This blog will be about the managed and unmanaged IOS App Protection Policies. We have got multiple options to choose from, how to protect the company data. Are you going to require compliant mobile IOS/Android devices, so each device needs to be enrolled (MDM)? Or do you have a lot of front line workers and you only want the apps to be secured (MAM)? Or maybe a combination? In this example, we did both. We wanted to make sure users…
There are many articles written about why you need an additional backup when working with Microsoft 365. I guess most of these articles are written by the backup vendor themselves. But what if you don’t need or want an additional backup? A long time ago I wrote an article about why I love Onedrive and the recycle bin restore possibilities. How I Learned to Stop Worrying and Love Onedrive – Call4Cloud But what options do you have when an end-user…
It’s very nice to see, Microsoft is working on some new features. One of the features which are in development is the possibility to collect remote logs. Source: In development – Microsoft Intune | Microsoft Docs Also look at the possibility to restart an app install!. That’s great. But as these features are in development, we don’t have the option to collect logs remotely. Luckily Solarwinds has a remote background feature, which allows you to gather some event logs remotely….
This blog will be about the Bitlocker recovery key and some proactive remediation (and some background information about how it works) Bitlocker is one of the many security measures you will need to implement to make sure the data is safe when a device is stolen. One of the downsides are the support tickets that could be created when a user simply does not remember their password anymore and tried it too many times. Luckily in a normal situation, you…
This blog will be about why it’s important to automate your Microsoft 365 deployments. Today I was called in to investigate a weird problem. A colleague was trying to set up Intune for a new Microsoft 365 customer. In a normal situation we are doing this by launching our deployment scripts but this time a new colleague wanted to see which steps need to be taken to enroll a customer into Microsoft 365. Everything was going fine until the enrollment…
Everything is about Zero trust security, you will need to implement it. There are a lot of articles written about zero-trust security the last few months. Some examples: Zero Trust Security (microsoft.com) Take the Zero Trust Assessment (microsoft.com) How to best explain zero trust? It’s like the quote of Ronald Reagan but just with one additional word: Never trust, but verify Zero trust ensures, identities are verified and devices are safe before you can access your corporate apps and data….
The past year I blogged a lot about securing and monitoring your devices. Of course, Microsoft 365 E5 is the way to go when you want to maximize your security, but for the SMB the license can be too expensive. For these customers, Microsoft 365 business premium is the best choice. But when you choose Microsoft 365 Business premium you can’t make use of the advanced security features. Of course, by now you have implemented adminless and AppLocker on your…
Some time ago, Oliver Kieselbach discovered a very great new method to start the IME sync process with just a simple command: “intunemanagementextension://syncapp”. You could push a shortcut to with command to all your user desktops. An excellent new approach. Like Oliver was mentioning, you could restart the Microsoft intune management service, which also triggers the sync. But when your users have no admin privileges, this is not possible. This got me thinking, shouldn’t it be possible to restart some…
In my last blog I expressed my opinion about how important it is to use the company portal to distribute apps. Like I was mentioning, it can be a lot of work when you need to create all these apps each time a customer asks for one. Of course, you can create one Chocolatey app which simply installs every app. But I prefer to give the user a nice dashboard with all the possible apps he or she can install. You will need to automate this somehow…
Provisioning your non (for now) Azure ad enrolled Windows 10 Pro devices with AppLocker can be very hard because AppLocker won’t work on Windows 10 Pro devices without Intune… at least that’s what I thought. When configuring AppLocker on a Windows 10 pro device, you will notice this message inside the event log: component not available on this SKU. Take a look at the operating system requirements… Some time ago I created a blog about how you can automatically wipe and reset your domain joined devices to enroll them with autopilot. In this PowerShell script…