11Apr2019
28Mar2019
Give extra Consideration before implementing WIP (Windows 10 App protection policies)
In Microsoft 365 plans it is possible to configure application protection policies for Android, iOS and Windows 10, right from the 365 Admin center under Devices > Policies. Once built, these correspond to policies that you can find within the Intune / Device management portal under Client apps > App...
21Mar2019
My favorite Conditional Access Policies for the SMB
It's not even a question in my mind anymore--every org who moves their email and other data sets into Office 365 should be protected with Enterprise Mobility + Security (also available in Microsoft 365 Enterprise plans). If you are in the Business subscription of Microsoft 365, this means adding Azure...
11Mar2019
Super-charging security on non-Microsoft 365 E5 plans
This article was updated in April of 2020 Microsoft 365 E5 is the Cadillac of plans. Basically every product in the 365 universe is bundled into this level subscription, and that includes a ton related to security. Recently, Microsoft announced two new bundles aimed at security & compliance. The idea behind these...
07Mar2019
Add-ons that are NOT compatible with Microsoft 365 Business (yet)
Update 3/9/2019: I had to update this article. I am moving some former content on Identity & Threat Protection to its own article, and expanding on it there. Microsoft 365 Business is a fantastic value, and contains most of what we would like to see in a small business subscription. However,...
05Mar2019
Office 365 Advanced Threat Protection Plan 2
Recently, Microsoft changed up some of the SKU's relating to security & compliance out in the Microsoft/Office 365 universe. As part of these announcements, they renamed Office 365 Advanced Threat Protection (ATP) to Office 365 ATP Plan 1. Then, to create Office 365 ATP Plan 2, they simply bundled Plan...
21Feb2019
What are the benefits of using Autopilot in Microsoft 365? And, how to configure it.
Autopilot is a "low touch" or "no touch" deployment method that can be leveraged by IT departments to enable self-service computer deployments. Users can basically pick up a new Windows 10 device, sign in, and have all of their applications and data come to them (no profile migration, etc. required). But...
10Jan2019
Busting the myth behind Secure Score
For someone who writes so extensively on Microsoft / Office 365 products, especially with regard to security, I haven't said much about their Secure Score tool on this site yet. Probably I have mentioned it once or twice, but I haven't opined on it, officially. So here's the thing. It is...
12Dec2018
Navigating Device management in Microsoft 365: Registered vs. Joined vs. Hybrid Joined… and Intune
Device management is not a straightforward thing in Azure AD. I think that one major point of confusion for people is understanding the difference between various device states--for example, what is the difference between a device which is merely registered with Azure AD, versus one that is actually Azure AD...
03Dec2018