28May2019
28Mar2019
Give extra Consideration before implementing WIP (Windows 10 App protection policies)
In Microsoft 365 plans it is possible to configure application protection policies for Android, iOS and Windows 10, right from the 365 Admin center under Devices > Policies. Once built, these correspond to policies that you can find within the Intune / Device management portal under Client apps > App...
01Mar2019
Limiting privilege in Microsoft 365 Business
One of the most important things you can do for boosting your security posture on any technology platform (Microsoft or otherwise), is limiting administrative privilege. We have long known that any given user should really only have enough access to do their jobs, and nothing more.Now in the Enterprise subscriptions...
29Nov2018
Leveraging Conditional Access to enforce either MDM or MAM–user’s choice
In some circumstances, you might want users to have their choice: Use the native mail apps and have their mobile devices managed via Intune MDM, OR, Use a managed application such as Outlook on their own personal devices, and opt out of full device management. The catch is, they must go...
21Nov2018
How to enforce the use of managed applications (e.g. the Outlook app for Exchange Online) using Conditional Access in Azure AD Premium
In a previous post I demonstrated how easy it is to create a Mobile Application Management policy in Microsoft 365. With the addition of Azure AD Premium P1, we can also leverage Conditional Access polices that will require users to interact with corporate data through the Microsoft applications such as...
20Nov2018
How to leverage Conditional Access policies to make MFA less annoying: Require only for unmanaged devices
Multi-factor authentication is something I strongly believe in and recommend to all of my customers. But no matter how much I harp on it, most of them don't want to implement it, or they try it out, then beg me to roll back, because... well... it's annoying. Users hate being...
19Nov2018