15Oct
16Apr
Choosing (and implementing) your strategy for personal devices
In a recent Microsoft blog announcing some cool new discovery features in Microsoft Defender for Endpoint, there is an interesting (but hardly surprising) statistic shared: your users are 71% more likely to be infected on an unmanaged device. Now the thrust of the article is around discovering assets in your environment...
09Feb
The realities and limitations of managing personal (BYOD) devices in Microsoft 365 and Endpoint Manager
These days, I am willing to bet that I get asked about BYOD endpoints over corporate endpoints 10 to 1. Personal devices (even personal Windows devices) are creeping into the workplace more and more, especially with so many working from home. And this does present a few challenges for those...
05Feb
The most important tool in Microsoft 365 that you can adopt in 2021
I get it. The universe is expanding so rapidly these days that it can be difficult to know where you should focus your efforts. If you are having trouble "catching up," do not worry, you are not alone. The IT industry is working on this issue collectively as we move...
29Jan
Devices or Users: When to target which policy type in Microsoft Endpoint Manager (Intune)
A new reader question came across my desk the other day. In truth, it is not the first time I have answered this question, but I realized that I could probably repeat myself less if I simply write an article and publish it. The question is: When working in Microsoft Endpoint...
11Dec
Notes from the field: Windows 10 Device Compliance
One of the coolest features in Microsoft 365 is the ability to measure device compliance, and based on that reading, grant, deny or limit access to cloud resources. For mobile devices this works really well, and most compliance policies are fairly simple: make sure the device isn't jail-broken/rooted, require a...
29Oct
New updates to the BP guides PLUS the Office 365 Security Checklist
I have heard from so many people about the Microsoft 365 Best Practices checklists--you guys & gals seem to really like them! I'm pleased to hear it. Although all of this content is available for FREE on my website, I still hear from folks every day who want a...
11Oct
Removing local admin: a game of compromise (and some tips and tricks)
Look, I am a realist. Yes: from a security perspective it would be ideal if we could take away local admin privileges on every corporate owned Windows 10 workstation. But that still isn't very easy to do for many organizations. Some orgs do need to maintain a bit more flexibility, with...
05Oct
iPadOS (iOS 13+) still not compatible with MAM enforced by Conditional access
Update 11/18/2019: This issue has now been fixed. I wrote about this before the update dropped, and in my testing since then I am afraid the situation has not improved. The setup Create a Conditional access policy for iOS that requires an approved client app. In other words, users cannot...
04Oct