The Microsoft 365 Apps admin center, available via https://config.office.com provides a portal where admins can manage Microsoft 365 Apps for Enterprise. Microsoft 365 Apps for enterprise is a subscription that comes with premium apps like Word, Excel, PowerPoint, Outlook, Teams, Publisher, and Access (Publisher and Access are only available on PC). The apps can be…
Category: Security
Speaking at the Workplace Ninja User Group Switzerland 2103 virtual meetup on March 19, about Modern Authentication and Designing & Building MEM for Operations
On Friday, the 19th of March, I will speak at the 2103 virtual meetup of the Workplace Ninja User Group Switzerland. During this event which lasts a whole day I’m going to present two sessions. One, together with Erik Loef will be about: “What is this Modern Authentication everyone is talking about?” and the other…
My presentation about Conditional Access at the Workplace Ninja User Group Netherlands
Yesterday, on Thursday February 16, I presented at the 19th Workplace Ninja User Group Netherlands Tuesdays Webinar. My session, titled “Azure AD Conditional Access demystified” started at 16:00, and lasted around 75 minutes. This session, which I prepared based on the various articles I wrote about the subject is continuously updated to reflect my current…
February 2021 update of the Azure AD Conditional Access demystified whitepaper and workflow cheat sheet.
I’m proud to announce the February 2021 update of my Conditional Access demystified whitepaper. With this release, we have reached the third iteration of the whitepaper starting with the first one released in August 2019 after writing several blogposts on the subject. In May last year I released the second version containing a lot of…
First look at Access Reviews for guests in all Teams and Microsoft 365 Groups
In January, Microsoft announced that they released a public preview allowing entitled customers to create Azure AD access reviews for guest users across all Microsoft Teams and Microsoft 365 Groups in the organization. By implementing Access Reviews, an identity governance feature you can review members of groups, enterprise applications and roles within your Azure Active…
Updating your Security baselines in Microsoft Endpoint Manager to a newer version
With the 2101 Service Release of Microsoft Intune, released this week (February 1, 2021) Microsoft released a lot of new features (more on that in other blogposts). One of the important changes in this service release is the fact that the security baselines for Windows 10 and Microsoft Defender for Endpoint (formerly Microsoft Defender ATP)…
Speaking at the Nordic Virtual Summit 2021 about Conditional Access
On Wednesday 10 and Thursday 11 February, several communities (A joint venture by #SGUCSE #SCUGDK #SCUGFI #MMUGNO and #MSEndpointMgr) in the Nordics are organizing the Nordic Virtual Summit. The organizing team consists of well-known community leads: Jan Ketil Skanke, Nicolay Andersen, Jörgen Nilsson, Stefan Schörling, Ronni Pedersen, Panu Saukko, Sandy Zeng and Maurice Daly. You…
Enabling Self Service Password Reset (SSPR) for your Modern Workplace users
On modern workplaces we use authentication techniques provided by Windows Hello for Business, like biometric and PIN. Due to this, user don’t login with their password all the time. Nowadays Microsoft even recommends to not set any password expiration policies because passwords which expire make users select predictable passwords, composed of sequential words and numbers…
Defining more granularity for your Conditional Access App Enforced Restrictions using Sensitivity Labels
In June this year I wrote an article about: Limit Access to Outlook Web Access, SharePoint Online and OneDrive using Conditional Access App Enforced Restrictions, the article explains how you can use Azure AD Conditional Access to restrict downloading and printing within SharePoint Online/OneDrive and Outlook Web Access (OWA). Within that article we used a…
Announcing #WMUG_NL Tuesdays Webinar 15 on December 1st, 2020 featuring Alex Verboon
For Tuesday, December 1 we are proud to announce that Alex Verboon, Cyber Security Consultant at baseVISION in Switzerland will host a session about: “Improving your security posture – Challenges and Solutions” Session abstract: In my daily work as a cyber security consultant I support my customers with improving their security posture. In this session…
Conditional Access demystified: My recommended default set of policies
In August last year, I published eight articles in a series on Conditional Access, and later once finished I decided to bundle those articles in a paper which are now available on GitHub. You can find version 1.1. of the Conditional Access demystified paper there. You can expect a new version coming soon, since I…
Understanding and governing reauthentication settings in Azure Active Directory
Governing when users receive authentication prompts when authenticating to Azure Active Directory (Azure AD) is depending on more than one setting, on which functionalities are in use and also in which scenario you authenticate (Browser, Modern clients or other). Reauthentication can take place by asking for a single factor, like password, FIDO, the password less…
Mobile Application Management for Mobile Devices with Microsoft Endpoint Manager/Intune deep dive
With Microsoft Intune, there is a lot of focus on the Mobile Device Management (MDM) aspects of the product. This is logical because from a management perspective, if you manage a device using MDM, you can configure almost all settings remotely, something we as System Administrators have been doing for many years. In many situations,…
Azure AD Continuous access evaluation (CAE), a first look
In April 2020 Alex Weinert, Director of Identity Security at Microsoft announced that Microsoft was working on moving towards real time policy and security enforcement. The first implementation for this move is now available as an option you can enabled within Azure AD, called Continuous access evaluation (CAE). The functionality released in April was only…
Microsoft is making changes related to automatic email forwarding for ATP customers, here is what you need to know
In February this year I blogged about Stopping automatic email forwarding in your Exchange Online environment in a controlled way providing a structural way to disable automatic email forwarding within your organization, while still allowing exceptions. This week Microsoft announced through the message center (MC220853) they are rolling out the External Email Forwarding Controls functionality…