Enterprise Mobility + Security

Differences between Azure Information Protection labels and Office 365 Sensitivity labels

In the previous two posts, we looked at two capabilities of Azure Information Protection (AIP) P1, which is one of the many subscriptions bundled into Microsoft 365 Business:Email encryption & customization
Read more...

Protect messages and documents in Microsoft 365 Business with AIP, part 2: AIP labels

Azure Information Protection (AIP) uses “labels” to classify and protect data. Labels are published to end users for eventual consumption and use through a “policy.” In the olden days, applying permissions and restricting access to files was more rudimentary—again, it was based on the concept of the “four walls.” We would erect...
Read more...

Navigating Device management in Microsoft 365: Registered vs. Joined vs. Hybrid Joined… and Intune

Device management is not a straightforward thing in Azure AD.  I think that one major point of confusion for people is understanding the difference between various device states--for example, what is the difference between a device which is merely registered with Azure AD, versus one that is actually Azure AD...
Read more...

How to require MFA for Azure AD Join, and enable Enterprise State Roaming

Hey folks! We have already covered a few posts on Azure AD Premium and Conditional access; and that's great--because you do things like enforce requirements like Multi-factor Auth, but only in situations where devices are unmanaged. This provides a way better user experience than enabling MFA across...
Read more...

Leveraging Conditional Access to enforce either MDM or MAM–user’s choice

In some circumstances, you might want users to have their choice: Use the native mail apps and have their mobile devices managed via Intune MDM, OR, Use a managed application such as Outlook on their own personal devices, and opt out of full device management. The catch is, they must go...
Read more...

How to enforce the use of managed applications (e.g. the Outlook app for Exchange Online) using Conditional Access in Azure AD Premium

In a previous post I demonstrated how easy it is to create a Mobile Application Management policy in Microsoft 365. With the addition of Azure AD Premium P1, we can also leverage Conditional Access polices that will require users to interact with corporate data through the Microsoft applications such as...
Read more...

How to leverage Conditional Access policies to make MFA less annoying: Require only for unmanaged devices

Multi-factor authentication is something I strongly believe in and recommend to all of my customers. But no matter how much I harp on it, most of them don't want to implement it, or  they try it out, then beg me to roll back, because... well... it's annoying. Users hate being...
Read more...

Helping IT Consultants Succeed in the Microsoft Cloud

Have a Question? Contact me today.