Tag - best practices

Updated: Exchange Online baseline / best practices scripts

I recently updated the scripts that I use to provision new Exchange Online tenants and configure them according to best practices, and I just uploaded these edits to GitHub. The main script is Baseline-ExchangeOnline.ps1--this is like a "master" script that contains almost all of the others (with a couple of...
Read more...

Updates coming soon to the Azure AD Best practices checklist

Update: The best practices checklists and guides are now available at GumRoad. I will be updating the best practices checklist and guide for Azure AD again soon, but I wanted to post a couple of notes about the coming changes--since it may be a while before I get around to...
Read more...

How to manage and secure service accounts in Microsoft Office 365 (without MFA)

Okay, so hopefully everyone knows by now that MFA is not an "optional" thing that you can decide to turn on, or not, depending on your "feelings." It isn't a choice, and your feelings about it don't matter. You need to turn it on. I would recommend requiring MFA...
Read more...

Reader question: How do I setup iOS devices after disabling app permissions consent for my users?

I continue to get great feedback and questions from our readership lately. Keep it up! I love to field these questions and use them to improve my literature. This person (who is also an MVP) also wished to remain anonymous, and had a couple of good questions regarding my Azure...
Read more...

A Reader’s input for your consideration: Blocking unsupported devices with Conditional access

Consider the following scenario (from a reader who wished to remain anonymous): Let's say you have implemented my recommended baseline policies for Conditional access, which require Windows & Mac computers to become managed/compliant with Intune, and iOS & Android devices to use approved client applications. In turn, you get control and...
Read more...

Microsoft 365 Device Management / Intune best practices checklist

Update: Downloadable, printable copies of the Microsoft 365 Best practices checklists and guides are now available for purchase at GumRoad. Thanks for your support! Similar to the checklist for Azure AD which I recently published, this resource is designed to get you up and running quickly with what I consider to...
Read more...

How to deal with departed user data in Microsoft Office 365

Going from one organization to the next, I am always amazed at how different people implement their own take on new user setups or decommissioning departed users. Some have no real organized methodology and it's a hassle every time, while others have a well-developed practice or script around each process. It...
Read more...

Password best practices controversy

Last year, Microsoft published this guidance on passwords, which contains some advice that departs from traditional best practices. For example: Eliminate character composition requirements (e.g. multiple character types @, 2, A, b) Eliminate mandatory periodic resets (do not enforce expiry) The reasoning is based on Microsoft's research, and the fact that...
Read more...

How to securely deploy Remote Desktop Services (RDS) with the Gateway Role

Remote Desktop can be deployed in any number of different ways, and not all of them are created equally when it comes to security. In the Enterprise, we'd most likely see RDS deployed using a "DMZ" or "Demilitarized Zone," which is a special type of network, that usually contains some...
Read more...

Helping IT Consultants Succeed in the Microsoft Cloud

Have a Question? Contact me today.