Warning! An unexpected restart during autopilot ESP can happen if you assign a configuration component to a device group. Many
Continue reading
Category: Modern workplace
Employees are more productive if they can do their work from a Cloud management workplace they love and wherever they want to work. The capabilities within the Microsoft 365 and EM+S suite have enough capabilities to make this happen. The blog articles into the modern workplace area describing my personal questions as well as customers or specific scenarios.
The modern workplace topics are related but not limited to the Endpoint Manager + security (EM+S) product suite of Microsoft. It includes features like Microsoft Endpoint manager (former known as Intune).
Hyper-connected world
Nowadays, the modern workplace managed by a Cloud service like Intune is essential to protect the organization’s data (intellectual properties). During any authentication attempt, the workplace compliance level is checked automatically. The Azure AD (IDP) calculates a risk score based on values like your location, type of application, and your digital footprint of a couple of weeks. The IT PRO or SecOps engineer needs to configure the requirements in Conditional Access (CA). Based on the configured CA policies, the authentication request is verified, and access is granted, blocked, or reported.
Enabling Cloud services
However, we are in a connected world, many enterprise organizations using on-premises IT components like Configuration Manager. It is essential to understand that the level of protection increases as soon as Cloud services are activated. Therefore, organizations are preparing workplace management workloads to the Cloud (co-managed/Cloud attached). For example, MBAM (disk encryption) to Intune.
In a lightweight or greenfield workplace management scenario, this approach is often different. Those organizations start managing their workplace fully from the Cloud (Intune). I experience that the employees become self-reliant as soon as the Cloud manages the workplace. They can do simple IT tasks themselves, like installing the workplace via Autopilot (+ Enrollment Status Page (ESP) + White Glove).
Management requirements
Businesses have requirements and demands for the technical configuration of a workplace. Often the configuration needs to meet (government) regulators or internationally recognized security frameworks like NIST. Endpoint Manager is capable of enforcing this via configuration-items. They also must distribute line-of-business applications or scripts. Intune as well Configuration Manager can distribute several types of applications to the managed device, independent of locations.
3 incredible Intune proactive remediation scripts
I was thrilled when I heard that Microsoft worked on proactive remediation (Windows Analytics) feature in Endpoint manager. Our customers
Continue reading
Quickly Assign autopilot profiles
P1 (QR-Code) I was always curious about the content of the QR code that I see during Autopilot WhiteGlove enrollments.
Continue reading
Discover the Intune Graph APIs with fiddler
Do you want to recover an Intune PowerShell script but cannot find it at your computer? Yes, this was me
Continue reading
Explain Conditional Access understandable
Most employees are working from home due to the COVID-19 situation. Therefore, organizations have the challenge if they permit using
Continue reading
Distribute custom backgrounds for Teams via Intune
Finally, it’s GA the capability to use custom backgrounds during a Microsoft Teams meeting. I’ve found tens of blogs that
Continue reading
A robust Conditional Access baseline sample
Are you preparing yourself for the implementation of a Conditional Access Baseline? Continue reading. In this article, I describe the
Continue reading
Insights in privilege accounts via workbooks
Azure workbooks can give you insights into the impact of your Conditional Access baseline. The Azure workbooks are easy to
Continue reading
Why do I need a second authentication factor?
Only 11% had a Multi-Factor-Authentication (MFA) solution enabled, as of January 2020, Microsoft said. My opinion is that any organization
Continue reading