How to work with Administrative Units

More and more organizations are working with Azure Active Directory. Those organizations can have an Azure AD only implementation or and hybrid situation (On-Premises Active Directory where users/groups/devices are synchronized towards Azure AD). The on-premises Active Directory consists of Organizational Units where users and groups are hierarchical stored in the units, you can also assignContinue reading “How to work with Administrative Units”

Secure Windows Virtual Desktop with Conditional Access

Currently a lot of organizations are using Windows Virtual Desktop. A lot of security administrators asks questions how to secure Windows Virtual Desktop as this feature is public accessible. I’ve already implemented some conditional access policies regarding Windows Virtual Desktop. Examples are: Block access when a user is outside the network and his/her device isContinue reading “Secure Windows Virtual Desktop with Conditional Access”

Manage application permissions for your B2B users

It’s quite difficult for an IT department to manage access towards corporate data for B2B users. The IT department is mostly not aware which companies needs access to which resources of your organization. Also the IT department isn’t aware of the people that needs to have access towards a specific application. This article describes howContinue reading “Manage application permissions for your B2B users”

Secure administrator access in Intune with Intune RBAC

For larger companies it can be quite challenging to assign the correct permissions for their helpdesk users. For example if your company is located in Brussels and New York you don’t want to give your helpdesk staff access towards all devices and configuration settings. We often see companies that are using the default Intune AdministratorContinue reading “Secure administrator access in Intune with Intune RBAC”

Synchronize Bitlocker recovery keys to local AD

Most companies are working with different IT specialist, some of them are more experienced in configuring and managing Microsoft Endpoint Managers while others are working on first line support. In this situation IT does not want to grant access towards the Microsoft Endpoint Management portal for their first line support. For example, first line supportContinue reading “Synchronize Bitlocker recovery keys to local AD”

Pushing Teams Background images through Intune

Microsoft announced that you can finally use custom background images during Teams meetings. Our customers directly contacted us how to upload those images. Some of them already created their own custom branding background image and wanted to distribute this towards their end users. The procedure for uploading your custom background images can be to technicalContinue reading “Pushing Teams Background images through Intune”

Automate B2C Deployments with Azure Devops

It can be hard to manage different environments in Azure AD B2C. You need to switch to all the different tenants to upload your policies. This is not an ideal situation when working on multiple customer projects. This blog describes how to automate your deployments on multiple environments. The configuration on the script is notContinue reading “Automate B2C Deployments with Azure Devops”

Restrict download on a personal device

Currently a lot of users are working from home during the corona virus but what about security? We can follow up the logs of specific users in cloud app security or you can create custom alerting but what if you’re working in an organization with more than 1000 users? This blog describes how to restrictContinue reading “Restrict download on a personal device”

Let users report phishing

It’s quite hard for an IT department to report false-postives and false-negative messages regarding SPAM or Phishing. We can setup multiple policies in ATP block specific sender, allow specific senders etc. This can frustrate end-users as some mails are handled as SPAM but it’s a false-positive for the end user. Well through the Message ReportContinue reading “Let users report phishing”