Tag - Windows 10

Limiting privilege is a process, not an event

In some past blogs I have highlighted the importance of devices in your security, management and compliance journey. Why do I harp on that? Because it is the starting point. The mantra takes various forms, but basically you cannot protect what you cannot see. This applies to devices of course, but...
Read more...

Reader Question: Differences between Windows 10 Pro and Windows 10 Business

Hi Alex, I’m working on getting some of my clients over to M365 Business from O365 Business Premium. I’ve searched the web and I can’t seem to find a good explanation on the difference between Windows 10 Pro and Windows 10 Business. Is there a difference between Windows Defender in...
Read more...

Notes from the field: Windows 10 Device Compliance

One of the coolest features in Microsoft 365 is the ability to measure device compliance, and based on that reading, grant, deny or limit access to cloud resources. For mobile devices this works really well, and most compliance policies are fairly simple: make sure the device isn't jail-broken/rooted, require a...
Read more...

Removing local admin: a game of compromise (and some tips and tricks)

Look, I am a realist. Yes: from a security perspective it would be ideal if we could take away local admin privileges on every corporate owned Windows 10 workstation. But that still isn't very easy to do for many organizations. Some orgs do need to maintain a bit more flexibility, with...
Read more...

Introducing the Windows 10 Business Secure Configuration Framework

Microsoft has published guidance with respect to securing Enterprise workstations, however this type of literature is lacking for the small business. Specifically, Windows 10 Business (part of Microsoft 365 Business) does not contain all of the same software and features as the Enterprise editions of Windows 10 and Microsoft 365....
Read more...

Windows Information Protection done right, part 2: typical set up steps

Last time we talked about a couple of key concepts including enlightened and non-enlightened apps, and how Windows Information Protection (WIP) treats corporate data differently than personal. In short, a non-enlightened app and all of its data will be treated by WIP as personal (by default). However, if you choose...
Read more...

Windows Information Protection done right, part 1: education and background

A while back I mentioned that WIP policies are not something you should turn on blindly, as they can have disastrous consequences. That is true, when implemented without a plan. However, it is also a very powerful tool that is included with all Microsoft 365 subscriptions (yes, even Business). So...
Read more...

Replacing folder redirection and mapped network drives: Controlling the OneDrive client experience on Windows 10 with Intune

For as long as we can remember, the primary way to share files in an organization was mapped network drives. This may have included a "Public" or "Company" drive (e.g. P:\ for Public), as well as a "Home" or "User" drive (H:\ or U:\ respectively). As well, there may have...
Read more...

How-to setup Intune quickly (and strategically) in your environment

UPDATE: I have updated the setup script to now be a single script, with the JSON files embedded within it. You do not need to download the JSON files separately, however they are provided for reference. UPDATE: I also have a best practices guide for securing Windows 10 Business edition using...
Read more...

The evolution of small business networks

I believe there are only three basic types of networks alive in the small and mid-sized business market today.* Legacy, Hybrid and Modern. Now the labeling on these categories is purposeful--the language represents a progression in time, but it is important to remember that there still exist "legacy" environments, just...
Read more...

Helping IT Consultants Succeed in the Microsoft Cloud

Have a Question? Contact me today.