24Mar2020
26Feb2020
Reader Question: Differences between Windows 10 Pro and Windows 10 Business
Hi Alex, I’m working on getting some of my clients over to M365 Business from O365 Business Premium. I’ve searched the web and I can’t seem to find a good explanation on the difference between Windows 10 Pro and Windows 10 Business. Is there a difference between Windows Defender in...
11Dec2019
Notes from the field: Windows 10 Device Compliance
One of the coolest features in Microsoft 365 is the ability to measure device compliance, and based on that reading, grant, deny or limit access to cloud resources. For mobile devices this works really well, and most compliance policies are fairly simple: make sure the device isn't jail-broken/rooted, require a...
11Oct2019
Removing local admin: a game of compromise (and some tips and tricks)
Look, I am a realist. Yes: from a security perspective it would be ideal if we could take away local admin privileges on every corporate owned Windows 10 workstation. But that still isn't very easy to do for many organizations. Some orgs do need to maintain a bit more flexibility, with...
04Oct2019
Introducing the Windows 10 Business Secure Configuration Framework
Update March 2023: This publication has been updated significantly and renamed as well. It is now called The SMB Guide to Threat Defense and Microsoft Defender in Microsoft 365 Business Premium Plans. This guide describes implementation of Microsoft Defender for Office 365 as well as Microsoft Defender for Business, and...
03Oct2019
Windows Information Protection done right, part 2: typical set up steps
Last time we talked about a couple of key concepts including enlightened and non-enlightened apps, and how Windows Information Protection (WIP) treats corporate data differently than personal. In short, a non-enlightened app and all of its data will be treated by WIP as personal (by default). However, if you choose...
30Sep2019
Windows Information Protection done right, part 1: education and background
A while back I mentioned that WIP policies are not something you should turn on blindly, as they can have disastrous consequences. That is true, when implemented without a plan. However, it is also a very powerful tool that is included with all Microsoft 365 subscriptions (yes, even Business). So...
31Jul2019
Replacing folder redirection and mapped network drives: Controlling the OneDrive client experience on Windows 10 with Intune
For as long as we can remember, the primary way to share files in an organization was mapped network drives. This may have included a "Public" or "Company" drive (e.g. P:\ for Public), as well as a "Home" or "User" drive (H:\ or U:\ respectively). As well, there may have...
28May2019
How-to setup Intune quickly (and strategically) in your environment
Update March 2023: Much of what is written here eventually became the basis for my SMB Guide to Threat Defense and Microsoft Defender. Which in turn is part of the Consultant's Bundle. I encourage you to check it out! UPDATE: I have updated the setup script to now be a single...
11Apr2019