BitLocker on removable drives is known as “BitLocker to go”, but I will just refer to it as BitLocker in this writing. Requiring BitLocker on removable drives is fairly easy with the built-in Intune Endpoint Security profile templates. Some of you may be thinking removable storage should be completely blocked for security reasons. I agree […]
In this post I’ll take a closer look at how AADJ machines authenticated with an AD Synced identity can seamlessly access on-prem resources. This includes things like SMB file shares or other applications that require AD USER authentication. It’s important to remember if you have services utilizing machine authentication, those devices will need to remain AD joined
A question was recently asked about how to set the wallpaper fit with Intune (fill, stretch, tile, etc.). This reminded me of a previous blog post about setting the background and lock screen on Windows 10 Pro devices with Intune (you can see that post here). I figured I’d update that post but found myself
A client I recently worked with wanted to make sure only compliant devices could access corporate resources. This is a fairly common request and implementation, but they also wanted a compliance policy to make sure certain security applications were installed. This post will look at how custom compliance policies work and show you how to
This is a short holiday week for me, so this post is quick and basic. It’s surprising to me how many tenants I encounter that have no dynamic groups configured. Many IT teams are still manually adding/removing devices or users from assigned groups. For anyone not using dynamic groups, you need to start using them.
Back to Basics – Use Dynamic Groups Wherever Possible Read More »
Microsoft’s new authentication strength options for Conditional Access is awesome, and I encourage you to start using this feature. This post will add some clarification on using Conditional Access for MFA, how to add a FIDO2 security key as an authentication method, and then how to use conditional access to protect certain applications with different levels
How this started I did a project several months ago for a client who needed a few web shortcuts on the public desktop so they were available to any logged in user. The sites recommended chrome as the browser. So, the shortcuts were deployed to open with Chrome, which was not the default browser. If
Change which Browser Opens Intune Deployed Shortcuts Read More »
More often than not, I see both per-user MFA and Conditional Access MFA enabled in Azure AD tenants. There seems to be a misconception amongst IT admins that by disabling per-user MFA, users will need to re-register their MFA authentication methods. So, admins end up leaving per-user MFA enabled and also creating a Conditional Access
Move from per-user MFA to Conditional Access MFA in Azure AD Read More »
