Tag - device management

Turn your MFA up to 11

But have you turned multifactor authentication ALL the way on?

Do you remember just a short time ago, Microsoft would claim that switching on Multi-factor Authentication (MFA) prevents 99.9% of identity-based attacks? Well, the times they are a-changin. I do not know what they would report today for a percentage of attacks which are thwarted by MFA alone, but I...
Read more...

Notes from the field: Windows 10 Device Compliance

One of the coolest features in Microsoft 365 is the ability to measure device compliance, and based on that reading, grant, deny or limit access to cloud resources. For mobile devices this works really well, and most compliance policies are fairly simple: make sure the device isn't jail-broken/rooted, require a...
Read more...

Devices still matter, Part 1: Why you need a device management strategy

The Center for Internet Security (CIS) publishes 20 controls in their cyber-security framework. If you want to understand what good management looks like, then start here. The first six controls are considered the "basics"--the first and most important steps that any organization should be taking as they work to secure...
Read more...

PSA: Careful with MAM – there might be more to it than you think

I have written extensively on Mobile Application Management (MAM), as an alternative to Mobile Device Management (MDM). When implemented properly, it is the perfect solution for protecting company data on unmanaged devices (e.g. BYOD situations). But therein lies the rub. You need to implement it properly. I can't blame you...
Read more...

Replacing folder redirection and mapped network drives: Controlling the OneDrive client experience on Windows 10 with Intune

For as long as we can remember, the primary way to share files in an organization was mapped network drives. This may have included a "Public" or "Company" drive (e.g. P:\ for Public), as well as a "Home" or "User" drive (H:\ or U:\ respectively). As well, there may have...
Read more...

Microsoft 365 Device Management / Intune best practices checklist

Update: Downloadable, printable copies of the Microsoft 365 Best practices checklists and guides are now available. Thanks for your support! Similar to the checklist for Azure AD which I recently published, this resource is designed to get you up and running quickly with what I consider to be a good "baseline"...
Read more...

A framework for implementing Device configuration profiles with Microsoft Intune

Last time we looked at the proper methodology for rolling out Device-based Conditional access in conjunction with Compliance policies. In that article, we observed that the workflow is very linear and logical, flowing from one step to the next, and ending in Conditional access, like so: Device configuration profiles, on the...
Read more...

A framework for implementing device-based Conditional access with Microsoft Intune

I recently shared a set of scripts to help make deployment of Intune a bit quicker. Today I just want to cover a framework which can be used for deploying device-based conditional access in conjunction with your baseline policy set. The main crux of the issue, which I have seen...
Read more...

The evolution of small business networks

I believe there are only three basic types of networks alive in the small and mid-sized business market today.* Legacy, Hybrid and Modern. Now the labeling on these categories is purposeful--the language represents a progression in time, but it is important to remember that there still exist "legacy" environments, just...
Read more...

Helping IT Consultants Succeed in the Microsoft Cloud

Have a Question? Contact me today.