Tag - MDM

Choosing (and implementing) your strategy for personal devices

Choosing (and implementing) your strategy for personal devices

In a recent Microsoft blog announcing some cool new discovery features in Microsoft Defender for Endpoint, there is an interesting (but hardly surprising) statistic shared: your users are 71% more likely to be infected on an unmanaged device. Now the thrust of the article is around discovering assets in your environment...
Read more...

Devices still matter, Part 2: How attackers can use YOUR device

So based on our last post, we now know that MFA and Conditional Access can help prevent a lot of different scenarios involving "any old" devices. That leaves one other avenue for attackers then... Why bother trying to gain new access through any device when there are perfectly...
Read more...

iPadOS breaks MAM-enforced Conditional Access?!

In case anyone missed it, this bombshell dropped last week: https://support.microsoft.com/en-us/help/4521038/action-required-update-conditional-access-policies-for-ipados In summary: when iPad gets updated to iOS 13+ at the end of this month, the OS will change from iOS to iPadOS. And when that happens, Azure AD will see these devices as macOS devices, not iOS...
Read more...

Revisiting Baseline Policies in Microsoft 365

Microsoft has been doing more to make secure configurations easier to implement for admins. But, from my testing and experience, I still have reservations about some of them. Let's review. Conditional Access Baseline Policies There are presently four baseline policies available under Azure AD > Security > Conditional Access. Require MFA for admins...
Read more...

Microsoft 365 Device Management / Intune best practices checklist

Update: Downloadable, printable copies of the Microsoft 365 Best practices checklists and guides are now available for purchase at GumRoad. Thanks for your support! Similar to the checklist for Azure AD which I recently published, this resource is designed to get you up and running quickly with what I consider to...
Read more...

How-to setup Intune quickly (and strategically) in your environment

UPDATE: I have updated the setup script to now be a single script, with the JSON files embedded within it. You do not need to download the JSON files separately, however they are provided for reference. UPDATE: I also have a best practices guide for securing Windows 10 Business edition using...
Read more...

Give extra Consideration before implementing WIP (Windows 10 App protection policies)

In Microsoft 365 plans it is possible to configure application protection policies for Android, iOS and Windows 10, right from the 365 Admin center under Devices > Policies. Once built, these correspond to policies that you can find within the Intune / Device management portal under Client apps > App...
Read more...

Limiting privilege in Microsoft 365 Business

One of the most important things you can do for boosting your security posture on any technology platform (Microsoft or otherwise), is limiting administrative privilege. We have long known that any given user should really only have enough access to do their jobs, and nothing more. Now in the Enterprise subscriptions...
Read more...

Navigating Device management in Microsoft 365: Registered vs. Joined vs. Hybrid Joined… and Intune

Device management is not a straightforward thing in Azure AD.  I think that one major point of confusion for people is understanding the difference between various device states--for example, what is the difference between a device which is merely registered with Azure AD, versus one that is actually Azure AD...
Read more...

Helping IT Consultants Succeed in the Microsoft Cloud

Have a Question? Contact me today.