Microsoft Cloud App Security

If you’re an IT admin, do you know what apps users are putting on devices alongside company data? Do you know all the apps that they are directly putting company data into, thinking it helps solve a problem for them? This is the problem of “Shadow IT.” If it’s a personal device, it’s even worse, as they might be installing all kinds of insecure apps without IT approval and it wouldn’t take much to make a mistake like copying and pasting company data or uploading a file into the wrong app.

Continue Reading Microsoft Cloud App Security

Device Compliance Policies

Once you’ve got devices enrolled in Microsoft Endpoint Manager, one of the very useful things you can apply are compliance policies. These provide you a way to monitor and enforce restrictions on devices which are not following the proper practices that you want in your organization.

These compliance policies can be set up for devices of multiple operating systems:

  • Android
  • iOS
  • macOS
  • Windows 10 and later
  • Windows 8.1 and later

As is the case elsewhere in Endpoint Manager, Chromebook is the noticeable omission.

Continue Reading Device Compliance Policies

Device Configuration Policies

You’ve got your devices enrolled in Endpoint Manager. Now what? This opens up lots of tools including configuration policies.

Configuration policies allow for quickly rolling out the desired configuration to the device, without the user having to manually set it up. This can include a lot of different settings and vary by the operating system of the device. Some of the more interesting tools for Windows 10 includes:

Continue Reading Device Configuration Policies

Windows Autopilot

Windows Autopilot is a great system for deploying new Windows 10 devices, especially in the age of COVID-19 and so many working from home. Here’s the official documentation breaking down the details.

The high level overview is that the user of the machine receives it, perhaps at home or perhaps in an office. They turn it on. Depending on the configuration options the admin has set up, they may have as few as two things they need to do to get the device ready for use:

Continue Reading Windows Autopilot

Enrolling Devices in Endpoint Manager

Suppose you’ve started to move toward managing your devices in Microsoft Endpoint Manager (Intune). There are a lot of methods available to do that. I’ll highlight just a few of the most interesting:

Windows Autopilot

If the device was set up with Windows Autopilot, enrolling to Endpoint Manager is one of the options to happen immediately as part of the setup. No further actions are necessary.

Continue Reading Enrolling Devices in Endpoint Manager

Microsoft Conditional Access Policies

Passwords are inadequate. Even for standard consumer tools, you should have at least two more tools in your toolbox: a password manager and multi-factor authentication. Those help make passwords suck less. But they do leave open some questions like: should you need to perform multi-factor authentication every time you log in? Should access be all or nothing, or should there be any accounting for degrees of risk?

Continue Reading Microsoft Conditional Access Policies

MS-101 Prep: How I’m Studying

Over the last few months, I’ve been working on preparing for the MS-101 exam. This exam covers a few topics around enterprise device management and security. I’ve mostly been studying with a few methods:

Continue Reading MS-101 Prep: How I’m Studying