31May2024
09Dec2022
But have you turned multifactor authentication ALL the way on?
Do you remember just a short time ago, Microsoft would claim that switching on Multi-factor Authentication (MFA) prevents 99.9% of identity-based attacks? Well, the times they are a-changin. I do not know what they would report today for a percentage of attacks which are thwarted by MFA alone, but...
11Dec2019
Notes from the field: Windows 10 Device Compliance
One of the coolest features in Microsoft 365 is the ability to measure device compliance, and based on that reading, grant, deny or limit access to cloud resources. For mobile devices this works really well, and most compliance policies are fairly simple: make sure the device isn't jail-broken/rooted, require a...
17Sep2019
Devices still matter, Part 1: Why you need a device management strategy
The Center for Internet Security (CIS) publishes 20 controls in their cyber-security framework. If you want to understand what good management looks like, then start here. The first six controls are considered the "basics"--the first and most important steps...
03Sep2019
PSA: Careful with MAM – there might be more to it than you think
I have written extensively on Mobile Application Management (MAM), as an alternative to Mobile Device Management (MDM). When implemented properly, it is the perfect solution for protecting company data on unmanaged devices (e.g. BYOD situations). But therein lies the rub....
31Jul2019
Replacing folder redirection and mapped network drives: Controlling the OneDrive client experience on Windows 10 with Intune
For as long as we can remember, the primary way to share files in an organization was mapped network drives. This may have included a "Public" or "Company" drive (e.g. P:\ for Public), as well as a "Home" or "User" drive (H:\ or U:\ respectively). As well, there may have...
15Jul2019
Microsoft 365 Device Management / Intune best practices checklist
Update: Downloadable, printable copies of the Microsoft 365 Best practices checklists and guides are now available. Thanks for your support!Similar to the checklist...
24Jun2019
A framework for implementing Device configuration profiles with Microsoft Intune
Last time we looked at the proper methodology for rolling out Device-based Conditional access in conjunction with Compliance policies. In that article, we observed that the workflow is very linear and logical, flowing from one step to the next, and ending in Conditional access, like so:Device configuration profiles, on the...
20Jun2019
A framework for implementing device-based Conditional access with Microsoft Intune
I recently shared a set of scripts to help make deployment of Intune a bit quicker. Today I just want to cover a framework which can be used for deploying device-based conditional access in conjunction with your baseline policy set. The main crux of the issue, which I have...
11Apr2019