Author: Ronny de Jong

As principal consultant & Microsoft MVP I work for Inspark, the #1 Dutch Microsoft Partner specialized in Datacenter & Apps, Modern Workplace, Data/AI, Security & Managed Services. As principal consultant I'm member of the Technology Board, which is responsible for technology innovation, strategy & vision of InSpark. My primary focus is on Microsoft 365 (Identity-, Modern Workplace-, Security & Threat protection. He‘s responsible for a great team of highly skilled consultant’s helping customers to accelerate by innovation. As Microsoft MVP I'm working closely with various Microsoft product groups to provide (customer) feedback, product improvements & most important contribute to the community by sharing knowledge & experience via this blog and social channels. My presence at various international (community) events like Tech Summit, Expertslive Europe, TechDays, Techorama & various user group meetings are dedicated by meeting people & again sharing knowledge. Modern Workplace: Microsoft Intune, Configuration Manager, Windows 10, Autopilot, Always-On VPN, Windows 10 Security (Windows Hello for Business, Application-, Credential-, Device-, Exploit Guard, FIDO2, N-Factor), Desktop Analytics, Windows Desktop Virtualization. Threat Protection: Azure Security Center, Windows Defender ATP, Azure ATP, ATA, Cloud App Security. Identity & Access Management: Active Directory Federation Services, Azure AD (Connect), Azure Information Protection, Azure Multi Factor Authentication (MFA), Azure Application Proxy, Azure AD Privileged Identity Management, Azure AD Identity & Password Protection.

Keep your Microsoft Intune tenant clean and tidy /w Azure Automation & Graph API

On By Ronny de JongIn Andriod, Azure, Azure AD, Enterprise Mobility, Enterprise Mobility Management, iOS, Microsoft Intune, Mobile Device Management, PowerShell, Windows 105 Comments

Nowadays Microsoft provides us a lot of flexibility to empower end-users to be productive as never before. Users are able to register their devices in order to access corporate resources anytime, anywhere on devices they love. Provisioning of Windows 10 devices to your enterprise has never been easier for end-users. They are even able to join their brand new devices to the corporate from home taking benefit of Windows Autopilot & Azure AD MDM auto-enrollment.

From an end-user perspective this is great, productivity can be restored in minutes instead of hours or even days. However the flexibility we provide for the end-users has a downside from an IT Admin perspective. As we’re able to join or register devices to Microsoft Intune/Azure AD, it causes a lot of obsolete device objects in your tenants. Continue reading “Keep your Microsoft Intune tenant clean and tidy /w Azure Automation & Graph API”

Microsoft Intune introduced High Available (HA) support for SCEP/PFX Connector

On By Ronny de JongIn Active Directory Certificate Services, Andriod, Enterprise Mobility, iOS, Microsoft Intune, Modern Management, Network Device Enrollment Service, Simple Certificate Enrollment Protocol, Windows 103 Comments

Since December 2017 Microsoft Intune introduced support for multiple active SCEP/PFX connectors per tenant in order to provide high availability for certificate handling.

Initially the Microsoft Intune SCEP/PFX connector didn’t provide support for high availability. The SCEP/PFX connector could be installed as an single instance with no option for multiple active connectors.

Microsoft Intune SCEP-PFX Connector
Microsoft Intune SCEP/PFX connector support multiple active connectors per tenant.

Continue reading “Microsoft Intune introduced High Available (HA) support for SCEP/PFX Connector”

Windows Defender ATP updates including BitLocker & Firewall security controls

On By Ronny de JongIn Threat, Windows 10, Windows 7, Windows 8.1, Windows Defender Advanced Threat ProtectionLeave a comment

Alongside the announcement of down-level support for Windows 7 and Windows 8.1, there is more exciting news in regards to Windows Defender ATP. Since today Windows Defender ATP Security Analytics is extended with two new security controls; BitLocker and Firewall.

Windows Defender ATP Security Controls: BitLocker & Firewall

Continue reading “Windows Defender ATP updates including BitLocker & Firewall security controls”

Enable Windows 10 Multifactor Authentication with Windows Hello Multifactor Device Unlock & Microsoft Intune

On By Ronny de JongIn Azure AD, Configuration Manager, Enterprise Mobility Suite, Microsoft Intune, Modern Management, Windows 10, Windows Hello for Business10 Comments

In this blog post I’ll explain how to configure and enable Windows Hello Multifactor Device Unlock using Microsoft Intune. Windows Hello Multifactor Device Unlock provides multifactor device authentication for login or unlocking  Windows 10 devices.

Windows Hello for Business

Continue reading “Enable Windows 10 Multifactor Authentication with Windows Hello Multifactor Device Unlock & Microsoft Intune”

Part 2:  Improve your endpoint security /w Windows Defender ATP & Microsoft Intune: Exploit Guard & SmartScreen

On By Ronny de JongIn Enterprise Mobility, Microsoft Intune, Windows 10, Windows Defender Advanced Threat Protection, Windows Defender ATP3 Comments

In my previous blog I highlighted the Security Analytics Dashboard of the Windows Defender Advanced Threat Protection and how to improve your organizations security excellence covering two improvement area’s: Windows Defender Antivirus and Windows Defender Application Guard.

In this blog I’ll cover two other improvement areas: Windows Defender Exploit Guard and SmartScreen Continue reading “Part 2:  Improve your endpoint security /w Windows Defender ATP & Microsoft Intune: Exploit Guard & SmartScreen”

Part 1: Improve your endpoint security /w Windows Defender ATP & Microsoft Intune: Windows Defender Antivirus & Application Guard

On By Ronny de JongIn Enterprise Mobility, Microsoft Intune, Threat, Windows 10, Windows Defender Advanced Threat Protection, Windows Defender ATP2 Comments

Remark: Some information relates to pre-released product (Windows 10 Insiders Preview build) which may be substantially modified before it’s commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.

In my previous blog I highlighted some of the new (preview) features – Security Analytics Dashboard – of Windows Defender Advanced Threat Protection (WDATP). In this blog I’ll go into more details how you can improve your organizations endpoint security posture by translating the actionable recommendations into Microsoft Intune device restrictions profiles (aka policies).

Windows Defender Advance Threat Protection

Windows Defender ATP sheds light on configuration issues and provide insights to machines where security features are not configured or out of date. It does provide actionable recommendations to improve your endpoint security. The actual actionable improvement must be performed by your administrator. In this blog I’ll explain how to improve the security baseline of your endpoints by using Microsoft Intune. Continue reading “Part 1: Improve your endpoint security /w Windows Defender ATP & Microsoft Intune: Windows Defender Antivirus & Application Guard”

Deploying Satya Nadella’s Guide “Hit Refresh” to the future /w Microsoft Intune eBooks

On By Ronny de JongIn Enterprise Mobility, Enterprise Mobility Suite, Intune, iOS, Microsoft Intune, Mobile Device ManagementLeave a comment

With the recent release of  Satya Nadella’s – Microsoft CEO – book and guide “Hit Refresh” to the future, it was  a perfect occasion to deploy eBooks with Microsoft Intune. Earlier this year Microsoft introduced support for volume purchase (VPP) support for eBooks via Microsoft Intune.

Overview of eBooks node in Microsoft Intune portal.

Volume Purchase Program’s (e.g. Microsoft Store for Business, Apple Business Store) lets you purchase multiple licenses for a book that you want to distribute to users in your company. With Apple you can distribute books from the Business, or Education stores. Continue reading “Deploying Satya Nadella’s Guide “Hit Refresh” to the future /w Microsoft Intune eBooks”