Organizations face increasing challenges in securing internet traffic and enforcing web access policies in today’s hybrid work environment. Two key tools from Microsoft, Microsoft Entra Internet Access (Global Secure Access) and Microsoft Defender for Endpoint (MDE), offer robust capabilities for managing security and productivity on the endpoint. This article provides an in-depth comparison between the…
Month: January 2025
Navigating New Authentication Methods: SMS for Password Reset, Not for MFA
With the introduction of a converged policy combining settings from the legacy MFA portal and SSPR configuration, separating the use of SMS for password resets from its use as an MFA method has become challenging. This guide explains how to configure authentication policies effectively using authentication strengths in Microsoft Entra to address this issue. Table…
From SPF to DANE: Securing Microsoft 365 Email Communications
Enhancing the security of your organization’s communication channels is more critical than ever. Building on foundational protocols like SPF, DKIM, and DMARC, you can implement advanced technologies such as IPv6, DNSSEC, STARTTLS, DANE, and RPKI to secure Microsoft 365 email environments, specifically focusing on Exchange Online functionality. These protocols work in tandem to mitigate risks,…
Protecting your Break Glass accounts in Entra now that MFA gets enforced on more and more Admin portals
As Microsoft continues to enhance security across its platforms, Multi-Factor Authentication (MFA) is becoming mandatory for an increasing number of administrative portals. This shift means that relying solely on a username and complex password for break glass accounts is no longer viable and should be revisited (if not already done). This initiative aligns with Microsoft’s…
Governing OS Versions in Microsoft Intune: Best Practices and Configuration
In a modern managed workplace environment, ensuring that devices meet minimum operating system (OS) requirements is a critical aspect of security and compliance. By governing the OS versions allowed within your Microsoft Intune environment, you can prevent unsupported or outdated systems from accessing corporate resources. Additionally, having well-configured Windows Update for Business (WUfB) settings can…
Renewing Apple Enrollment Program, VPP Token, and MDM Push Certificate in Microsoft Intune and SCIM token in Entra.
Introduction Managing Apple devices in Microsoft Intune requires maintaining active integrations with Apple services. To ensure continued functionality, administrators must periodically renew four key components, including the SCIM token for third-party applications integrated via Microsoft Entra ID: Failure to renew these components before they expire can disrupt device management and app deployment. This guide provides…