Tag: M365

OAuth App Governance

How often do you check and track the Apps list or the app permissions in Enterprise apps in Microsoft Entra? Is that only when you need to register or create a new app? How about user-installed apps? What controls do you have on users' consent on apps? Or know what apps are making excessive calls … Continue reading OAuth App Governance

How to Use the Conditional Access Policy Gap Analyzer Workbook?

Did you know that like in all other Azure services, workbooks are available in Azure AD too? And the good thing about this is, there are a lot of good workbooks ready to be opened and no need to write your KQL queries again. Well, if you fancy your KQL, you can start a new … Continue reading How to Use the Conditional Access Policy Gap Analyzer Workbook?

Protected Actions in Azure AD

Update 18/06/2024 Protected Actions are out of Preview and have 17 actions as opposed to 7 actions that was there when it was in preview. ✅Available Protected Actions Update basic properties for Conditional Access policies Create Conditional Access policies Update allowed cloud endpoints of cross-tenant access policy Update Microsoft Entra B2B collaboration settings of the … Continue reading Protected Actions in Azure AD

Organizational Messages – A Better Way to Push Important Messages to Your Users via Microsoft Intune

There were a lot of new updates for Microsoft Intune at the Ignite 2022. Organizational Messages are one of them. This feature is still in preview and believe more options will be available in the coming months. Imagine you need to send that one quick important message to the users on a Friday afternoon reminder … Continue reading Organizational Messages – A Better Way to Push Important Messages to Your Users via Microsoft Intune

My First Speaking Session and the First Microsoft EM+S Community Live Event

So last week I finally did my very 1st speaking session. This is the very 1st community event held by the Discord Group Microsoft EM+S Community. Microsoft EM+S Community https://www.youtube.com/watch?v=Cxr61C4g7iQ Shout out to the other speakers as they've all done a great job in presenting their sessions as well as continuously sharing their knowledge on … Continue reading My First Speaking Session and the First Microsoft EM+S Community Live Event

Configure “Enhanced Phishing Protection in Microsoft Defender SmartScreen” in Windows 11 22H2 via Endpoint Manager

Windows 11 22H2 update brought a lot of good stuff and as a tech enthusiast I really appreciate what Microsoft is doing to ensure the end user devices are protected. Enhanced Phishing Protection in Microsoft defender SmartScreen is one of them. While the features are available to the standard Windows Home user, I tested these … Continue reading Configure “Enhanced Phishing Protection in Microsoft Defender SmartScreen” in Windows 11 22H2 via Endpoint Manager

How to Use Endpoint Manager Import ADMX Function to Map Shared Drives

Earlier this year I wrote the same but more of a manual method to map drives using Endpoint Manager OMA-URI function and by ingesting the ADMX files in raw form to configure the drives. https://shehanperera.com/2022/04/01/network_shares_with_mem/ After Microsoft announced the Preview of the Import ADMX function, I was thrilled as I wanted to test out a … Continue reading How to Use Endpoint Manager Import ADMX Function to Map Shared Drives

A Closer Look At The Azure AD Joined Device Local Administrator Role And Endpoint Manager Account Protection Policy

Local Admin is a must needed account/ access that requires in a domain setup for so many reasons. Over the years Microsoft brought many options to manage these accounts in a secure manner. Restricted groups/ LAPS etc. With Azure AD and Endpoint Manager in the scene, many devices are moved to cloud managed rather than … Continue reading A Closer Look At The Azure AD Joined Device Local Administrator Role And Endpoint Manager Account Protection Policy

Get Notified When You Have Group Based License Assignment Issues

I'm considered as a citizen developer and I know the ways to get some automation happening when it needed the most. This is one of them. This has been in my head for a while and I've seen this happening many times. SO thought to do some findings, playing around with the tools to come … Continue reading Get Notified When You Have Group Based License Assignment Issues

Microsoft Entra – An Overview

Woke up to a nice little surprise from Microsoft this morning. Microsoft Entra. At first glance It looked like they have bundled the Identity and Access related products in to one portal and provides access via https://entra.microsoft.com According to Microsoft, this is a single pane of view for all Identity and Access related solutions, which … Continue reading Microsoft Entra – An Overview

Pros and Cons of Using Microsoft Endpoint Manager Policy Sets Feature

What else can be a great feature in Microsoft Endpoint Manager other than bundling up all the policies and create that "Golden Image" type policy and assign it to the Device or User groups so from an Administrators perspective, you don't need to individually assign groups in to policies and apps and managing this will … Continue reading Pros and Cons of Using Microsoft Endpoint Manager Policy Sets Feature

Intune Remote Help to the Rescue

I think it's too soon to compare Remote Help with a tool like TeamViewer because the Remote Help feature with Microsoft Intune just went on GA this week. I was looking at this option for quite a while and finally got time to test and write about it. Remote Help BenefitsRemote Help License RequirementsNetwork ConsiderationsConfigure … Continue reading Intune Remote Help to the Rescue

I’ve completed the MDE Ninja Training and it was great! (my thoughts and experience)

It took me sometime, but finally completed the MDE Ninja training. I got to know about this course from a local user group meetup and it hit me. This certificate is not a standard Microsoft certificate, but I would say more of an achievement celebration from Microsoft for the effort we put to learn the … Continue reading I’ve completed the MDE Ninja Training and it was great! (my thoughts and experience)

How to Assign Admin Roles to Azure AD Groups with Access Reviews and Just in Time Access?

As of July 31 2021, this feature in Generally Available and was notified in the M365 Admin Center with the message MC274516 This approach is how you assign roles to Azure AD Groups along with the Privileged Identity Management features Just in Time access and Access Reviews options. Previous setup If you need to assign … Continue reading How to Assign Admin Roles to Azure AD Groups with Access Reviews and Just in Time Access?

How to analyze Conditional Access Policies with ‘Report Only’ Mode?

Conditional Access Polices can be setup in 3 main modes. On/ Off/ Report Only. On and Off modes are self explanatory where "Report Only" mode needs additional work. This post will go in detail on how to use the Report Only mode before you actually switch to ON. Read more about Conditional Access Policies https://shehanperera.com/2022/05/03/aad-cap101/Continue reading How to analyze Conditional Access Policies with ‘Report Only’ Mode?

3 Ways to Enforce Azure AD MFA Registration in Azure AD/ M365 Tenant

Requirement of having MFA on Azure AD accounts are top priority at the moment and basically it has become a basic requirement. There are couple of ways to enable MFA on to user accounts by default. This can make sure all users are protected without having t o run periodic reports etc. Reason for collation … Continue reading 3 Ways to Enforce Azure AD MFA Registration in Azure AD/ M365 Tenant

Edge Browser Apps – A simple solution for managing multiple Outlook accounts for Teams meetings and multiple Teams sessions!

With the current upraise of Teams usage for collaboration meetings have been simplified and gone up to the next level of features. However, Microsoft still haven't addressed the use case where users having multiple Mailboxes in Outlook added with delegation permissions (Shared mailboxes or User mailboxes) and to use the specific account's Teams features when … Continue reading Edge Browser Apps – A simple solution for managing multiple Outlook accounts for Teams meetings and multiple Teams sessions!

A Step-by Step Guide to a PST Free Environment

Limited mailbox size due to limited mailbox database size due to on-premises server's disk space due to the number of users. Sound familiar?On-premises Exchange servers always dictates the server disk space and that always comes down to proper user profiling and limiting the per user mailbox capacities. Result of this? Archive the emails in to … Continue reading A Step-by Step Guide to a PST Free Environment