If you have Config Manager today and if you are thinking or planning on moving the devices and the workloads to Intune, this article is for you. If you are in that state today, chances are you have a stable (or near stable) method of managing the devices, patch updates, and GPOs. Moving the capabilities … Continue reading From ConfigMgr to Fully Intune Managed in 2024. Let’s Make That a Reality
Year: 2023
Infographic – Migrate MFA and SSPR Policies to the Converged Authentication Methods Policy
Some useful URLs apart from the below infographic: ❤ Microsoft Learn doc converged-authentication-methods-policyDownload
Adopting Microsoft Entra ID Governance – A Deep Dive
Lately, there has been a lot happened/ changed/ introduced in the Microsoft Entra ID Governance space and this is one of my favorite topics to write and explain as well. The main reason is that Entra ID Governance features are all interconnected and organizations can easily create an eco-system and start using its features. Not … Continue reading Adopting Microsoft Entra ID Governance – A Deep Dive
6. Windows Autopatch – Release Management, Reports and Notifications
In this last section, I want to discuss Release Management, Reports, and Email and Message notifications. These are all must-know sections when you are planning on deploying Autopatch. Release ManagementWhere to find this?Windows Feature Management explainedRelease StatusesPhase StatusesRelease AnnouncementsRelease SettingsAutopatch GroupsPlanning for a New Release (Custom Release)Setting the Release PhaseNotifications - Email and Portal MessagesQuality … Continue reading 6. Windows Autopatch – Release Management, Reports and Notifications
Login to M365 Services Using Email As An Alternate Login ID
One of the decisions you may have taken when you first planned on your Azure AD/ Entra ID sync was the UPN and what it will be. The recommendation from Microsoft is to always align the Entra ID UPN with the user's email address. Why you ask? It is mainly to avoid confusion among the … Continue reading Login to M365 Services Using Email As An Alternate Login ID
5. Windows Autopatch – Entra ID Groups, and Policies
In this section I would like to deep dive on few things that is getting created as a part of the Tenant Enrollment. The good thing about this is that your Autopatch environment will be ready for you and ready to go when you enrolled it. Entra ID groups, Update Rings and Policies. Microsoft Learn … Continue reading 5. Windows Autopatch – Entra ID Groups, and Policies
4. Tenant Enrollment and Device Registration in Windows Autopatch
Tenant Enrollment for Windows Autopatch For the next steps of getting Autopatch to work, let's check the tenant Enrollment. Now that you have setup the prerequisites and other requirements, the enrollment will be pretty much following the bouncing ball type task. Path to enable Windows Autopatch Intune Portal > Tenant Administration > Tenant Enrollment (under … Continue reading 4. Tenant Enrollment and Device Registration in Windows Autopatch
Don’t Mess Around with MDM User Scopes – A Different Take to “Something Went Wrong 8004005” and “OOBEAADV10” Errors
Something went horribly wrong. Not the policies. Not the deployment profiles, Not the ODJ profile, not the ESP. Let me explain. Setup in a high-level Intune Connector setup Intune Connector account is licensed and the Intune admin role assigned OU delegation done Hybrid Join GPO has setup MDM Auto-enrollment GPO has set Autopilot deployment profiles … Continue reading Don’t Mess Around with MDM User Scopes – A Different Take to “Something Went Wrong 8004005” and “OOBEAADV10” Errors
How to Setup 3rd Party Device Compliance Partners in Intune for Conditional Access
While Intune and Entra ID as a whole provide industry-standard device compliance policies and conditional access policies to govern them, there might be a chance that a subset of your device fleet is managed via a different MDM. In the field when I'm talking with the customers, this is mostly because Microsoft Intune was catching … Continue reading How to Setup 3rd Party Device Compliance Partners in Intune for Conditional Access
3. Windows Autopatch Device Readiness
Existing GPOs, Registry Settings, Config Manager and MDM Settings In this section, I would like to go through some important changes required in your environment before moving to Widows Autopatch. Ideally, this comes in step 3 of the development journey - Pilot. With everything in place, you may have selected the devices that need to … Continue reading 3. Windows Autopatch Device Readiness
2. Setting up Prerequisites for Windows Autopatch
Windows Autopatch Guide Blog 2 of 7 In this section, I will look at the prerequisites that need to be setup in order to carry out a successful Windows Autopatch implementation. Minimum Windows OS Version (at the time of writing)RBAC SetupLicenses for AutopatchNetwork ConfigurationDevice ManagementWrapping Up Minimum Windows OS Version (at the time of writing) … Continue reading 2. Setting up Prerequisites for Windows Autopatch
1. Planning for Windows Autopatch
Windows Autopatch Guide Blog 1 of 7 Planning for Windows Autopatch is one of the core tasks you need to be doing regardless of the current patching state you are in. Mainly because it has few components and, in most cases, the responsibilities are spread across the team. I would like to dedicate this space … Continue reading 1. Planning for Windows Autopatch
Microsoft Defender for Endpoint – Passive Mode
Passive mode and EDR in block mode. It's fair to assume that if Defender is not the "Active" or the "Primary" AV on the computer, then that will be running in Passive mode. However, in the Defender world, it is one of the states where you can leave Defender running. However, that might not be … Continue reading Microsoft Defender for Endpoint – Passive Mode
Quick Defender SmartScreen Deep Dive with Niklas Tinner
Recently I got the opportunity to sit with Niklas Tinner, a like-minded tech guru and an End User Computing specialist to discuss Defender SmartScreen and its benefits, advanced hunting for SmartScreen incidents, policies, and best practices. https://www.youtube.com/watch?v=YI_x_dtrSFQ And detailed blog post on the same can be found below. https://shehanperera.com/2022/12/14/defender-smartscreen-deep-dive-02/
How to Track Devices with a Faulty MDE Sensor Health State, Using a Logic App Workflow?
The MDE Sensor Health what we like to see is "Active". The sensor health we don't want is "Inactive" or "Misconfigured". But sometimes it is almost impossible to track the sensor status of all the devices every day so the devices will be all healthy. However, in order to properly communicate with Defender, the endpoint's … Continue reading How to Track Devices with a Faulty MDE Sensor Health State, Using a Logic App Workflow?
How to Enable the New Security Settings Management Feature in Defender Security Portal
In Public Preview at the time of the writing. This is a much-needed feature I believe. Also in most of the IT departments due to the tasks being segregated among different admins, most of the time it is a team game and you need 2 different admins (Intune Administrator and a Security Administrator) to collaborate … Continue reading How to Enable the New Security Settings Management Feature in Defender Security Portal
A Summary of the Microsoft Entra Announcements
❗A Summary of the Microsoft Entra Announcements in case you have missed the chatter 🙂 Full Story - https://www.microsoft.com/en-us/security/blog/2023/07/11/microsoft-entra-expands-into-security-service-edge-and-azure-ad-becomes-microsoft-entra-id/ ⚡Microsoft Entra IDAzure AD --> Now "Microsoft Entra ID"🔗https://lnkd.in/gmr756ws ⚡Microsoft Entra ID Governance - Now Generally Available🔗https://lnkd.in/gJ3zQbj5 ⚡Microsoft Entra Internet Access (preview) - An identity-centric Secure Web Gateway that protects access to internet, software as a service (SaaS), … Continue reading A Summary of the Microsoft Entra Announcements
How to Use the Conditional Access Policy Gap Analyzer Workbook?
Did you know that like in all other Azure services, workbooks are available in Azure AD too? And the good thing about this is, there are a lot of good workbooks ready to be opened and no need to write your KQL queries again. Well, if you fancy your KQL, you can start a new … Continue reading How to Use the Conditional Access Policy Gap Analyzer Workbook?
🎙️MS EMS Community Podcast EP04
https://www.youtube.com/watch?v=XWvXVCIUm2c In this episode, myself along with Jonas Bøgvad , Andrew Taylor MVP, Lewis Barry and Eric Woodruff, CIDPRO discusses about,⚡️Intunemaps.com and the thought process behind that⚡️An in-depth look at AAD App Registration⚡️An in-depth look at the PRT⚡️MFA Number matching⚡️FIDO and Security
Configure Intune Built-In Roles Using Azure AD PIM for Groups
The perfect Azure AD, Intune combo does not exi..... Some time ago I wrote about Azure AD PIM for groups and its usages. This came to light a few days ago in Microsoft Tech Community as an article and I thought I will give my touch to it. What is it and Why Does This … Continue reading Configure Intune Built-In Roles Using Azure AD PIM for Groups
EMS Route 