With the increasing reliance on mobile devices in the workplace, organizations must choose the right strategy to manage and secure corporate data. Microsoft offers two primary options: Mobile Application Management (MAM) and Mobile Device Management (MDM). Understanding the differences between these approaches is essential for balancing security, user experience, and administrative effort. This article provides…
Category: Security
Comparing Web Filtering and Security: Microsoft Entra Internet Access (Global Secure Access) vs. Microsoft Defender for Endpoint (MDE)
Organizations face increasing challenges in securing internet traffic and enforcing web access policies in today’s hybrid work environment. Two key tools from Microsoft, Microsoft Entra Internet Access (Global Secure Access) and Microsoft Defender for Endpoint (MDE), offer robust capabilities for managing security and productivity on the endpoint. This article provides an in-depth comparison between the…
Navigating New Authentication Methods: SMS for Password Reset, Not for MFA
With the introduction of a converged policy combining settings from the legacy MFA portal and SSPR configuration, separating the use of SMS for password resets from its use as an MFA method has become challenging. This guide explains how to configure authentication policies effectively using authentication strengths in Microsoft Entra to address this issue. Table…
From SPF to DANE: Securing Microsoft 365 Email Communications
Enhancing the security of your organization’s communication channels is more critical than ever. Building on foundational protocols like SPF, DKIM, and DMARC, you can implement advanced technologies such as IPv6, DNSSEC, STARTTLS, DANE, and RPKI to secure Microsoft 365 email environments, specifically focusing on Exchange Online functionality. These protocols work in tandem to mitigate risks,…
Protecting your Break Glass accounts in Entra now that MFA gets enforced on more and more Admin portals
As Microsoft continues to enhance security across its platforms, Multi-Factor Authentication (MFA) is becoming mandatory for an increasing number of administrative portals. This shift means that relying solely on a username and complex password for break glass accounts is no longer viable and should be revisited (if not already done). This initiative aligns with Microsoft’s…
Governing OS Versions in Microsoft Intune: Best Practices and Configuration
In a modern managed workplace environment, ensuring that devices meet minimum operating system (OS) requirements is a critical aspect of security and compliance. By governing the OS versions allowed within your Microsoft Intune environment, you can prevent unsupported or outdated systems from accessing corporate resources. Additionally, having well-configured Windows Update for Business (WUfB) settings can…
Speaking at the February 2024 Azure APE Meetup
Today (Tuesday February 27th) I have the pleasure to speak at the February 2024 Azure APE Meetup organized by the Azure Platform Engineering (APE) community. The event, which is hosted by ShareValue, is held in Gouda, the Netherlands and starts at 18:00. At this event, I will be speaking about Microsoft Entra Id Conditional Access,…
Speaking at the Cloud Guardians Unleashed event of the Microsoft Cloud and Client Management Community
Tomorrow (Thursday January 25th) I have the pleasure to speak at the Cloud Guardians Unleashed event organized by the Microsoft Cloud and Client Management Community. The event, which is hosted by The Collective offices, is held in Zele, Belgium and starts at 17:00 At this event, I will be speaking about Microsoft Entra Id Conditional…
Speaking at the MCT Summit Europe 2024
This year, the annual Microsoft Certified Trainer (MCT) summit will be held in the Netherlands. The event which takes place between 14-17 January will take place at location “De Loods” in Rijswijk which is near The Hague. The event has a limited capacity of 200 attendees, which guarantees an intimate and engaging experience. At the…
What is this Microsoft SSE solution that everyone is talking about?
On July 11th, Microsoft announced that Azure AD would be renamed to Microsoft Entra ID. Microsoft also announced two new security offerings called Microsoft Entra Internet Access and Microsoft Entra Private Access as part of a Security Service Edge (SSE) solution. SSE covers the security aspects of a Secure Access Service Edge (SASE) solution. In…
What problem do passkeys solve?
Sometimes unlearning things is harder than learning As you might have read somewhere Microsoft is busy implementing support for passkeys in their product. I was always under the impression that these passkeys were device bound, meaning that it must be available on the device where you authenticate. Yesterday I watched an announcement video about upcoming…
Speaking at the Workplace Ninja Summit, September 27-29 2023
Starting on Wednesday September 27, till Friday September 29 the Workplace Ninja Summit which is an in-person event will take place in Baden, Switserland. This event is organized by the diverse Workplace Ninja User Groups throughout the world which provide delegates helping to organize this 3 day event. The event will have more than 100,…
Speaking at the Cloud Identity Summit 2023, on September 7th 2023
On Thursday September 7th, the annual Cloud Identity Summit will take place as an in-person event in Koblenz Germany. This event is organized by Thomas Naunheim, Gregory Reimling and René Wasel, you can find more information about them here. At this event, I will be speaking about Microsoft Entra Id/Azure AD Conditional Access in my…
December 2022 update of the conditional access demystified whitepaper and workflow cheat sheet.
I’m proud to announce the December 2022 update of my Conditional Access demystified whitepaper. With this release, we have reached the fifth iteration of the whitepaper and accompanying files. I released the first version in in August 2019 after writing several blogposts on the subject. In May last year I released the second version containing…
Conditional Access public preview functionality reviewed (22H2) – Part 3: Granular control for external user types
In the last couple of months, Microsoft released new functionality for Azure AD Conditional Access. All of this functionality is still in public preview, so please read the following article on what to expect from Preview functionality: Preview Terms Of Use | Microsoft Azure In these series of articles I will go through the following…