Tag - Intune

10Sep2019

Revisiting Baseline Policies in Microsoft 365

Microsoft has been doing more to make secure configurations easier to implement for admins. But, from my testing and experience, I still have reservations about some of them. Let's review. Conditional Access Baseline Policies There are presently four baseline policies available under Azure AD > Security > Conditional Access. Require MFA for admins...
Technical, , , , , , , 2 Comments
Read more...
04Sep2019

How to prevent users from circumventing MAM by going through OWA on mobile devices

One of my smart co-workers pointed out that my Conditional access baseline policies, as written, actually leave open the possibility that users could simply use OWA on their mobile devices, instead of using the Outlook app. And that means a user could bypass your protections such as encryption of app data,...
Technical, , , , , 0 Comments
Read more...
03Sep2019

PSA: Careful with MAM – there might be more to it than you think

I have written extensively on Mobile Application Management (MAM), as an alternative to Mobile Device Management (MDM). When implemented properly, it is the perfect solution for protecting company data on unmanaged devices (e.g. BYOD situations). But therein lies the rub. You need to implement it properly. I can't blame you...
Technical, , , , , 5 Comments
Read more...
31Jul2019

Replacing folder redirection and mapped network drives: Controlling the OneDrive client experience on Windows 10 with Intune

For as long as we can remember, the primary way to share files in an organization was mapped network drives. This may have included a "Public" or "Company" drive (e.g. P:\ for Public), as well as a "Home" or "User" drive (H:\ or U:\ respectively). As well, there may have...
Technical, , , , , , 28 Comments
Read more...
15Jul2019

Microsoft 365 Device Management / Intune best practices checklist

Update: Downloadable, printable copies of the Microsoft 365 Best practices checklists and guides are now available. Thanks for your support! Similar to the checklist for Azure AD which I recently published, this resource is designed to get you up and running quickly with what I consider to be a good "baseline"...
Technical, , , , , , 2 Comments
Read more...
24Jun2019

A framework for implementing Device configuration profiles with Microsoft Intune

Last time we looked at the proper methodology for rolling out Device-based Conditional access in conjunction with Compliance policies. In that article, we observed that the workflow is very linear and logical, flowing from one step to the next, and ending in Conditional access, like so: Device configuration profiles, on the...
Technical, , , 0 Comments
Read more...
20Jun2019

A framework for implementing device-based Conditional access with Microsoft Intune

I recently shared a set of scripts to help make deployment of Intune a bit quicker. Today I just want to cover a framework which can be used for deploying device-based conditional access in conjunction with your baseline policy set. The main crux of the issue, which I have seen...
Technical, , , , , 2 Comments
Read more...
28May2019

How-to setup Intune quickly (and strategically) in your environment

Update March 2023: Much of what is written here eventually became the basis for my SMB Guide to Threat Defense and Microsoft Defender. Which in turn is part of the Consultant's Bundle. I encourage you to check it out! UPDATE: I have updated the setup script to now be a single...
Technical, , , , , , , , 32 Comments
Read more...
14May2019

Introducing the Microsoft Office 365 Email Security Checklist

Update March 2023: This project morphed into the Microsoft 365 Best Practices Checklists, which includes a checklist and guide for each of the major services in Microsoft 365. You can get the product here. Okay. I think I have had enough. Enough of what? Enough of reports like this one. And...
Technical, , , , , , , , , , 21 Comments
Read more...

Helping IT Consultants Succeed in the Microsoft Cloud

Have a Question? Contact me today.

Contact Me