Keep your Microsoft Intune tenant clean and tidy /w Azure Automation & Graph API

Nowadays Microsoft provides us a lot of flexibility to empower end-users to be productive as never before. Users are able to register their devices in order to access corporate resources anytime, anywhere on devices they love. Provisioning of Windows 10 devices to your enterprise has never been easier for end-users. They are even able to join their brand new devices to the corporate from home taking benefit of Windows Autopilot & Azure AD MDM auto-enrollment.

From an end-user perspective this is great, productivity can be restored in minutes instead of hours or even days. However the flexibility we provide for the end-users has a downside from an IT Admin perspective. As we’re able to join or register devices to Microsoft Intune/Azure AD, it causes a lot of obsolete device objects in your tenants. Continue reading “Keep your Microsoft Intune tenant clean and tidy /w Azure Automation & Graph API”

Advertisements

One license solution rule them all: Azure AD Group Based Licensing!

A long awaited feature became this week available in the new Azure portal: Azure AD Group Based licensing. With this we have an one-stop-shop to assign licenses on a per user- or group based. azure-ad-group-based-licensing-1

Azure AD Group Based licensing was already available in the classic Azure portal,  however it was limited to  Azure AD Premium, Azure Rights Management, Microsoft Intune and Enterprise Mobility + Security licenses.  For other licenses like Office 365 we were designated to the Office 365 Admin portal or custom (automated) solutions such as PowerShell or Graph API. Continue reading “One license solution rule them all: Azure AD Group Based Licensing!”

Top 3 feature enhancements of Windows 10 Creators Update

Yesterday I received an update of the Windows Insiders Program which contains some great improvements which I’d to share with you. Hereby some highlights.

Mobile application management

With the Creators Update we’re introducing mobile application management, a new feature that will protect data on personal devices without requiring the device to be enrolled in a Mobile Device Management solution. As employees use their own devices at work more and more, we are providing IT with oversight to apply policies to the applications employees use to be productive. This helps keep corporate data more secure without taking on the added responsibility of managing employees’ personal devices.

 

Continue reading “Top 3 feature enhancements of Windows 10 Creators Update”

Secure your SaaS & On-premises applications with Azure AD Conditional Access

Last week Microsoft announced the public preview of Azure AD Conditional Access to protect Azure AD SaaS applications based on device-based policy rules. Conditional Access (CA) is already available for a quite long time for those who are using Microsoft Intune, but was scoped to Microsoft cloud services such as Dynamics CRM Online, Exchange Online, Exchange on-premises, SharePoint Online and Skype for Business Online.

With the introduction of CA for Azure AD SaaS applications it’s a great step forwards raising the security bar in a mobile first cloud first world securing your SaaS applications and how they being accessed.


In this blog I will not elaborate the detailed operation of CA but will show you how easily it is to configure and apply Azure AD Conditional Access for an on-premise web application which we have published by Azure AD Proxy. Continue reading “Secure your SaaS & On-premises applications with Azure AD Conditional Access”

New version of Azure MFA Server available (7.0.0)

image

For those who are using Azure Multi-Factor Authentication Server (on-premises) hereby a quick post to inform you there is a new version of Azure MFA Server available. The new version of Azure MFA Server (7.0.0.9) can be downloaded through the Azure Management Portal or MFA Management Portal.

Continue reading “New version of Azure MFA Server available (7.0.0)”

Part 2 – Define Privileged Desktop & Universal Applications for Enterprise Data Protection

My very first challenge – which was in my modest opinion the hardest part – with Enterprise Data Protection (EDP) was defining protected applications in a correct way. Many of you including myself were struggling how to define restricted applications.

image

In a serie blog posts I will provide some guidance how EDP works and how to configure protected apps, Configuration Manager and Microsoft Intune.

In this blog I’ll explain how you can retrieve the mandatory information required in order to define protected applications for your Enterprise Data Protection policies.

Continue reading “Part 2 – Define Privileged Desktop & Universal Applications for Enterprise Data Protection”

Use Custom Attributes for automatically populate Azure AD Dynamic Group Memberships

March this year the Active Directory team announced Attribute Based Dynamic Group Membership for Azure AD. Until then, group membership was a manual thing that had to be done for each user. With this feature you can specify a rule on an Azure AD security group that will automatically manage the membership of that group based on user’s attribute values. Dynamic Group Membership is supporting by default a subset of user attributes which can be used.

image

But what if you use in your organization custom attributes for various applications-, business- and provisioning processes? In this blog post we go further and will explain how to use custom AD attributes, extend your Azure AD tenant and use these custom attributes to automatically populating a security group.

Continue reading “Use Custom Attributes for automatically populate Azure AD Dynamic Group Memberships”