Tag - Intune

Automating third-party software deployments and updates with Intune and Scappman

Automating third-party software deployments and updates with Intune and Scappman

Hey folks! For those of you in my audience who work at Managed Services Providers (MSP's), I wanted to introduce you to a product called Scappman that I am really excited about. Rarely do I come across something like this, which solves such an important problem in just the way I...
Read more...
Choosing (and implementing) your strategy for personal devices

Choosing (and implementing) your strategy for personal devices

In a recent Microsoft blog announcing some cool new discovery features in Microsoft Defender for Endpoint, there is an interesting (but hardly surprising) statistic shared: your users are 71% more likely to be infected on an unmanaged device. Now the thrust of the article is around discovering assets in your environment...
Read more...

The realities and limitations of managing personal (BYOD) devices in Microsoft 365 and Endpoint Manager

These days, I am willing to bet that I get asked about BYOD endpoints over corporate endpoints 10 to 1. Personal devices (even personal Windows devices) are creeping into the workplace more and more, especially with so many working from home. And this does present a few challenges for those...
Read more...

Devices or Users: When to target which policy type in Microsoft Endpoint Manager (Intune)

A new reader question came across my desk the other day. In truth, it is not the first time I have answered this question, but I realized that I could probably repeat myself less if I simply write an article and publish it. The question is: When working in Microsoft Endpoint...
Read more...

Notes from the field: Windows 10 Device Compliance

One of the coolest features in Microsoft 365 is the ability to measure device compliance, and based on that reading, grant, deny or limit access to cloud resources. For mobile devices this works really well, and most compliance policies are fairly simple: make sure the device isn't jail-broken/rooted, require a...
Read more...

Removing local admin: a game of compromise (and some tips and tricks)

Look, I am a realist. Yes: from a security perspective it would be ideal if we could take away local admin privileges on every corporate owned Windows 10 workstation. But that still isn't very easy to do for many organizations. Some orgs do need to maintain a bit more flexibility, with...
Read more...

iPadOS (iOS 13+) still not compatible with MAM enforced by Conditional access

Update 11/18/2019: This issue has now been fixed. I wrote about this before the update dropped, and in my testing since then I am afraid the situation has not improved. The setup Create a Conditional access policy for iOS that requires an approved client app. In other words, users cannot...
Read more...

Introducing the Windows 10 Business Secure Configuration Framework

Microsoft has published guidance with respect to securing Enterprise workstations, however this type of literature is lacking for the small business. Specifically, Windows 10 Business (part of Microsoft 365 Business) does not contain all of the same software and features as the Enterprise editions of Windows 10 and Microsoft 365....
Read more...

Helping IT Consultants Succeed in the Microsoft Cloud

Have a Question? Contact me today.