10Sep2019
04Sep2019
How to prevent users from circumventing MAM by going through OWA on mobile devices
One of my smart co-workers pointed out that my Conditional access baseline policies, as written, actually leave open the possibility that users could simply use OWA on their mobile devices, instead of using the Outlook app. And that means a user could bypass your protections such as encryption of app data,...
03Sep2019
PSA: Careful with MAM – there might be more to it than you think
I have written extensively on Mobile Application Management (MAM), as an alternative to Mobile Device Management (MDM). When implemented properly, it is the perfect solution for protecting company data on unmanaged devices (e.g. BYOD situations). But therein lies the rub. You need to implement it properly. I can't blame you...
31Jul2019
Replacing folder redirection and mapped network drives: Controlling the OneDrive client experience on Windows 10 with Intune
For as long as we can remember, the primary way to share files in an organization was mapped network drives. This may have included a "Public" or "Company" drive (e.g. P:\ for Public), as well as a "Home" or "User" drive (H:\ or U:\ respectively). As well, there may have...
15Jul2019
Microsoft 365 Device Management / Intune best practices checklist
Update: Downloadable, printable copies of the Microsoft 365 Best practices checklists and guides are now available. Thanks for your support! Similar to the checklist for Azure AD which I recently published, this resource is designed to get you up and running quickly with what I consider to be a good "baseline"...
24Jun2019
A framework for implementing Device configuration profiles with Microsoft Intune
Last time we looked at the proper methodology for rolling out Device-based Conditional access in conjunction with Compliance policies. In that article, we observed that the workflow is very linear and logical, flowing from one step to the next, and ending in Conditional access, like so: Device configuration profiles, on the...
20Jun2019
A framework for implementing device-based Conditional access with Microsoft Intune
I recently shared a set of scripts to help make deployment of Intune a bit quicker. Today I just want to cover a framework which can be used for deploying device-based conditional access in conjunction with your baseline policy set. The main crux of the issue, which I have seen...
28May2019
How-to setup Intune quickly (and strategically) in your environment
Update March 2023: Much of what is written here eventually became the basis for my SMB Guide to Threat Defense and Microsoft Defender. Which in turn is part of the Consultant's Bundle. I encourage you to check it out! UPDATE: I have updated the setup script to now be a single...
14May2019
Introducing the Microsoft Office 365 Email Security Checklist
Update March 2023: This project morphed into the Microsoft 365 Best Practices Checklists, which includes a checklist and guide for each of the major services in Microsoft 365. You can get the product here. Okay. I think I have had enough. Enough of what? Enough of reports like this one. And...
01Apr2019