21Oct2019
05Oct2019
iPadOS (iOS 13+) still not compatible with MAM enforced by Conditional access
Update 11/18/2019: This issue has now been fixed. I wrote about this before the update dropped, and in my testing since then I am afraid the situation has not improved. The setup Create a Conditional access policy for iOS that requires an approved client app. In other words, users cannot...
17Sep2019
Devices still matter, Part 1: Why you need a device management strategy
The Center for Internet Security (CIS) publishes 20 controls in their cyber-security framework. If you want to understand what good management looks like, then start here. The first six controls are considered the "basics"--the first and most important steps that any organization should be taking as they work to secure...
14Sep2019
iPadOS breaks MAM-enforced Conditional Access?!
In case anyone missed it, this bombshell dropped last week: https://support.microsoft.com/en-us/help/4521038/action-required-update-conditional-access-policies-for-ipados In summary: when iPad gets updated to iOS 13+ at the end of this month, the OS will change from iOS to iPadOS. And when that happens, Azure AD will see these devices as macOS devices, not iOS...
10Sep2019
Revisiting Baseline Policies in Microsoft 365
Microsoft has been doing more to make secure configurations easier to implement for admins. But, from my testing and experience, I still have reservations about some of them. Let's review. Conditional Access Baseline Policies There are presently four baseline policies available under Azure AD > Security > Conditional Access. Require MFA for admins...
03Sep2019
PSA: Careful with MAM – there might be more to it than you think
I have written extensively on Mobile Application Management (MAM), as an alternative to Mobile Device Management (MDM). When implemented properly, it is the perfect solution for protecting company data on unmanaged devices (e.g. BYOD situations). But therein lies the rub. You need to implement it properly. I can't blame you...
13Aug2019
Teams, SharePoint and OneDrive best practices? Part 2: Access control and notifications
In part 1 of this series we discussed how there is really no such thing as "best practices" on a rich and flexible collaboration platform like Office 365, which includes many applications--Teams, SharePoint and OneDrive to name just a few. However, you can certainly end up with some "bad" practices...
08Aug2019
Teams, SharePoint and OneDrive best practices? More like considerations… Part 1: External sharing and communication
This article is part of a series. Also see Part 2, Part 3. Ever since I released the Office 365 Email Security Checklist, I have had a lot of people asking me for similar best practices checklists related to the "other" Office 365 services--especially Teams, SharePoint Online and OneDrive for Business. The...
24Jul2019
Updates coming soon to the Azure AD Best practices checklist
Update: The best practices checklists and guides are now available. I will be updating the best practices checklist and guide for Azure AD again soon, but I wanted to post a couple of notes about the coming changes--since it may be a while before I get around to editing and publishing...
24Jul2019