01Mar2019
12Dec2018
Navigating Device management in Microsoft 365: Registered vs. Joined vs. Hybrid Joined… and Intune
Device management is not a straightforward thing in Azure AD. I think that one major point of confusion for people is understanding the difference between various device states--for example, what is the difference between a device which is merely registered with Azure AD, versus one that is actually Azure AD...
29Nov2018
Leveraging Conditional Access to enforce either MDM or MAM–user’s choice
In some circumstances, you might want users to have their choice: Use the native mail apps and have their mobile devices managed via Intune MDM, OR, Use a managed application such as Outlook on their own personal devices, and opt out of full device management. The catch is, they must go...
21Nov2018
How to enforce the use of managed applications (e.g. the Outlook app for Exchange Online) using Conditional Access in Azure AD Premium
In a previous post I demonstrated how easy it is to create a Mobile Application Management policy in Microsoft 365. With the addition of Azure AD Premium P1, we can also leverage Conditional Access polices that will require users to interact with corporate data through the Microsoft applications such as...
20Nov2018
How to leverage Conditional Access policies to make MFA less annoying: Require only for unmanaged devices
Multi-factor authentication is something I strongly believe in and recommend to all of my customers. But no matter how much I harp on it, most of them don't want to implement it, or they try it out, then beg me to roll back, because... well... it's annoying. Users hate being...
19Nov2018
How to configure Mobile Application Management (MAM) with Microsoft 365 Business (and Intune)
With a traditional MDM solution, the goal is typically to impose management controls at the device level--enforcing policies like pass code with automatic screen lock, encryption, and remote device wipe. It can also be helpful in tracking inventory of mobile devices. All of these "MDM" features are important, especially when...
15Nov2018
Showdown: Exchange Active Sync vs. Office 365 MDM vs. Intune (MDM and MAM)
The Microsoft 365 platform offers customers not one, not two, but three distinct Mobile Device Management solutions (well, technically four, as we'll see). In my experience, most small business customers will be fine with nothing more than a well configured Exchange Active Sync policy, requiring basics like a pass code,...
22Aug2018
Why MDM for Office 365 may be obsolete, with updates to Exchange Active Sync
Disclaimer: This is not breaking news, what I am about to describe has been available for a while, but I just haven't gotten around to blogging about it. Previously I wrote about MDM for Office 365, and I had to update that article since Microsoft keeps changing the interface and...
17Jul2018
The new and confusing Microsoft 365 SKU’s
I have written one post on Microsoft 365 (Business edition) so far. And I haven't had as much time to continue playing with it as I like. But, here is what I can tell you: the literature out there on these SKU's can be confusing, since they are mostly marketing-oriented,...
16Jul2018