22Jan2020
04Dec2019
Still waiting for full Azure AD Premium P1 in Microsoft 365 Business…and other Christmas wish list items.
Update March 2020: Spotted today in the message center: Thank you for listening, Microsoft! I had written on this topic a while ago, and many of the components that we were looking to get from Azure AD Premium P1 have in fact arrived since that time (such as
01Dec2019
2020 Edition of the Recommended Conditional access policy design guide is available now
I just finished updating the Conditional access design guide, part of the Microsoft 365 Best practices checklists. The new updates reflect some carefully considered feedback from my clients (real-world scenarios), as well as some new additions and...
21Oct2019
No more excuses: 5 Tips & tricks to make Office 365 MFA easier on people
As I'm sure you are aware by now, Multi-factor Authentication reduces your risk of identity compromise by 99.9%. Requiring so called "strong passwords," by contrast, doesn't make that much difference at the end of the day....
11Oct2019
Removing local admin: a game of compromise (and some tips and tricks)
Look, I am a realist. Yes: from a security perspective it would be ideal if we could take away local admin privileges on every corporate owned Windows 10 workstation. But that still isn't very easy to...
05Oct2019
iPadOS (iOS 13+) still not compatible with MAM enforced by Conditional access
Update 11/18/2019: This issue has now been fixed. I wrote about this before the update dropped, and in my testing since then I am afraid the situation has not improved.The setup
Create a Conditional access policy for iOS that requires an approved client app. In other words, users...
04Oct2019
Introducing the Windows 10 Business Secure Configuration Framework
Update March 2023: This publication has been updated significantly and renamed as well. It is now called The SMB Guide to Threat Defense and Microsoft Defender in Microsoft 365 Business Premium Plans. This guide describes implementation of Microsoft Defender for Office 365 as well as Microsoft Defender for Business, and...
03Oct2019
Windows Information Protection done right, part 2: typical set up steps
Last time we talked about a couple of key concepts including enlightened and non-enlightened apps, and how Windows Information Protection (WIP) treats corporate data differently than personal. In short, a non-enlightened app and all of its data will be treated by WIP as personal (by default). However, if you choose...
30Sep2019
Windows Information Protection done right, part 1: education and background
A while back I mentioned that WIP policies are not something you should turn on blindly, as they can have disastrous consequences. That is true, when implemented without a plan. However, it is also a very powerful tool that...
19Sep2019