05Feb2025
06Jan2025
Compliant Device Bypass, Oh My!
Happy New* Year, everyone! Over the holiday break, we learned that Conditional Access policies related to device compliance no longer offer the protection they once did. The technique is alarmingly easy to reproduce and works to bypass both device compliance as well as hybrid join requirements in...
31May2024
Updated Intune Scripts and a Security Profile for the SMB
Some years ago, Microsoft published a repo on GitHub describing how to use PowerShell to interact with the Microsoft Graph and create/manipulate objects within Intune. This was soon followed by another project, where they published three "Security profiles" as pictured below: Image credit: Microsoft Most of the configurations required...
16Apr2024
Global Secure Access: Is it for the SMB?
A couple of months ago, I presented a session on Microsoft Entra's Global Secure Access (GSA), which is really two products under a single unifying banner. Image credit: Microsoft Almost nobody in the audience had heard of Global Secure Access before. Granted, it was (and still is) fairly new, but I was...
09Dec2022
But have you turned multifactor authentication ALL the way on?
Do you remember just a short time ago, Microsoft would claim that switching on Multi-factor Authentication (MFA) prevents 99.9% of identity-based attacks? Well, the times they are a-changin. I do not know what they would report today for a percentage of attacks which are thwarted by MFA alone, but...
19Aug2022
Reader Question: How can I set up a “Deny-by-Default” Conditional Access Policy?
It has been a while since I took a question from a reader and turned it into a blog post. It is one of my favorite things to do here on ITProMentor, but the “busy-ness” of life has taken me away from the keyboard a lot in recent months. Now...
16Apr2021
Choosing (and implementing) your strategy for personal devices
In a recent Microsoft blog announcing some cool new discovery features in Microsoft Defender for Endpoint, there is an interesting (but hardly surprising) statistic shared: your users are 71% more likely to be infected on an unmanaged device.Now the thrust of the...
23Sep2020
Deploying Conditional Access Policies via PowerShell
There is a new GitHub repository available from Microsoft: Manage Conditional Access policies like code. Similar to the infamous Intune samples repo from which I and many others have built their automated Intune setup scripts for new tenants,...
01Sep2020
A simpler Conditional Access baseline
Some folks have written to me about the "complexity" of my Conditional Access guide and were hoping to find something a bit simpler. This surprised me, and initially I shrugged it off. But I have heard this feedback more than once now, so I decided to take this thought experiment...
11Feb2020