Browsed by
Month: March 2021

The Device With The Dragon Tattoo

The Device With The Dragon Tattoo

This blog will be about some old fashioned tattooing problem. A new day a new problem and again a customer called us. On some of their devices, the keyboard layout was switching each time, from NL-VS to NL-NL. Of course, this is really irritating. In a normal situation, your users have the possibility to remove the second keyboard layout when opening the language settings menu but this time it was greyed out. No problem we thought, we could log in…

Read More Read More

Windows 10: The Sands of time

Windows 10: The Sands of time

This short blog will be about some Windows 10 time sync issues. It’s summertime again, time to set your clock one hour forward. Windows 10 has a built-in mechanism to configure the clock/time automatically for you. If it’s working, it’s great but yesterday some customers called. Their Windows 10 device did not automatically changed the system time. When you have admin privileges you can manually sync the time, but you don’t have this luxury if you’re a user without admin…

Read More Read More

App Protection: Attack of the third-party apps

App Protection: Attack of the third-party apps

In one of my last blogs, I showed how you can set up multiple App protection profiles to make sure your managed and unmanaged IOS devices could receive the correct app protection policy. In my opinion, you need to make sure you lower the security bar for the managed devices app protection policies. You really don’t want well-behaved employees who enrolled their own devices, become angry about the security barriers, and finding another way to share the data. Here is…

Read More Read More

App Protection: Resurgence

App Protection: Resurgence

This blog will be about some misunderstanding when conditional access is requiring app protection and/or approved apps? Every organization has BYOD users, these users want to have access to the company data from that same device. You want to make sure you are not only managing the devices, you also need to manage the apps. Some time ago I explained how you could allow managed and unmanaged devices and how to configure the app protection policies. The Chronicles of MAM…

Read More Read More

App protection and a disabled Account

App protection and a disabled Account

Today I realised I totally forgot to add this setting to my App protection baseline. This setting was released some months ago. You can configure this conditional launch setting within the app protection policy. You have got 2 options: Block access: When Intune has confirmed the user has been disabled in Azure Active Directory, the app blocks access to work or school data. Wipe data: When Intune has confirmed the user has been disabled in Azure Active Directory, the app…

Read More Read More

Applocker on the Company portal Express

Applocker on the Company portal Express

This short blog will be about why baselines are very important and why you need to keep them up to date. I am not talking about security baselines this time. What I will be talking about, is the app baseline you need to deploy to your users Windows 10 devices to make sure users can install apps on their own. It’s best practice to implement adminless. *Source: Microsoft Vulnerabilities Report 2021 | BeyondTrust (great report!!) Of course, nowadays users are…

Read More Read More

The Chronicles of MAM

The Chronicles of MAM

This blog will be about the managed and unmanaged IOS App Protection Policies. We have got multiple options to choose from, how to protect the company data. Are you going to require compliant mobile IOS/Android devices, so each device needs to be enrolled (MDM)? Or do you have a lot of front line workers and you only want the apps to be secured (MAM)? Or maybe a combination? In this example, we did both. We wanted to make sure users…

Read More Read More

The Grand OneDrive Hotel

The Grand OneDrive Hotel

This blog will be about some limitations you can run into when you are migrating your files to SharePoint/teams and one drive. In one of my older blogs, I explained why I really love onedrive. How I Learned to Stop Worrying and Love Onedrive – Call4Cloud But simply migrating your legacy file shares by only selecting source and destination within the migration tool and starting the migration is not best practice. Why you might ask? Here is a good example:…

Read More Read More

Deliver us from Hybrid

Deliver us from Hybrid

This week we were visiting a new customer with still some on-premise software and a lot of data.  They asked our opinion on what we thought would the best way to transform into a modern workplace. The first thing that probably will come to mind… go hybrid!! Of course, you can configure your devices to use an autopilot white-glove hybrid azure ad join but what if you don’t want the cons of this kind of deployment? I guess the main…

Read More Read More

THE LOG COLLECTOR Part 2

THE LOG COLLECTOR Part 2

Some weeks ago I blogged about what options you had when you need to remotely collect Logs from your Azure ad Joined devices. The Log Collector – Call4Cloud Remotely collect Azure Ad Logs Some time ago I noticed a new feature which was in development. I am very pleased to see this new functionality is ready for preview and it’s very easy to use! I love it. You only need to press the 3 dots when you have selected the…

Read More Read More