Browsed by
Category: Azure Ad

The Log Collector

The Log Collector

It’s very nice to see, Microsoft is working on some new features. One of the features which are in development is the possibility to collect remote logs. Source: In development – Microsoft Intune | Microsoft Docs Also look at the possibility to restart an app install!. That’s great. But as these features are in development, we don’t have the option to collect logs remotely. Luckily Solarwinds has a remote background feature, which allows you to gather some event logs remotely….

Read More Read More

Natural Born MFA Killers

Natural Born MFA Killers

This blog will be about a weird MFA problem when we were enrolling devices and at the same time configuring MFA. The user in question already had the company  and Authenticator app installed on their IPhone. We were very glad, because it can really save some time. It’s obvious MFA needs to be required when devices need to join Azure Ad. We handed out the surface, so the user could complete the steps to configure Windows Hello and setting up…

Read More Read More

Intune: Battle of the MDM authority

Intune: Battle of the MDM authority

This blog will be about why it’s important to automate your Microsoft 365 deployments. Today I was called in to investigate a weird problem. A colleague was trying to set up Intune for a new Microsoft 365 customer.  In a normal situation we are doing this by launching our deployment scripts but this time a new colleague wanted to see which steps need to be taken to enroll a customer into Microsoft 365. Everything was going fine until the enrollment…

Read More Read More

The red screen before Christmas

The red screen before Christmas

Using Autopilot will give you a lot of benefits, especially when combining it with White Glove.  When you have got new devices, you are good to go but when you want to enroll existing “older” devices into Autopilot White Glove you can run into some problems. When we were enrolling a lot of new devices at a customer site no problems were encountered, because we previously enrolled them with Autopilot White glove. After our work was done, the customer asked…

Read More Read More

Fantastic MR. SSO

Fantastic MR. SSO

This blog will be about what kind of problems you can run into when you have multiple customers inside one active directory and you want to provide them SSO with Office 365. Making use of modern authentication in combination with SSO can provide you with a very good user experience, except when you don’t have the option to use single sign-on. Take a look at this scenario: You are a hosting provider You have one big multi-Tenant Active Directory You…

Read More Read More

Web Content filtering: The final chapter

Web Content filtering: The final chapter

Starting with Microsoft 365 business is an excellent idea. It contains almost everything you need for a secure modern workplace.  With almost everything I mean you’ll be missing out on some great features contained within the Microsoft E5 license. The biggest example would be Microsoft Defender for endpoints, it also has some addons like web content filtering. I can imagine for the SMB, Microsoft E5 might be too expensive for now. The price difference between a Microsoft 365 Business premium…

Read More Read More

The Wolf of Azure Active Directory Sync Errors

The Wolf of Azure Active Directory Sync Errors

This blog will be about a weird error when trying to remove an email alias: “An azure active directory call was made to keep object in sync between azure active directory and exchange online” Sometimes an easy question can result in taking away much of your time. We got a simple question: Could you remove an email alias and create a shared mailbox with this email address? So you have got 2 options here. The GUI and PowerShell. So I…

Read More Read More

Continuous Access Evaluation: Rise of the Claim challenge

Continuous Access Evaluation: Rise of the Claim challenge

Hi, Refresh tokens, Hi lag when Terminating users or setting a new password. Welcome continuous access evaluation (CAE), bye lag (1 hour refresh token) Claim challenge is a mechanism to indicate the token was rejected and a new token needs to be issued. So what are the benefits: User termination or password change/reset: User session revocation will be enforced in near real time. Network location change: Conditional Access location policies will be enforced in near real time. Token export to…

Read More Read More

The Place Beyond the Guests

The Place Beyond the Guests

Restricting guest access is very important. Normally you don’t want a guest user to see the membership of any groups. Of course, there are some situations you don’t want to change this setting. You can simply change this in the user manage external collaboration settings inside the azure ad portal. https://aka.ms/AADRestrictedGuestAccess Or just use PowerShell. Add this setting to your Enrollment template so when enrolling a new customer, this setting will not be forgotten. get-AzureADMSAuthorizationPolicy | Set-AzureADMSAuthorizationPolicy -GuestUserRoleId ‘2af84b1e-32c8-42b7-82bc-daa82404023b’ Conclusion:…

Read More Read More

Blocking administrative Tools part 2

Blocking administrative Tools part 2

In one of my last blogs, I showed you how to block the administrative tools: It can easily be done within the Intune for Education portal. Of course, that’s is really nice. But I just noticed some admx updates https://blogs.windows.com/windowsexperience/2020/08/05/announcing-windows-10-insider-preview-build-20185/ I hope this amdx update within the Insider preview build 20185 will help us to prevent access to the command prompt/ powershell and registry without using applocker?