Keep your Microsoft Intune tenant clean and tidy /w Azure Automation & Graph API

Nowadays Microsoft provides us a lot of flexibility to empower end-users to be productive as never before. Users are able to register their devices in order to access corporate resources anytime, anywhere on devices they love. Provisioning of Windows 10 devices to your enterprise has never been easier for end-users. They are even able to join their brand new devices to the corporate from home taking benefit of Windows Autopilot & Azure AD MDM auto-enrollment.

From an end-user perspective this is great, productivity can be restored in minutes instead of hours or even days. However the flexibility we provide for the end-users has a downside from an IT Admin perspective. As we’re able to join or register devices to Microsoft Intune/Azure AD, it causes a lot of obsolete device objects in your tenants. Continue reading “Keep your Microsoft Intune tenant clean and tidy /w Azure Automation & Graph API”

Control Access to SharePoint Online/OneDrive from unmanaged devices

In a mobile-first cloud first world the need of accessing corporate resources on unmanaged devices is rising. This is the cutting edge of managing your corporate data (keeping it safe) and give your users the freedom to be productive on any device.

With Conditional Access we can control access to corporate data (such as Exchange Online, SharePoint Online, Yammer, Delve, Teams, etc.) based on a device (health) status such as being managed or complaint. These scenarios (conditions) are based on devices being managed by your company (MDM managed). With the introduction of Session Controls, organizations are enabled to grant limited access to corporate resources without losing control on unmanaged devices.

Conditional Access Session Controls

Continue reading “Control Access to SharePoint Online/OneDrive from unmanaged devices”

Available now: Enterprise Mobility + Security E5 IUR for Microsoft Partners

Today I was happily surprised with the announcement, as of today Microsoft Enterprise Mobility + Security E5 licenses are available through Internal Use Rights (IUR). This is great news for those who’re a Silver or Gold EMM competency partner. By this Microsoft Partners are enabled to adopt the latest security features in their own organization too. “Practice what you preach”

Enterprise Mobility + Security E5 IUR

One of the main benefits of the Microsoft Partner program are the IUR, which allows you to use Microsoft products in your own organization for free based on your partner competence levels. This applies to traditional software, software keys and Microsoft Online Services.

With IUR Microsoft Partners are able increase productivity, business value, and savings with your internal-use rights (IUR) benefits. The Enterprise Mobility + Security E3 had been available for some quite long time however the E5 was missing here, the more we’ve an imported role as partner to enable our customers with the latest Microsoft technology.

More information regarding Internal Use Rights can be found here.

New features like Azure AD Identity Protection & Azure AD Privileged Identity Management forms important (security) components in a more than ever emerging Enterprise Mobility + Security E5 proposition.

Click here to unlock your IUR benefits today!

ps. special thanks for those who make this possible ;-)

Top 3 feature enhancements of Windows 10 Creators Update

Yesterday I received an update of the Windows Insiders Program which contains some great improvements which I’d to share with you. Hereby some highlights.

Mobile application management

With the Creators Update we’re introducing mobile application management, a new feature that will protect data on personal devices without requiring the device to be enrolled in a Mobile Device Management solution. As employees use their own devices at work more and more, we are providing IT with oversight to apply policies to the applications employees use to be productive. This helps keep corporate data more secure without taking on the added responsibility of managing employees’ personal devices.

 

Continue reading “Top 3 feature enhancements of Windows 10 Creators Update”

Windows Information Protection…notes from the field! #MSIgnite

Windows Information Protection (WIP), previously known as enterprise data protection (EDP), helps organizations to protect corporate data against potential data leakage.

information-protection-needsThe concept is fairly simple and is actually based on defining two lists:

  • A corporate boundary list, which represents both on-premise & cloud network locations where managed apps can access corporate data;
  • A list of managed (trusted) apps, which are allowed to open, modify & store corporate data within the corporate boundary list.

In this blog we will look at some practical examples which you have to consider for a successful implementation of Windows Information Protection including a top 4 of recommended practices.

Continue reading “Windows Information Protection…notes from the field! #MSIgnite”