Mark the calendars and make the necessary reminders - 15 Oct 2024 as this will be the day that this enforcement will come into play. This is a good initiative as it will apply the extra layer of protection to the set of applications below. As you can see most of the applications listed below … Continue reading Mandatory MFA Enforcements! Including Service Accounts and Break Glass Accounts. Now What?
Author: Shehan Perera
I’m a self driven and passionate individual about Windows Server management, Cloud strategies, Azure, Microsoft 365, Exchange Server, Microsoft Teamwork, Microsoft Infrastructure technologies, ITIL standards, end user support and a passion for troubleshooting.
I strongly believe my skills in different layers in IT Infrastructure during the last 10 years has immensely helped me to become the person I am today and I embrace it and loving every second of it.
Browser Security With Microsoft Intune – Set Google Workspace Domain Restrictions
It is possible that the organizations are in multi-cloud environments. Having a Google Workspace is nothing new. However, if you want to make sure your users are only login to a given list of domains and not to other Domains, a policy setting is imminent. Usage: This policy works in both Microsoft Edge and Google … Continue reading Browser Security With Microsoft Intune – Set Google Workspace Domain Restrictions
Browser Security With Microsoft Intune – How to Block Browser Extensions?
This is blog post 1 of the Browser Security With Microsoft Intune series. I wanted to dedicate this article to browser extensions. This is something we all know dearly, but can pose issues in a working environment if it's not managed properly. The IssuePast Browser Extension-Related IncidentsCreate the PolicyMicrosoft EdgeGoogle ChromeMozilla FirefoxKey Settings to Consider … Continue reading Browser Security With Microsoft Intune – How to Block Browser Extensions?
Browser Security With Microsoft Intune
This is a new set of blog articles I want to introduce. It's no wonder that the browser has become one of the main components in the device and what browser you use, security is an integral part of it. Microsoft Intune supports browser security and goes into the deep levels of helping the admins … Continue reading Browser Security With Microsoft Intune
Identity Centric Zero-Trust Network Access (ZTNA) and Entra Private Access 🌐
I've been doing a lot of research into Microsoft's new Global Secure Access recently as most of the features have gone on General Availability. Entra Private Access caught my eye. However, before discussing the feature, it is wise to discuss about the underlying technology that Entra Private Access uses and then jump on to it. … Continue reading Identity Centric Zero-Trust Network Access (ZTNA) and Entra Private Access 🌐
How to Configure Cloud Kerberos Trust to Authenticate an Entra ID Joined Device Using Windows Hello for Business (WHfB)?
Long topic and number of jargon. Cloud Kerberos Trust, Windows Hello for Business (WHfB), Entra ID Joined. Let's break them down one by one and see how Cloud Kerberos Trust will help you in the cloud journey. This in fact will remove one more on-prem dependency. Exciting, isn't it? Let's dig in. What this article … Continue reading How to Configure Cloud Kerberos Trust to Authenticate an Entra ID Joined Device Using Windows Hello for Business (WHfB)?
Leave the Privileged Cloud Identities in the cloud with PIM and RBAC enabled and not synced!
🔸What does this mean?It simply states that Privileged accounts or the accounts that can be elevated in to privileged accounts responsible for tasks in cloud systems must be created as “in-cloud” accounts rather than syncing from a local/ on-prem directory. 🔸Why you ask?The most classic example anyone can think of is Entra ID privileged roles … Continue reading Leave the Privileged Cloud Identities in the cloud with PIM and RBAC enabled and not synced!
Hardening Exchange Online Security with Microsoft Entra, Intune, and Defender XDR
Your emails are now in the cloud, specifically Microsoft 365 - Exchange Online (EXO). Now what? For many organizations emails are the heart and soul of communication and past records and they use the same On-premises methods to protect emails in the cloud. Regardless, defending it from bad actors is a must because this is … Continue reading Hardening Exchange Online Security with Microsoft Entra, Intune, and Defender XDR
💻 Intune Policy refresh intervals Vs. Config Refresh in simple terms
These are similar-looking terms that perform two different tasks and this quick nugget is to unpack what they do. ⚡Policy Refresh Intervals⚡ This is the standard way for the device to check in with the Intune service to receive the policies and settings.When the device is enrolled with Intune for the 1st time, notifications will … Continue reading 💻 Intune Policy refresh intervals Vs. Config Refresh in simple terms
Microsoft Defender for Identity – A Deep Dive
Microsoft Defender for Identity or MDI. The main purpose of this write-up is to shed some light on the fact that why you need MDI in your environment and how it can protect your traditional on-premises AD infrastructure. It's no wonder that there are a lot of other products in the market that do similar … Continue reading Microsoft Defender for Identity – A Deep Dive
Unpacking Defender for Endpoint Licensing
I've stumbled upon this matter recently and I'm sure you may have also gone clueless at some point and scratching your head to figure out WHY and how it went wrong? Let's go! I also had the same 4 phases as Sheldon from The Big Bang Theory, which I guess perfectly matches this scenario. At … Continue reading Unpacking Defender for Endpoint Licensing
How to Change Intune Security Baseline Policy to Version 23H2?
I'm excited to see the new Security Baseline version is finally available in Intune. Version 23H2 for Windows 10/11. This is a quick look at the policy and useful details on migration to the new policy. What you will see in the Security Baselines nowWhat's Available in Version 23H2Some Notable SettingsMigrating from an older BaselineIf … Continue reading How to Change Intune Security Baseline Policy to Version 23H2?
How to Use Intune to Create a Dell BIOS Config Profile?
Creating BIOS Configs and ingesting it during the imaging process is a tad bit old school when you think about moving to newer technologies that can do the same. Microsoft Intune recently introduced the BIOS Config Profile as a template in Intune. At this stage, DELL devices can be set up with this. At the … Continue reading How to Use Intune to Create a Dell BIOS Config Profile?
Control Device Code Flow With Entra ID Conditional Access Policies
With the latest developments in Entra ID Protection space, Conditional Access Policies got a bit of a facelift with the Authentication Flow control feature. Still, in Preview, Device Code Flow and Authentication Transfer are the features introduced with the Authentication Flows. I want to cover the Authentication Transfer process in a different article so this … Continue reading Control Device Code Flow With Entra ID Conditional Access Policies
Why Does Group Policy Analytics Matter In Microsoft Intune?
"We never know what that GPO really does", and "The person who created this GPO is not in the business anymore". Sounds familiar? Most of the businesses that have a Microsoft ecosystem and who have been using AD/ GPO for a long time always have stories to tell about the Group Policies. This blog is … Continue reading Why Does Group Policy Analytics Matter In Microsoft Intune?
5 Practical Usages of PIM for Groups Explained
I have always been a huge advocate of Entra ID Governance and its usage. It is paramount to make sure the Identity Governance health is in a good position while applying the best practices because Identity is an attack vector, period. Once a bad actor gets hold of the identity, accessing confidential data, Azure resources, … Continue reading 5 Practical Usages of PIM for Groups Explained
Microsoft Intune Enterprise App Catalog is Here!
As announced in Microsoft Ignite 2023, the latest addition to the Intune Suite features the Enterprise Application Management and it's Enterprise App Catalog is finally GA as of today. This will remove a lot of hassle that the Device Management Admins need to go through in re-packaging apps in to a .intunewin file and adding … Continue reading Microsoft Intune Enterprise App Catalog is Here!
How a Synthetic Registration in Entra ID Can Protect the Devices ASAP with Defender for Endpoint?
One of the popular queries I have got by working with many customers for their Defender for Endpoint deployment projects is We need the Defender Security Policies to be assigned and working as soon as the device is onboarded to MDE.Having Onboarded to MDE, if and when Intune enrollment and Device Registration in Entra ID … Continue reading How a Synthetic Registration in Entra ID Can Protect the Devices ASAP with Defender for Endpoint?
Device Hardening with Intune Security Baseline for Windows Policy
The word on the street is not "If I get hacked" but "when I will get hacked" and securing your infrastructure starts from your end users and devices and hardening those devices that the users use every day has never been so important. Security Baseline policy for Windows 10 and later. This is one of … Continue reading Device Hardening with Intune Security Baseline for Windows Policy
From ConfigMgr to Fully Intune Managed in 2024. Let’s Make That a Reality
If you have Config Manager today and if you are thinking or planning on moving the devices and the workloads to Intune, this article is for you. If you are in that state today, chances are you have a stable (or near stable) method of managing the devices, patch updates, and GPOs. Moving the capabilities … Continue reading From ConfigMgr to Fully Intune Managed in 2024. Let’s Make That a Reality
EMS Route 