B for Bitlocker

B for Bitlocker

This blog will be about the Bitlocker recovery key and some proactive remediation (and some background information about how it works) Bitlocker is one of the many security measures you will need to implement to make sure the data is safe when a device is stolen. One of the downsides are the support tickets that could be created when a user simply does not remember their password anymore and tried it too many times. Luckily in a normal situation, you…

Read More Read More

Gmail: King of the monsters

Gmail: King of the monsters

Different week, different use case. This blog will be about the impossibility of having GMAIL as your Email client in combination with android work profiles and Conditional Access. Why not using Outlook? That’s indeed a very good question, as Gmail is also not an approved app. I guess users are just used to work with the Gmail app. They prefer the Gmail calendar notifications instead of the Outlook calendar notifications. Of course, we advised to start using Outlook, but the…

Read More Read More

Natural Born MFA Killers

Natural Born MFA Killers

This blog will be about a weird MFA problem when we were enrolling devices and at the same time configuring MFA. The user in question already had the company  and Authenticator app installed on their IPhone. We were very glad, because it can really save some time. It’s obvious MFA needs to be required when devices need to join Azure Ad. We handed out the surface, so the user could complete the steps to configure Windows Hello and setting up…

Read More Read More

The sum of all App protection policies

The sum of all App protection policies

Obviously, there is a need to use mobile devices to access company data. These devices and apps need to be secured. There are many articles written about when to use MDM and when to use MAM or combining them. This blog will be about troubleshooting App protection policies. This week we were enrolling new surfaces and mobile devices into Microsoft 365. It can be a struggle when you don’t have a greenfield tenant and you need to make sure the…

Read More Read More

Intune: Battle of the MDM authority

Intune: Battle of the MDM authority

This blog will be about why it’s important to automate your Microsoft 365 deployments. Today I was called in to investigate a weird problem. A colleague was trying to set up Intune for a new Microsoft 365 customer.  In a normal situation we are doing this by launching our deployment scripts but this time a new colleague wanted to see which steps need to be taken to enroll a customer into Microsoft 365. Everything was going fine until the enrollment…

Read More Read More

Public Desktop icons and Adminless: The far side of Intune

Public Desktop icons and Adminless: The far side of Intune

This short blog will be about, why users don’t need admin permissions to delete the public desktop icons. There are not a lot of reasons why your Azure Ad users need to be local admins on their devices. You can do a lot even without admin permissions. To summon a few: -Restarting services can be done without local admin permissions The non admin user: The battle of restarting services – Call4Cloud -Installing applications The PowerShell Win32 App Express – Call4Cloud -Installing…

Read More Read More

Zero Trust Security Flow

Zero Trust Security Flow

Everything is about Zero trust security, you will need to implement it.  There are a lot of articles written about zero-trust security the last few months. Some examples: Zero Trust Security (microsoft.com) Take the Zero Trust Assessment (microsoft.com) How to best explain zero trust? It’s like the quote of Ronald Reagan but just with one additional word: Never trust, but verify Zero trust ensures, identities are verified and devices are safe before you can access your corporate apps and data….

Read More Read More

The Applocker Games: Catching the events

The Applocker Games: Catching the events

The past year I blogged a lot about securing and monitoring your devices. Of course, Microsoft 365 E5 is the way to go when you want to maximize your security, but for the SMB the license can be too expensive. For these customers, Microsoft 365 business premium is the best choice. But when you choose Microsoft 365 Business premium you can’t make use of the advanced security features. Of course, by now you have implemented adminless and AppLocker on your…

Read More Read More

Applocker: The Meltdown

Applocker: The Meltdown

This short blog will be about what to do when you have locked yourself out of your device when implementing Intune Applocker device configuration policies. Some time ago I blogged about how a not configured DLL rule can break your devices. The Appocker Dilemma – Call4Cloud At that time, just changing the Applocker device config inside Intune did the job. But what if the new Applocker policy just won’t sync to the device and the old policies still apply. At…

Read More Read More

The red screen before Christmas

The red screen before Christmas

Using Autopilot will give you a lot of benefits, especially when combining it with White Glove.  When you have got new devices, you are good to go but when you want to enroll existing “older” devices into Autopilot White Glove you can run into some problems. When we were enrolling a lot of new devices at a customer site no problems were encountered, because we previously enrolled them with Autopilot White glove. After our work was done, the customer asked…

Read More Read More