Tag - Enterprise Mobility + Security

Announcing the Practice Development Community and Monthly Educational Series

Today is a big day here at ITProMentor.com. We are entering a new year, and we have a big agenda to go along with it! In my recent surveys many of you indicated interest in gathering together and forming a community. As well, more than a few have asked...
Read more...

Deploying Conditional Access Policies via PowerShell

There is a new GitHub repository available from Microsoft: Manage Conditional Access policies like code. Similar to the infamous Intune samples repo from which I and many others have built their automated Intune setup scripts for new tenants, this repo is replete with the resources that you need for accomplishing...
Read more...

A simpler Conditional Access baseline

Some folks have written to me about the "complexity" of my Conditional Access guide and were hoping to find something a bit simpler. This surprised me, and initially I shrugged it off. But I have heard this feedback more than once now, so I decided to take this thought experiment...
Read more...

Inventory and Control of Apps within and beyond the perimeter with Microsoft 365

Managing devices is a topic I have probably burnt my readers out on by this point, so it's time we move into the next stage: wrangling all those crazy third-party applications hiding out in your environment! To build up a foundation of good security, we must identify our apps and...
Read more...

Why you should take a real hard look at upgrading from Office 365 to Microsoft 365 this year

Readers of this blog are probably already familiar with the differences between Office 365 and Microsoft 365 plans. But I still run into plenty of folks out there who think these are the same thing, or who believe this is for "cloud only" customers, and there are still others who...
Read more...

2020 Edition of the Recommended Conditional access policy design guide is available now

I just finished updating the Conditional access design guide, part of the Microsoft 365 Best practices checklists. The new updates reflect some carefully considered feedback from my clients (real-world scenarios), as well as some new additions and a better organizational structure, in three major groups:  Authentication Baseline policies – Replaces the Security...
Read more...

No more excuses: 5 Tips & tricks to make Office 365 MFA easier on people

As I'm sure you are aware by now, Multi-factor Authentication reduces your risk of identity compromise by 99.9%. Requiring so called "strong passwords," by contrast, doesn't make that much difference at the end of the day. And yet, we're still beneath 10% of even just admin accounts in Azure AD...
Read more...

Removing local admin: a game of compromise (and some tips and tricks)

Look, I am a realist. Yes: from a security perspective it would be ideal if we could take away local admin privileges on every corporate owned Windows 10 workstation. But that still isn't very easy to do for many organizations. Some orgs do need to maintain a bit more flexibility, with...
Read more...

iPadOS (iOS 13+) still not compatible with MAM enforced by Conditional access

Update 11/18/2019: This issue has now been fixed. I wrote about this before the update dropped, and in my testing since then I am afraid the situation has not improved. The setup Create a Conditional access policy for iOS that requires an approved client app. In other words, users cannot...
Read more...

Devices still matter, Part 2: How attackers can use YOUR device

So based on our last post, we now know that MFA and Conditional Access can help prevent a lot of different scenarios involving "any old" devices. That leaves one other avenue for attackers then... Why bother trying to gain new access through any device when there are perfectly...
Read more...

Helping IT Consultants Succeed in the Microsoft Cloud

Have a Question? Contact me today.