Browsed by
Category: Microsoft 365 Business

Zero Trust Security Flow

Zero Trust Security Flow

Everything is about Zero trust security, you will need to implement it.  There are a lot of articles written about zero-trust security the last few months. Some examples: Zero Trust Security (microsoft.com) Take the Zero Trust Assessment (microsoft.com) How to best explain zero trust? It’s like the quote of Ronald Reagan but just with one additional word: Never trust, but verify Zero trust ensures, identities are verified and devices are safe before you can access your corporate apps and data….

Read More Read More

The Applocker Games: Catching the events

The Applocker Games: Catching the events

The past year I blogged a lot about securing and monitoring your devices. Of course, Microsoft 365 E5 is the way to go when you want to maximize your security, but for the SMB the license can be too expensive. For these customers, Microsoft 365 business premium is the best choice. But when you choose Microsoft 365 Business premium you can’t make use of the advanced security features. Of course, by now you have implemented adminless and AppLocker on your…

Read More Read More

Applocker: The Meltdown

Applocker: The Meltdown

This short blog will be about what to do when you have locked yourself out of your device when implementing Intune Applocker device configuration policies. Some time ago I blogged about how a not configured DLL rule can break your devices. The Appocker Dilemma – Call4Cloud At that time, just changing the Applocker device config inside Intune did the job. But what if the new Applocker policy just won’t sync to the device and the old policies still apply. At…

Read More Read More

The red screen before Christmas

The red screen before Christmas

Using Autopilot will give you a lot of benefits, especially when combining it with White Glove.  When you have got new devices, you are good to go but when you want to enroll existing “older” devices into Autopilot White Glove you can run into some problems. When we were enrolling a lot of new devices at a customer site no problems were encountered, because we previously enrolled them with Autopilot White glove. After our work was done, the customer asked…

Read More Read More

Fantastic MR. SSO

Fantastic MR. SSO

This blog will be about what kind of problems you can run into when you have multiple customers inside one active directory and you want to provide them SSO with Office 365. Making use of modern authentication in combination with SSO can provide you with a very good user experience, except when you don’t have the option to use single sign-on. Take a look at this scenario: You are a hosting provider You have one big multi-Tenant Active Directory You…

Read More Read More

500 Days of blocking Onedrive extensions

500 Days of blocking Onedrive extensions

I was mentioning in my latest blog, I would show how you can automate the company apps deployment, but first I would like you to show something brand new. This blog will be about how to prevent some files to be uploaded with Onedrive and not using the Onedrive admin center Excluding extensions in the Onedrive admin center was the way to go to make sure some files are not synced with Onedrive. Of course, you don’t want certain files…

Read More Read More

Company App: Unchained

Company App: Unchained

In this blog I will give you my opinion on how I prefer apps to be deployed. When deploying a zero-trust modern workplace you need to make sure your users are not member of the local admin group. Take a look at my blogs if you want to make sure a user is never a local admin. When your users are no local admin anymore, you can implement an AppLocker policy to make sure your devices are secure. But here…

Read More Read More

Close Encounters of Fiddler

Close Encounters of Fiddler

*The power of combining Fiddler and PowerShell. Did you ever wonder how to automate Office365 deployment? It’s a lot of work to configure conditional access, device configurations, update settings and compliance settings manually… and we haven’t even talked about the risk of human error. For all these worries and concerns automation is your solution. *How does it work? First, we need Fiddler and PowerShell. Download and install Fiddler, don’t forget to configure the SSL decrypt settings and open the Intune…

Read More Read More

The Conditional Access Experiment

The Conditional Access Experiment

Some time ago I was inspired to check something out.  Of course, almost all schools are working with Teams nowadays and so is my son’s school. After installing teams and logging in with my son’s office365 account, I was asked the famous question if I’d wanted to “allow my organization to manage my device”. Okay… So the school allows anyone to register a device to their tenant? I guess the school has a lot of devices to manage. If it…

Read More Read More

Guardians of the Local Admin rights

Guardians of the Local Admin rights

Granting your users local admin permissions when deploying Windows 10 is really really best practice…I’m joking, no it’s not! I must be saying this a lot lately. You need to be certain all of your endpoints are managed, so you can make sure your users don’t have local admin permissions. You don’t believe me that your endpoints need to be managed? Take a look at these two examples (Alex Fields): Removing local admin permissions mitigates a lot of critical Microsoft…

Read More Read More