15Jul
01Jul
The Azure AD Best Practices Checklist
Update: Downloadable/printable copies of the Microsoft 365 Best practices checklists and guides are now available. Thanks for your support! Disclaimer: This checklist is NOT a comprehensive overview of every consideration when implementing Azure AD. For instance, the list was built with a typical SMB/SME in mind. That means there is no...
20Jun
Conditional access for the SMB, a how-to guide
**This resource was updated 09/01/2019** Unfortunately it is not yet possible to import CA policies from JSON, the way we can for Intune compliance policies or device profiles. Nevertheless, now that Conditional access is available to all Microsoft 365 Business customers, you will want a good roadmap for getting started. I have...
20Jun
A framework for implementing device-based Conditional access with Microsoft Intune
I recently shared a set of scripts to help make deployment of Intune a bit quicker. Today I just want to cover a framework which can be used for deploying device-based conditional access in conjunction with your baseline policy set. The main crux of the issue, which I have seen...
12Jun
Conditional access is now supported in Microsoft 365 Business (and how to get started)
Okay, so the big day has finally arrived! We have been sitting on PINS AND NEEDLES waiting for this announcement, as it has been rumored for quite some time. I couldn't be happier now that it is here: Conditional access, which is a critical security feature that I think all...
20May
New Baseline Conditional Access Policies in Azure AD
Remember over a year ago when the first Baseline Conditional Access policy dropped? It was simple enough and most definitely a good move, but of course, most people still aren't using it. I have heard some nightmarish statistic--something like less than 2 percent of admin accounts in Azure AD are...
09May
Three ways to disable basic authentication and legacy protocols in Exchange Online
One of the most common (and often successful) attacks we see in the wild is a simple brute force / password spray against weak accounts. Especially against shared mailboxes. From that foothold, the most common next step attackers will take is to send out spam/phishing emails from the compromised account,...
21Mar
My favorite Conditional Access Policies for the SMB
It's not even a question in my mind anymore--every org who moves their email and other data sets into Office 365 should be protected with Enterprise Mobility + Security (also available in Microsoft 365 Enterprise plans). If you are in the Business subscription of Microsoft 365, this means adding Azure...
29Nov
Leveraging Conditional Access to enforce either MDM or MAM–user’s choice
In some circumstances, you might want users to have their choice: Use the native mail apps and have their mobile devices managed via Intune MDM, OR, Use a managed application such as Outlook on their own personal devices, and opt out of full device management. The catch is, they must go...
26Nov