To Retire or Not to Wipe.

To Retire or Not to Wipe.

This blog will be about when and why you need to perform a retire or a (selective) wipe when an employee exits the company or when their device is stolen. In one of my last blogs, I explained why it’s important you need to configure App protection policies.  I want to dedicate this blog to the methods available how you could make sure when a user exits the company there is no company data or/and apps left on the mobile…

Read More Read More

Conditional Access: The Day of the Joining Device

Conditional Access: The Day of the Joining Device

This blog will be about a new User action in conditional Access and how to deploy this setting. I will also show you how to deploy this rule among all other rules in conditional access with the use of PowerShell. When you join/register a device you will need to require MFA in my opinion. It’s also a part of our Baseline tenant enrollment. I guess you don’t want someone outside your company joining a device with stolen credentials? Otherwise requiring…

Read More Read More

Teams, Life of Ads?

Teams, Life of Ads?

This blog will be about some Teams news, I had some weird feelings about. Did someone notice the: MC247825 which was posted on 30 of march? “We will show a banner in the activity feed”. It sounds to me like some advertisements for in-house products? Maybe I am completely wrong, lets hope so. You will need to inform your helpdesk/service desk employees, this update could end up in some tickets about a user questioning if they need to add a…

Read More Read More

I am Thinking of Ending Data Migration

I am Thinking of Ending Data Migration

This blog will be about the steps you need to take BEFORE you migrate your on-premise file server to Sharepoint/Onedrive/teams.  In one of my last blogs, I showed you the importance of making sure you don’t exceed the 255 characters when you are working with OneDrive and how you could solve this.  Call4Cloud The Grand OneDrive Hotel and the 260 Limitations  This blog above is based on what you could do AFTER the migration, now it’s time to talk about what you can do BEFORE the migration.  Again, the limitations, you really need to beware of are the…

Read More Read More

Captain App Protection and the Winter Browser

Captain App Protection and the Winter Browser

This blog will be about why  only securing your mobile apps and desktop clients on IOS and Android devices will leave some holes in your security In one of my last blogs, I showed you how to set up App protection policies on unmanaged and managed devices. The Chronicles of MAM – Call4Cloud Setting up IOS App protection policies After some feedback, I realized I did not show the conditions, which client apps should be selected. When you are configuring…

Read More Read More

The Device With The Dragon Tattoo

The Device With The Dragon Tattoo

This blog will be about some old fashioned tattooing problem. A new day a new problem and again a customer called us. On some of their devices, the keyboard layout was switching each time, from NL-VS to NL-NL. Of course, this is really irritating. In a normal situation, your users have the possibility to remove the second keyboard layout when opening the language settings menu but this time it was greyed out. No problem we thought, we could log in…

Read More Read More

Windows 10: The Sands of time

Windows 10: The Sands of time

This short blog will be about some Windows 10 time sync issues. It’s summertime again, time to set your clock one hour forward. Windows 10 has a built-in mechanism to configure the clock/time automatically for you. If it’s working, it’s great but yesterday some customers called. Their Windows 10 device did not automatically changed the system time. When you have admin privileges you can manually sync the time, but you don’t have this luxury if you’re a user without admin…

Read More Read More

App Protection: Attack of the third-party apps

App Protection: Attack of the third-party apps

In one of my last blogs, I showed how you can set up multiple App protection profiles to make sure your managed and unmanaged IOS devices could receive the correct app protection policy. In my opinion, you need to make sure you lower the security bar for the managed devices app protection policies. You really don’t want well-behaved employees who enrolled their own devices, become angry about the security barriers, and finding another way to share the data. Here is…

Read More Read More

App Protection: Resurgence

App Protection: Resurgence

This blog will be about some misunderstanding when conditional access is requiring app protection and/or approved apps? Every organization has BYOD users, these users want to have access to the company data from that same device. You want to make sure you are not only managing the devices, you also need to manage the apps. Some time ago I explained how you could allow managed and unmanaged devices and how to configure the app protection policies. The Chronicles of MAM…

Read More Read More

App protection and a disabled Account

App protection and a disabled Account

Today I realised I totally forgot to add this setting to my App protection baseline. This setting was released some months ago. You can configure this conditional launch setting within the app protection policy. You have got 2 options: Block access: When Intune has confirmed the user has been disabled in Azure Active Directory, the app blocks access to work or school data. Wipe data: When Intune has confirmed the user has been disabled in Azure Active Directory, the app…

Read More Read More