In the early days of onboarding Windows 10 endpoints to Windows Defender ATP you had to define a custom device configuration policy via Intune, in order to enable and register your Windows Defender ATP agents at scale.
The cloud management gateway (CMG) provides a simple way to manage Configuration Manager clients on the internet. By deploying the CMG as a cloud service in Microsoft Azure, you can manage traditional clients that roam on the internet ‘without’ additional (on-premise) infrastructure.
However, there is a limitation when deploying CMG using Azure CSP subscription.
This capability does not enable support for Azure Cloud Service Providers (CSP). The CMG deployment with Azure Resource Manager continues to use the classic cloud service, which the CSP does not support. For more information, see available Azure services in Azure CSP.
As CSP model is becoming more and more popular as Azure subscription, this scenario is a potential blocker for many customers having a CSP subscription which wants to deploy a CMG. The Microsoft product teams are aware of this situation and I’m sure they will solve this the sooner or later.
Converting your CSP subscription to an eligible Azure subscription is no option here (managed by CSP Partner). Therefore I would like to take you how to deploy a CMG while you’re on a CSP subscription. Yes it’s possible! In this blog I’ll describe what it takes to achieve this. Continue reading “Unleash your Azure CSP subscription for Cloud Management Gateway deployments”
Nowadays Microsoft provides us a lot of flexibility to empower end-users to be productive as never before. Users are able to register their devices in order to access corporate resources anytime, anywhere on devices they love. Provisioning of Windows 10 devices to your enterprise has never been easier for end-users. They are even able to join their brand new devices to the corporate from home taking benefit of Windows Autopilot & Azure AD MDM auto-enrollment.
From an end-user perspective this is great, productivity can be restored in minutes instead of hours or even days. However the flexibility we provide for the end-users has a downside from an IT Admin perspective. As we’re able to join or register devices to Microsoft Intune/Azure AD, it causes a lot of obsolete device objects in your tenants. Continue reading “Keep your Microsoft Intune tenant clean and tidy /w Azure Automation & Graph API”
Since December 2017 Microsoft Intune introduced support for multiple active SCEP/PFX connectors per tenant in order to provide high availability for certificate handling.
Initially the Microsoft Intune SCEP/PFX connector didn’t provide support for high availability. The SCEP/PFX connector could be installed as an single instance with no option for multiple active connectors.
In this blog post I’ll explain how to configure and enable Windows Hello Multifactor Device Unlock using Microsoft Intune. Windows Hello Multifactor Device Unlock provides multifactor device authentication for login or unlocking Windows 10 devices.
In my previous blog I highlighted the Security Analytics Dashboard of the Windows Defender Advanced Threat Protection and how to improve your organizations security excellence covering two improvement area’s: Windows Defender Antivirus and Windows Defender Application Guard.
In this blog I’ll cover two other improvement areas: Windows Defender Exploit Guard and SmartScreen Continue reading “Part 2: Improve your endpoint security /w Windows Defender ATP & Microsoft Intune: Exploit Guard & SmartScreen”
Remark: Some information relates to pre-released product (Windows 10 Insiders Preview build) which may be substantially modified before it’s commercially released. Microsoft makes no warranties, express or implied, with respect to the information provided here.
In my previous blog I highlighted some of the new (preview) features – Security Analytics Dashboard – of Windows Defender Advanced Threat Protection (WDATP). In this blog I’ll go into more details how you can improve your organizations endpoint security posture by translating the actionable recommendations into Microsoft Intune device restrictions profiles (aka policies).
Windows Defender Advance Threat Protection
Windows Defender ATP sheds light on configuration issues and provide insights to machines where security features are not configured or out of date. It does provide actionable recommendations to improve your endpoint security. The actual actionable improvement must be performed by your administrator. In this blog I’ll explain how to improve the security baseline of your endpoints by using Microsoft Intune. Continue reading “Part 1: Improve your endpoint security /w Windows Defender ATP & Microsoft Intune: Windows Defender Antivirus & Application Guard”