Tag - MAM

Making sense of the many DLP options in Microsoft 365

Making sense of the many DLP options for Microsoft 365

One of my readers wrote to me recently about an article that I penned a couple of years ago, on the topic of Data Loss Prevention in Microsoft 365. They pointed out that my breakdown was a bit dated now, and that the Microsoft universe seems to have become more...
Read more...
A Sneak Peek at App Management for Edge

A Sneak Peek at Application Management for Edge

This blog has been active for at least six years. To this day, I probably receive more questions about BYOD and the various options we have for management with regard to personal devices, than any other topic that I have written about. I think this just goes to show the...
Read more...
Choosing (and implementing) your strategy for personal devices

Choosing (and implementing) your strategy for personal devices

In a recent Microsoft blog announcing some cool new discovery features in Microsoft Defender for Endpoint, there is an interesting (but hardly surprising) statistic shared: your users are 71% more likely to be infected on an unmanaged device. Now the thrust of the article is around discovering assets in your environment...
Read more...

iPadOS breaks MAM-enforced Conditional Access?!

In case anyone missed it, this bombshell dropped last week: https://support.microsoft.com/en-us/help/4521038/action-required-update-conditional-access-policies-for-ipados In summary: when iPad gets updated to iOS 13+ at the end of this month, the OS will change from iOS to iPadOS. And when that happens, Azure AD will see these devices as macOS devices, not iOS...
Read more...

How to prevent users from circumventing MAM by going through OWA on mobile devices

One of my smart co-workers pointed out that my Conditional access baseline policies, as written, actually leave open the possibility that users could simply use OWA on their mobile devices, instead of using the Outlook app. And that means a user could bypass your protections such as encryption of app data,...
Read more...

PSA: Careful with MAM – there might be more to it than you think

I have written extensively on Mobile Application Management (MAM), as an alternative to Mobile Device Management (MDM). When implemented properly, it is the perfect solution for protecting company data on unmanaged devices (e.g. BYOD situations). But therein lies the rub. You need to implement it properly. I can't blame you...
Read more...

Microsoft 365 Device Management / Intune best practices checklist

Update: Downloadable, printable copies of the Microsoft 365 Best practices checklists and guides are now available for purchase at GumRoad. Thanks for your support! Similar to the checklist for Azure AD which I recently published, this resource is designed to get you up and running quickly with what I consider to...
Read more...

How-to setup Intune quickly (and strategically) in your environment

UPDATE: I have updated the setup script to now be a single script, with the JSON files embedded within it. You do not need to download the JSON files separately, however they are provided for reference. UPDATE: I also have a best practices guide for securing Windows 10 Business edition using...
Read more...

Give extra Consideration before implementing WIP (Windows 10 App protection policies)

In Microsoft 365 plans it is possible to configure application protection policies for Android, iOS and Windows 10, right from the 365 Admin center under Devices > Policies. Once built, these correspond to policies that you can find within the Intune / Device management portal under Client apps > App...
Read more...

Helping IT Consultants Succeed in the Microsoft Cloud

Have a Question? Contact me today.