updating the Conditional access design guide, part of the Microsoft 365 Best practices checklists. The new updates reflect some carefully considered feedback from my clients (real-world scenarios), as well as some new additions and a better organizational structure, in three major groups: Authentication Baseline policies – Replaces the Security...
29Oct
New updates to the BP guides PLUS the Office 365 Security Checklist
I have heard from so many people about the Microsoft 365 Best Practices checklists--you guys & gals seem to really like them! I'm pleased to hear it. Although all of this content is available for FREE on my website, I still hear from folks every day who want a...
24Sep
Azure AD Device States, revisited
I have an older article on Azure AD Device States already, but I wanted to quickly return to this topic. I have a few in the audience who are still confused about this. Notice the "Join type" column corresponding to the device state Azure AD Registered - A machine that shows...
04Sep
Windows Hello for Business: Azure AD Join vs. Hybrid Join
Windows Hello for Business replaces a traditional password when signing into your workstation, with a stronger two-factor authentication. One factor being some kind of local gesture such as a PIN, fingerprint or facial recognition, and the other being a key or certificate that is bound to the device itself. When you...
24Jul
Updates coming soon to the Azure AD Best practices checklist
Update: The best practices checklists and guides are now available at GumRoad. I will be updating the best practices checklist and guide for Azure AD again soon, but I wanted to post a couple of notes about the coming changes--since it may be a while before I get around to...
18Jul
Reader question: How do I setup iOS devices after disabling app permissions consent for my users?
I continue to get great feedback and questions from our readership lately. Keep it up! I love to field these questions and use them to improve my literature. This person (who is also an MVP) also wished to remain anonymous, and had a couple of good questions regarding my Azure...
03Jul