Search Security Blog Posts

Filter Posts

Tag:

Author:

Sort By: Newest First Oldest First Title (A-Z) Title (Z-A)

Recent Posts

Store your Microsoft 365 passkeys in 1Password

November 24, 2025 by Jan Bakker

entra security

Check out this article via web browser: Store your Microsoft 365 passkeys in 1Password Syncable passkeys in Microsoft 365 and Entra ID are here, so...

Read Article →

Teams Messaging Gains New Protections

November 24, 2025 by Tony Redmond

teams channel-conversations chats malicious-url-protection teams-messaging

Teams now includes weaponized file protection and malicious URL protection to make sure that people don't share bad files or URLs in chats or chann...

Read Article →

What Is Baseline Security Mode and Should You Rely on It?

November 24, 2025 by Daniel Bradley

microsoft-365 microsoft-entra

Explore the new Microsoft 365 Baseline Security Mode. Learn how to enforce secure baselines, run impact simulations, and see how controls compare t...

Read Article →

Autopilot Device Association

November 23, 2025 by rudyooms

autopilot intune

Autopilot Device Association finally gives Windows the tenant context it was missing during OOBE. With that link in place, Windows can apply OOBE s...

Read Article →

Microsoft Intune Multi Admin Approval: Securing Device Actions such as Wipe, Retire and Delete

November 22, 2025 by Oliver Müller

microsoft-365 microsoft-intune microsoft-tenant-hardening tutorials

Multi Admin Approval (MAA) in Microsoft Intune is a security feature that requires a second user’s approval before critical changes can be executed...

Read Article →

Automating Microsoft 365 with PowerShell December 2025 Update

November 21, 2025 by Tony Redmond

book powershell automating-microsoft-365-with-powershell microsoft-graph-powershell-sdk powershell-ebook

The December 2025 update (version 18) of the Automating Microsoft 365 with PowerShell eBook is now available to download. Current subscribers can f...

Read Article →

Defender for Endpoint - Custom Data Collection Rules

November 21, 2025 by Truls Dahlsveen

defender

Expand the logging capability of the DFE agent using custom rules - A bit of background on this feature might be needed - and a lot of credit has t...

Read Article →

Microsoft Defender for Identity Recommended Actions: Ensure that all privileged accounts have the configuration flag

November 21, 2025 by thalpius

microsoft

Identity leverages Secure Score with twenty-seven recommended actions. In a series of blog posts, I will go through all twenty-seven recommended ac...

Read Article →

How to Create an Agent Identity with Microsoft Graph PowerShell

November 20, 2025 by Daniel Bradley

agent-id microsoft-entra microsoft-graph

Learn how to use Microsoft Graph PowerShell to create an Agent Identity in Microsoft Entra Agent ID from an Agent Blueprint. The post How to Create...

Read Article →

KB- Windows 11 Advanced passkey settings

November 20, 2025 by Jan Bakker

windows-10

Check out this article via web browser: KB- Windows 11 Advanced passkey settings To whom it may concern. Since Windows 11 is capable of storing pas...

Read Article →

Microsoft Defender for Identity Recommended Actions: Change password for KRBTGT account

November 20, 2025 by thalpius

microsoft

Identity leverages Secure Score with twenty-seven recommended actions. In a series of blog posts, I will go through all twenty-seven recommended ac...

Read Article →

Microsoft Defender for Identity Recommended Actions: Change password of built-in domain Administrator account

November 20, 2025 by thalpius

microsoft

Identity leverages Secure Score with twenty-seven recommended actions. In a series of blog posts, I will go through all twenty-seven recommended ac...

Read Article →

Purview Launches New DLP Policy for Copilot Prompts

November 20, 2025 by Tony Redmond

compliance data-loss-prevention microsoft-365-copilot copilot-chat dlp-policy

A new DLP policy for Copilot prompts monitors blocked sensitive information types like credit card numbers to stop their use in Copilot prompts. Th...

Read Article →

Troubleshoot configured Defender AV settings with effective settings in Defender

November 20, 2025 by Jeffrey Appel

security defender-for-endpoint

To ensure Microsoft Defender Antivirus (Defender AV) provides full protection and leverages all its capabilities, it must be configured with the co...

Read Article →

How to Create an Agent Identity Blueprint With Graph Powershell

November 19, 2025 by Daniel Bradley

agent-id microsoft-entra microsoft-graph

Learn how to create Agent Identity Blueprints and Blueprint Principals in Entra Agent ID using Microsoft Graph PowerShell. The post How to Create a...

Read Article →

Intelligent Local Access Deep Dive

November 19, 2025 by Christopher Brumm

security cloud

Global Secure Access (GSA) enforces that all client traffic is routed through the cloud before reaching the target resource via Private Network Con...

Read Article →

Microsoft 365 Announcements at Ignite 2025

November 19, 2025 by Tony Redmond

microsoft-365 agent-365 ignite-2025 microsoft-365-copilot microsoft-purview

The Ignite 2025 keynote was a marathon 150-minute event, but some interesting Microsoft 365 announcements emerged, mostly centered on AI. Microsoft...

Read Article →

Entra ID Synced Passkeys and security considerations

November 18, 2025 by Robbe Van den Daele

entra-id security mfa passkeys

Introduction At Ignite 2025, Microsoft announced Entra ID would be supporting Synced Passkeys for multiple credential providers. This means users c...

Read Article →

Microsoft Launches Preview of Exchange Admin API

November 18, 2025 by Tony Redmond

exchange-online ews exchange-admin-api exchange-web-services

Microsoft launched the preview of the Exchange Admin API on November 17. The new API is intended to close known feature gaps that exist in the Grap...

Read Article →

What is Microsoft Entra Agent ID?

November 18, 2025 by Daniel Bradley

ai-agents microsoft-entra

Learn about the new Agent ID (preview) functionality in Microsoft Entra as well as Agent Identities and Agent Blueprints. The post What is Microsof...

Read Article →

Windows Recovery and Remediation

November 18, 2025 by rudyooms

blog

Wouldn’t it be nice if we finally had real controls for Quick Machine Recovery?Something that lets you trigger remediation when the device is alrea...

Read Article →

PowerShell Script Support Added for Win32 Intune App Deployment

November 17, 2025 by Daniel Bradley

microsoft-intune

PowerShell script support has been added directly to the Intune app deployment Wizard. Learn why this is a great improvement. The post PowerShell S...

Read Article →

Removing Inactive Entra ID User Accounts with PowerShell

November 17, 2025 by Tony Redmond

entra-id microsoft-entra-id detect-inactive-user-accounts entra-id-governance powershell

The Entra ID Governance solution includes a workflow to detect and remove inactive user accounts. Sounds good, but the same can be done with PowerS...

Read Article →

Microsoft Defender for Identity Recommended Actions: Built-in Active Directory Guest account is enabled

November 16, 2025 by thalpius

microsoft

Identity leverages Secure Score with twenty-seven recommended actions. In a series of blog posts, I will go through all twenty-seven recommended ac...

Read Article →

Copilot’s Temporary Chat

November 14, 2025 by Tony Redmond

microsoft-365-copilot bizchat copilot-pages microsoft-copilot temporary-chat

A temporary chat with Microsoft 365 Copilot is one that forgets everything discussed in the conversation once the chat is over. The idea is that by...

Read Article →

Monitoring Azure Access Elevation in Entra ID

November 14, 2025 by Nathan Hutchinson

entra-id azure defender-for-cloud-apps

Learn how to detect when a Global Admin silently elevates their access across all Azure subscriptions using Entra ID, Log Analytics, Azure Monitor,...

Read Article →

The Hidden Microsoft Entra PIM URLs Microsoft Never Documented – Even When ‘Restrict Access to Microsoft Entra Admin Center’ Is Enabled

November 14, 2025 by Michael Morten Sonne

azure azure-adentra-id conditional-access-policies identity microsoft

Last Updated on November 14, 2025 by Michael Morten Sonne Introduction Many organizations are tightening there security for… The post The Hid...

Read Article →

Microsoft Azure Attestation: The Next Step in Compliance

November 13, 2025 by rudyooms

blog

Microsoft is redefining Windows 11 compliance with Microsoft Azure Attestation (MAA). They are doing so with some new evaluation settings, such as ...

Read Article →

Microsoft Makes Another Change to Teams Channel Email Storage Location

November 13, 2025 by Tony Redmond

sharepoint-online teams channel-folder email-sent-to-teams-channels folder

In January 2025, Microsoft changed the SharePoint folder location to store copies of the email sent to Teams channels. Apparently, this update impr...

Read Article →

Why “User” Install Behavior Doesn’t Mean a User Install

November 13, 2025 by rudyooms

blog

This blog dives into how Intune handles MSI app deployments when you choose App Install Context: User, and why that setting doesn’t always do what ...

Read Article →

Auditing Claude Usage with the Copilot Researcher Agent

November 12, 2025 by Tony Redmond

microsoft-365-copilot anthrophic audit claude-llm researcher-agent

The question was asked if it was possible to identify use of the Claude LLM by the Copilot Researcher Agent. Audit records often help, so that's th...

Read Article →

How to Setup Synced Passkeys for Your iCloud Keychain

November 12, 2025 by Daniel Bradley

entra-id

Learn how to opt into the public preview and setup synced Passkeys in Microsoft Entra allowing users to store Passkeys in their iCloud. The post Ho...

Read Article →

New Entra Account Recovery Feature With Identity Verification

November 12, 2025 by Daniel Bradley

main entra-id

Learn about the new Account Recovery preview feature in Microsoft Entra that allows users to verify their identity during account recovery. The pos...

Read Article →

A Brief History of Soft-Deleted Entra ID Groups

November 11, 2025 by Tony Redmond

entra-id entra-id recover-soft-deleted-group security-groups soft-deleted-groups

Entra ID has long supported soft-deleted Microsoft 365 Groups. Now support is available to list and restore soft-deleted security groups in both th...

Read Article →

How to Stay up to Date With Microsoft 365 Updates

November 11, 2025 by Daniel Bradley

microsoft-365

Learn how to stay up to date with constant changes to Microsoft 365 products and services and build a consistent routine. The post How to Stay up t...

Read Article →

How to Use PIM with RBAC Roles: Purview, Exchange, and More

November 11, 2025 by Ewelina Paczkowska

security

Discover how to use PIM with RBAC roles to provide just-in-time access for users. Learn setup for Purview, Exchange, and more, plus the pros, cons,...

Read Article →

Teams Gains Ability to Start Chat with Email Address

November 10, 2025 by Tony Redmond

teams chat-with-email-address entra-id-b2b-collaboration guest-account

A new Teams feature allows users to initiate chats with any email address. This caused some commotion in the security community, but it's not that ...

Read Article →

Reporting the Use of Emojis in Teams Reactions

November 07, 2025 by Tony Redmond

teams channel-messages chat-messages count-of-emojis emojis

This article explains how to use PowerShell to extract audit data to analyze the use of emojis as Teams reactions to chat and channel messages. Thi...

Read Article →

Restore Deleted Cloud Security Groups in Microsoft Entra

November 06, 2025 by Daniel Bradley

entra-id microsoft-graph

Learn how to restore deleted cloud security groups in Microsoft Entra using the web portal and Microsoft Graph PowerShell. The post Restore Deleted...

Read Article →

Version 1.5 of the Microsoft 365 User Password and Authentication Report

November 06, 2025 by Tony Redmond

entra-id microsoft-graph authentication-method get-mgbetauserauthenticationmethod get-mguserauthenticationmethod

The Microsoft 365 User Passwords and Authentication report now includes the last used date for authentication methods (when available). The new dat...

Read Article →

WatchTra: Automated Attribute Compliance for Microsoft Entra ID

November 06, 2025 by Oliver Müller

microsoft-azure directory directory-extensions efficiency enforce

In many Microsoft Entra ID environments, the quality of user attributes remains an often underestimated factor in security and governance. WatchTra...

Read Article →

Microsoft 365 Companion Apps Fail to Impress

November 05, 2025 by Tony Redmond

microsoft-365 calendar-companion-app files-companion-app microsoft-365-companion-apps people-companion-app

Microsoft 365 Companion Apps are being deployed to Windows 11 PCs now. The apps don't seem to add much if any value over standard Microsoft 365 app...

Read Article →

Microsoft Won’t Dump Outlook for a New AI Client

November 04, 2025 by Tony Redmond

outlook new-outlook new-outlook-client outlook-classic

A recent report says that new Microsoft leadership wants to reimagine Outlook with lots of many AI features to make the client much more of an effe...

Read Article →

Secure access to Azure VM´s with Bastion and Phising Resistant MFA

November 04, 2025 by Jere Haavisto

azure entra-id networks

This blog explains how Azure Bastion enables secure access to virtual machines without exposing public endpoints, leveraging hub-spoke architecture...

Read Article →

2025 Microsoft Defender Optimization & Configuration Cheat Sheet

November 03, 2025 by Jeffrey Appel

security defender-xdr

With just 2 remaining months in 2025, it is a good idea to check the Microsoft Defender environment and check of new features are correctly configu...

Read Article →

How to Export Microsoft Purview Permissions (RBAC Roles) Easily

November 03, 2025 by Ewelina Paczkowska

security

I was recently asked if I knew a way to export Microsoft Purview RBAC roles with members. I couldn’t find a ready solution, so I wrote a PowerShell...

Read Article →

Mastering Microsoft Entra Authentication Contexts - Part 4: Monitoring and Reporting with KQL & M365IdentityPosture

November 03, 2025 by Sebastian F. Markdanner

microsoft-entra microsoft-azure

We’ve covered what Authentication Contexts are, why they matter, and how they help us strengthen access and data security in Microsoft 365. Now it’...

Read Article →

Office 365 for IT Pros November 2025 Update

November 03, 2025 by Tony Redmond

book microsoft-365 automating-microsoft-365-with-powershell office-365-for-it-pros

The Office 365 for IT Pros Team is happy to announce the availability of the November 2025 update. Subscribers can download the PDF and EPUB files ...

Read Article →

Microsoft Defender for Identity Recommended Actions: GPO can be modified by unprivileged accounts

October 31, 2025 by thalpius

microsoft

Identity leverages Secure Score with twenty-seven recommended actions. In a series of blog posts, I will go through all twenty-seven recommended ac...

Read Article →

Microsoft Issues Updated Guidance for Defender for Office 365 Licensing

October 31, 2025 by Tony Redmond

administration licensing mdo-p2 defender-for-office-365 safe-attachments

Some inconsistencies in the MDO P2 service description and licensing terms exposed a need for tenants to license every user and shared mailboxes. M...

Read Article →

How to Find Inactive Authentication Methods in Microsoft Entra

October 30, 2025 by Daniel Bradley

entra-id microsoft-graph

Learn how to find all inactive authentication methods registered to users in Microsoft Entra using Microsoft Graph PowerShell. The post How to Find...

Read Article →

Using the SharePoint Site Attestation Policy

October 30, 2025 by Tony Redmond

sharepoint-online microsoft-365-archive microsoft-365-copilot sam sharepoint-advanced-management

The site attestation policy is designed to require site owners to make a positive statement that the settings of their site, including its current ...

Read Article →

Conditional Access Cloud Apps: Why Your App Doesn’t Show Up and the Risks of Exclusions

October 29, 2025 by Samuel Eng

conditional-access entra-id azure-security cloud-apps service-principal

In-depth exploration of why certain apps do not appear in the Conditional Access app picker in Microsoft Entra ID, the impact of public vs. confide...

Read Article →

Bringing Order to Microsoft’s Fast‑Moving Copilot Rollout in Microsoft 365

October 29, 2025 by Kenneth Van Surksum

intune modern-workplace office-365 security

The rapid and widespread rollout of Microsoft 365 Copilot has created a governance challenge for organizations. Features are often enabled before c...

Read Article →

Modernizing Sensitivity Label Grouping for App Display

October 29, 2025 by Tony Redmond

compliance get-label label-groups sensitivity-labels set-label

Microsoft announced the modernization of grouping for sensitivity labels to a new "dynamic architecture." It doesn't take much to be more dynamic t...

Read Article →

Auto-Updating Teams Work Location is Not Employee Monitoring

October 28, 2025 by Tony Redmond

teams get-csteamsworklocationdetectionpolicy grant-csteamsworklocationdetectionpolicy new-csteamsworklocationdetectionpolicy teams-work-location-policy

As is the way of the internet, the news that a feature to automatically set the Teams work location for users created a huge fuss about the prospec...

Read Article →

Governing access to app stores in Microsoft 365 apps

October 28, 2025 by Kenneth Van Surksum

exchange-online modern-workplace office-365 security

Introduction Within Microsoft 365, users can extend app functionality directly from built‑in app stores. Outlook add‑ins, Teams apps, and Office ex...

Read Article →

KB – Enable Single Sign On for Windows 365 Cloud PC

October 28, 2025 by Jan Bakker

entra-id knowledgebase security

Check out this article via web browser: KB – Enable Single Sign On for Windows 365 Cloud PC This short tutorial explains how to enable Single...

Read Article →

How to Use Managed Identity for Multi-Tenant Microsoft Teams Authentication

October 27, 2025 by Daniel Bradley

microsoft-graph microsoft-teams

Learn how to connect to Microsoft Teams across tenants using a multi-tenant enterprise application and managed identities in Azure. The post How to...

Read Article →

Stealing Access Token Secrets from Teams is Hard Unless a Workstation is Compromised

October 27, 2025 by Tony Redmond

teams access-tokens cookies local-state-file

Teams stores information in a local state file, including encrypted access tokens. A report from a French company explained how to extract and use ...

Read Article →

Dynamic Conditional Access policies using custom security attributes

October 26, 2025 by Jan Bakker

entra-id security

Check out this article via web browser: Dynamic Conditional Access policies using custom security attributes Conditional Access policies can become...

Read Article →

Disable Entra Connect Seamless SSO – Step-by-Step Guide

October 25, 2025 by Oliver Müller

microsoft-azure directory efficiency identity-and-access-management-iam entra-id

Seamless Single Sign-On (Seamless SSO) is an optional feature in Microsoft Entra Connect that enables domain-joined Windows devices on the internal...

Read Article →

How to Find All Gallery Applications in Microsoft Entra

October 25, 2025 by Daniel Bradley

entra-id microsoft-graph

Learn to filter Microsoft Entra Enterprise Applications with Graph PowerShell. Find apps based on creation method, like first-party, third-party, o...

Read Article →

Allowing Users to Add Enterprise Apps to Entra ID is a Bad Idea

October 24, 2025 by Tony Redmond

entra-id entra-id consent enterprise-app guideants

Enterprise apps can come from a variety of sources. Most are Microsoft 1st party apps, and the rest are ISV apps. It's easy to add an app without r...

Read Article →

Configure Browser Policy to Preserve OneDrive and SharePoint Web Performance and Offline Capability needed for upcoming Chromium versions

October 23, 2025 by Kenneth Van Surksum

intune

Introduction Modern collaboration tools such as OneDrive and SharePoint depend on efficient browser communication to deliver both online and offlin...

Read Article →

HP OneAgent Update Broke Entra Trust on HP AI Devices

October 23, 2025 by rudyooms

blog

This blog reveals how a silent HP OneAgent update (version 1.2.50.9581) deleted the MS-Organization-Access certificate, causing devices to disconne...

Read Article →

Updating the Entra ID Password Protection Policy with the Microsoft Graph PowerShell SDK

October 23, 2025 by Tony Redmond

entra-id microsoft-graph-powershell-sdk new-mgbetadirectorysetting password-protection-policy update-mgbetadirectorysetting

The Entra ID password protection policy contains settings that affect how tenants deal with passwords. Entra ID includes a default policy that does...

Read Article →

Important Change Coming for Entra ID Passkeys in November 2025

October 22, 2025 by Tony Redmond

entra-id aaguid attestation-enforcement passkey passkey-profile

Entra ID is about to introduce passkey profiles, a more granular approach to passkey settings. The change is good, but you might like to check the ...

Read Article →

MMP-C: The Future of Windows Device Management with Intune

October 22, 2025 by rudyooms

blog

For years, Intune has managed Windows devices through OMA-DM (Open Mobile Alliance Device Management). It worked, but as explained in our previous ...

Read Article →

Remotely Intune wipe devices in Defender for Endpoint isolation mode!

October 22, 2025 by Thomas Verheyden

defender-for-endpoint defender-xdr defender-for-servers micorosft-security

Intro Microsoft recently announced that device isolation exclusions in Defender for Endpoint are now generally available. This made me think about ...

Read Article →

Automating Microsoft 365 with PowerShell November 2025 Update

October 21, 2025 by Tony Redmond

book automating-microsoft-365-with-powershell azuread-module microsoft-graph-powershell-sdk

The November 2025 update for the Automating Microsoft 365 with PowerShell eBook is available online. Subscribers can download the new PDF and EPUB ...

Read Article →

How to Hide Enterprise Apps from Entra with Non-privileged Access

October 21, 2025 by Daniel Bradley

entra-id microsoft-graph

Learn how a non-privileged owner can 'steal' an Access Token from the Entra admin centre to programmatically hide a Service Principal using the Mic...

Read Article →

Physical Security Cards: Phish-Resistant Authentication

October 21, 2025 by Ewelina Paczkowska

security

Explore how physical security cards combine passwordless login and building access, offering secure, simple authentication for modern workplaces.

Read Article →

A public bug report for Entra ID application policies

October 20, 2025 by Jan Bakker

entra-id security

Check out this article via web browser: A public bug report for Entra ID application policies I’ve spent the last couple of nights trying out...

Read Article →

Balancing Control and Convenience: Preventing Edge Password Sync on Unmanaged Devices

October 20, 2025 by Kenneth Van Surksum

conditional-access intune mobile-application-management

Introduction Password managers have become a default convenience in modern browsers, including Microsoft Edge. Microsoft now recommends enabling th...

Read Article →

Mastering Microsoft Entra Authentication Contexts - Part 3: Advanced Data Protection

October 20, 2025 by Sebastian F. Markdanner

microsoft-entra microsoft-purview

With identities and access strengthened in part 2 , it’s time to turn our focus to real-world data protection with Authentication Contexts. One of ...

Read Article →

New Audio-Only Recording Option for Teams Meetings

October 20, 2025 by Tony Redmond

teams audio-only-recording meeting-transcript teams-meeting

A new audio-only recording option for Teams meeting suppresses the video feed from meeting participants when generating the MP4 file for the meetin...

Read Article →

The History of Intune: From OMA DM to Modern Windows Management

October 19, 2025 by rudyooms

blog

In this blog, we go back in time and look at how Windows device management really started.How Microsoft built the first framework for managing devi...

Read Article →

A closer look at Entra Application policies to govern secrets and certificates

October 18, 2025 by Jan Bakker

entra-id security

Check out this article via web browser: A closer look at Entra Application policies to govern secrets and certificates My latest post on this topic...

Read Article →

Conditional Access Baseline October 2025 (v2025-10) Available on GitHub

October 18, 2025 by Kenneth Van Surksum

conditional-access entra-id

Over the past years, I’ve been maintaining a Conditional Access baseline that organizations can use as a starting point when implementing or review...

Read Article →

Extending the Migrate2GSA PowerShell Module – Why I added JSON support

October 17, 2025 by Michael Morten Sonne

uncategorized

Last Updated on October 20, 2025 by Michael Morten Sonne Introduction Over the last few days, I spent… The post Extending the Migrate2GSA Pow...

Read Article →

Outlook Gets AI Drafting of Meeting Agendas

October 17, 2025 by Tony Redmond

microsoft-365-copilot outlook agenda-auto-draft meeting-agenda new-outlook

Agenda auto-draft is a new feature for OWA and the new Outlook to help meeting organizers create a draft meeting agenda using AI. The Copilot-gener...

Read Article →

Using the Secret Management PowerShell Module with Azure Key Vault and Azure Automation

October 16, 2025 by Tony Redmond

azure powershell azure-automation azure-key-vault credentials

If you can't use managed identities, credential resources are a way to manage username and password credentials for Azure Automation runbooks. The ...

Read Article →

The My Sign-Ins Portal, Applications, and Conditional Access

October 15, 2025 by Tony Redmond

entra-id entra-id conditional-access find-mgtenantrelationshiptenantinformationbytenantid my-sign-ins-portal

A recent change has exposed the applications used by the My Sign-ins portal for use in conditional access policies. This article discusses the app-...

Read Article →

Changing the Offline Access Period for Sensitivity Labels

October 14, 2025 by Tony Redmond

compliance aipservice offline-access sensitivity-label-advanced-setting set-aipservicemaxuselicensevaliditytime

One of the settings for sensitivity labels governs how long items protected by a label remain accessible (including offline access) before reauthen...

Read Article →

Conditional Access Essentials: From Report-Only to Enforced Mode

October 14, 2025 by Ewelina Paczkowska

security conditional-access

Moving Conditional Access policies from report-only to enforced mode can secure your environment - or lock everyone out. This post walks through sa...

Read Article →

Mastering Certificate Rotation in Entra ID

October 14, 2025 by Tim Groothuis

application-registration azure security entra-id devops

Recently I posted a blog about Entra ID Application Registration secret management, in which I explained how to rotate Application Registration sec...

Read Article →

Windows Finally Translates Entra Group and Role SIDs to Real Names

October 14, 2025 by rudyooms

blog

This blog covers one of the most requested features ever: finally being able to automatically translate Entra group SIDs into readable names on the...

Read Article →

ChatGPT Enterprise Connects to SharePoint Online

October 13, 2025 by Tony Redmond

sharepoint-online chatgpt enterprise-connector microsoft-365-copilot onedrive-for-business

OpenAI has launched a ChatGPT enterprise SharePoint Connector that allows organizations to synchronize files from SharePoint Online to ChatGPT. I c...

Read Article →

Microsoft Privileged Access Workstations: A Comprehensive Guide

October 13, 2025 by Ankit Gupta

security

Copyright © 2025 Microsoft Security - All Rights Reserved.

Read Article →

Configuring Conditional Access for Guest Users: Allowing Only Office 365 and Essential Apps

October 12, 2025 by Kenneth Van Surksum

conditional-access entra-id

Introduction Configuring Conditional Access (CA) for guest users can be challenging when you want to strictly limit access to Office 365 and a few ...

Read Article →

MSRC Case: When Temporary Global Admin Rights Don’t Expire in Microsoft Entra PIM

October 12, 2025 by Tom Rolvers

security-research identity-governance

A confirmed and fixed Microsoft Entra PIM flaw reported to MSRC - learn what happened, how it was fixed, and what admins should check.

Read Article →

Defender XDR VS Microsoft Sentinel table changes

October 11, 2025 by Robbe Van den Daele

azure defender sentinel identity

Introduction When connecting Microsoft Sentinel to Defender XDR, there are a couple of changes happening in tables which you should be aware of. Ev...

Read Article →

KB – Failed to verify domain name – Entra ID

October 11, 2025 by Jan Bakker

entra-id knowledgebase

Check out this article via web browser: KB – Failed to verify domain name – Entra ID This is a knowledge base item. Hope it will help y...

Read Article →

Trigger Logic App on group membership changes in Entra ID

October 11, 2025 by Jan Bakker

entra-id logic-apps security

Check out this article via web browser: Trigger Logic App on group membership changes in Entra ID A couple of years ago, I stumbled upon a neat Log...

Read Article →

Microsoft 365 Copilot Usage Report API General Availability

October 10, 2025 by Tony Redmond

graph-api microsoft-365-copilot microsoft-graph copilot-usage-data report-copilot-usage

The Copilot usage report Graph API is now generally available. Like the report APIs for the other workloads, the Copilot usage API helps to underst...

Read Article →

Practical Detection Engineering

October 10, 2025 by Truls Dahlsveen

security

A look at detection engineering from inception to completion - The concept of this blogpost is quite simple - we will start with an imaginary compa...

Read Article →

Exchange 2016 and 2019 End of Life and Some Interesting Exchange Online Developments

October 09, 2025 by Tony Redmond

exchange-online mailboxes auto-archiving exchange-2016 exchange-2019

On Oct 14, 2025, Exchange 2019 and 2016 reach end-of-life and Exchange SE becomes the only supported on-premises Exchange server. In other news, we...

Read Article →

Teams Support for Emojis in Chat and Channels Section Names

October 08, 2025 by Tony Redmond

teams chat-section-name emojis

Teams users can use emojis to create or rename chat section names. By incorporating emojis into section names, users create "visual anchors" to hel...

Read Article →

Chromium 141 Update Will Affect Offline Access for SharePoint Online and OneDrive for Business

October 07, 2025 by Tony Redmond

onedrive-for-business sharepoint-online brave chrome chromium-141

An update for Chromium 141 can affect the ability of SharePoint Online and OneDrive for Business to access offline content, including files and lis...

Read Article →

Conditional Access Essentials: Custom Security Attributes in Entra ID and Cross Tenant Scenarios

October 07, 2025 by Ewelina Paczkowska

entra-id security conditional-access mfa

Learn how to use custom security attributes in Entra ID to target apps that don’t appear in Conditional Access. This step-by-step guide covers attr...

Read Article →

The Truth About the 8-Hour Intune Sync (and Why It’s a Myth)

October 07, 2025 by rudyooms

blog

This blog will address one of the biggest misunderstandings I hear regarding Intune: the misconception that Windows devices ONLY receive new polici...

Read Article →

Application Registration secrets: fire & forget!

October 06, 2025 by Tim Groothuis

secrets azure-devops application-registration entra-id azure

Application Registrations are an amazing feature within Entra ID, allowing you to deploy a non-personal identity for a wide array of different use-...

Read Article →

How to restore deleted Entra ID Conditional Access policies and Named Locations

October 06, 2025 by Jan Bakker

entra-id

Check out this article via web browser: How to restore deleted Entra ID Conditional Access policies and Named Locations Entra ID Conditional Access...

Read Article →

What’s the Best Way to Find SharePoint Online Sites with Graph PowerShell?

October 06, 2025 by Tony Redmond

microsoft-graph powershell sharepoint-online get-mgallsite get-mgsite

What's the best way to find SharePoint sites with the Microsoft Graph PowerShell SDK? Is the Get-MgAllSite cmdlet best or should you use the Get-Mg...

Read Article →

Entra ID – Soft-delete & Restore for Conditional Access + New PowerShell Module

October 04, 2025 by Michael Morten Sonne

entra-id code-repository conditional-access-policies identity microsoft

Last Updated on October 4, 2025 by Michael Morten Sonne Introduction Microsoft continues to improve Entra’s resilience features… The post Ent...

Read Article →

Microsoft Defender for Endpoint: Getting Started with Deployment Using Intune

October 04, 2025 by Oliver Müller

microsoft-365 defender-xdr intune microsoft-tenant-hardening troubleshooting

Devices today are diverse, mobile and therefore exposed to a wide range of threats. Traditional antivirus solutions detect known patterns but leave...

Read Article →

Microsoft Introduces Restore Capability for Conditional Access Policies

October 03, 2025 by Tony Redmond

entra-id powershell restore-conditional-access-policy soft-deleted-conditional-access-policy

New Graph APIs allow Entra administrators to restore a conditional access policy with a Graph request. This article explains how to list, restore, ...

Read Article →

Autopilot Device Preparation and the Return of OOBE Controls

October 02, 2025 by rudyooms

intune

Hidden Device Preparation template enables OOBE controls in AP DP. Naming at OOBE, skip EULA, skip keyboard, hide privacy. Works through device ass...

Read Article →

How to Convert a Synced User Source of Authority to Microsoft Entra

October 02, 2025 by Daniel Bradley

entra-id microsoft-graph

Learn how to convert the Source of Authority for a hybrid user from Active Directory to Microsoft Entra using PowerShell. The post How to Convert a...

Read Article →

Teams Stamps External Users with Trust Indicators

October 02, 2025 by Tony Redmond

teams allow-list external-access federated-chat trust-indicator

Attackers might attempt to use social engineering to trick Teams users in compromise. Trusted indicators help users understand the status of extern...

Read Article →

Important changes to HybridBrothers.com

October 01, 2025 by Robbe Van den Daele

security

What is changing As a valued member of our community, we would like to inform you that we are migrating our HybridBrothers.com blogging website to ...

Read Article →

Office 365 for IT Pros October 2025 Update

October 01, 2025 by Tony Redmond

book automating-microsoft-365-with-powershell office-365-for-it-pros

Monthly update #124 for the Office 365 for IT Pros (2026 edition) eBook is now available. Current subscribers can download the updated PDF and EPUB...

Read Article →

January 2026 Change for How Outlook Extracts Events from Email

September 30, 2025 by Tony Redmond

outlook event-notifications events-from-email new-outlook-for-windows owa

The Outlook events from email feature changes from January 31, 2026. Events will only be created if notifications support the properties for events...

Read Article →

Why Do Required Apps Wait 60 Minutes After Autopilot Enrollment?

September 30, 2025 by rudyooms

blog

This blog is about the 60-minute delay that occurs before the required Win32 apps are installed after Autopilot. ESP blocking apps complete without...

Read Article →

How to Restore Deleted Conditional Access Policies

September 29, 2025 by Daniel Bradley

entra-id microsoft-graph

Learn how to restore deleted Conditional Access policies in Microsoft Entra using Microsoft Graph PowerShell. The post How to Restore Deleted Condi...

Read Article →

Mastering Microsoft Entra Authentication Contexts – Part 2: Real-World Access & Action Controls

September 29, 2025 by Sebastian F. Markdanner

microsoft-entra

In Part 1 of this mini-series, we explored the what, why, and how of Microsoft Entra Authentication Contexts, laying the foundation for what they a...

Read Article →

The ultimate Defender XDR RBAC visualization

September 29, 2025 by Thomas Verheyden

defender-xdr micorosft-security

Do you also struggle, like I do, to assign the correct permissions in Microsoft Defender XDR RBAC when designing your RBAC model? I recently create...

Read Article →

Using the Enterprise Website Microsoft 365 Copilot Connector

September 29, 2025 by Tony Redmond

microsoft-365-copilot enterprise-websites-connector microsoft-365-copilot-connector microsoft-365-copilot-search microsoft-365-search

Microsoft 365 Copilot Search can be extended by ingesting information from external sources through a Microsoft 365 Copilot Connector. In this arti...

Read Article →

How to Configure Lifecycle Workflows for Inactive Users

September 28, 2025 by Daniel Bradley

entra-id

Learn how to configure Microsoft Entra Life Cycle workflows to alert on and clean-up inactive users in Microsoft Entra. The post How to Configure L...

Read Article →

Microsoft Use of Anthropic AI Models Creates Concerns for Tenants

September 26, 2025 by Tony Redmond

microsoft-365-copilot anthrophic claude copilot-researcher-agent copilot-studio

On September 24, Microsoft announced that Anthrophic LLMs could be used with the Copilot Researcher agent and to build agents with Copilot Studio. ...

Read Article →

SharePoint Knowledge Agent Available in Preview

September 25, 2025 by Tony Redmond

sharepoint-online autofill-columns microsoft-365-copilot sharepoint-knowledge-agent

With not a little hype, Microsoft launched the SharePoint Knowledge Agent on September 18. Getting some AI help to organize sites sounds good, but ...

Read Article →

Assembly Clashes Make Microsoft 365 PowerShell Frustrating

September 24, 2025 by Tony Redmond

powershell assembly-clash exchange-online microsoft-graph-powershell-sdk microsoft-teams

An assembly clash happens when a PowerShell module attempts to load a .NET assembly only to find that a different version is already loaded in the ...

Read Article →

How to Configure Password Protection with Microsoft Graph

September 24, 2025 by Daniel Bradley

entra-id microsoft-graph

Learn how to configure password protection settings like banned password lists in Microsoft Entra using Microsoft Graph PowerShell. The post How to...

Read Article →

Microsoft Defender for Identity Recommended Actions: Remove non-admin accounts with DCSync permissions

September 23, 2025 by thalpius

microsoft

Identity leverages Secure Score with twenty-seven recommended actions. In a series of blog posts, I will go through all twenty-seven recommended ac...

Read Article →

Updating the User Password and Authentication Report

September 23, 2025 by Tony Redmond

entra-id microsoft-graph powershell authentication get-mgbetauserauthenticationrequirement

A change to a Graph beta API meant that some data used to create the user password and authentication report was no longer available. A script upda...

Read Article →

Automating Microsoft 365 with PowerShell October 2025 Update

September 22, 2025 by Tony Redmond

book automating-microsoft-365-with-powershell microsoft-graph office-365-for-it-pros powershell

The Office 365 for IT Pros team is happy to announce the availability of the October 2025 update for the Automating Microsoft 365 with PowerShell e...

Read Article →

Departmental Risk-Based Segmentation with Purview and Entra

September 22, 2025 by Ankit Gupta

entra-id

Copyright © 2025 Microsoft Security - All Rights Reserved.

Read Article →

No, your NHIs can’t use passwords either!

September 22, 2025 by Jan Bakker

entra-id security

Check out this article via web browser: No, your NHIs can’t use passwords either! For human identities, going passwordless is becoming pretty...

Read Article →

Azure Back to School 2025 – Azure Arc Under the Hood: Troubleshooting the Azure Connected Machine agent

September 21, 2025 by wmatthyssen

azure azure-arc azure-arc azurebacktoschool azureconnectedmachineagent

Azure Back to School s a fantastic community initiative founded by Dwayne Natwick and Derek Smith. As in previous years,Continue Reading

Read Article →

Copilot Chat Arrives in Microsoft 365 Apps

September 19, 2025 by Tony Redmond

microsoft-365-copilot copilot-chat microsoft-365-apps microsoft-copilot open-in-word

The rollout of the Copilot Chat integration with the Microsoft 365 apps has started, with the intention of making it easier to use AI in peoples’ w...

Read Article →

Should You Upgrade to Exchange SE or Remove Your Last Server

September 19, 2025 by Daniel Bradley

exchange-online entra-id

With Exchange 2019 support ending, should you upgrade to the Subscription Edition or remove your last server? This guide covers the costs, hybrid c...

Read Article →

What’s the Best Way to Manage Guest Accounts?

September 18, 2025 by Tony Redmond

entra-id microsoft-365 access-reviews guest-account-management id-governance

Guest account management should be a part of every Microsoft 365 tenant administrator’s checklist, unless the tenant has no guests. That’s possible...

Read Article →

Entra ID’s Keep Me Signed In Feature – Good or Bad?

September 17, 2025 by Tony Redmond

entra-id keep-me-signed-in kmsi

The Entra ID Keep Me Signed In (KMSI) feature creates persistent authentication cookies to allow users to avoid sign-ins during browser sessions. I...

Read Article →

Recommended Application Policies for Microsoft Entra Apps

September 17, 2025 by Daniel Bradley

entra-id

Discover best practices for using Application Policies to block client secrets, restrict credential lifetimes, and enforce secure identifier URIs d...

Read Article →

Copilot Administrative Skills Don’t Do Much for SharePoint Management

September 16, 2025 by Tony Redmond

microsoft-365-copilot sharepoint-online sharepoint-admin-center sharepoint-skills

Microsoft 365 Copilot now has some SharePoint skills to deploy in the SharePoint admin center. The problem is that the skills aren't very good and ...

Read Article →

Entra ID – When Ideas Become Features: Reflections on Entra ID App Policies

September 16, 2025 by Michael Morten Sonne

applications attackscompromise entra-id code-repository community

Last Updated on September 17, 2025 by Michael Morten Sonne Introduction Microsoft has recently teaset App Management Policies… The post Entra...

Read Article →

Understanding the Default Compliance Policy: What’s Changed and Why Devices Stay Compliant

September 16, 2025 by rudyooms

blog

This blog explores the behavior change in Intune’s built-in compliance policy, specifically why devices are still marked as compliant even when the...

Read Article →

Copilot Transcription Behavior Changing for Teams Meetings

September 15, 2025 by Tony Redmond

teams microsoft-365-copilot teams-meetings transcript transcription

Microsoft plans to deploy an update to change how transcription behaves for Teams meetings where Copilot is enabled. New meetings will not generate...

Read Article →

How to Actually Security Benchmark Your Microsoft 365 Tenant

September 15, 2025 by Daniel Bradley

microsoft-365 entra-id

Learn why understanding core principals of Microsoft 365 is important and how to properly assess the posture of your Microsoft 365 tenant. The post...

Read Article →

Running Teams PowerShell Cmdlets in Azure Automation

September 12, 2025 by Tony Redmond

powershell teams azure-automation connect-microsoftteams teams-powershell

This article describes the prerequisites and how to run cmdlets from the Teams PowerShell module in Azure Automation runbooks. We also consider whe...

Read Article →

Running the SharePoint Site Content and Policy Comparison Report

September 11, 2025 by Tony Redmond

microsoft-365-copilot sharepoint-online sharepoint-advanced-management sharepoint-site-content-and-policy-comparison-report

A new SharePoint Site content and policy comparison report is available to tenants with Microsoft 365 Copilot or SharePoint advanced management lic...

Read Article →

SignTool GUI 2.0.0.0 — Major Update Out Now!

September 11, 2025 by Michael Morten Sonne

code-repository my-tools software

Last Updated on September 11, 2025 by Michael Morten Sonne Introduction I’m excited to announce that SignToolGUI version… The post SignTool G...

Read Article →

Microsoft’s Effort to Develop a Broad People Platform

September 10, 2025 by Tony Redmond

microsoft-365 microsoft-graph copilot-connector get-mgbetauserprofileposition microsoft-365-profile-card

Microsoft 365 users see the profile card and might wonder where the information displayed on the card comes from. Entra ID is the obvious source, b...

Read Article →

Conditional Access Essentials: Managing Exclusions with Identity Governance and Temporary Access Pass

September 09, 2025 by Ewelina Paczkowska

security conditional-access identity

Conditional Access Essentials aren’t just about writing policies – it’s about managing real-world scenarios. In this guide, I show how to handle tr...

Read Article →

Improving passkey registration experiences

September 09, 2025 by Nathan McNulty

entra-id identity compliance

Passkey registration problems Passkeys in Microsoft Authenticator are fantastic, assuming you can get users logged in to the app successfully. Unfo...

Read Article →

Microsoft’s Push to Save Office Files in the Cloud

September 09, 2025 by Tony Redmond

office cloud-policy enablecloudonlysaveasmode microsoft-365-apps-for-enterprise microsoft-office

A new policy setting is available to force Microsoft 365 enterprise (Office subscription) applications to save to cloud locations and ignore the lo...

Read Article →

What’s next for Visual Studio 2026 (v18)!

September 09, 2025 by Michael Morten Sonne

community cool-tools development microsoft microsoft-mvp

Last Updated on September 10, 2025 by Michael Morten Sonne Introduction As a Microsoft Most Valuable Professional (MVP),… The post What’s nex...

Read Article →

You shall not pass(key)! (updated)

September 09, 2025 by Jan Bakker

entra-id security

Check out this article via web browser: You shall not pass(key)! (updated) For both modes, users who have previously registered a method that can b...

Read Article →

Microsoft Bolts on Copilot License Check onto ExRCA

September 08, 2025 by Tony Redmond

administration microsoft-365-copilot copilot-license-check exchange-remote-connectivity-analyzer exrca

Microsoft announced a new Copilot license check diagnostic for the Exchange Connectivity Analyzer. Sounds good, but the test is very simple, and it...

Read Article →

Use EntraSort to Sort the Microsoft Entra Menu Alphabetically

September 08, 2025 by Daniel Bradley

entra-id tools

How to automatically sort Microsoft Entra Menu items alphabetically using the EntraSort Chrome browser extension. The post Use EntraSort to Sort th...

Read Article →

How to Update Entra ID Apps to Run Teams Cmdlets

September 05, 2025 by Tony Redmond

microsoft-graph powershell teams graph-permissions mc1134747

MC1134747 describes a new permissions requirement for Entra apps that run Teams PowerShell cmdlets. Fixing apps to meet the new requirement is easi...

Read Article →

People Settings Appear in the Microsoft 365 Admin Center

September 04, 2025 by Tony Redmond

entra-id microsoft-365 exchange-online-custom-properties microsoft-365-profile-card microsoft-365-user-profile-card

The Org Settings section of the Microsoft 365 admin center has a new People Settings section where you can choose properties for the Microsoft 365 ...

Read Article →

Windows Autopilot: Installing Windows Updates during setup (OOBE)

September 04, 2025 by rudyooms

intune

Installing Windows Quality Updates during the out-of-the-box (OOBE) experience is now generally available is been pulled back! (Check out this para...

Read Article →

Windows Autopilot Stuck on Identifying: The KB5065848 Story

September 04, 2025 by rudyooms

blog

It was a rough week for Intune. First, BitLocker policies suddenly stopped applying without any good reason. The event logs indicated that the BitL...

Read Article →

Microsoft Explains the Differences Between Copilot Memories

September 03, 2025 by Tony Redmond

microsoft-365-copilot copilot-communication-memory copilot-memory

Copilot memory is a term that refers to different things, including Copilot communication memory, a method to use the Graph to personalize response...

Read Article →

BitLocker Policies Not Getting Applied in Intune (65000)

September 02, 2025 by rudyooms

blog

This blog will discuss a case where BitLocker policies pushed during Windows Autopilot appeared to be applied in the event logs, but they never act...

Read Article →

Closing Microsoft Graph Gaps: My Feedback Portal Request Gains Top 3 in Just 4 Days

September 02, 2025 by Michael Morten Sonne

automation community microsoft microsoft-mvp powershell

Last Updated on September 2, 2025 by Michael Morten Sonne Introduction The Microsoft Graph community is rallying for… The post Closing Micros...

Read Article →

Conditional Access Essentials: Authentication contexts + Secure PIM & Resource Access

September 02, 2025 by Ewelina Paczkowska

security conditional-access mfa

This instalment of Conditional Access Essentials explores authentication contexts, PIM, and securing sensitive resources. Learn how to enforce step...

Read Article →

Microsoft Deprecates Graph CLI and Toolkit

September 02, 2025 by Tony Redmond

microsoft-graph microsoft-graph-cli microsoft-graph-powershell-sdk microsoft-graph-toolkit

Microsoft has depreciated the Microsoft Graph CLI and Graph Toolkit. It’s nice to see some rationalization, but the real need is for better quality...

Read Article →

Protect Security Info Registration with Microsoft Entra Conditional Access and Microsoft Entra ID Protection

September 02, 2025 by Oliver Müller

microsoft-365 microsoft-azure conditional-access fido2 identity-and-access-management-iam

Registration of security information such as the Microsoft Authenticator app, FIDO2 security keys or OATH tokens is a critical component of modern ...

Read Article →

AiTM/ MFA phishing attacks in combination with “new” Microsoft protections (2025 edition)

September 01, 2025 by Jeffrey Appel

security entra-id defender-for-cloud-apps defender-for-endpoint defender-for-identity

Adversary-in-the-middle phishing attacks are still more common in use, in the last year and the start of 2025 there is still a more visible increas...

Read Article →

September 2025 Update for Office 365 for IT Pros

September 01, 2025 by Tony Redmond

book automating-microsoft-365-with-powershell best-microsoft-365-book best-office-365-book office-365-for-it-pros

Monthly update #123 is available for the Office 365 for IT Pros eBook. Subscribers can download updated EPUB and PDF files for the main book and th...

Read Article →

What is Entra Docs Tracker?

September 01, 2025 by Daniel Bradley

entra-id

Effortlessly track and document all changes to public Microsoft Entra documentation and stay ahead of this rapidly changing product. The post What ...

Read Article →

Creating and Using an Azure Automation Custom Runtime Environment

August 29, 2025 by Tony Redmond

powershell azure-automation custom-runtime-environment microsoft-graph-powershell-sdk

A custom runtime environment is a way of defining a specific job execution environment for Azure Automation runbooks, including Microsoft Graph Pow...

Read Article →

Security Info Registration. Entra ID’s rabbit hole.

August 29, 2025 by Jan Bakker

entra-id knowledgebase security

Check out this article via web browser: Security Info Registration. Entra ID’s rabbit hole. This blog post needs a brief introduction. Bear w...

Read Article →

Teams Gives Users Control Over Hiding Inactive Channels

August 28, 2025 by Tony Redmond

teams hide-inactive-channels suggest-inactive-channels

In March, Microsoft said that they'd change Teams to offer suggestions about which inactive channels a user might want to hide from client channel ...

Read Article →

Guidance on how to manage products updates for Defender for Server on Linux distributions

August 27, 2025 by Thomas Verheyden

defender-for-endpoint defender-xdr micorosft-security

Intro There are many helpful blog/videos posts about managing Microsoft Defender for Endpoint (MDE) updates on Windows, but there’s not much inform...

Read Article →

How to Delegate Access Package Approvals in My Access

August 27, 2025 by Daniel Bradley

entra-id

Learn how to enable and use the new delegate approvals feature in Microsoft Entra to delegate access package request approvals. The post How to Del...

Read Article →

MaesterDiff: Because Comparing Maesters Just Got Twice as Fun!

August 27, 2025 by Roy Klooster

uncategorized

Table of Contents Introduction Requirements Features How does it work? File & Folder Comparison Cross-Tenant Comparison Advanced Options Output...

Read Article →

September 2025 Update for Automating Microsoft 365 with PowerShell

August 27, 2025 by Tony Redmond

administration microsoft-365 powershell automating-microsoft-365-with-powershell connect-ippssession

The Office 365 for IT Pros eBook team is proud to announce the availability of update 15 for the Automating Microsoft 365 with PowerShell eBook. Th...

Read Article →

Windows Backup for Organizations: ESR 2.0 With a New Skin?

August 27, 2025 by rudyooms

blog

This blog outlines the new Windows Backup for Organizations feature introduced in Windows 11 by Microsoft. They replace the old “Sync your settings...

Read Article →

Autopilot Enrollment Fails After Terms of Use Acceptance

August 26, 2025 by rudyooms

blog

This blog will be about a strange Autopilot failure we could reproduce again and again. Right after the Terms of Use was accepted, the device doesn...

Read Article →

Conditional Access Essentials: RMAUs, Named Locations, Authentication Strengths, Service Principals

August 26, 2025 by Ewelina Paczkowska

security conditional-access

Strengthen your Conditional Access strategy with practical essentials. Explore how RMAUs, Named Locations, Authentication Strengths, and Service Pr...

Read Article →

Microsoft Sentinel Data Lake Tier: Deep Dive and Comparison

August 26, 2025 by Ankit Gupta

sentinel

Copyright © 2025 Microsoft Security - All Rights Reserved.

Read Article →

Summarize Email Thread Feature Coming to Outlook

August 26, 2025 by Tony Redmond

microsoft-365-copilot outlook chatgpt copilot-chat summarize-email-thread

In late August, Microsoft plans to release the Copilot summarize email thread feature in Outlook clients without the need for a Microsoft 365 Copil...

Read Article →

Windows Autopatch Client Broker: What It Is, When to Use It, and Why It Matters

August 26, 2025 by Tom Rolvers

windows-autopatch intune patch-management

In this post, we’ll break down what it does, when you need it, and how to align it with your organization’s update strategy.

Read Article →

Find and Restore Deleted Cross-Tenant Access Policies

August 25, 2025 by Daniel Bradley

entra-id microsoft-graph

Learn how to list and restore soft-deleted cross-tenant access policies in Microsoft Entra ID using Microsoft Graph PowerShell. The post Find and R...

Read Article →

Microsoft 365 Tenants Need Vanity Domains to Send External Email

August 25, 2025 by Tony Redmond

exchange-online accepted-domain microsoft-365-tenant moera-domain primary-smtp-address

Microsoft will impose a throttling limit for external recipients for tenants that use MOERA domain addresses to send outbound email. The limit is d...

Read Article →

Remove old or orphaned Sentinels from the XDR Streaming API

August 25, 2025 by Author

sentinel

This blog post is a sleeper. I documented it in 2023 and never came around to publish it. The post was always too short in my opinion, too niche. B...

Read Article →

Entra ID – Bulk User Download – Enhanced Experience

August 24, 2025 by Michael Morten Sonne

entra-id identity microsoft reports entra-id

Last Updated on August 24, 2025 by Michael Morten Sonne Introduction The short announcement about Bulk User Download… The post Entra ID – Bul...

Read Article →

Finding Seamless SSO usage

August 24, 2025 by Nathan McNulty

azure entra-id

A brief history Seamless Single Sign On was first introduced in late 2016 and provided a way for users to authenticate to Entra ID (Azure AD at the...

Read Article →

Modern Outlook/Teams fails with WebView2 error – seen on Win11 ARM

August 23, 2025 by Morten Knudsen

uncategorized

I have experienced issues with some app pushing wrong WebView2 (X64) to a Win11 (ARM) machine. Then any apps that ... Read more

Read Article →

Configure Whether Requestors Can See Access Package Approver Details

August 22, 2025 by Daniel Bradley

entra-id microsoft-graph news

See how to hide or show approver details in access packages with this new feature and easily configure it with our guide. The post Configure Whethe...

Read Article →

Microsoft Fixes Copilot Audit Records

August 22, 2025 by Tony Redmond

compliance microsoft-365-copilot copilot-audit-events copilot-interactions mfcmapi

After a report to the MSRC about some missing file data from Copilot audit records, Microsoft fixed the problem and audit records now contain detai...

Read Article →

Userless Enrollment Status in Autopilot: How to Unblock Devices

August 22, 2025 by rudyooms

blog

This blog will be about a lesser-known feature in Windows Autopilot: the Userless Enrollment Status. We’ll look at how devices can end up in a bloc...

Read Article →

Endpoint Privilege Management: Virtual Elevation Acccount Support

August 21, 2025 by rudyooms

epm intune

EPM has always relied on virtual accounts for elevation, often breaking scenarios where apps need the real user profile. A new ElevationAccount.Use...

Read Article →

Microsoft Defender XDR - Take action on advanced hunting results

August 21, 2025 by Truls Dahlsveen

defender

The level below automation and above manual actions per asset - So this is mostly a self reference post about the action button in Defender XDR whe...

Read Article →

Multi-Admin Approval Extends to Device Reset Options in Intune

August 21, 2025 by Daniel Bradley

intune news

Discover Intune's new Multi-Admin Approval feature for device actions. This guide explains how to set up dual control for Wipe, Retire, and Delete ...

Read Article →

Reporting Authentication Method Usage Data via the Graph

August 21, 2025 by Tony Redmond

entra-id powershell authentication-method microsoft-graph multifactor-authentication

Three new Graph API resources provide easy access to Entra ID authentication method summary data. The information is helpful to understand the type...

Read Article →

Removing Obsolete Mobile Device Partnerships from Exchange Online

August 20, 2025 by Tony Redmond

exchange-online get-exomobiledevicestatistics get-mobiledevice mobile-device-partnership obsolete-mobile-device

This article discusses how to use PowerShell to find obsolete mobile device partnerships in Exchange Online (or Exchange Server) and remove the obs...

Read Article →

Summer Recap & Time to Reconnect

August 20, 2025 by Michael Morten Sonne

general

Last Updated on August 20, 2025 by Michael Morten Sonne This summer has been a wonderful mix of… The post Summer Recap & Time to Reconnect fi...

Read Article →

A first look at Microsoft Entra Private Access for Active Directory domain controllers

August 19, 2025 by Christopher Brumm

entra-id

In many environments - often for historical reasons - there is no strict separation of client and server networks. And if there is a firewall betwe...

Read Article →

Conditional Access Essentials: Naming conventions, personas, emergency access & design process

August 19, 2025 by Ewelina Paczkowska

security zero-trust conditional-access

Master Conditional Access with a Zero Trust, persona-based approach. Learn how to structure policies, avoid security gaps, and keep everything orga...

Read Article →

Unverified Sender Messages Highlighted By Outlook Mobile

August 19, 2025 by Tony Redmond

exchange-online outlook outlook-mobile dkim external-tagging

Outlook Mobile clients have started to highlight messages received from unverified senders. But what does "unverified" mean and what can be done to...

Read Article →

Entra ID – Managed Identity Permission Manager: A Community-Driven Recap

August 18, 2025 by Michael Morten Sonne

code-repository community cool-tools identity my-tools

Last Updated on August 18, 2025 by Michael Morten Sonne Introduction Managing permissions for Managed Identities in Azure/Entra… The post Ent...

Read Article →

GraphApiAuditEvents: The new Graph API Logs

August 18, 2025 by Bert-Jan Pals

sentinel

The new GraphApiAuditEvents table in Advanced Hunting have been in Public Preview since July this year. These valuable logs give new insights into ...

Read Article →

Mastering Microsoft Entra Authentication Contexts – Part 1: What They Are, Why They Matter, and How to Use Them

August 18, 2025 by Sebastian F. Markdanner

microsoft-entra microsoft-purview microsoft-defender

Over my last few posts, I’ve casually mentioned Authentication Context a few times, so I thought it was about time we gave the feature a proper spo...

Read Article →

Microsoft Defender for Identity Recommended Actions: Remove local admins on identity assets

August 18, 2025 by thalpius

microsoft

Identity leverages Secure Score with twenty-seven recommended actions. In a series of blog posts, I will go through all twenty-seven recommended ac...

Read Article →

Microsoft Defender for Office 365, Shared Mailboxes, and Microsoft 365 Groups

August 18, 2025 by Tony Redmond

microsoft-365-groups exchange-online group-mailboxes licensing defender-for-office-365

Microsoft Defender for Office 365 (MDO) requires shared mailboxes to be licensed but doesn't extend the same requirement to Microsoft 365 Groups. G...

Read Article →

Recommended Settings for Windows LAPS with Intune

August 17, 2025 by Daniel Bradley

intune

Deploy the recommended settings for Windows LAPS to your end-user Windows 10 and 11 devices using Microsoft Intune. The post Recommended Settings f...

Read Article →

Mobile Device Management Options Disappear from OWA and the New Outlook

August 15, 2025 by Tony Redmond

exchange-online outlook owa exchange-mobile-device mobile-device-management

Microsoft plans to remove the ability of users to perform mobile device management (for their devices) from the OWA and new Outlook for Windows cli...

Read Article →

Detect threats using GraphAPIAuditEvents - Part 3

August 14, 2025 by Author

entra-id security defender identity

For a long time now, defenders had the ability to monitor behavior of human- and workload identities in Entra tenants not only through AuditLogs bu...

Read Article →

Microsoft cancels access package visibility changes

August 14, 2025 by Daniel Bradley

entra-id news

Learn why Microsoft cancelled a planned change to Entra ID access package visibility after overwhelming community feedback. The post Microsoft canc...

Read Article →

Sensitivity Labels with User-Defined Permissions Gain SharePoint Support

August 14, 2025 by Tony Redmond

sharepoint-online sensitivity-labels udp user-defined-permissions

Finally, Microsoft solved the technical issues that blocked SharePoint Online support for sensitivity labels with user-defined permissions (UDP). T...

Read Article →

Unified RBAC in Microsoft Defender XDR: Simpler SecOps, fewer high‑priv roles

August 14, 2025 by Anders Kristiansen

entra-id defender

One portal, scoped permissions, less Entra privilege—Unified RBAC for safer, simpler SecOps.

Read Article →

Purview Priority Cleanup Expands to SharePoint and OneDrive

August 13, 2025 by Tony Redmond

compliance onedrive-for-business purview-priority-cleanup sharepoint-online

Purview Priority Cleanup is growing its capabilities to be able to process files stored in SharePoint Online and OneDrive for Business. Public prev...

Read Article →

Script: Sentinel Data Lake Table Management

August 13, 2025 by Morten Knudsen

automation azure azure-security datalake kusto

Microsoft Sentinel’s data lake story is quietly powerful: you get fast, 90-day Analytics (Shortterm) for hunting and detections, plus scalable, ......

Read Article →

Windows Hello PIN Stops Working After the Windows 11 24H2 Upgrade

August 13, 2025 by rudyooms

blog

This blog examines a login issue that may arise after the Windows 11 24H2 upgrade is complete and the device reboots. After the device reboots, the...

Read Article →

Conditional Access Essentials: Introduction, use cases, the art of possible

August 12, 2025 by Ewelina Paczkowska

azure entra-id security zero-trust conditional-access

Discover how Microsoft Conditional Access protects your Microsoft 365, Entra, and Azure environments. Learn the essentials, explore real-world use ...

Read Article →

How to Visualise Microsoft Entra MFA Sign-in Metrics with PowerShell

August 12, 2025 by Daniel Bradley

entra-id microsoft-graph

Use PowerShell and new Microsoft Graph APIs to visualise user MFA, SSPR, and password reset activity in your Microsoft 365 tenant. The post How to ...

Read Article →

Maintaining a Microsoft 365 Retention Policy with PowerShell

August 12, 2025 by Tony Redmond

exchange-online powershell azure-automation connect-ippssession disablewam

The Connect-IPPSSession cmdlet is needed to connect to the Security and Compliance endpoint to update a Microsoft 365 retention policy. Unhappily, ...

Read Article →

How to Enforce Macro Security by running only Excel macros signed with your own public-CA–issued code-signing certificate – stored in Azure Keyvault (HSM)

August 11, 2025 by Morten Knudsen

automation azure-key-vault azure-security certificate entra-id

It may be tempting to click “Enable Macros” when you open a spreadsheet, but macros are executable programs. Without a ... Read more

Read Article →

Unexpected Microsoft Defender for Office 365 License Requirement for Shared Mailboxes

August 11, 2025 by Tony Redmond

exchange-online licensing-requirement mdo defender-for-office-365 shared-mailboxes

A question about shared mailboxes brought up the topic of licensing requirements when a tenant has Microsoft Defender for Office 365 (MDO). The new...

Read Article →

Best Practice for Configuring Privileged Identity Management in Microsoft Entra

August 08, 2025 by Daniel Bradley

entra-id

Discover the best practices for configuring PIM in Microsoft Entra. This guide will help you implement a robust and secure Zero Trust model. The po...

Read Article →

Teams Gets a KeyQL-Powered Search Box

August 08, 2025 by Tony Redmond

teams keyql-teams-search teams-search-box

Microsoft is introducing a new KeyQL-powered capability for a revamped search box in Teams. The new implementation promises faster and more precise...

Read Article →

Microsoft Tells Hybrid Exchange Customers to Get Going with Dedicated Hybrid Connectivity App

August 07, 2025 by Tony Redmond

exchange-online dedicated-exchange-hybrid-app exchange-server rich-co-existence

Microsoft says that few customers have installed the dedicated hybrid connectivity app that's needed to migrate from EWS. It's time to install that...

Read Article →

Microsoft Introduces Copilot Memory

August 06, 2025 by Tony Redmond

microsoft-365-copilot copilot-memory enhanced-personalization

A July 14 post announces Copilot Memory, a method to personalize how Copilot responds to user prompts. Controls are available to disable Copilot me...

Read Article →

Microsoft to Roll out Automatic Registration for External Authentication Methods

August 06, 2025 by Daniel Bradley

entra-id news

Upcoming in September 2025: Microsoft is rolling out automatic registration for Entra ID External Authentication Methods (EAMs). Find out how this ...

Read Article →

Creating a Microsoft 365 Retention Policy for Shared Mailboxes

August 05, 2025 by Tony Redmond

exchange-online data-lifecycle-management licensing microsoft-365-retention-policy powershell

After being asked whether licenses are needed to include shared mailboxes in Microsoft 365 retention policies, I investigated and found that licens...

Read Article →

Defender for Cloud Apps: Do you know what SaaS apps are being used in the organization?

August 05, 2025 by Jere Haavisto

defender-for-cloud-apps defender-for-cloud-apps

What is Defender for Cloud Apps. Defender for Cloud Apps aims to tackle the security problems that come with the increasing use of SaaS application...

Read Article →

Microsoft Entra Connect: Migration to Application Based Authentication (ABA)

August 05, 2025 by Oliver Müller

microsoft-azure directory efficiency identity-and-access-management-iam entra-id

With the introduction of Application Based Authentication (ABA), Microsoft introduces modern authentication mechanisms to Microsoft Entra Connect. ...

Read Article →

Blocking risky users with Passwordless Authentication methods

August 04, 2025 by Daniel Bradley

entra-id

Learn why you must evolve your Conditional Access policies to properly manage risk for your passwordless users. The post Blocking risky users with ...

Read Article →

How Microsoft Graph PowerShell SDK Access Tokens Work

August 04, 2025 by Tony Redmond

microsoft-graph powershell access-token bearer-token entra-id

If you use the Microsoft Graph PowerShell SDK, you don’t need to worry about obtaining an access token because SDK cmdlets include automatic token ...

Read Article →

How to store Defender XDR data for years in Sentinel data lake without expensive ingestion cost

August 04, 2025 by Jeffrey Appel

security datalake defender-for-endpoint defender-xdr sentinel

In recent years, an increasing number of customers have requested options to extend retention in Microsoft Defender XDR beyond the default 30 days ...

Read Article →

PIMActivation: The Ultimate Tool for Microsoft Entra PIM Bulk Role Activation

August 04, 2025 by Sebastian F. Markdanner

microsoft-entra microsoft-azure

Getting annoyed or impatient when activating eligible roles in PIM — especially multiple roles at once? You’re not alone. Today, I’m...

Read Article →

How to secure your Enterprise Application via PIM

August 01, 2025 by Roy Klooster

uncategorized

Table of Contents Introduction What is PIM? Requirements Configuration Step 1: Create Group Step 2: Confirm Existing SSO Integration Step 3: Config...

Read Article →

Monthly Update #122 Available for Office 365 for IT Pros eBook

August 01, 2025 by Tony Redmond

book best-microsoft-365-book office-365-for-it-pros

Monthly update #122 is now available for the Office 365 for IT Pros eBook. Subscribers can download PDF and EPUB files for the update from Gumroad....

Read Article →

DLP Diagnostics Available in Purview Portal

July 31, 2025 by Tony Redmond

data-loss-prevention dlp-diagnostics

DLP diagnostics were announced in October 2024, and it’s taken quite a while for Microsoft to make the four DLP diagnostic tests available. In trut...

Read Article →

Dynamic approval in Entra ID access packages using custom extensions

July 30, 2025 by Jan Bakker

uncategorized

Check out this article via web browser: Dynamic approval in Entra ID access packages using custom extensions Microsoft Entra ID Governance Entitlem...

Read Article →

How to Block OWA and Use the New Outlook

July 30, 2025 by Tony Redmond

outlook block-access-to-owa conditional-access-policy monarch new-outlook-for-windows

Microsoft suggests that tenants wanting to block access to OWA while allowing people to use the new Outlook should deploy a conditional access poli...

Read Article →

Microsoft Sentinel data lake: How to use/enable and set-up the unified data lake

July 30, 2025 by Jeffrey Appel

security datalake defender-xdr sentinel

Microsoft released the new Microsoft Sentinel data lake in public preview this month. With the data lake feature, it is possible to scale and store...

Read Article →

Azure Arc: Troubleshoot Azure Connected Machine agent connectivity issues

July 29, 2025 by wmatthyssen

azure azure-arc hybrid-cloud linux windows-server

In this blog post, I’ll walk you through troubleshooting connectivity issues with the Azure Connected Machine agent and highlight someContinue Reading

Read Article →

Download IntuneWin Win32 App Files Directly from Intune

July 29, 2025 by rudyooms

blog

This blog explains how to download the original IntuneWin Win32 app package from Intune when you no longer have the original source files. If you f...

Read Article →

Entra ID Governance Levies Charges for Guest Accounts

July 29, 2025 by Tony Redmond

entra-id entra-id powershell entra-audit-logs get-mgauditlogdirectoryaudit

A banner posted in the Entra admin center informs administrators that Entra ID governance features used by guest accounts incur charges from June 2...

Read Article →

Important Changes to Conditional Access Policies for Azure DevOps Sign-ins

July 29, 2025 by Daniel Bradley

azure entra-id news

Learn how to update your Conditional Access policies to protect your environment in preparation for updates to the Azure DevOps service. The post I...

Read Article →

Legacy MFA & SSPR are retiring -How to migrate MFA and SSPR settings to the Authentication methods policy

July 29, 2025 by Ewelina Paczkowska

entra-id security mfa

Learn how to migrate MFA and SSPR policy settings to the Authentication methods policy in Microsoft Entra before the legacy settings are retired. T...

Read Article →

AI Access Governance in M365: Detect Sensitive Prompts and Output

July 28, 2025 by Ankit Gupta

security

Copyright © 2025 Microsoft Security - All Rights Reserved.

Read Article →

August 2025 Update for Automating Microsoft 365 with PowerShell eBook

July 28, 2025 by Tony Redmond

powershell automating-microsoft-365-with-powershell microsoft-graph-api microsoft-graph-powershell-sdk

The August 2025 update for the Automating Microsoft 365 with PowerShell eBook is available for subscribers to download. The eBook now includes over...

Read Article →

How to Block Upload to WeTransfer, DropBox & Google Drive (but Allowing Download) – using Microsoft Purview Data Loss Prevention (DLP)

July 28, 2025 by Morten Knudsen

ai defender-for-endpoint dlp intune m365-security

This blog was created in response to recent policy changes related to the WeTransfer cloud storage service. These changes raised ... Read more

Read Article →

Microsoft Sentinel Data Lake - FAQ

July 28, 2025 by Truls Dahlsveen

azure sentinel

Answering some common questions people might have - Data lake is here, rejoice. It also brings up a bunch of questions, like do I still need Micros...

Read Article →

Intune Remote Wipe ending up in “Something went wrong” (0x800f0991)?

July 27, 2025 by rudyooms

blog

In this blog, we’ll walk through a remote wipe issue that leaves devices in a lingering, unmanaged state, where the Intune object is removed, the d...

Read Article →

New Outlook for Windows Enables S/MIME Inheritance Control

July 25, 2025 by Tony Redmond

exchange-online outlook exchange-server new-outlook-for-windows nosignonreply

The new Outlook for Windows now supports the NoSignOnReply control for inheritance of S/MIME signatures from messages to replies. It’s an update to...

Read Article →

Entra ID Introduces Linkable Token Identifiers for Audit Events

July 24, 2025 by Tony Redmond

entra-id entra-id get-mgbetaauditlogsignin linkable-token-identifier search-unifiedauditlog

Linkable token identifiers is a new Entra ID feature that adds a GUID to all the audit events for a session. The new identifiers make it easier to ...

Read Article →

Microsoft Makes Token Protection Available for Entra ID P1 Licenses

July 24, 2025 by Daniel Bradley

entra-id news

Discover a huge win for security. Token Protection in Conditional Access is now included in Microsoft Entra P1, offering a powerful defence against...

Read Article →

How to Remove Members from Microsoft 365 Groups with PowerShell

July 23, 2025 by Tony Redmond

microsoft-365-groups powershell distribution-lists mail-enabled-security-groups microsoft-graph-powershell-sdk

After writing about how to copy group memberships from one user to another, the question arises about removing members from groups. The answer is s...

Read Article →

Be Careful with Retention Labels Configured with Created Date Expiration

July 22, 2025 by Tony Redmond

onedrive-for-business powershell data-lifecycle-management get-mgdriveitemretentionlabel last-modified-date

Retention policies and retention labels have been around for about 8 years. Some of the older retention settings might use file created dates to re...

Read Article →

BeyondTrust Breaking Autopilot: 8018000a

July 22, 2025 by rudyooms

blog

This blog will discuss a strange Windows Autopilot failure that appeared on newly installed Windows 11 24H2 devices that had been updated with the ...

Read Article →

Planned Change Prevents Microsoft Tenant Domain Enumeration

July 22, 2025 by Daniel Bradley

exchange-online news

Planned Change Prevents Microsoft Tenant Domain Enumeration In a significant security-hardening move, Microsoft has altered the behaviour of its Ex...

Read Article →

Quick Machine Recovery: Built-In Resilience for Windows 24H2

July 22, 2025 by rudyooms

blog

This blog is about a new kind of silent recovery built into Windows 24h2 (KB5062660). It’s not about Safe Mode or Startup Repair, but something mor...

Read Article →

Changes Coming to Smoothen Edges in Microsoft Authenticator App

July 21, 2025 by Tony Redmond

entra-id mfa microsoft-authenticator-app multifactor-authentication number-matching

The Microsoft Authenticator app gets two important changes in September 2025 to make the app easier to use for average users. The current number ma...

Read Article →

Remove Default Microsoft Store Apps: Prevents Provisioning for New Users Only

July 21, 2025 by rudyooms

blog

This blog will be about what actually happens when you enable the new “Remove Default Microsoft Store Packages” from the System policy designed to ...

Read Article →

Streamline Your Git Workflow: (semi)-automated Branch Cleanup with PowerShell

July 21, 2025 by Roy Klooster

uncategorized

Table of Contents Introduction Requirements Benefits Step-by-Step Guide Examples Check Current Repository for Orphaned Branches Search all subdirec...

Read Article →

Microsoft to streamline the same-device sign-in experience for Microsoft Authenticator

July 20, 2025 by Daniel Bradley

news

Microsoft Authenticator simplifies same-device sign-ins, replacing number matching with a simple Yes/No prompt. The post Microsoft to streamline th...

Read Article →

How to not mess up your Microsoft Sentinel deployment

July 19, 2025 by Truls Dahlsveen

sentinel

Looking beyond just the technical details - I recently did a presentation with the same title as this post and figured it would be a good idea to a...

Read Article →

How to Find All Inactive Guests in Microsoft 365

July 18, 2025 by Daniel Bradley

entra-id microsoft-graph

Find inactive guests users in your Microsoft tenant using the Entra admin center or programmatically with Microsoft Graph PowerShell. The post How ...

Read Article →

Teams Gains New Accent Colors

July 18, 2025 by Tony Redmond

teams accent-color settings-app threaded-layout

The news that people can customize Teams by choosing one of ten accent colors for use in the Teams UX might or might not be positive, depending on ...

Read Article →

Microsoft Introduces Exchange 2016/2019 Extended Security Program

July 17, 2025 by Tony Redmond

exchange-online exchange-2016 exchange-2019 exchange-server-se extended-security-update-program

The Exchange Extended Security Update program is a 6-month lifeline for organizations struggling to upgrade servers to Exchange Server SE. Although...

Read Article →

Defender for Office 365 Auto-Remediation of Malicious Messages (AIR)

July 16, 2025 by Jeffrey Appel

security defender-for-office-365

In Defender for Office Automated Investigation and Response (AIR) is important. Microsoft has improved the features surrounding Auto-Remediation of...

Read Article →

Exchange Online Reduces Delicensing Resiliency Threshold to 5,000 Mailboxes

July 16, 2025 by Tony Redmond

exchange-online delicensing-resiliency inactive-mailboxes

A July 15 announcement says that Exchange Online is reducing the Delicensing Resiliency threshold from 10,000 to 5,000 mailboxes. That’s fine, but ...

Read Article →

Conditional Access Gone Too Far: Navigating Zero Trust Edge Cases

July 15, 2025 by Nathan Hutchinson

entra-id conditional-access

When Conditional Access meets Zero Trust, even the best intentions can backfire. In this post, we explore a real-world edge case where strict polic...

Read Article →

Copilot Studio Agent Vulnerability to Prompt Injection

July 15, 2025 by Tony Redmond

microsoft-365-copilot copilot-agents copilot-studio prompt-injection

Security researchers documented a prompt injection vulnerability in an agent created with Copilot Studio that allowed the exfiltration of customer ...

Read Article →

Intune, vTPM, and MDM Enrollment Version 6.0: What You Need to Know!

July 15, 2025 by rudyooms

blog

This blog will cover the latest features in MDM Enrollment Version 6.0 and explain their significance for device attestation, virtual TPMs, and Int...

Read Article →

Azure Update Manager: Register all required resource providers with a PowerShell script

July 14, 2025 by wmatthyssen

azure-arc azure-compute azure-update-manager aum

This blog post will show you how to use an Azure PowerShell script to register all required Azure Update ManagerContinue Reading

Read Article →

Hunting Through APIs - Logic App Edition

July 14, 2025 by Bert-Jan Pals

azure defender sentinel

Logic Apps allow organizations to easily automate processes, in the last blog the APIs to run KQL are discussed. This blog builds upon the knowledg...

Read Article →

Managing PIM-enabled groups with Entra ID Governance Access Packages just got better!

July 14, 2025 by Jan Bakker

entra-id

Check out this article via web browser: Managing PIM-enabled groups with Entra ID Governance Access Packages just got better! Just a quick heads-up...

Read Article →

Microsoft 365 Copilot Search Rolling Out

July 14, 2025 by Tony Redmond

microsoft-365-copilot microsoft-365-copilot-search microsoft-search-in-bing

Microsoft 365 Copilot Search is the second iteration of Copilot Search. It borrows heavily from the older Microsoft Search in Bing feature in terms...

Read Article →

Microsoft Defender for Identity Recommended Actions: Remove access rights on suspicious accounts with the Admin SDHolder permission

July 13, 2025 by thalpius

microsoft

Identity leverages Secure Score with twenty-seven recommended actions. In a series of blog posts, I will go through all twenty-seven recommended ac...

Read Article →

My First Year as a Microsoft MVP

July 12, 2025 by Michael Morten Sonne

community microsoft microsoft-mvp

Last Updated on August 18, 2025 by Michael Morten Sonne Introduction As I sit down to write this… The post My First Year as a Microsoft MVP f...

Read Article →

Entra ID Governance Deep dive

July 11, 2025 by jere.haavisto

entra-id identity

The time has come to write a blog about Entra ID Governance. There are a lot of cool functionality that can help managing Users and their permissio...

Read Article →

In-Depth Series: Shadow IDs & Workload Security in Entra

July 11, 2025 by Ankit Gupta

entra-id security

Copyright © 2025 Microsoft Security - All Rights Reserved.

Read Article →

Microsoft Graph PowerShell SDK V2.29 Now Available

July 11, 2025 by Tony Redmond

microsoft-graph powershell microsoft-graph-powershell-sdk

Version 2.29 of the Microsoft Graph PowerShell SDK can now be downloaded from the PowerShell Gallery. Initial tests show that the release is stable...

Read Article →

Easier Configuration Promised for the Microsoft Authenticator App

July 10, 2025 by Tony Redmond

administration entra-id authenticator-app backup-and-recovery icloud-keychain

The Microsoft Authenticator app is a secure authentication method for MFA. The app is getting an easier way for backup and recovery, which should m...

Read Article →

Improving the Processing of Protected Messages in Shared Mailboxes

July 09, 2025 by Tony Redmond

microsoft-information-protection outlook owa rights-management do-not-forward

A sometimes overlooked 2024 update delivers easier access to protected messages delivered to shared mailboxes. Instead of direct assignment of Full...

Read Article →

Microsoft to remove personal account requirement for Microsoft Authenticator backup

July 09, 2025 by Daniel Bradley

entra-id news

In September, Microsoft are to remove the personal account requirement for backing up and restoring the Microsoft Authenticator App. The post Micro...

Read Article →

Configuring M365 Company Branding & Privacy Settings: Simple Tricks to Reduce Phishing Risks

July 08, 2025 by Ewelina Paczkowska

security identity

Company branding isn’t just about creating a visual identity - it’s a key security measure for reducing phishing risks. In this post, I dive into h...

Read Article →

Copying Group Membership with the Microsoft Graph PowerShell SDK

July 08, 2025 by Tony Redmond

microsoft-365-groups microsoft-graph powershell copy-group-membership get-mgusermembergroup

Sometimes tenants need to copy group membership from one user to another. Often PowerShell is used, but with the demise of the Azure AD module you ...

Read Article →

Poor man’s IGA: Monitor and clean up stale guest accounts

July 08, 2025 by Jan Bakker

entra-id

Check out this article via web browser: Poor man’s IGA: Monitor and clean up stale guest accounts Today’s challenge Today, we are dealing with inac...

Read Article →

Copilot Audio Overviews for OneDrive Documents

July 07, 2025 by Tony Redmond

microsoft-365-copilot onedrive-for-business audio-overview

Microsoft 365 Copilot users can generate audio overviews from Word and PDF files and Teams meeting recordings stored in OneDrive for Business. Copi...

Read Article →

Microsoft’s Evolving Zero Trust Strategy in 2025

July 07, 2025 by Ankit Gupta

security zero-trust

Zero Trust is a modern security approach that assumes attackers may already be in your network and thus “never trust, always verify” every access r...

Read Article →

How to Secure Redirect URIs in Microsoft Entra ID Applications

July 06, 2025 by Daniel Bradley

entra-id

Learn how to find poorly configured Redirect URIs in Microsoft Entra Applications and why you should secure them. The post How to Secure Redirect U...

Read Article →

Exchange Server Subscription Edition Now Generally Available

July 04, 2025 by Tony Redmond

exchange-online exchange-server-se general-availability defender-for-office-365

July 1 marked the general availability of Exchange Server SE (subscription edition), the latest in a long line of server releases going back to Exc...

Read Article →

KB – We detected that this particular key type has been blocked by your organization

July 04, 2025 by Jan Bakker

entra-id security

Check out this article via web browser: KB – We detected that this particular key type has been blocked by your organization This is a knowle...

Read Article →

Transition from Microsoft Sentinel to Defender XDR - Practical challenges

July 04, 2025 by Robbe Van den Daele

azure security defender sentinel

Introduction Microsoft announced on the 1st of July 2025 that the Microsoft Sentinel Azure Portal UI will be deprecated at the 1st of July 2026, an...

Read Article →

How to Ensure Microsoft Entra Licensing Compliance

July 03, 2025 by Daniel Bradley

entra-id

Learn how to monitor for license compliance for Microsoft Entra and ensure you remain compliance with Microsoft licensing terms. The post How to En...

Read Article →

New Outlook for Windows Support for Export to PST

July 03, 2025 by Tony Redmond

outlook export-to-pst new-outlook-for-windows outlook-data-files owa-mailbox-policy

The New Outlook for Windows supports an export to PST function. Unfortunately, exporting mailbox items is very slow – roughly ten times slower than...

Read Article →

Data Strategy Breakdown Series - Entra ID (5)

July 02, 2025 by Ewelina Paczkowska

entra-id conditional-access identity

In this final installment of the Data Strategy Breakdown series, we dive into Entra ID and why securing your identity is crucial for a strong data ...

Read Article →

Microsoft Defender Attack Simulation Training: Boosting Real-World Security Awareness

July 02, 2025 by Oliver Müller

microsoft-365 identity-and-access-management-iam defender-xdr entra-id microsoft-tenant-hardening

Phishing, malware, and social engineering remain among the most common entry points for cyberattacks. While technical safeguards play a crucial rol...

Read Article →

Microsoft Launches New Way to Consume Documentation

July 02, 2025 by Tony Redmond

microsoft-365 github-copilot mcp-server-for-microsoft-learn microsoft-documentation

The MCP server for Microsoft Learn is available in public preview. It can be installed to allow AI agent real-time access to Microsoft documentatio...

Read Article →

A Native Way to Remove Default Microsoft Store Packages

July 01, 2025 by rudyooms

blog

This blog will focus on the new Windows 11 25h2 feature, “Remove Default Microsoft Store Packages.” It’s a long-awaited Group Policy and (eventuall...

Read Article →

Announcing Office 365 for IT Pros (2026 Edition)

July 01, 2025 by Tony Redmond

book 2026-edition automating-microsoft-365-with-powershell office-365-for-it-pros tenant-management

Office 365 for IT Pros (2026 edition), the 12th in an eBook series going back to May 2015, is now available. Covering all the essential aspects of ...

Read Article →

How the IME Cleans up the IMECache folder

July 01, 2025 by rudyooms

blog

This blog explains how the Intune Management Extension (IME) handles the cleanup of the IMECache folder after it has finished installing a Win32App...

Read Article →

Automating Microsoft 365 with PowerShell Second Edition

June 30, 2025 by Tony Redmond

book automating-microsoft-365-with-powershell microsoft-graph-api microsoft-graph-powershell-sdk

The Office 365 for IT Pros team are thrilled to announce the availability of Automating Microsoft 365 with PowerShell (2nd edition). This completel...

Read Article →

Azure Arc: Uninstall the Connected Machine agent and clean up related resources on Windows using a PowerShell script

June 30, 2025 by wmatthyssen

azure azure-arc hybrid-cloud powershell windows-server-2019

In this blog post, I’ll walk you through removing the Azure Arc Connected Machine agent from a Windows machine and cleaning up all related folders,...

Read Article →

Configure Microsoft Entra Trusted Network Locations for Better Protection

June 30, 2025 by Daniel Bradley

entra-id

Trusted locations are the foundation of location-based security policies and risk in Microsoft Entra, learn how they enhance the user experience. T...

Read Article →

Secure Score Series: A Comprehensive Guide

June 30, 2025 by Ankit Gupta

security

Copyright © 2025 Microsoft Security - All Rights Reserved.

Read Article →

🛠️ Releasing my legacy PowerShell AD Service Account Tool (Yes, it still works great)

June 29, 2025 by Michael Morten Sonne

active-directory code-repository community cool-tools github

Last Updated on June 29, 2025 by Michael Morten Sonne Introduction A throwback tool built for real-world IT… The post 🛠️ Releasing my legacy ...

Read Article →

Copilot Agent Governance Product Launched by ISV

June 27, 2025 by Tony Redmond

microsoft-365 agent-governance copilot-agents microsoft-365-copilot

Agent governance is the framework that allows tenants to deploy agents safely, securely, and under control. A new ISV offering from Rencore helps t...

Read Article →

Token Protection Extends to Microsoft Graph PowerShell SDK Sessions

June 26, 2025 by Tony Redmond

entra-id microsoft-graph powershell conditional-access-policies microsoft-graph-powershell-sdk

The conditional access policy condition for token protection now extends to Microsoft Graph PowerShell SDK interactive sessions. Any account within...

Read Article →

Microsoft 365 PowerShell Modules Need Better Testing

June 25, 2025 by Tony Redmond

microsoft-365 powershell net-support azure-automation exchange-online-management

Recent problems with Microsoft 365 PowerShell modules afflicted the ability of Azure Automation runbooks to execute cmdlets Microsoft Graph PowerSh...

Read Article →

Why you should disable Seamless SSO in Microsoft Entra Connect

June 25, 2025 by Daniel Bradley

entra-id

Learn why you should and how you can disable Seamless SSO in Microsoft Entra Connect to improve security in your environment. The post Why you shou...

Read Article →

Autopilot Unexpected Reboot: What Really Triggers a Device Restart (and How to Fix It)

June 24, 2025 by rudyooms

blog

If you’ve ever run into an Autopilot Unexpected Reboot right after Device setup, before the account setup even starts, you’re not alone. This post ...

Read Article →

Launch Plan for Office 365 for IT Pros (2026 Edition)

June 24, 2025 by Tony Redmond

book automating-microsoft-365-with-powershell microsoft-365-ebook office-365-ebook office-365-for-it-pros-2026-edition

We're a week away from the launch of the Office 365 for IT Pros (2026 edition) eBook, the 12th edition issued since the first book appeared in 2015...

Read Article →

Defender AV Mystery: Solving the ‘Source Files could Not be Found’

June 23, 2025 by Thomas Verheyden

defender-for-endpoint defender-xdr micorosft-security

Intro This week I bumped into a problem that I had not experienced for several years at one of my customers. The customer was migrating from a 3rd-...

Read Article →

“Everyone Gets the Same Toolbox” PowerShell Script

June 23, 2025 by Roy Klooster

uncategorized

Table of Contents Introduction Requirements Benefits Step-by-Step Guide Conclusion Introduction As someone who’s spent way too much time trou...

Read Article →

In-Depth Series: Mastering DSPM in Microsoft Purview

June 23, 2025 by Ankit Gupta

security

Copyright © 2025 Microsoft Security - All Rights Reserved.

Read Article →

Intune Policies showing error code -2016281112

June 23, 2025 by rudyooms

blog

This blog covers a weird issue where Windows Update client policies deployed through Intune began to fail after devices were upgraded to Windows 11...

Read Article →

Outlook’s New Summarize Option for Email Attachments

June 23, 2025 by Tony Redmond

microsoft-365-copilot outlook outlook-mobile owa new-outlook-for-windows

Among the blizzard of Copilot changes is one where Outlook can summarize attachments. That sounds small, but the feature is pretty useful if you re...

Read Article →

Inside My Toolkit: Dev Tools, Productivity Apps, and More 🛠️

June 22, 2025 by Michael Morten Sonne

community cool-tools general microsoft my-tools

Last Updated on June 28, 2025 by Michael Morten Sonne Introduction I’m happy to share something I’ve been… The post Inside My Toolkit: ...

Read Article →

Introducing Azure DevOps Backup Tool 1.2.0.0: Update with new features and bug fixes!

June 21, 2025 by Michael Morten Sonne

azure-devops backup code-repository my-tools software

Last Updated on June 21, 2025 by Michael Morten Sonne Introduction I’m thrilled to announce the latest release… The post Introducing Az...

Read Article →

Configure Passkey Profiles for Group-Based Passkey Restrictions

June 20, 2025 by Daniel Bradley

entra-id microsoft-graph

Learn about the new Passkey Profiles features of Passkeys in Microsoft Entra to provide group-based Passkey flexibility. The post Configure Passkey...

Read Article →

Microsoft to Block Users Granting Third-Party App Access to User Sites and Files

June 19, 2025 by Tony Redmond

entra-id entra-id app-consent-policy chatgpt onedrive-for-business

In July, Microsoft plans to introduce an app consent policy to stop users granting access to third-party apps to their files and sites. Letting use...

Read Article →

Require admin consent for third-party apps accessing files and sites

June 19, 2025 by Daniel Bradley

entra-id

Learn how to configure the require admin consent for third-party apps accessing files and sites and understand the impact to your business. The pos...

Read Article →

Updating the Entra ID Custom Banned Password List with PowerShell

June 19, 2025 by Tony Redmond

entra-id entra-id powershell custom-banned-password-list get-mgbetadirectorysetting

Microsoft 365 tenants with Entra P1 or P2 licenses can use a custom banned password list to stop people using specific terms in their passwords. Th...

Read Article →

Microsoft Pushes European Sovereign Solutions

June 18, 2025 by Tony Redmond

microsoft-365 azure-local exchange-server microsoft-365-local sharepoint-server

On June 16, Microsoft announced European sovereign solutions, including a new offering called Microsoft 365 Local that has nothing to do with Micro...

Read Article →

People Skills Rolling Out Within Microsoft 365

June 17, 2025 by Tony Redmond

microsoft-365 microsoft-365-profile-card people-skills

People Skills is a new Microsoft 365 solution that uses AI to determine what skills are possessed by users based on their profile and activities. T...

Read Article →

Using a Copilot Agent in SharePoint to Interact with Office 365 for IT Pros

June 16, 2025 by Tony Redmond

microsoft-365-copilot copilot-agent copilot-studio knowledge-source sharepoint-online

Copilot Studio Agents can use files as knowledge sources to reason over when they respond to user prompts. We explain how to use the monthly PDFs i...

Read Article →

How to Remove Exchange Without Breaking Hybrid Mail Management

June 15, 2025 by Daniel Bradley

exchange-online

Learn how to conveniently manage mail attributes for cloud mail users after decommissioning your hybrid Exchange Server. The post How to Remove Exc...

Read Article →

AI Generative Summaries Make Life Even Harder for Technology Websites

June 13, 2025 by Tony Redmond

microsoft-365 generative-ai generative-summaries technology-websites

The AI-based generative summaries featured by Google and other search engines remove organic traffic from technology websites and make it less attr...

Read Article →

Intune Anomalies Report

June 13, 2025 by Roy Klooster

uncategorized

Table of Contents Introduction Requirements Features How does it work? Interactive Authentication Client Secret Authentication Certificate Authenti...

Read Article →

Win32 Apps not Installing During Autopilot Device Preparation

June 13, 2025 by rudyooms

blog

This blog started with a support case from a customer who ran into an issue where Autopilot Device Preparation (AP DP) got stuck at “Installing req...

Read Article →

Azure Update Manager: Failed to update a dynamic scope for resources on a newly added subscription

June 12, 2025 by wmatthyssen

azure-arc azure-compute azure-update-manager aum

In this blog post, you’ll learn how to resolve the error that occurs when updating or creating dynamic scopes forContinue Reading

Read Article →

In-Depth Series: Architecting Microsoft Defender

June 12, 2025 by Ankit Gupta

defender

Copyright © 2025 Microsoft Security - All Rights Reserved.

Read Article →

Remote Speedtest in CLI: Easy & Quick Network Troubleshooting

June 12, 2025 by Roy Klooster

uncategorized

Table of Contents Introduction Requirements Benifits Step-by-Step Guide Conclusion Introduction As an IT professional, diagnosing performance issue...

Read Article →

When the Invoke-MgGraphRequest Cmdlet Needs Help to Fetch Responses

June 12, 2025 by Tony Redmond

graph-api powershell graph-explorer invoke-mggraphrequest response-header

Sometimes it's hard to get a response back from running a Graph API request with the Invoke-MgGraphRequest cmdlet. Graph Explorer helps. So does re...

Read Article →

How to Block Ad-Hoc Email-Based Subscriptions

June 11, 2025 by Tony Redmond

administration security copilot-studio email-based-subscriptions entra-id-authorization-policy

The old Set-MsolCompanySettings cmdlet is no more, so how can a Microsoft 365 tenant block email-based subscriptions? With the Graph, of course! Se...

Read Article →

Hunting Through APIs

June 10, 2025 by Bert-Jan Pals

azure security defender

In today’s blog, we’re diving into the world of hunting through APIs. In the blog, the advantages, limitations, and scopes of the Graph...

Read Article →

Poor man’s IGA: Generate Temporary Access Pass for joiners

June 10, 2025 by Jan Bakker

entra-id logic-apps security

Check out this article via web browser: Poor man’s IGA: Generate Temporary Access Pass for joiners Today’s challenge Today, we look at a join...

Read Article →

Say Goodbye to Basic Authentication in Exchange Online: What You Need to Know

June 10, 2025 by Tom Rolvers

entra-id legacy-authentication

Prepare for the deprecation of Basic Authentication in Exchange Online by September 2025. Start detect legacy sign-ins (including ROPC) using Micro...

Read Article →

SharePoint Online Dumps OTP Authentication for Sharing Links

June 10, 2025 by Tony Redmond

entra-id onedrive-for-business sharepoint-online entra-id-b2b-collaboration one-time-passcode

After July 1, 2025, any sharing links generated with one-time passcodes (OTP) will stop working. Only links based on Entra ID B2B Collaboration wil...

Read Article →

Data Strategy Breakdown Series - Defender XDR and Intune (4)

June 09, 2025 by Ewelina Paczkowska

security defender intune compliance

In Part 4 of the Data Strategy Breakdown Series, we explore how Defender XDR and Intune in your data strategy can transform security operations. Fr...

Read Article →

How to Block PST Files for the New Outlook for Windows

June 09, 2025 by Tony Redmond

microsoft-365 block-pst-access new-outlook-for-windows owa set-owamailboxpolicy

An OWA mailbox setting is available to block PST access for the new Outlook for Windows client. The setting mimics controls available for Outlook c...

Read Article →

Microsoft Entra Restricted Management Administrative Units: Delegating Control Without Sacrificing Security

June 09, 2025 by Sebastian F. Markdanner

microsoft-entra

Today, I’ll take a closer look at Microsoft Entra Administrative Units (AUs) and Restricted Management Administrative Units (RMAUs)...

Read Article →

MDE-Troubleshooter v1.6.1 available

June 07, 2025 by Thomas Verheyden

defender-for-endpoint defender-xdr defender-for-servers micorosft-security

What’s new:– Inspired by Yong Rhee “Resolving High CPU Utilization in MDE” session, added additional options to run the Per...

Read Article →

Respond to Teams Messages with Multiple Emoji Reactions

June 06, 2025 by Tony Redmond

teams custom-emojis multiple-emoji-reactions teams-channel-messages teams-chat

The need for more nuanced responses to Teams chat and channel messages can apparently be met through multiple emoji reactions instead of a basic on...

Read Article →

Exchange Online Upgrades Its Message Tracing Capabilities

June 05, 2025 by Tony Redmond

exchange-online get-messagetracev2 message-trace message-tracing

Microsoft announced the GA for the new message tracing feature on June 3. The old code will be deprecated in September 2025, so it's time to update...

Read Article →

How to Enable Token Binding With Microsoft Graph PowerShell

June 05, 2025 by Daniel Bradley

entra-id microsoft-graph

Learn how to enable Token Binding for securely connecting to Microsoft Graph PowerShell with Token Protection. The post How to Enable Token Binding...

Read Article →

Mailbox Import-Export Graph APIs Leave No Audit Trail

June 04, 2025 by Tony Redmond

exchange-online microsoft-365 microsoft-graph ews mailbox-import-export-graph-api

A recent post revealed that the Mailbox Import-Export Graph API doesn't capture audit events for its operations. The API is in beta, but this is di...

Read Article →

Poor man’s IGA: Revoke all refresh tokens for user

June 04, 2025 by Jan Bakker

entra-id security

Check out this article via web browser: Poor man’s IGA: Revoke all refresh tokens for user Today’s challenge Today, we look at Microsof...

Read Article →

New Outlook and OWA Control for Viewing Protected Email

June 03, 2025 by Tony Redmond

exchange-online outlook owa encrypted-email mc1041456

The new TwoClickMailPreviewEnabled setting in the Exchange organization configuration controls if OWA and the new Outlook for Windows use two-click...

Read Article →

June 2025 Update Available for Office 365 for IT Pros (2025 Edition)

June 02, 2025 by Tony Redmond

book microsoft-365-paid-seats microsoft-365-user-number office-365-for-it-pros-ebook

Monthly update #120 (June 2025) is available for the Office 365 for IT Pros eBook. This is the last update for the 2025 edition as the 2026 edition...

Read Article →

Defender XDR - Custom Detection Rules Push/Pull via API

May 31, 2025 by Truls Dahlsveen

defender sentinel

A little primer to pushing and pulling new content via the graph beta API - Jumping straight into this one, custom detection rules are similar to a...

Read Article →

In-Depth Series: Microsoft Entra Risky Users and Risky Sign-Ins

May 31, 2025 by Ankit Gupta

entra-id

Copyright © 2025 Microsoft Security - All Rights Reserved.

Read Article →

How to Tell if Entra Connect is Using Application-Based Authentication

May 30, 2025 by Daniel Bradley

entra-id

Learn how to use PowerShell to verify the authentication method your Entra Connect configuration is using to connect to Entra. The post How to Tell...

Read Article →

Microsoft Launches the Copilot Interaction Export API

May 30, 2025 by Tony Redmond

microsoft-365-copilot microsoft-graph aiinteractionhistory copilot-interaction-export-api

Microsoft will launch the aiInteractionHistory Graph API (aka, the Copilot Interaction Export API) in June. The API enables third-party access to C...

Read Article →

Entra ID – Entra Connect – Secure App & Certificate-Based Authentication is here! Plus: I built you a better way to manage it

May 29, 2025 by Michael Morten Sonne

active-directory entra-id entra-id-connect github identity

Last Updated on August 1, 2025 by Michael Morten Sonne Introduction Yes finally, it’s here! No more need… The post Entra ID – Entra Con...

Read Article →

How to List Hidden Group Memberships with the Graph

May 29, 2025 by Tony Redmond

microsoft-365-groups microsoft-graph powershell get-mggroup get-mggroupmember

A user reported that a script didn't list any details of hidden group memberships and asked why. The reason is that a separate Graph permission con...

Read Article →

How to register all required Azure Compute resource providers with Azure PowerShell on a new subscription

May 29, 2025 by wmatthyssen

azure azure-compute azure-governance azure-powershell powershell-script

In this blog post, you’ll learn how to use an Azure PowerShell script to automatically register all the necessary AzureContinue Reading

Read Article →

Data Strategy Breakdown Series - Secure Collaboration (3)

May 28, 2025 by Ewelina Paczkowska

security

In today’s hybrid work environment, secure collaboration is more crucial than ever. Over-sharing, under-securing, and mismanaging collaboration too...

Read Article →

The Case of the Mysterious SharePoint Embedded Containers

May 28, 2025 by Tony Redmond

microsoft-365 microsoft-365-copilot containers copilot-studio declarative-agents

A set of 80 mysterious SharePoint Embedded containers turned up because Microsoft pre-provisioned storage for files used as knowledge sources by Co...

Read Article →

Microsoft Launches Agent Management in the Entra Admin Center

May 27, 2025 by Tony Redmond

entra-id azure-ai-foundry copilot-studio custom-agents entra-admin-center

The prospect of agents running amok in Microsoft 365 tenants lessened a tad with the introduction of Entra Agent ID. Tenants will be able to manage...

Read Article →

In-Depth Series: DLP Strategy with Microsoft Purview

May 26, 2025 by Ankit Gupta

security

Copyright © 2025 Microsoft Security - All Rights Reserved.

Read Article →

Securing Microsoft Business Premium Part 05: Efficient Identity Management for External Users with Microsoft Entra

May 26, 2025 by Sebastian F. Markdanner

microsoft-entra microsoft-azure

Managing external users is one of the most tedious—but also critical—challenges in a Microsoft Business Premium environment. With...

Read Article →

Teams Tweaks its Discover Feed

May 26, 2025 by Tony Redmond

teams discover-feed

The Teams Discover Feed highlights unread items from channels that users might have missed. Microsoft tweaked the feature so that it only works wit...

Read Article →

Tutorial: Integrate AI into your Powershell scripts

May 25, 2025 by Morten Knudsen

ai azure identity scripting security

I have been playing around with integrating AI into my favorite scripting tool: Powershell. This blog serves as a quick-guide ... Read more

Read Article →

Troubleshooting Windows Feature Updates not being deploying using Intune/AutoPatch/WUfB

May 24, 2025 by Morten Knudsen

intune microsoft-graph microsoft-security microsoftsecurityupdates scripting

I have been banging my head why some machines wouldn’t deploy Windows 11 Windows Feature Updates (24H2) as part of ... Read more

Read Article →

Azure Arc – Introducing AACMAToolkit: A New Azure Arc Management Tool

May 23, 2025 by Michael Morten Sonne

azure-arc c code-repository community cool-tools

Last Updated on May 23, 2025 by Michael Morten Sonne Introduction Managing Azure Arc Connected Machine Agents just… The post Azure Arc – Intr...

Read Article →

June 2025 Update for the Automating Microsoft 365 with PowerShell eBook

May 23, 2025 by Tony Redmond

microsoft-365 powershell automating-microsoft-365-with-powershell graph-api microsoft-365-powershell

The June 2025 update for the Automating Microsoft 365 with PowerShell eBook is now available. Coding automation with Microsoft 365 PowerShell can b...

Read Article →

Microsoft Defender for Identity Recommended Actions: GPO assigns unprivileged identities to local groups with elevated privileges

May 23, 2025 by thalpius

microsoft

Identity leverages Secure Score with twenty-seven recommended actions. In a series of blog posts, I will go through all twenty-seven recommended ac...

Read Article →

How to Add a Loop Workspace to a Standard Teams Channel

May 22, 2025 by Tony Redmond

microsoft-loop teams loop-task-list loop-workspace teams-channel-tab

The update to allow team members to add a Loop workspace as a channel tab is now rolling out and should be available worldwide soon. Microsoft is c...

Read Article →

M365 License Assignment Report

May 22, 2025 by Roy Klooster

uncategorized

Table of Contents Introduction Requirements Features How does it work? Interactive Authentication Client Secret Authentication Certificate Authenti...

Read Article →

Quest Tool Migrates Protected Email and Files Between Tenants

May 21, 2025 by Tony Redmond

microsoft-365 rights-management mip-sdk protected-files sensitivity-labels

A new feature of the Quest On Demand migration suite supports the tenant-to-tenant migration of Exchange and SharePoint content protected by sensit...

Read Article →

Unlocking the Power of employeeHireDate in Entra ID Dynamic Groups

May 21, 2025 by Jan Bakker

entra-id security

Check out this article via web browser: Unlocking the Power of employeeHireDate in Entra ID Dynamic Groups Disclaimer: The main structure of this b...

Read Article →

Entra ID Admin Roles Report

May 20, 2025 by Roy Klooster

uncategorized

Table of Contents Introduction Requirements Features How does it work? Interactive Authentication Client Secret Authentication Certificate Authenti...

Read Article →

Export Conditional Access Policy Files With CA Policy Copier

May 20, 2025 by Daniel Bradley

entra-id microsoft-graph

Use the CA Policy Copier browser extension to conveniently copy and export Conditional Access policies to JSON. The post Export Conditional Access ...

Read Article →

Why Copilot Access to “Restricted” Passwords Isn’t as Big an Issue as Uploading Files to ChatGPT

May 20, 2025 by Tony Redmond

microsoft-365-copilot chatgpt penetration-test

Some sites picked up the Microsoft 365 Copilot penetration test that allegedly proved how Copilot can extract sensitive data from SharePoint Online...

Read Article →

Microsoft 365 Copilot Gets Viva Insights Service Plans

May 19, 2025 by Tony Redmond

microsoft-365-copilot microsoft-365-copilot-license service-plan viva-insights workplace-analytics

Two new service plans are now in the Microsoft 365 Copilot license to allow users access to Viva Insights. The new service plans enable the Copilot...

Read Article →

Whats New in Windows Autopatch

May 19, 2025 by Tom Rolvers

windows-autopatch intune patch-management

Learn how Windows Autopatch lets you orchestrate updates for Windows, Microsoft 365 Apps, Microsoft Edge, and Teams. All from a single automated so...

Read Article →

Time to Review How to Preserve Ex-Employee Data

May 16, 2025 by Tony Redmond

microsoft-365 ex-employee exchange-online layoffs onedrive-for-business

This week's Microsoft layoffs provide a timely reminder to review how to retain and secure ex-employee data. OneDrive for Business might be the big...

Read Article →

Microsoft Graph PowerShell SDK V2.28 Attempts to Restore Stability

May 15, 2025 by Tony Redmond

microsoft-graph powershell microsoft-graph-powershell-sdk v228

On May 10, 2025, Microsoft released V2.28 of the Microsoft Graph PowerShell SDK in the hope that the new version would fix a bunch of annoying prob...

Read Article →

Replacing Litigation Holds with Microsoft 365 Retention Policies

May 14, 2025 by Tony Redmond

compliance exchange-online litigation-hold microsoft-365-retention-policies

Litigation holds can retain mailbox data, but that's it. You can swap litigation holds out for a Microsoft 365 retention policy and gain extra func...

Read Article →

Entra ID – Managed Identity Permissions Manager – Performance Stats and Community Insights

May 13, 2025 by Michael Morten Sonne

entra-id code-repository cool-tools github identity

Last Updated on May 13, 2025 by Michael Morten Sonne Introduction Here is a small update on my… The post Entra ID – Managed Identity Permissi...

Read Article →

Use an OWA Mailbox Policy to Block Attachment Download for the New Outlook for Windows

May 13, 2025 by Tony Redmond

entra-id exchange-online outlook block-access-to-attachments block-attachment-download

The ConditionalAccessPolicy setting in an OWA mailbox policy can be configured to work with Entra ID conditional access so that OWA blocks access t...

Read Article →

Eligible PIM Enabled Group Membership via Access Packages

May 12, 2025 by Daniel Bradley

entra-id

How to create an Access Package that enables you to become eligible for a PIM enabled group in Microsoft Entra. The post Eligible PIM Enabled Group...

Read Article →

Microsoft Sentinel UEBA: 2025 Guide to Behavior Analytics

May 12, 2025 by Ankit Gupta

sentinel

Copyright © 2025 Microsoft Security - All Rights Reserved.

Read Article →

Penetration Test Asks Questions About Copilot Access to SharePoint Online

May 12, 2025 by Tony Redmond

microsoft-365-copilot sharepoint-online copilot-for-microsoft-365 dlp-policy-for-copilot penetration-test

An article by a company specializing in penetration tests raised some questions about how attackers might use Copilot for Microsoft 365 to retrieve...

Read Article →

Register Yubikeys on behalf of your users with YubiEnroll

May 10, 2025 by Jan Bakker

entra-id security

Check out this article via web browser: Register Yubikeys on behalf of your users with YubiEnroll In an earlier post, I showed several ways to (bul...

Read Article →

How to Enhance Copilot Usage Data

May 09, 2025 by Tony Redmond

microsoft-365-copilot powershell combine-copilot-usage-data-with-user-account-details copilot-usage-data

Copilot usage data can be pretty sparse, but it's easy to enhance the data to gain extra insight into how Microsoft 365 Copilot is used within a te...

Read Article →

Use Custom Extensions for Access Package approval in Entra

May 09, 2025 by Daniel Bradley

entra-id

You can now use custom extensions to enable an external system to determine the approver of an Access Package in Microsoft Entra. The post Use Cust...

Read Article →

The Downside of Losing the Exchange Mailbox Audit Search Cmdlets

May 08, 2025 by Tony Redmond

compliance exchange-online exchange-mailbox-audit find-audit-events-for-a-mailbox search-unifiedauditlog

Microsoft recently announced the deprecation of the Exchange cmdlets to search for mailbox audit data. The audit data is ingested into the Microsof...

Read Article →

Azure Arc: Keep your Azure Connected Machine agent up-to-date on a Windows Server

May 07, 2025 by wmatthyssen

azure azure-arc azure-update-manager hybrid-cloud powershell

In this blog post, you’ll learn how to keep the Azure Connected Machine agent up-to-date on Azure Arc-enabled Windows servers,Continue Reading

Read Article →

Data Strategy Breakdown Series - Basic Security Hygiene (2)

May 07, 2025 by Ewelina Paczkowska

security mfa

A rapid-fire guide to basic security hygiene in Microsoft 365. This no-fluff checklist covers MFA, legacy auth, admin protection, spoofing preventi...

Read Article →

Defender for Office 365: Visualisation of the Tenant Allow/Block List features

May 07, 2025 by Thomas Verheyden

defender-for-office-365 defender-xdr micorosft-security

During my work with customers, when I explain the tenant allow and block features in Microsoft Defender for Office 365 P1/P2, I often get the quest...

Read Article →

How to Permanently Remove Mailbox Items with the Graph API

May 07, 2025 by Tony Redmond

exchange-online microsoft-graph powershell ews mailbox-item

Some new Graph APIs were announced on April 1 to close a feature gap with EWS. The new APIs permanently remove mailbox items and other objects, inc...

Read Article →

How Microsoft 365 Copilot Tenants Benefit from SharePoint Advanced Management

May 06, 2025 by Tony Redmond

microsoft-365-copilot sharepoint-online licensing sam sharepoint-advanced-management

At Ignite 2024, Microsoft said that Copilot for Microsoft 365 tenants would benefit from SharePoint Advanced Management (SAM). What does that mean?...

Read Article →

How to restrict Device Code Flow in Entra ID

May 06, 2025 by Jan Bakker

entra-id security

Check out this article via web browser: How to restrict Device Code Flow in Entra ID For good reasons, device code flow in Entra ID is getting a lo...

Read Article →

Investigating ClickFix Incidents

May 05, 2025 by Bert-Jan Pals

defender cloud

With ClickFix being one of the popular delivery methods for malware, infostealers and state-sponsored hackers it is time to share a blog on investi...

Read Article →

Microsoft Extends DLP Policy for Copilot to Office Apps

May 05, 2025 by Tony Redmond

data-loss-prevention microsoft-365-copilot dlp-policy-for-copilot dlp-policy-for-microsoft-365-copilot office-apps

First introduced in March 2025 to block access to sensitive documents by BizChat, Microsoft has extended the DLP policy for Copilot to cover the we...

Read Article →

Time for a new lab enviroment – Part 1

May 04, 2025 by Michael Morten Sonne

azure-local community home-lab lab microsoft

Last Updated on May 4, 2025 by Michael Morten Sonne Introduction 🧑‍💻 I’m excited to share that I’m… The post Time for a new lab envirom...

Read Article →

Find Least Privileged Roles for Delegated Graph API Permissions

May 03, 2025 by Daniel Bradley

entra-id microsoft-graph

Learn how to find least privileged Microsoft Entra roles for Microsoft Graph API delegated permissions to align with best practice. The post Find L...

Read Article →

The Return of the General Channel

May 02, 2025 by Tony Redmond

teams code-blocks code-snippets general-channel loop

Last year, Microsoft removed the need to have a General channel in a team. Now the General channel is making a comeback, and you can choose to have...

Read Article →

May 2025 Update for the Office 365 for IT Pros eBook

May 01, 2025 by Tony Redmond

book office-365-for-it-pros

Subscribers for Office 365 for IT Pros (2025 edition) eBook can download the May 2025 updates (#119) now. Update #11.3 for the PowerShell book is a...

Read Article →

Data Strategy Breakdown Series - Defence in depth & Zero Trust (1)

April 30, 2025 by Ewelina Paczkowska

security zero-trust identity

In this first post, we explore how to create a strong data security foundation using defence in depth and Zero Trust strategies. With identity now ...

Read Article →

Microsoft 365 Security & Compliance User Group

April 30, 2025 by Robbe Van den Daele

security defender sentinel compliance

Together with Thijs, I gave our updated session on how we architect a SOC on top of Microsoft Defender XDR and Microsoft Sentinel. Since there were...

Read Article →

Microsoft Introduces Control for Direct Send in Exchange Online

April 30, 2025 by Tony Redmond

exchange-online direct-send email-security reject-send smtp-auth

The Direct Send feature allows apps and devices to send unauthenticated email via Exchange Online to internal receipts. Microsoft doesn’t want unau...

Read Article →

How to Find Active EWS-Based Apps in a Microsoft 365 Tenant

April 29, 2025 by Tony Redmond

exchange-online ews exchange-web-services retirement usage-report

Microsoft will retire Exchange Web Services (EWS) from Exchange Online on October 1, 2026. A new usage report helps tenants understand what apps us...

Read Article →

Automating Microsoft 365 with PowerShell Update #11

April 28, 2025 by Tony Redmond

book automating-microsoft-365-with-powershell microsoft-graph microsoft-graph-usage-report-api set-mguserlicense

Update #11 for the Automating Microsoft 365 with PowerShell eBook is now available for subscribers to download. The eBook is now over 300 pages lon...

Read Article →

Creating a CCP connector: Part 4

April 28, 2025 by Tim Groothuis

data-connectors microsoft-sentinel sentinel security azure

Hi there! Welcome (back) to my blog series about building a connector using Microsoft’s Sentinel Codeless Connector Platform (CCP). In the previous...

Read Article →

Go With the Flow: Mastering Microsoft Entra User Flows—Self-Service Sign-Up in a Workforce tenant

April 28, 2025 by Sebastian F. Markdanner

microsoft-entra microsoft-azure

Managing new guest accounts can be a daunting task—especially when you’re dealing with high turnover, distributed teams, or unknown user...

Read Article →

How to Block the Use of Direct Send in Exchange Online

April 28, 2025 by Daniel Bradley

exchange-online

Block direct send capabilities in Exchange Online and encourage stronger email authentication for devices and applications. The post How to Block t...

Read Article →

How to block the creation of Client Secrets on Entra applications

April 27, 2025 by Daniel Bradley

entra-id microsoft-graph

Learn how to prevent application owners in Microsoft Entra create new client secrets or certificates on their application. The post How to block th...

Read Article →

Detecting non-privileged Windows Hello abuse

April 26, 2025 by Robbe Van den Daele

security

Introduction I recently followed a live session of Dirk-Jan Mollema and Ceri Coburn on how Windows Hello for Business can be abused as a non-privil...

Read Article →

Copilot’s Solution to Fix Grammar and Spellings

April 25, 2025 by Tony Redmond

microsoft-365-copilot copilot-for-word fic-grammar-and-spelling-errors

Microsoft 365 Copilot will soon introduce a feature to fix spelling and grammar errors with one click. At least, that's the promise when Microsoft ...

Read Article →

Replacing Litigation Holds with an eDiscovery Case

April 24, 2025 by Tony Redmond

compliance exchange-online onedrive-for-business ediscovery inactive-mailboxes

Litigation holds were great when introduced with Exchange 2010. Fifteen years on, better methods exist to preserve user information, like eDiscover...

Read Article →

Microsoft Retires Exchange Server OWA Access to Online Archives

April 23, 2025 by Tony Redmond

exchange-online exchange-server exchange-server-se online-archives outlook-classic

Microsoft's April 17 announcement that OWA in Exchange Server will not support access to online archives after May 12, 2025, surprised quite a few ...

Read Article →

Modern data security challenges: defence in depth approach

April 23, 2025 by Ewelina Paczkowska

security identity

When we talk about data security, we’re essentially talking about cybersecurity at large - because data is what the bad actors are ultimately after...

Read Article →

Exchange Online Moves Closer to Dumping EWS

April 22, 2025 by Tony Redmond

exchange-online dedicated-exchange-hybrid-app ews-retirement exchange-server hcw

Microsoft is introducing a Dedicated Exchange Hybrid App to facilitate the transition away from EWS to use Graph API requests for rich hybrid coexi...

Read Article →

Microsoft Defender for Identity Recommended Actions: Unsafe permissions on the DnsAdmins group

April 22, 2025 by thalpius

microsoft

Microsoft Secure Score helps organizations get insights into security posture based on security-related measurements. Microsoft Defender for Identi...

Read Article →

An Account Blocked by MACE Credential Revocation is A Good Way to Start a Saturday Morning

April 21, 2025 by Tony Redmond

entra-id entra-id-risky-user leaked-credentials mace-credential-revocation sign-in-metrics

The last thing you want on a Saturday morning is to find that Entra ID has blocked your account because of leaked credentials. Even though the acco...

Read Article →

Report Conditional Access Blocked Sign-in Metrics with PowerShell

April 21, 2025 by Daniel Bradley

microsoft-graph

How to use getMetricsForConditionalAccessBlockedSignIn Graph API to report Conditional Access blocked sign-in metrics. The post Report Conditional ...

Read Article →

Continue to Sign in Prompt Part 2: Disable the DMA SSO Compliance

April 19, 2025 by rudyooms

intune

In this blog, we will examine how a recent big Windows change was introduced to meet Digital Markets Act (DMA SSO Compliance) requirements. This ch...

Read Article →

How to Report the Sponsors of Entra ID Guest Accounts

April 18, 2025 by Tony Redmond

entra-id guest-account guest-account-sponsor sponsor

Entra ID populates the sponsor property for new guest accounts with details of the person who invites the guest to the tenant. It's data that can b...

Read Article →

Important Purview eDiscovery Changes Take Effect in May 2025

April 17, 2025 by Tony Redmond

compliance content-searches get-compliancesearchaction microsoft-purview-ediscovery new-compliancesearchaction

Microsoft is making some important changes to Purview eDiscovery from May 26, 2025. The changes affect how content searches work and are likely to ...

Read Article →

Introducing the Microsoft Graph Copilot PowerShell module

April 16, 2025 by Daniel Bradley

microsoft-365-copilot microsoft-graph

Introducing the Microsoft.Graph.Copilot PowerShell module to help with interacting with Copilot related Graph APIs. The post Introducing the Micros...

Read Article →

Licensing Auto-Label Policies for Sensitivity Labels

April 16, 2025 by Tony Redmond

administration compliance assignsensitivitylabel auto-label-policies costs

Microsoft Purview makes it easy to apply sensitivity labels to Office documents and PDF files with auto-label policies. Licenses are needed for aut...

Read Article →

🚀 A huge thank you — and a little update behind the scenes

April 15, 2025 by Michael Morten Sonne

community general mvp-award

Last Updated on April 15, 2025 by Michael Morten Sonne First off — thank you so much for… The post 🚀 A huge thank you — and a little update b...

Read Article →

Comprehensive Guide to Configuring Advanced Auditing

April 15, 2025 by Nathan McNulty

security

This post provides everything you need to ensure Advanced Auditing is fully configured and auditing everything we possibly can for both existing an...

Read Article →

Entra ID to Disable Service Principal-Less Authentication

April 15, 2025 by Tony Redmond

entra-id entra-id service-principal-less-authentication

Microsoft will disable service principal-less authentication in March 2026. This step closes a hole that doesn't exist today but might in the futur...

Read Article →

Microsoft Attempts to Fix Microsoft Graph PowerShell SDK Problem with Azure Automation

April 14, 2025 by Tony Redmond

microsoft-graph powershell azure-automation microsoft-graph-powershell-sdk problems

V2.26 and V2.26.1 of the Microsoft Graph PowerShell SDK were low-quality, buggy disasters. Microsoft aims to fix the problem in the next version to...

Read Article →

Using Azure Arc only for Defender for Servers or Azure monitoring Agent? Lock it down!

April 14, 2025 by Thomas Verheyden

defender-for-cloud defender-for-endpoint defender-xdr azure-monitoring-agent defender-for-servers

Intro While reviewing Defender for Servers and AMA agent implementations across various customers, I noticed that not all of them are following bes...

Read Article →

Defender for Identity – Unveiling Enhanced Visibility – New Service Account Monitoring Capabilities

April 13, 2025 by Michael Morten Sonne

active-directory analyzer cool-tools identity defender-for-identity

Last Updated on April 13, 2025 by Michael Morten Sonne Introduction Service accounts are often the unsung heroes… The post Defender for Ident...

Read Article →

Implementing Attack Surface Reduction Policies

April 13, 2025 by Tom Rolvers

intune asr

Start implement Microsoft's Attack Surface Reduction (ASR) policies today!

Read Article →

Are Microsoft E5 Licensing Add-Ons a Good Deal?

April 11, 2025 by Tony Redmond

compliance microsoft-365 security microsoft-365-business-premium microsoft-e5-compliance

The Microsoft E5 Security add-on is available for Microsoft 365 Business Premium (and other) tenants. The add-on looks like a bargain because the b...

Read Article →

Reporting the Creation of SharePoint Agents

April 10, 2025 by Tony Redmond

powershell sharepoint-online audit-log sharepoint-agent

Any site member can create a SharePoint agent. There’s no out-of-the-box method to report the creation of agents, but agents are created like any o...

Read Article →

The “Continue to Sign in Prompt” That breaks the SSO

April 09, 2025 by rudyooms

intune

In this blog, we will examine why Windows shows the “Continue to sign in?” prompt when launching apps like Edge or Company Portal for the first time

Read Article →

Use Auto-Label Policies to Protect Old Files from Copilot

April 09, 2025 by Tony Redmond

compliance auto-label-policies old-files sensitivity-labels trainable-classifier

Often Microsoft 365 tenants have large numbers of old but confidential documents that they need to protect and stop Microsoft 365 Copilot finding. ...

Read Article →

Why Microsoft Purview projects fail before they even begin - and how to stop that from happening

April 09, 2025 by Ewelina Paczkowska

security

Microsoft Purview isn’t just another tool you switch on and walk away from. It’s a full-on transformation.

Read Article →

How to find non-privileged applications owners in Microsoft Entra

April 08, 2025 by Daniel Bradley

entra-id microsoft-graph

Use Microsoft Graph PowerShell to identify Entra applications that have owners who are not privileged users. The post How to find non-privileged ap...

Read Article →

How to Report Who Shared What File From SharePoint Online Sites

April 08, 2025 by Tony Redmond

compliance sharepoint-online audit-log report-file-sharing-events sharepoint-online-file-sharing

File sharing is at the heart of SharePoint Online. Being able to report file sharing events by analyzing the audit log is a good skill for Microsof...

Read Article →

🚀Introducing ASR Rule Inspector V2

April 08, 2025 by Roy Klooster

uncategorized

Table of Contents Introduction What’s New in the V2? Intune vs Local Comparison – No More Policy Guesswork Detecting Duplicate and Conflictin...

Read Article →

Microsoft Defender for Office 365 Exposes Bad Links in Email Preview

April 07, 2025 by Tony Redmond

microsoft-365 email-entity email-preview defender-for-office-365 safe-links

Microsoft Defender for Office 365 includes many tools to help investigators manage threat. The Email Preview tool shows the layout and appearance o...

Read Article →

Entra Private Access and the future of the Entra App Proxy

April 06, 2025 by Christopher Brumm

entra-id security conditional-access

Since the release of Entra Private Access, I have been getting more and more questions about the future of the Entra App Proxy. Will it still be ne...

Read Article →

Bringing Artificial Intelligence to Entra ID Conditional Access

April 04, 2025 by Tony Redmond

entra-id conditional-access-optimization-agent conditional-access-policies security-copilot

The Conditional Access Optimization Agent is one of 6 Security Copilot agents unveiled by Microsoft on March 24, 2025. The idea is that the agent c...

Read Article →

Managing Restricted Groups with Access Packages

April 03, 2025 by Nathan McNulty

entra-id conditional-access

👮 Restricted Management Admin Units (RMAU) in #EntraIDHackers HATE This Hidden Entra ID Feature Most Admins Never Use@NathanMcNulty breaks it down ...

Read Article →

Securing Microsoft Business Premium Part 04: Passwords Unlocked – Mastering Self-Service Password Reset and Password Protection

April 03, 2025 by Sebastian F. Markdanner

microsoft-entra

With authentication & authorization covered in the previous posts of the series, it's now time to dive into strengthening our password...

Read Article →

Transferring Meeting Ownership From an Ex-Employee Can Be Hard Work

April 03, 2025 by Tony Redmond

exchange-online powershell transfer-calendar-meeting transfer-meeting-ownership

Neither Outlook nor Teams includes a transfer meeting ownership feature for user calendars. Moving meetings owned by an ex-employee to give someone...

Read Article →

How SharePoint Online Restricted Content Discovery Works

April 02, 2025 by Tony Redmond

microsoft-365-copilot sharepoint-online rcd restricted-content-discovery

Restricted Content Discovery (RCD) is a solution to prevent AI tools like Microsoft 365 Copilot and agents accessing files stored in specific sites...

Read Article →

Office 365 for IT Pros April 2025 Update

April 01, 2025 by Tony Redmond

book office-365-for-it-pros

The April 2025 Update for the Office 365 for IT Pros eBook is now available for subscribers to download. This is monthly update #118 for Office 365...

Read Article →

How to Find Who Assigned Retention Labels to SharePoint Files

March 31, 2025 by Tony Redmond

compliance audit-log-search auto-label-policies cloudy-attachment retention-label-assignments

A reader asked if it's possible to discover who made retention label assignments for SharePoint files. The Files Graph API can't tell you who (or w...

Read Article →

QuickPIM a multi-role PIM activation extension for Google Chrome

March 30, 2025 by Daniel Bradley

entra-id microsoft-graph

Use the QuickPIM Google Chrome extension to select and activate multiple PIM roles in Microsoft Entra at the same time. The post QuickPIM a multi-r...

Read Article →

Another day, another Purview solution: Data Security Investigations

March 28, 2025 by Ewelina Paczkowska

security

You know that saying "another day, another dollar"? Pretty sure when the songwriters came up with that, they weren’t talking about...

Read Article →

Duplicate Mail User Objects Created for Guest Accounts

March 28, 2025 by Tony Redmond

entra-id exchange-online entra-id-guest-accounts ex1015484 mail-user-object

The February 2025 EX1015484 incident explains why mail user objects with duplicate SMTP addresses are created for guest accounts. That’s a problem ...

Read Article →

Artificial Intelligence, PowerShell, and Microsoft 365 Administration

March 27, 2025 by Tony Redmond

microsoft-365 powershell artificial-intelligence-and-powershell copilot-in-microsoft-365-admin-center lokka

Artificial Intelligence and PowerShell should be a good thing to help hard-pressed Microsoft 365 tenant administrators cope with common tasks. The ...

Read Article →

Entra Chat with Merill Fernando

March 27, 2025 by Nathan McNulty

entra-id

It was such an honor to join Merill Fernando on Entra Chat, and I hope to join him again in the future. Be sure to check out Entra Chat: https://en...

Read Article →

Automated incident triage with Security Copilot and Microsoft Sentinel/ Defender XDR

March 26, 2025 by Jeffrey Appel

security defender-xdr security-copilot

With the use of Security Copilot, it is possible to enrich and triage alerts automatically using GenAI data. Microsoft recently developed new SOC a...

Read Article →

How to Stop Microsoft 365 Users Uploading SharePoint Online and OneDrive for Business Files to ChatGPT

March 26, 2025 by Tony Redmond

onedrive-for-business block-chatgpt-access-to-onedrive-for-business chatgpt chatgpt-connector chatgpt-integration

Microsoft 365 users can connect their OneDrive for Business account to ChatGPT. This is not a great thing because it exposes the potential for sens...

Read Article →

Microsoft Azure – Secure your Code with Trusted Signing: A Practical Guide

March 25, 2025 by Michael Morten Sonne

attackscompromise automation azure azure-devops code-repository

Last Updated on March 25, 2025 by Michael Morten Sonne Intoduction 🥳 Exciting News! Trusted Signing has launched… The post Microsoft Azure – ...

Read Article →

New MiToken Graph PowerShell module for multi-tenant apps

March 25, 2025 by Daniel Bradley

entra-id microsoft-graph

Connect to multi-tenant apps using a managed identity using Microsoft Graph PowerShell with the MiToken PowerShell module. The post New MiToken Gra...

Read Article →

Proactive Exposure hunting: OAuth Applications and Azure permissions

March 25, 2025 by Thomas Verheyden

defender-xdr microsoft-exposure-management

Intro Microsoft recently announced that OAuth applications are now integrated into the attack path experience within Exposure Management. This...

Read Article →

Why Teams Clients Prompt for Your Location

March 25, 2025 by Tony Redmond

teams call-quality-dashboard emergency-calling location-privacy teams-location-setting

Teams Windows and Mac desktop clients have started to prompt users about location privacy. Location data is used by several Teams features like the...

Read Article →

ASR Rules: The Importance of Configuration and Verifying with the “ASR Rule Inspector”

March 24, 2025 by Roy Klooster

uncategorized

Introduction In today’s evolving threat landscape, cybercriminals continuously exploit vulnerabilities in systems and applications. Attack Surface ...

Read Article →

Creating a CCP connector: Part 3

March 24, 2025 by Tim Groothuis

security sentinel data-connectors microsoft-sentinel azure

Hey there, glad to see you’re still with me on this journey! If this is your starting point, you might want to considered reading the previous part...

Read Article →

Defender for Cloud: AI Posture Management & AI Workload Protection

March 24, 2025 by jere.haavisto

ai azure defender

Artificial intelligence (AI) tools and Large Language Models (LLM) behind those tools have become a talking point and for some, the new Google sear...

Read Article →

Microsoft’s Attempts to Improve the Teams UI Are Not Always Successful

March 24, 2025 by Tony Redmond

teams auto-hide-inactive-channels new-chat-and-channels-experience

Microsoft is tweaking the auto-hide inactive channels feature to make it less automatic and more user controllable (opt-in). It's a good change for...

Read Article →

Seal the gaps: new Microsoft Purview data security controls for the browser & network

March 24, 2025 by Ewelina Paczkowska

security

Introduction Microsoft Purview is stepping up its game again, and this time, they’re bringing data security to the network layer and...

Read Article →

Microsoft Purview Series - Part 4

March 22, 2025 by Ankit Gupta

security

Copyright © 2025 Microsoft Security - All Rights Reserved.

Read Article →

Copilot in Outlook Gets a Revamp

March 21, 2025 by Tony Redmond

microsoft-365-copilot outlook copilot-for-outlook

Microsoft has given the Copilot for Outlook UI a revamp to make the UI easier to use. The new UI is certainly better and reveals the option to rewr...

Read Article →

Use Data Loss Prevention to Stop Microsoft 365 Copilot Chat from Processing Documents in Its Responses

March 20, 2025 by Tony Redmond

compliance microsoft-365-copilot data-loss-prevention dlp sensitivity-labels

The DLP policy for Microsoft 365 Copilot blocks access to sensitive files by checking for the presence of a sensitivity label. If a predesignated l...

Read Article →

AI workload threat protection in Microsoft Defender for Cloud

March 19, 2025 by Jeffrey Appel

security defender-for-cloud

Recently, Microsoft announced a new protection plan for AI workloads as part of the Microsoft Defender for Cloud suite. AI security is becoming mor...

Read Article →

Create a free Enterprise App Permissions report in Microsoft Entra

March 19, 2025 by Daniel Bradley

entra-id microsoft-graph

Quickly report on all Enterprise Application Permissions and Activity using this Free script in Microsoft Entra. The post Create a free Enterprise ...

Read Article →

Creating a CCP connector: Part 2

March 19, 2025 by Tim Groothuis

security sentinel azure microsoft-sentinel data-connectors

Hey there, welcome back! In this blog series I’ll show you how you can make your own Sentinel Codeless Connector Platform (CCP) connector. If you h...

Read Article →

MDE Device Discovery - Improving the monitored network page

March 19, 2025 by Robbe Van den Daele

entra-id defender

Introduction This blogpost is probably the first of a series that I will create in the coming months on Device Discovery. I regularly see organizat...

Read Article →

Securing Azure PaaS Resources With Network Security Perimeter

March 19, 2025 by jere.haavisto

azure networks

Have you seen Azure environments with resources that have public access allowed or just some limitations to the IP addresses in place? Well, I have...

Read Article →

Securing Microsoft Business Premium Part 03: Authorization Best Practices from Zero Trust to Complete Access Control

March 19, 2025 by Sebastian F. Markdanner

microsoft-entra microsoft-azure

In Part 02 , we explored authentication , the process of verifying user identities—ensuring users are who they claim to be. Today we’ll...

Read Article →

Updating Email Addresses After Removing Domains

March 19, 2025 by Tony Redmond

exchange-online primary-smtp-address proxy-addresses remove-domain

Microsoft 365 makes it easy to remove domains. However, if you remove a domain and don't adjust email proxy addresses, some fix-up might be needed ...

Read Article →

Facilitator Agent Brings AI-Powered Notetaking to Teams Chat

March 18, 2025 by Tony Redmond

teams ai-notes facilitator-agent microsoft-365-copilot teams-chat

The Facilitator agent can make sense of the messages posted to a Teams chat and summarize the discussion and extract to-do items and unanswered que...

Read Article →

How to authenticate with Windows Hello for Business or FIDO security key in RDP session ?

March 18, 2025 by Morten Knudsen

entra-id identity intune microsoft-security mvpbuzz

This little guide will show how you can authenticate with Windows Hello for Business and FIDO2 security key in a ... Read more

Read Article →

Securing Azure Identities: The “New” Perimeter in Cybersecurity

March 18, 2025 by jere.haavisto

azure identity

As cloud computing becomes more integrated into our daily operations, the importance of securing identities in Azure can’t be overstated. Gone are ...

Read Article →

Creating a CCP connector: Part 1

March 17, 2025 by Tim Groothuis

azure microsoft-sentinel sentinel data-connectors security

Hey there! In this blog series I’ll be going to walk you through a step by step guide on how to build your own Codeless Connector Platform (CCP) da...

Read Article →

Future-Proofing Microsoft Entra Logs: Practical Azure Storage

March 17, 2025 by Ankit Gupta

azure entra-id

Copyright © 2025 Microsoft Security - All Rights Reserved.

Read Article →

Signtool GUI  – v. 1.4.0.0 is out!

March 17, 2025 by Michael Morten Sonne

azure c code-repository code-sign cool-tools

Last Updated on March 17, 2025 by Michael Morten Sonne Introduction I’m thrilled to announce the latest release… The post Signtool GUI ...

Read Article →

Time to Remove the Old Report Message Add-Ins

March 17, 2025 by Tony Redmond

outlook integrated-apps outlook-add-in report-button report-message

Microsoft says that the Report Button is now available for all Outlook clients and it's time to remove the old Report Phishing and Report Message a...

Read Article →

MS MFA Mandate: Essential Insights and Strategies

March 16, 2025 by Ankit Gupta

security mfa

Introduction: Setting the Stage for Microsoft’s Secure Future Initiative

Read Article →

Common mistakes you may be making with Data Loss Prevention

March 14, 2025 by Ewelina Paczkowska

security

Avoiding data breaches starts with knowing what not to do. In this guide, we break down the common mistakes in Data Loss Prevention that even exper...

Read Article →

SharePoint Online PowerShell Module Gets Modern Authentication

March 14, 2025 by Tony Redmond

powershell sharepoint-online icrosoftonlinesharepointpowershell idcrl modern-authentication

Microsoft has announced that the SharePoint Online PowerShell module will be upgraded from the very old and now obsolete IDCRL protocol to use mode...

Read Article →

Secure Score Series - Disable Local Storage of Passwords

March 13, 2025 by Ankit Gupta

security

Copyright © 2025 Microsoft Security - All Rights Reserved.

Read Article →

Why Only Web-Based Outlook Clients Can Recall Encrypted Email

March 13, 2025 by Tony Redmond

exchange-online outlook outlook-mobile mobile-outlook new-outlook

The new message recall facility has been around since 2022. Even after Microsoft revamped the feature in 2023, it's still only possible to recall p...

Read Article →

Defender For Vulnerability Management

March 12, 2025 by Ankit Gupta

security defender

It's been a while since I have written a new blog. Today, I will discuss about Microsoft Defender Vulnerability Management add-on.

Read Article →

How to Send Outlook Newsletters with Email Communication Services

March 12, 2025 by Tony Redmond

outlook azure-email-communication-services bulk-email ecs outlook-newsletters

Outlook Newsletters are intended for internal communications, at least for the preview. It's possible to take the HTML for a newsletter and send it...

Read Article →

Create a free interactive Entra Authentication methods report

March 11, 2025 by Daniel Bradley

entra-id microsoft-graph

Use this free Microsoft Graph PowerShell script to create an interactive authentication methods report for Entra users. The post Create a free inte...

Read Article →

Microsoft Imposes 1-Year Retention for Teams Meeting Attendance Reports

March 11, 2025 by Tony Redmond

microsoft-365 teams retention-teams-attendance-report-meetings

Microsoft has enabled a one-year retention policy for Teams meeting attendance reports. Tenants can't opt out of the policy or set a different rete...

Read Article →

Declarative Device Management with Intune

March 10, 2025 by rudyooms

intune mmpc windc mmpc intune

How Microsoft / Intune is shifting to Declarative Device Management (DDM) by using the declared configuration service

Read Article →

Exchange Online Restricts the Number of Dynamic Distribution Groups

March 10, 2025 by Tony Redmond

exchange-online ddg dynamic-distribution-group limit

Exchange Online is imposing a new tenant-wide limit of 3,000 Dynamic Distribution Groups. Few tenants might be affected, but the question might be ...

Read Article →

Evilginx loves Temporary Access Passes too

March 07, 2025 by Jan Bakker

entra-id security

Check out this article via web browser: Evilginx loves Temporary Access Passes too Evilginx is known for capturing user cookies, even if they are s...

Read Article →

The New Outlook Gains Colored Folder Icons

March 07, 2025 by Tony Redmond

outlook colored-folder-icons new-outlook-for-windows owa

Colored folder icons does not seem like a new feature that should appear in an email client that's been around for a long time, but the new Outlook...

Read Article →

Using iOS Build Numbers in Exchange ActiveSync Device Access Rules

March 06, 2025 by Tony Redmond

exchange-online device-access-rules exchange-activesync ios-build-number ios-devices

A change made in late 2024 allows Microsoft 365 tenants to use IOS build numbers in Exchange ActiveSync device access rules. Apparently, the idea i...

Read Article →

How to Create and Send an Outlook Newsletter

March 05, 2025 by Tony Redmond

outlook outlook-newsletters owa

Outlook Newsletters is an app for the new Outlook and OWA that allows users to create and send good-looking newsletters to internal recipients. It’...

Read Article →

Create a Free Interactive License Usage Report for Microsoft 365

March 04, 2025 by Daniel Bradley

microsoft-365 microsoft-graph

Easily identify wasted Microsoft 365 licenses with this free PowerShell script to generate an interactive HTML report. The post Create a Free Inter...

Read Article →

Microsoft Graph PowerShell SDK V2.26.1 Remains Flawed

March 04, 2025 by Tony Redmond

graph-api microsoft-graph powershell azure-automation microsoft-graph-powershell-sdk-problems

The developers rushed out Version 2.26.1 of the Microsoft Graph PowerShell SDK to fix some obvious issues. Alas, problems persist in PowerShell SDK...

Read Article →

Configure automatic Attack Disruption in Microsoft Defender XDR

March 03, 2025 by Jeffrey Appel

security defender-for-endpoint defender-xdr

Microsoft Defender XDR includes a powerful response capability with the name Attack Disruption. As part of the Defender XDR solution attack disrupt...

Read Article →

God Mode with a Timer: Using Logic Apps to Restrict Elevated Access in Entra

March 03, 2025 by Sebastian F. Markdanner

microsoft-azure microsoft-entra

In my last post I covered how to monitor the GOD Mode in Azure (Coined by the great John Savill ). While visibility and monitoring are...

Read Article →

Office 365 for IT Pros March 2025 Update

March 03, 2025 by Tony Redmond

book automating-microsoft-365-with-powershell office-365-for-it-pros-2025-edition

The Office 365 for IT Pros writing team is thrilled to announce that monthly update #117 for March 2025 is now available for subscribers to downloa...

Read Article →

New PAYG Service to Classify Historical SharePoint Data

February 28, 2025 by Tony Redmond

compliance sharepoint-online data-loss-prevention dlp information-protection

There's no doubt that SharePoint Online sites and OneDrive for Business accounts hold lots of old files. A new On Demand Classification PAYG servic...

Read Article →

Azure Spring Clean - Maestering Azure Tenant Security

February 27, 2025 by Truls Dahlsveen

azure security

A look into how we can utilize Maester to secure our Azure Tenant with a sprinkle of AI on top - Welcome back! This time, I’m writing a contributio...

Read Article →

Language Packs? I Just Told My Computer to ‘Figure It Out.’ Apparently, It Did.

February 27, 2025 by Roy Klooster

uncategorized

Do you know that moment? You’ve got your Intune environment perfectly set up, Autopilot profiles configured, and you think, ‘Yes, world...

Read Article →

SharePoint Online Adds Support for Sensitivity Labels with User Defined Permissions

February 27, 2025 by Tony Redmond

microsoft-information-protection sharepoint-online sensitivity-labels udp udp-protected-files

SharePoint Online will add support for files protected with user-defined permissions from March 2025. This step will enable support for Microsoft S...

Read Article →

Microsoft Removes Reactivation Fee for Archived SharePoint Sites

February 26, 2025 by Tony Redmond

sharepoint-online archived-sites microsoft-365-archive onedrive-for-business reactivation-fee

Microsoft 365 Archive will no longer charge fees to reactivate archived SharePoint Online sites after March 31, 2025. The good news might encourage...

Read Article →

Things you should know before rolling out device-bound passkeys in Microsoft Authenticator App

February 26, 2025 by Jan Bakker

entra-id security

Check out this article via web browser: Things you should know before rolling out device-bound passkeys in Microsoft Authenticator App As passkeys ...

Read Article →

How to bulk provision QR code authentication in Microsoft Entra

February 25, 2025 by Daniel Bradley

entra-id microsoft-graph

Learn how to use Microsoft Graph PowerShell to bulk provision the QR Code method authentications for users. The post How to bulk provision QR code ...

Read Article →

Microsoft Graph PowerShell SDK Runs into Choppy Waters

February 25, 2025 by Tony Redmond

microsoft-graph azure-automation bugs-in-microsoft-graph-powershell-sdk graph-sdk-v226 microsoft-graph-powershell-sdk

A bunch of problems with V2.26 of the Microsoft Graph PowerShell SDK V2.26 make the software unusable. Not only did Microsoft do a horrible job of ...

Read Article →

Why Using a DEM Account for Windows Autopilot is a Bad Idea

February 25, 2025 by rudyooms

autopilot intune

In this blog (not technical this time…sorry), we’ll explore why Microsoft does NOT support Device Enrollment Manager (DEM) for Autopilot, the...

Read Article →

Tracking Down Bootleg Copies of Office 365 for IT Pros

February 24, 2025 by Tony Redmond

book copyright-violation free-downloads-of-office-365-for-it-pros illegal-downloads-of-office-365-for-it-pros office-365-for-it-pros

Free downloads of Office 365 for IT Pros, normally in PDF format, are available from sites around the internet. All are illegal and outdated copies...

Read Article →

Workspace Transformation Rules in Practice

February 23, 2025 by Truls Dahlsveen

sentinel cloud

This post will show you two very useful workspace transformation rules that you can use to save money on your data ingestion in Microsoft Sentinel....

Read Article →

Another Nail in the Exchange Web Services Coffin

February 21, 2025 by Tony Redmond

exchange-online enable-mailbox-for-ews ews ewsenabled exchange-web-services

Exchange Web Services (EWS) will retire in October 2026. Tenants that still need to use EWS must explicitly set EWSEnabled to true in the organizat...

Read Article →

Here we go!

February 20, 2025 by jere.haavisto

general

Its time to start my blog… 🥳 It has been some time since I had a blog. I have been writing into company blogs and LinkedIn but the idea brewe...

Read Article →

How to convert PSCustomObject to Hashtable with PowerShell

February 20, 2025 by Daniel Bradley

powershell

Learn how to convert a PSCustomObject to a Hashtable in PowerShell making it filterable using the Where cmdlet. The post How to convert PSCustomObj...

Read Article →

Why Microsoft 365 Copilot Works for Some and Not for Others

February 20, 2025 by Tony Redmond

microsoft-365 microsoft-365-copilot make-copilot-useful

Some people get great results from AI tools like Microsoft 365 Copilot. Others struggle to make Copilot useful. As an article by a Microsoft produc...

Read Article →

Device Query for Multiple Devices, Device Inventory, and Single Device Query: Connecting the Dots

February 19, 2025 by rudyooms

device-inventory intune

If you’ve ever tried troubleshooting a single device, you know how useful tools like Single Device Query can be pretty helpful. It’s fast, accurate...

Read Article →

Processing Multiple Message Attachments with the Microsoft Graph PowerShell SDK

February 19, 2025 by Tony Redmond

microsoft-graph powershell add-attachments-to-email add-attachmnents-with-powershell microsoft-graph-powershell-sdk

Many examples are available online to explain how to add a single attachment to messages using the Microsoft Graph PowerShell SDK. Here we look at ...

Read Article →

Unleash the power of Enterprise Exposure Graph: Create a Managed Identities Permissions Overview

February 19, 2025 by Thomas Verheyden

microsoft-exposure-management azure-security defender-for-endpoint defender-xdr enterprise-exposure-graph

Intro Lately, I’ve been exploring Microsoft Exposure Management, particularly the data available in the Enterprise Exposure Graph. One intere...

Read Article →

How to find over licensed privileged accounts in Microsoft Entra

February 18, 2025 by Daniel Bradley

entra-id microsoft-graph

Learn how to find over licensed accounts with privileged roles in Microsoft Entra using Microsoft Graph PowerShell. The post How to find over licen...

Read Article →

Unlocking Microsoft Entra’s Elevated Access Logs: Better Security, Better Insights

February 18, 2025 by Sebastian F. Markdanner

microsoft-azure microsoft-entra

Elevating access to manage Azure subscriptions is a valuable tool for administrators, particularly when dealing with unknown or orphaned...

Read Article →

Update #9 for Automating Microsoft 365 with PowerShell eBook

February 18, 2025 by Tony Redmond

book automating-microsoft-365-with-powershell microsoft-365-powershell microsoft-365-powershell-book

The Automating Microsoft 365 with PowerShell eBook is now at update #9. The latest update spans 300 pages of content covering how to use PowerShell...

Read Article →

Purview Retires the Events Alert Capability from Audit Solution

February 17, 2025 by Tony Redmond

administration compliance activity-alerts alert-policies audit-based-alerts

Microsoft has announced the removal of events alerts from the Purview Audit solution. Fortunately, the decision doesn't affect activity alerts. Aud...

Read Article →

Correlating Defender for Endpoint and Global Secure Access Logs

February 16, 2025 by Robbe Van den Daele

security defender

Introduction If you are working with Microsoft security solutions, you might have heard of the new kid on the block called Microsoft Global Secure ...

Read Article →

How to protect against Device Code Flow abuse (Storm-2372 attacks) and block the authentication flow

February 16, 2025 by Jeffrey Appel

security entra-id azure-ad-identity-protection defender-xdr

Since August 2024 there has been a sophisticated phishing campaign actively leveraging the device code authorization flow. Currently, there is a wi...

Read Article →

Microsoft Graph PowerShell SDK Needs to Fix Its Password Problem

February 14, 2025 by Tony Redmond

administration powershell graph-sdk-plain-text-passwords microsoft-graph-powershell-sdk plain-text-passwords

The Microsoft Graph PowerShell SDK offers developers easy access to data across the Microsoft 365 ecosystem and that’s good. However, there's a pro...

Read Article →

How to Index and Search SharePoint Online Custom Columns

February 13, 2025 by Tony Redmond

sharepoint-online crawled-property custom-columns index-and-search-sharepoint-online-custom-columns managed-property

SharePoint Online is basically a big Azure SQL application. Custom columns for sites and libraries enhance metadata and are even better if they're ...

Read Article →

Common mistakes during Microsoft Defender for Endpoint deployments

February 12, 2025 by Jeffrey Appel

security defender-for-endpoint

Microsoft Defender for Endpoint (MDE) is part of Microsoft Defender XDR and can be deployed via multiple configurations. During my experience with ...

Read Article →

How to Use Bulk User Operations in Entra Admin Center

February 12, 2025 by Tony Redmond

entra-id microsoft-365 entra-id bulk-update-entra-id-accounts entra-admin-center

A new preview option in the Entra admin center supports the ability to update multiple Entra ID accounts. You can update properties, add managers a...

Read Article →

Conditional Access risk policies. Don’t get fooled!

February 11, 2025 by Jan Bakker

entra-id security

Check out this article via web browser: Conditional Access risk policies. Don’t get fooled! Microsoft Entra ID Protection and Microsoft Entra...

Read Article →

MAM vs. MDM: Choosing the Right Mobile Management Approach

February 11, 2025 by Kenneth Van Surksum

intune mobile-application-management overview security app-protection-policies

With the increasing reliance on mobile devices in the workplace, organizations must choose the right strategy to manage and secure corporate data. ...

Read Article →

New bulk edit features for users in Microsoft Entra ID

February 11, 2025 by Daniel Bradley

entra-id

Microsoft have released new bulk edit functionality in the Microsoft Entra admin center, check out how to use it and how it works. The post New bul...

Read Article →

Use Protected Actions to Stop Attackers Hard-Deleting Entra ID Accounts

February 11, 2025 by Tony Redmond

entra-id get-mgdirectorydeleteditemasuser permanently-remove-entra-id-user-account protected-actions remove-mgdirectorydeleteditem

An article about the horrible devastation that an attacker can wreak inside a compromised Microsoft 365 tenant highlighted how protected actions ca...

Read Article →

Primer: Using Exchange Online PowerShell in Azure Automation Runbooks

February 10, 2025 by Tony Redmond

exchange-online powershell automation-accounts automation-runbooks azure-automation

In this primer, we cover how to create and execute Azure Automation Exchange Online runbooks (scripts) using cmdlets from the Exchange Online manag...

Read Article →

Securing Microsoft Business Premium Part 02: Your Authentication is Broken—Here’s How to Fix It

February 10, 2025 by Sebastian F. Markdanner

microsoft-entra

In the first part of this series, we laid the foundation for securing Microsoft Business Premium environments, covering the core security...

Read Article →

How to check for OAuth apps with specific Graph permissions assigned

February 09, 2025 by Jeffrey Appel

security defender-for-cloud-apps defender-xdr

OAuth apps are still an important target for attackers to misuse in organizations. Since the MFA baseline is improved with number matching and addi...

Read Article →

Maester Framework Continues to Prosper

February 07, 2025 by Tony Redmond

microsoft-365 entra-id-accounts finding-user-accounts get-user maester-custom-tests

The Maester project continues to prosper with a bunch of new features added, including several in the DevOps space. Maester usually tests tenant se...

Read Article →

🚀 Managed Identity Permission Manager v1.1.0.0 is here! 🚀

February 06, 2025 by Michael Morten Sonne

azure entra-id code-repository github identity

Last Updated on February 6, 2025 by Michael Morten Sonne Introduction I’m beyond excited to announce that the… The post 🚀 Managed Ident...

Read Article →

MC2MC Connect

February 06, 2025 by Robbe Van den Daele

security defender

Speaking at my very own event, that was something else! I brought my session about how Microsoft Defender for Endpoint and Global Secure Access to ...

Read Article →

Microsoft Introduces People Administrator Role

February 06, 2025 by Tony Redmond

administration entra-id entra-id people-administrator-role role-assignments

A new people administrator role is available in Entra ID. The new role allows holders to manage settings associated with people, like pronouns and ...

Read Article →

How to register for QR code authentication in Microsoft 365

February 05, 2025 by Daniel Bradley

entra-id

Learn how to register a QR code authentication in Microsoft 365 and enforce the policy via Conditional Access. The post How to register for QR code...

Read Article →

Interpreting SignIn Audit Records for Service Principals

February 05, 2025 by Tony Redmond

administration entra-id entra-id-audit-data get-mgbetaauditlogsignin service-principal

Entra ID retains audit log records for service principal signins for 30 days. The audit data can reveal some interesting insights such as the prese...

Read Article →

Workplace Ninja Connect Netherland

February 05, 2025 by Robbe Van den Daele

security defender

I was honored to bring my session on how Microsoft Defender for Endpoint and Global Secure Access can be used together to have better network detec...

Read Article →

Entra ID Introduces New Graph Permissions for User Accounts

February 04, 2025 by Tony Redmond

administration graph-api microsoft-graph graph-permissions-for-user-accounts manage-entra-id-user-accounts

A set of new granular Graph permissions for User account management is now available to handle common operations like changing account passwords or...

Read Article →

Protect deletion of directory objects using Conditional Access

February 04, 2025 by Daniel Bradley

entra-id microsoft-graph

Microsoft adds protection for permanently delete objects, which can no longer be restored using Protected Actions in Microsoft Entra. The post Prot...

Read Article →

Tutorial: The fastest way to report a False negative in Defender for Endpoint!

February 04, 2025 by Thomas Verheyden

geen-categorie

Intro Encountering a false negative during a customer engagement can be a critical issue. Recently, I faced a similar situation where a particular ...

Read Article →

Monthly Update #116 for Office 365 for IT Pros

February 03, 2025 by Tony Redmond

book automating-microsoft-365-with-powershell ebook-updates office-365-for-it-pros-2025-edition

Monthly update #116 (February 2025) is available for the Office 365 for IT Pros eBook. The refresh includes update #8 new files for the Automating ...

Read Article →

Your Microsoft Entra Tenant Isn’t as Secure as You Think – Fix It with Protected Actions!

February 03, 2025 by Sebastian F. Markdanner

microsoft-entra

Protecting highly critical configurations in our Entra tenants has never been easier! Join me as we explore Protected Actions in...

Read Article →

Find multi-tenant applications using weak authentication methods

February 02, 2025 by Daniel Bradley

entra-id microsoft-graph

Using Microsoft Graph PowerShell to filter the Entra sign-in logs to find multi-tenant applications using weak sign-in methods. The post Find multi...

Read Article →

Operational Collections 2.0

February 02, 2025 by Nathan McNulty

intune

I absolutely love the SCCM Operational collections from System Center Dudes, and while Intune has a different design that negates the need for scop...

Read Article →

Readme

February 02, 2025 by Anders Kristiansen

security

Blog Content Disclaimer 🤖 All content provided on this blog is for informational purposes only. The owner of this blog makes no representations as ...

Read Article →

Getting more data from the CA Insights and Reporting Workbook

February 01, 2025 by Nathan McNulty

security

Log Analytics workbooks are pretty intuitive, but KQL is one of those things that can take a while to learn and use effectively. One of the coolest...

Read Article →

Microsoft Azure – Elevate Access to Resources with Entra ID Audit Logs – Now Available!

January 31, 2025 by Michael Morten Sonne

azure entra-id identity security

Last Updated on January 31, 2025 by Michael Morten Sonne Introduction During my time in IT, I’ve occasionally… The post Microsoft Azure – Ele...

Read Article →

Microsoft Reannounces Teams Policy to Suppress In-Product Messages

January 31, 2025 by Tony Redmond

teams in-product-messages new-csteamsupdatemanagementpolicy set-csteamsupdatemanagementpolicy teams-pop-up-messages

Microsoft reannounced the Teams policy to suppress certain categories of in-product advertising messages but has done nothing to control Teams pop-...

Read Article →

Microsoft announce new People administrator role in Microsoft Entra

January 30, 2025 by Daniel Bradley

entra-id microsoft-graph

Learn about the new People Administrator roles recently announced by Microsoft as a built-in Microsoft Entra role. The post Microsoft announce new ...

Read Article →

Microsoft Cloud Revenues Keep on Heaping Up

January 30, 2025 by Tony Redmond

microsoft-365 fy25-q2 microsoft-cloud-revenue microsoft-quarterly-results

Microsoft’s FY25 Q2 results featured bumper Microsoft Cloud revenues, which broke the $40 billion mark for the first time. Although they wanted to ...

Read Article →

The ShadowAdminPairs: A Deep Dive into Administrator Protection

January 30, 2025 by rudyooms

administrator-protection intune

Learn how the Administrator Protection feature in Windows 11 uses the ShadowAdminPairs key to map ENTRA user SIDs to local admins

Read Article →

Monitor For New Actions In Sentinel And MDE

January 29, 2025 by Bert-Jan Pals

security defender sentinel

Sometimes I get the question, how can I keep up with all the new actions that are added to our security solutions? This question is very valid, as ...

Read Article →

Primer: Using Exchange High Volume Email with Azure Automation

January 29, 2025 by Tony Redmond

exchange-online azure-automation high-volume-email hve send-hve-email-from-azure-automation

This article covers how to use HVE with Azure Automation to send email. HVE is Exchange Online's High Volume Email solution for internal communicat...

Read Article →

Comparing Web Filtering and Security: Microsoft Entra Internet Access (Global Secure Access) vs. Microsoft Defender for Endpoint (MDE)

January 28, 2025 by Kenneth Van Surksum

cloud-app-security conditional-access entra-id intune defender-xdr

Organizations face increasing challenges in securing internet traffic and enforcing web access policies in today’s hybrid work environment. Two key...

Read Article →

Entra ID – New build-in audit feature in Entra Connect is finally here!

January 28, 2025 by Michael Morten Sonne

active-directory entra-id identity microsoft powershell

Last Updated on January 28, 2025 by Michael Morten Sonne Introduction What is Entra Connect Sync Connect your… The post Entra ID – New build-...

Read Article →

Primer: Running Audit Searches and Sending Email from Azure Automation

January 28, 2025 by Tony Redmond

compliance microsoft-365 auditlogquery azure-automation microsoft-365-audit-search

This article describes how to use Azure Automation for audit searches. The runbook runs an audit search to find events for specific operations, ref...

Read Article →

Securing Microsoft Business Premium Part 01: The First Step to an Unbreakable Defense

January 27, 2025 by Sebastian F. Markdanner

microsoft-entra microsoft-defender microsoft-azure microsoft-intune microsoft-purview

Today kicks off a comprehensive blog series where I’ll delve into the security features of the Business Premium license SKU, offering...

Read Article →

Super Advanced Auditing

January 27, 2025 by Nathan McNulty

azure

This solution provides automation that ensures all available auditable events are enabled for all users in a tenant. By default, not all events are...

Read Article →

Update #8 Available for Automating Microsoft 365 with PowerShell

January 27, 2025 by Tony Redmond

book automating-microsoft-365-with-powershell microsoft-365-powershell-book office-365-for-it-pros-2025-edition

Monthly update #8 is now available for the Automating Microsoft 365 with PowerShell ebook. Subscribers can download the updated files from Gumroad....

Read Article →

Defender AutoConfig

January 26, 2025 by Nathan McNulty

defender

This solution will eventually be a PowerShell module, but the initial goal was to map out all of the internal service APIs used in the Defender por...

Read Article →

Microsoft accidentally allows users to update their own username

January 26, 2025 by Daniel Bradley

entra-id

For a short while Microsoft allowed standard users in Microsoft Entra to change their own username. Learn how to remediate issues caused by this. T...

Read Article →

One Full Scan

January 26, 2025 by Nathan McNulty

defender

Microsoft typically recommends against scheduled full scans, but there are a few scenarios where we still want to perform a full scan outside of sc...

Read Article →

Expanding on Cyber Threat Intelligence for Security Monitoring

January 25, 2025 by Truls Dahlsveen

security

Three levels of detection engineering using Threat Intelligence as our guiding light - This blog will serve as a guide to understanding how we can ...

Read Article →

Entra ID Allows People to Update their User Principal Names

January 24, 2025 by Tony Redmond

entra-id entra-admin-center entra-id microsoft-graph-command-line-tools microsoft-graph-powershell-sdk

Entra ID allows unprivileged users to update the user principal name for their accounts via the admin center or PowerShell. It seems silly because ...

Read Article →

Managed Identity Permission Manager – v. 1.0.0.4 is out!

January 24, 2025 by Michael Morten Sonne

azure entra-id code-repository identity microsoft

Last Updated on January 24, 2025 by Michael Morten Sonne Introduction I´m thrilled to announce the release of… The post Managed Identity Perm...

Read Article →

Navigating New Authentication Methods: SMS for Password Reset, Not for MFA

January 24, 2025 by Kenneth Van Surksum

conditional-access entra-id security authentication-method-policies authentication-strength

With the introduction of a converged policy combining settings from the legacy MFA portal and SSPR configuration, separating the use of SMS for pas...

Read Article →

CAPremortem

January 23, 2025 by Nathan McNulty

security

Note Development on this solution is on hold until some other projects are finished. Plan to revisit in the second half of 2025.

Read Article →

From SPF to DANE: Securing Microsoft 365 Email Communications

January 23, 2025 by Kenneth Van Surksum

exchange-online security dane dkim dmarc

Enhancing the security of your organization’s communication channels is more critical than ever. Building on foundational protocols like SPF, DKIM,...

Read Article →

Primer: How to Schedule Azure Automation Runbooks to Process Microsoft 365 Data

January 23, 2025 by Tony Redmond

azure powershell azure-automation-runbook azure-automation-schedule get-azautomationjob

After creating a runbook to process Microsoft 365 data, registering the runbook with an automation schedule means that the runbook will execute on ...

Read Article →

Device cleanup

January 22, 2025 by Nathan McNulty

security

Note This is currently being rewritten and should be completed in February 2025 :)

Read Article →

MDE Analyzer²

January 22, 2025 by Nathan McNulty

security

This solution analyzes the output from the MDE Client Analyzer for common issue or things we might typically want to know for troubleshooting purpo...

Read Article →

Primer: Output Data Generated with an Azure Automation Runbook to a SharePoint List

January 22, 2025 by Tony Redmond

azure microsoft-graph powershell azure-automation azure-automation-runbook

The second part of the Azure Automation runbook primer brings us to output, specifically how to create items generated by a runbook in a SharePoint...

Read Article →

Primer: How to Use Azure Automation to Run Microsoft Graph PowerShell SDK Scripts

January 21, 2025 by Tony Redmond

graph-api microsoft-365 powershell azure-automation-account azure-automation-runbook

A reader asked why it seems so difficult to use Azure Automation runbooks to process Microsoft 365 data. In fact, it's not so hard, and here's a pr...

Read Article →

Dual Enrollment / MMP-C Light for Workplace Joined Devices?

January 20, 2025 by rudyooms

mmpc intune intune

Explore WorkplaceJoin_DualEnrollment, dual enrollment for Workplace Join devices, and the role of MMP-C Light in shifting Intune policies

Read Article →

Enable all auditable events

January 20, 2025 by Nathan McNulty

security

You likely aren’t collecting all available events to the Unified Audit Log :( First, not all events are enabled or retained optimally. Consid...

Read Article →

How to Replace Group Owners When They Leave the Organization

January 20, 2025 by Tony Redmond

microsoft-365-groups powershell microsoft-graph-powershell-sdk ownerless-groups performance

Deleting an Entra ID user account can result in ownerless groups if the account being removed is the only group owner. Before deleting accounts, it...

Read Article →

Kung Fu MMP-C Onboarding

January 20, 2025 by rudyooms

intune mmpc

This blog will show how I onboarded multiple Microsoft 365 Tenants to the new MMP-C infrastructure (Microsoft Management Platform – Cloud) and expl...

Read Article →

Mastering Plus Addressing in Microsoft: Simplify Email Management

January 20, 2025 by Sebastian F. Markdanner

microsoft-entra microsoft-defender microsoft-azure

Managing emails for unlicensed admin accounts? Juggling a shared mailbox flooded with notifications from services and clients? Today’s...

Read Article →

Restore Microsoft 365 users with a new username using PowerShell

January 19, 2025 by Daniel Bradley

entra-id microsoft-graph

Learn how to use Microsoft Graph PowerShell to restore Microsoft Entra users and issue them a new username at the same time. The post Restore Micro...

Read Article →

Privacy Policy

January 18, 2025 by Robbe Van den Daele

security

Privacy Policy How to contact us Should you have any questions about this privacy policy, the data we hold on your, or you would like to exercise o...

Read Article →

Microsoft 365 User Profile Card Gets Name Pronunciation

January 17, 2025 by Tony Redmond

microsoft-365 microsoft-365-user-profile-card name-pronunciation playback recording

The Microsoft 365 user profile card offers users the chance to record and playback name pronunciations, if tenant settings allow. The new setting i...

Read Article →

Microsoft Defender for Cloud Apps – Permissions filter and export capability is here!

January 16, 2025 by Michael Morten Sonne

analyzer attackscompromise code-repository compliance microsoft

Last Updated on January 16, 2025 by Michael Morten Sonne Introduction Microsoft Defender for Cloud Apps (MDA) has… The post Microsoft Defende...

Read Article →

Microsoft Launches Copilot for All Initiative

January 16, 2025 by Tony Redmond

microsoft-365-copilot copilot-studio custom-agents microsoft-365-copilot-chat

The Microsoft 365 Copilot Chat app is the free to use chat app available to commercial Microsoft 365 customers. The free chat app now supports Copi...

Read Article →

Final Days for the MSOnline and AzureAD PowerShell Modules

January 15, 2025 by Tony Redmond

entra-id powershell azuread-module-retirement entra-module microsoft-graph-powershell-sdk

After many twists and turns since August 2021, the MSOnline module retirement will happen in April 2025. The AzureAD module will then retire in the...

Read Article →

List all directory objects owned by a user in Entra with PowerShell

January 14, 2025 by Daniel Bradley

entra-id microsoft-graph

Learn how to use Microsoft Graph PowerShell to list all directory objects, such as apps and groups a user owns in Microsoft Entra. The post List al...

Read Article →

Using the SharePoint Pages Graph API

January 14, 2025 by Tony Redmond

microsoft-graph powershell sharepoint-online get-mgsitepageassitepage new-mgsitepage

Microsoft released the SharePoint Pages API in mid-2024. This article describes how to create and publish a news item using cmdlets from the Micros...

Read Article →

How to Post Video Clips in Teams Channel Posts and Replies

January 13, 2025 by Tony Redmond

teams teams-channel-conversations teams-video-clip video-clips

In January 2025, Teams will support the ability to post video clips to channel conversations in posts and replies. The feature is similar to that r...

Read Article →

Parsing CEF messages without Azure Monitor Agent

January 13, 2025 by Robbe Van den Daele

azure security sentinel

Introduction During my time as SOC Engineer, I do a lot of third-party data source ingestion projects for clients into their Microsoft Sentinel ins...

Read Article →

On the use of Threat Intelligence in Detection

January 11, 2025 by Truls Dahlsveen

security

If applied correctly, Threat Intelligence can be a useful tool in your belt. Mostly, however, it might be barking up the wrong tree depending on yo...

Read Article →

Seamlessly Migrating from Symantec Endpoint Protection to Microsoft Defender for Business

January 11, 2025 by Nathan Hutchinson

defender-for-endpoint intune

Discover how to migrate from Symantec Endpoint Protection to Microsoft Defender for Business seamlessly with tips and tools!

Read Article →

The curious case of the missing Enterprise App

January 11, 2025 by Nathan Hutchinson

entra-id conditional-access defender-for-endpoint

Troubleshooting a missing enterprise app issue in Entra ID during a zero-trust Conditional Access policy rollout with workaround solutions.

Read Article →

All About the Office 365 for IT Pros GitHub Repository

January 10, 2025 by Tony Redmond

microsoft-365 powershell entra-id-powershell microsoft-365-powershell office365itpros-github

The Office365ITPros GitHub repository holds over 300 PowerShell scripts showing how to interact with Microsoft 365 and Entra ID. Anyone can contrib...

Read Article →

Enabling QR code sign-in for Microsoft Entra ID

January 10, 2025 by Daniel Bradley

entra-id microsoft-graph

Learn how to enable new preview QR code sign-in features using the Microsoft Graph API, which supports sign-factor sign in to Entra ID. The post En...

Read Article →

9 ways to improve your M365 MFA deployment in 2025

January 09, 2025 by Daniel Bradley

main

Here are 9 ways you can improve the multi-factor authentication deployment in Microsoft 365 for your organisation in 2025. The post 9 ways to impro...

Read Article →

OTP Verification Option for Teams Meetings

January 09, 2025 by Tony Redmond

teams anonymous-users otp-verification teams-meetings teams-premium

Microsoft is deploying the option for meeting organizers with Teams Premium licenses to use OTP verification to allow anonymous users to verify the...

Read Article →

Protecting your Break Glass accounts in Entra now that MFA gets enforced on more and more Admin portals

January 08, 2025 by Kenneth Van Surksum

conditional-access entra-id security authentication-method-policies break-glass-accounts

As Microsoft continues to enhance security across its platforms, Multi-Factor Authentication (MFA) is becoming mandatory for an increasing number o...

Read Article →

Teams Splits Recording and Transcription Settings for Meetings and Events

January 08, 2025 by Tony Redmond

teams events-policy face-and-voice-enrollment get-csteamsaipolicy get-csteamseventspolicy

Microsoft plans some big changes for Teams recording and transcription policies in February 2025. Events like webinars and town halls get separate ...

Read Article →

After 2 years a new release of MDE-Troubleshooter!

January 07, 2025 by Thomas Verheyden

defender-for-cloud defender-for-endpoint defender-for-servers defender-xdr

Lately, I’ve been doing a lot of Defender for Endpoint deployment/configuration troubleshooting, which prompted me to dust off my MDE-Troubleshoote...

Read Article →

Governing OS Versions in Microsoft Intune: Best Practices and Configuration

January 07, 2025 by Kenneth Van Surksum

conditional-access intune modern-workplace security compliance-policy

In a modern managed workplace environment, ensuring that devices meet minimum operating system (OS) requirements is a critical aspect of security a...

Read Article →

Microsoft Describes Top Five SharePoint Features Shipped in 2024

January 07, 2025 by Tony Redmond

sharepoint-online copilot-in-onedrive microsoft-365-archive microsoft-365-backup sharepoint-agents

An interesting article by Microsoft’s Mark Kashman lists his top five SharePoint features shipped in 2024. Four of the five features involve extra ...

Read Article →

Mastering Microsoft Azure RBAC & Entra ID Roles: Automated Role Assignment Reporting Across Your Tenant

January 06, 2025 by Sebastian F. Markdanner

microsoft-entra

As the season for audits approaches (though, let’s be honest, auditing should be an all-year-round endeavor), I’m excited to share a...

Read Article →

Renewing Apple Enrollment Program, VPP Token, and MDM Push Certificate in Microsoft Intune and SCIM token in Entra.

January 06, 2025 by Kenneth Van Surksum

abm intune dep dep-token mdm

Introduction Managing Apple devices in Microsoft Intune requires maintaining active integrations with Apple services. To ensure continued functiona...

Read Article →

SharePoint Online Intelligent Versioning and the 500 Version Limit

January 06, 2025 by Tony Redmond

sharepoint-online data-lifecycle-management intelligent-versioning retention version-trimming

SharePoint Online intelligent versioning uses algorithms to decide what file versions must be kept for file recoverability. Unwanted versions are d...

Read Article →

How to check and block “malicious” browser extensions with Microsoft Defender and Intune?

January 05, 2025 by Jeffrey Appel

security defender-for-endpoint defender-xdr

In the past years, malicious browser extensions have been on the rise and are more popular to be used as part of cyberattacks. With the use of mali...

Read Article →

How to use Microsoft Security Exposure Management (XSPM)

January 04, 2025 by Jeffrey Appel

security defender-for-endpoint defender-xdr

Microsoft Security Exposure Management is a new product/feature in the Defender XDR suite. This blog will explain more about it and the difference ...

Read Article →

How to Create a Teams Avatar from a Photo

January 03, 2025 by Tony Redmond

teams create-a-teams-avatar-from-a-photo mesh-avatar teams-avatar

I've used Teams avatars for a couple of years but never liked them all that much. The chance to create a Teams avatar from a photo seemed like a gr...

Read Article →

New eBook, “Demystifying Microsoft Defender for Servers” by James Agombar

January 03, 2025 by Thomas Verheyden

defender-for-cloud defender-for-endpoint defender-xdr

I’m thrilled to share the launch of the new eBook, “Demystifying Microsoft Defender for Servers” by James Agombar 🎉 I had the ple...

Read Article →

Microsoft Entra ID Governance: Show suggested access packages in My Access

January 02, 2025 by Jan Bakker

entra-id

Check out this article via web browser: Microsoft Entra ID Governance: Show suggested access packages in My Access Today’s post is about a ne...

Read Article →

Viva Engage Items Show Up in Search Results

January 02, 2025 by Tony Redmond

microsoft-365 acompli outlook-mobile sharepoint-search viva-engage-search-results

News that Viva Engage search results are included in the results generated by Office.com and SharePoint.com is not unexpected. Only certain Viva En...

Read Article →

KQL Sources - 2025 Update

January 01, 2025 by Bert-Jan Pals

azure entra-id security intune sentinel

What started as a single blog is now becoming a yearly trend. More and more KQL related repositories are created, not only with a focus on security...

Read Article →

Office 365 for IT Pros January 2025 Update

January 01, 2025 by Paul Robichaux

book office-365-for-it-pros office-365-for-it-pros-2025-edition

Monthly update #115 is now available for download by subscribers to the Office 365 for IT Pros (2025 edition) eBook. The files available to subscri...

Read Article →

What a 2024 – a new year is now over and a new begings

January 01, 2025 by Michael Morten Sonne

community general microsoft mvp-award my-tools

Last Updated on January 2, 2025 by Michael Morten Sonne Introduction As 2024 is now over, I’ve been… The post What a 2024 – a new year is now...

Read Article →

How to use Managed Identities for multi-tenant app authentication

December 30, 2024 by Daniel Bradley

entra-id microsoft-graph

Learn how to use Managed Identities for multi-tenant app authentication when using Microsoft Graph PowerShell in Azure Automation. The post How to ...

Read Article →

MDM / Intune policies moving over to MMP-C

December 30, 2024 by rudyooms

intune mmpc

This blog will focus on how Wi-Fi and VPN resource access policies are being transferred (Authority change) from the old-school MDM stack to the MM...

Read Article →

Tool Release: pwshuploadindicatorsapi

December 26, 2024 by Truls Dahlsveen

sentinel

This module is a wrapper for the Microsoft Sentinel related Upload Indicators API, allowing you to upload indicators of compromise (IOC) to a Micro...

Read Article →

Managed Identity Permission Manager – v. 1.0.0.3 is out!

December 23, 2024 by Michael Morten Sonne

automation entra-id code-repository github identity

Last Updated on December 23, 2024 by Michael Morten Sonne Introduction I’m thrilled to announce the latest release… The post Managed Identity...

Read Article →

Microsoft now allows connecting to Multi-tenant apps using Managed Identities

December 23, 2024 by Daniel Bradley

entra-id microsoft-graph

Learn how to connect to other tenants using Managed Identity federation on your app registration in Microsoft Entra. The post Microsoft now allows ...

Read Article →

Microsoft Search in Bing Gets the Bullet

December 23, 2024 by Tony Redmond

microsoft-365 mc961557 mc961601 microsoft-search-in-bing office-tags

On 19 December 2024, Microsoft announced the retirement of the Microsoft Search in Bing feature. Copilot is better at searching and presenting web ...

Read Article →

Tool Release: pwshmisp

December 22, 2024 by Truls Dahlsveen

sentinel

In an attempt to make using MISP easier, I have created a PowerShell module to interact with MISP. The release of this module is the first step tow...

Read Article →

The Confusing Renaming of Microsoft 365 Copilot

December 20, 2024 by Tony Redmond

microsoft-365-copilot bizchat microsoft-365-copilot-chat microsoft-365-copilot-rename

Microsoft loves branding exercises. At least, that can be the only reason why the Microsoft 365 Copilot rename is happening. I can think of no othe...

Read Article →

Blocking Microsoft 365 Copilot Making Inferences in Teams Meetings

December 19, 2024 by Tony Redmond

microsoft-365 copilot-in-teams copilot-inference-and-evaluation-policy microsoft-teams teams-meetings

The Copilot inference and evaluation policy controls if users can ask Copilot in Teams to evaluate the emotions of other meeting participants. It s...

Read Article →

MC2MC Live - Forward to the Past

December 19, 2024 by Robbe Van den Daele

azure

At MC2MC Live: Forward to the past I was able to give a session on how to manage Azure Bicep templates at scale and automatically. Very happy to ha...

Read Article →

Microsoft Defender for Cloud Apps – Visibility into applications with highly privileged permissions, whether used or unused

December 19, 2024 by Michael Morten Sonne

analyzer attackscompromise compliance identity microsoft-365

Last Updated on December 19, 2024 by Michael Morten Sonne Intoduction The principle of Zero Trust emphasizes that… The post Microsoft Defende...

Read Article →

Processing Microsoft 365 Retention Labels with the Microsoft Graph PowerShell SDK

December 18, 2024 by Tony Redmond

graph-api microsoft-graph powershell get-mgdriveitemretentionlabel get-mgsecuritylabelretentionlabel

Two types of retention labels are in use: Microsoft 365 retention labels and MRM retention tags. Clients hide the difference, but the Microsoft Gra...

Read Article →

IOC hunting at scale

December 17, 2024 by Bert-Jan Pals

security

As the holiday season approaches and our schedules hopefully begin to open up, many of us find ourselves with a bit more time on our hands. This ti...

Read Article →

Microsoft Entra Identity Governance Fundamentals: Lifecycle workflows

December 17, 2024 by Sebastian F. Markdanner

microsoft-entra

Join me as I connect the dots from my previous posts on the fundamental Identity Governance features in Microsoft Entra with Lifecycle...

Read Article →

Microsoft Proposes a Horrible Change for the Search-UnifiedAuditLog Cmdlet

December 17, 2024 by Tony Redmond

compliance high-completeness search-unifiedauditlog

On December 12, Microsoft said that they want to make the Search-UnifiedAuditLog cmdlet use high completeness for all its searches. If implemented,...

Read Article →

Troubleshooting the Properties Catalog Error 2147749902:

December 17, 2024 by rudyooms

device-inventory intune

Troubleshooting error 2147749902 (WBEM_E_INVALID_NAMESPACE) isn’t always straightforward. What started as a simple Intune error turned into a Devic...

Read Article →

Teams Gets Resizable Windows and More Pop-Out Panes

December 16, 2024 by Tony Redmond

teams microsoft-teams resizable-teams-panes resizable-teams-windows

In January 2025, Microsoft will introduce resizable Teams windows for the Windows and Mac desktop clients. This is a fundamental change to the clie...

Read Article →

Microsoft 365 Users to Get Outlook’s Org Explorer

December 13, 2024 by Tony Redmond

outlook org-explorer outlook-classic outlook-org-explorer the-new-outlook-for-windows

Microsoft originally were going to license the Outlook Org Explorer to E3 and E5 users. Then they had the clever plan to license the feature throug...

Read Article →

How to Configure Sensitivity Labels to Block Document Downloads from SharePoint Sites

December 12, 2024 by Tony Redmond

sharepoint-online block-download-policy container-management sharepoint-advanced-management sharepoint-block-download-policy

The SharePoint Online Block Download Policy controls the ability to use features that rely on downloaded files (including temporary files), such as...

Read Article →

February Deadline Looms for Legacy Exchange Tokens Used by Outlook Add-Ins

December 11, 2024 by Tony Redmond

exchange-online outlook legacy-exchange-tokens naa nested-app-authentication

A February 2025 deadline looms for Outlook classic add-ins that use legacy Exchange tokens for authentication. Add-ins must switch to nested app au...

Read Article →

New Option Available to Update Microsoft 365 User Profile

December 10, 2024 by Tony Redmond

administration microsoft-365 microsoft-365-user-profile user-profile-card user-profile-settings

The scheduled retirement of Delve on December 16, 2024, meant that Microsoft had to create a new way for users to update their profile settings. Th...

Read Article →

Device isolation and containment strategies

December 09, 2024 by Robbe Van den Daele

security

Introduction As a Security Operation Center, you want to be able to contain devices and users on a network as a response to an adversary event. How...

Read Article →

Life is like a box of Enhanced Device Inventory Properties.

December 09, 2024 by rudyooms

device-inventory intune

This blog will focus on a new Intune Core Feature called Windows Device Inventory (Resource Explorer). I will show you how this new Intune Feature ...

Read Article →

Microsoft Entra Identity Governance Fundamentals: Access Packages

December 09, 2024 by Sebastian F. Markdanner

microsoft-entra microsoft-intune microsoft-defender

In this blog post, we’ll be covering the fundamentals of Access Packages in Microsoft Entra—it’s all about getting a solid understanding...

Read Article →

Microsoft Kills Viva Goals

December 09, 2024 by Tony Redmond

microsoft-365 okr viva-goals-retirement viva-suite

Microsoft's announcement of the Viva Goals retirement came as a complete surprise to the customers using Viva Goals to implement the OKR methodolog...

Read Article →

How to receive Entra admin email notifications without a mailbox

December 08, 2024 by Daniel Bradley

entra-id microsoft-graph

Learn how to receive admin email notifications without a mailbox license using Plus addressing in Microsoft Entra. The post How to receive Entra ad...

Read Article →

Under the hoods of the Windows Device Inventory Agent

December 08, 2024 by rudyooms

device-inventory intune

This blog will show you the inner workings of the Device Inventory Agent

Read Article →

Thwarting Social Engineering Attacks Against Teams Federated Chat

December 06, 2024 by Tony Redmond

teams brand-impersonation-protection external-access federated-chat social-engineering-attack

A recent report noted an increase in social engineering attacks through Teams federated chat. You can stop these attacks by limiting external acces...

Read Article →

Use Requestor information in Entra ID Access Packages as input for Custom Extensions

December 06, 2024 by Jan Bakker

entra-id

Check out this article via web browser: Use Requestor information in Entra ID Access Packages as input for Custom Extensions In a previous blog pos...

Read Article →

Workshop: Kusto Graph Semantics Explained

December 06, 2024 by Author

security

Ho, ho, ho… In Germany on the 6th of December we celebrate “Nikolaus”. Kids put out one shoe the night before in the hopes that,...

Read Article →

Microsoft 365 Unifies Video Under Clipchamp Brand

December 05, 2024 by Tony Redmond

microsoft-365-video stream clipchamp microsoft-365-video-unification

A November 26 announcement says that Microsoft 365 Video will bring Stream and Clipchamp together under the Clipchamp brand. A lot of hard work ove...

Read Article →

How to Switch OneDrive for Business Accounts to Intelligent Versioning

December 04, 2024 by Tony Redmond

onedrive-for-business automatic-versioning intelligent-versioning onedrive-for-business-intelligent-versioning

Intelligent versioning means that SharePoint Online manages file versions automatically and only keeps what's needed. The feature works for OneDriv...

Read Article →

Request Temporary Access Pass on behalf of others via Entra ID Governance Access Package

December 04, 2024 by Jan Bakker

entra-id security

Check out this article via web browser: Request Temporary Access Pass on behalf of others via Entra ID Governance Access Package While looking at t...

Read Article →

The 0x80072F9A We Start From

December 04, 2024 by rudyooms

intune

This blog is a follow-up to the Windows Enrollment Attestation series. I’ll dive into why the AllowRecovery CSP is a game-changer and how it helped...

Read Article →

Report Copilot user prompts and AI responses with PowerShell

December 03, 2024 by Daniel Bradley

microsoft-365-copilot microsoft-graph

Report a history of user prompts and the AI responses from Microsoft 365 Copilot using Microsoft Graph PowerShell. The post Report Copilot user pro...

Read Article →

Using the Audit Log to Generate a Daily Action Summary for a User

December 03, 2024 by Tony Redmond

compliance powershell audit-events-captured-for-a-user audit-events-for-a-user search-unifiedauditlog

This article describes how to report the audit events for a user over a single day. The task seems simple, but inconsistency in audit payloads make...

Read Article →

Office 365 for IT Pros December 2024 Update

December 02, 2024 by Tony Redmond

book automating-microsoft-365-with-powershell office-365-for-it-pros office-365-for-it-pros-2025-edition

The Office 365 for IT Pros writing team is thrilled to announce the availability of the December 2024 update (monthly update #114). Current subscri...

Read Article →

Passkeys 101: How Microsoft Entra Simplifies Passwordless Authentication

December 02, 2024 by Sebastian F. Markdanner

microsoft-entra microsoft-intune microsoft-defender

Today, we’re exploring passkeys—what they are, how they work, and how Microsoft’s latest GA features make passwordless authentication...

Read Article →

Windows – Hotpatching is now possible on clients – rebootless updates is here!

December 02, 2024 by Michael Morten Sonne

intune microsoft security windows windows-11

Last Updated on June 2, 2025 by Michael Morten Sonne Introduction In a major step forward for reliability… The post Windows – Hotpatching is ...

Read Article →

EDR Silencers and Beyond: Exploring Methods to Block EDR Communication - Part 1

December 01, 2024 by Author

security

For red teams and adversary alike it’s important to stay hidden. As many companies nowadays have EDR agents deployed those agents are always in foc...

Read Article →

Finding Inactive Mailboxes Based on Message Trace Data

November 29, 2024 by Tony Redmond

exchange-online find-inactive-mailboxes message-trace-data

This article covers how to use Exchange Online message trace data to find inactive mailboxes based on their message send activity. The script proce...

Read Article →

Announcing the Netskope CCP connector!

November 28, 2024 by Tim Groothuis

azure security netskope sentinel microsoft-sentinel

Over the past couple of weeks I’ve been working in close collaboration with the Netskope team to build and design a new Sentinel data connector for...

Read Article →

Evilginx Mastery Course | What I learned

November 28, 2024 by Jan Bakker

security

Check out this article via web browser: Evilginx Mastery Course | What I learned A couple of years back, I was really struggling to get Evilginx up...

Read Article →

Proof of possession, Token Protection and Graph PowerShell, what’s next?

November 28, 2024 by Daniel Bradley

entra-id microsoft-graph

Learn about proof of possession and how it protects against access token replay attacks when using Microsoft Graph PowerShell. The post Proof of po...

Read Article →

Fix: SENSE Service stuck in START_PENDING on WS2012R2 or WS2016? Check OOBE !

November 27, 2024 by Thomas Verheyden

defender-for-endpoint defender-for-servers micorosft-security

Intro This blog discusses a challenge I encountered with a client. They reached out for assistance in addressing issues during the deployment of De...

Read Article →

Microsoft Changes Names for Sensitivity Label Permissions

November 27, 2024 by Tony Redmond

compliance sensitivity-label-permissions sensitivity-label-usage-rights

Microsoft recently renamed the default set of sensitivity label permissions. Each permission defines the usage rights for a labelled item for users...

Read Article →

The Problem of Document Mismatches and Cloudy Attachments

November 26, 2024 by Tony Redmond

sharepoint-online auto-label-retention cloudy-attachment document-mismatch-notification modern-attachment

SharePoint generates document mismatch notifications when users create or update files with sensitivity labels that are higher than the site's cont...

Read Article →

The Impact of Generative AI on Technology Websites

November 25, 2024 by Tony Redmond

microsoft-365 chatgpt effect-of-generative-ai-on-technology-websites generative-ai microsoft-copilot

Generative AI tools are nice to have, but the LLMs used by these tools must come from somewhere. The impact of generative AI on technology websites...

Read Article →

Microsoft’s Simple Message at Ignite: It’s All About AI

November 22, 2024 by Tony Redmond

microsoft-365 artificial-intelligence ignite-2024 microsoft-365-copilot sharepoint-online

The slew of product announcements at the Microsoft Ignite 2024 conference included lots about AI and Copilot. This article covers some of the more ...

Read Article →

Use the Microsoft Graph to Report Service Principal Sign-In Activity

November 21, 2024 by Tony Redmond

entra-id powershell get-mgbetareportserviceprincipalsigninactivity get-mgserviceprincipal service-principal-sign-in-activity

Service principal sign-in activity is a new insight available in the Entra admin center. As explained here, it's also possible to use PowerShell to...

Read Article →

Selfservice for hardware (OATH) tokens in Entra ID.

November 20, 2024 by Jan Bakker

entra-id security

Check out this article via web browser: Selfservice for hardware (OATH) tokens in Entra ID. One of the longest-running previews in Entra ID is the ...

Read Article →

Track Sensitivity Label Downgrades and Removals with Audit Log Data

November 20, 2024 by Tony Redmond

compliance audit-events insider-risk-management sensitivity-label-downgrades sensitivity-label-removals

The Purview Insider Risk Management solution can do all sorts of clever things, like tracking sensitivity label downgrades and removals as an indic...

Read Article →

Microsoft Details Progress Towards a More Secure Exchange Online

November 19, 2024 by Tony Redmond

exchange-online application-impersonation dane dnssec ews

In a November 18 post, Microsoft describes some Exchange Online security updates that are due to land between now and 2026. Some of the news is a r...

Read Article →

Fixing Time Zone Issues in Windows Autopilot

November 18, 2024 by rudyooms

autopilot intune

Deploying Windows devices using Autopilot can be challenging, especially when devices are shipped from a supplier in China to various global locati...

Read Article →

Microsoft to Enforce Mandatory MFA Requirement for Microsoft 365 Admin Center

November 18, 2024 by Tony Redmond

administration microsoft-365 mandatory-mfa-for-microsoft-365 mandatory-multifactor-authentication microsoft-365-admin-center

In February 2025, Microsoft will begin enforcing a mandatory MFA requirement for the Microsoft 365 admin center. All connections to the Microsoft 3...

Read Article →

Use the Audit Log to Find the Last Accessed Date for Documents

November 15, 2024 by Tony Redmond

powershell sharepoint-online file-operations-audit-events fileaccessed sharepoint-online-audit

The unified audit log is full of interesting information about who did what and when they did it. In this article, I describe how to use file opera...

Read Article →

GitHub Backup Tool – update 1.3.1.0 is out

November 14, 2024 by Michael Morten Sonne

backup code-repository github my-tools software

Last Updated on November 14, 2024 by Michael Morten Sonne Introduction I’m thrilled to announce the latest release… The post GitHub Bac...

Read Article →

Manage PIM Role Assignments with the Microsoft Graph PowerShell SDK

November 14, 2024 by Tony Redmond

entra-id powershell entra-id pim-active-role-assignment pim-eligible-role-assignment

This article describes how to create eligible and active PIM role assignment requests using cmdlets from the Microsoft Graph PowerShell SDK. Althou...

Read Article →

Graph permission scopes and delegate access in Microsoft Entra

November 13, 2024 by Daniel Bradley

entra-id microsoft-graph

Learn how Graph permission scopes and Entra RBAC roles enable users access to resources in the delegated auth type scenario. The post Graph permiss...

Read Article →

How SharePoint Online Intelligent Versioning Interacts with Retention Policies and Labels

November 13, 2024 by Tony Redmond

sharepoint-online data-lifecycle-management intelligent-versioning retention-policies

Intelligent versioning recently appeared in SharePoint Online. The purpose is to save storage by removing unnecessary versions. But retention polic...

Read Article →

UAL = Unaligned Activity Logs

November 13, 2024 by Bert-Jan Pals

azure entra-id defender sentinel cloud

The unified audit log is a centralized repository for M365 user and admin activities. The activities originate from different applications, such as...

Read Article →

Device Compliance: The Tpm-PreAttestationHealthCheck in Windows 24H2

November 12, 2024 by rudyooms

attestation-and-compliance-series compliance intune

Troubleshooting health attestation just got easier. With the introduction of the Tpm PreAttestationHealthCheck task, Windows now generates a detail...

Read Article →

Microsoft to Separate Copilot and Teams Compliance Records

November 12, 2024 by Tony Redmond

compliance copilot-interactions data-lifecycle-management teams-compliance-records

In a November 8 post, Microsoft says that Purview Data Lifecycle Management will allow tenants to split processing of Copilot interactions and Team...

Read Article →

Microsoft Recommends the UnifiedRoleDefinition Graph API for Role Assignment Automation

November 11, 2024 by Tony Redmond

entra-id microsoft-graph get-mgrolemanagementdirectoryroleassignment get-mgrolemanagementdirectoryroledefinitio new-mgrolemanagementdirectoryroleassignment

Microsoft recommends that developers move from the older DirectoryRoles Graph API and use the UnifiedRoleDefinition API instead. Changing APIs will...

Read Article →

Private Channels Just Don’t Get Any Respect

November 08, 2024 by Tony Redmond

teams private-channels

Microsoft launched private channels in November 2019. A lot has happened since, and private channels don't really get much attention these days. Th...

Read Article →

How Microsoft Copilot Generates Compliance Records

November 07, 2024 by Tony Redmond

compliance microsoft-365-copilot bizchat compliance-records copilot-interactions

A recent article about analyzing interaction records for Microsoft 365 Copilot led to the question if it’s possible to do the same for Microsoft Co...

Read Article →

Microsoft recommends use of the unifiedRoleDefinition APIs

November 07, 2024 by Daniel Bradley

microsoft-graph news

Look in the difference between the directoryRole and unifiedRoleDefinition APIs to understand what Microsoft is now recommending change. The post M...

Read Article →

Exchange Online Adds Delicensing Resiliency

November 06, 2024 by Tony Redmond

exchange-online delicensing-resiliency

Microsoft announced Delicensing Resiliency, a new feature for tenants with over 10,000 paid seats, to avoid inadvertent data loss due to licensing ...

Read Article →

Loop App Adds More Support for Sensitivity Labels

November 05, 2024 by Tony Redmond

loop loop-app loop-page loop-workspace sensitivity-labels

Container management label support is coming to the Loop app. Before it arrives, we look at how Loop supports sensitivity labels assigned to pages ...

Read Article →

Entra ID Private Access with private integrated storage accounts

November 04, 2024 by Robbe Van den Daele

azure entra-id security

Introduction In the past couple of weeks, I worked on a project where I needed to provide access to a securely private integrated Azure Storage Acc...

Read Article →

Fix Subscription Activation by automatically Removing Secondary Work or School Accounts.

November 04, 2024 by rudyooms

intune

When subscription activation gets stuck, it could be due to conflicting tenant accounts. This blog dives into how to fix subscription activation by...

Read Article →

How to Use the Graph SDK to Manage Group-Based Licensing

November 04, 2024 by Tony Redmond

administration microsoft-graph powershell group-based-licensing set-mggrouplicense

Group-based licensing is a mechanism to make it easier to assign and manage product licenses for large sets of user accounts. In this article, we d...

Read Article →

Restrict non-admin access to the Microsoft Entra portal with PowerShell

November 03, 2024 by Daniel Bradley

microsoft-graph

Learn how to restrict non-admin users access to the Microsoft Entra admin portal using Microsoft Graph PowerShell. The post Restrict non-admin acce...

Read Article →

Managed Identity Permission Manager – v. 1.0.0.2 is out!

November 01, 2024 by Michael Morten Sonne

automation azure entra-id code-repository cool-tools

Last Updated on November 2, 2024 by Michael Morten Sonne Introduction I’m thrilled to announce the latest release… The post Managed Ide...

Read Article →

Office 365 for IT Pros November 2024 Update

November 01, 2024 by Tony Redmond

book automating-microsoft-365-with-powershell microsoft-fy25-q1-results offive-365-for-it-pros

Monthly Update #113 (November 2024) for the Office 365 for IT Pros eBook is now available for download by current subscribers from Gumroad.com. An ...

Read Article →

Create a Custom Copilot Agent for SharePoint Online

October 31, 2024 by Tony Redmond

microsoft-365-copilot copilot-agent custom-copilot-agent sharepoint-online

Copilot agents are part of Microsoft's Wave 2 initiative launched in September 2024. Basically, an agent restricts Copilot queries to a defined set...

Read Article →

Autopilot Device Preparation (AVP2/AP-DPP): Hiding the Privacy Settings

October 30, 2024 by rudyooms

intune device-enrollment

In this post, I’ll show you how to streamline the Out-of-Box Experience (OOBE) setup process even if you’re using Autopilot Device Preparation ( AV...

Read Article →

Introducing Azure DevOps Backup Tool 1.1.2.0: Security update!

October 30, 2024 by Michael Morten Sonne

azure-devops backup code-repository my-tools software

Last Updated on January 21, 2025 by Michael Morten Sonne Introduction I’m thrilled to announce the latest release… The post Introducing...

Read Article →

Why Are Per-User MFA Settings Available in the Entra Admin Center?

October 30, 2024 by Tony Redmond

entra-id conditional-access-policies multifactor-authentication per-user-mfa

A reader asked why the Entra admin center includes an option to manage per-user MFA settings for accounts. I don't know why Microsoft added this op...

Read Article →

Enablement of Passkeys in Authenticator with no key restrictions

October 29, 2024 by Daniel Bradley

entra-id

Microsoft to enable passkeys in the Microsoft Authenticator app without the need to implement key restrictions. The post Enablement of Passkeys in ...

Read Article →

How to Restore the Service Plan for a Microsoft 365 Product License

October 29, 2024 by Tony Redmond

entra-id powershell disable-service-plan-for-microsoft-365-account enable-service-plan-for-microsoft-365-account get-mguserlicensedetail

Many articles describe how to disable a service plan for a product license assigned to a Microsoft 365 account, but few cover how to enable service...

Read Article →

How to bypass Microsoft Graph PowerShell access restrictions

October 28, 2024 by Daniel Bradley

microsoft-graph powershell

Learn how to bypass Microsoft Graph PowerShell access restrictions and gain full directory access using PowerShell. The post How to bypass Microsof...

Read Article →

How to Search for Email Protected by Sensitivity Labels

October 28, 2024 by Tony Redmond

compliance microsoft-365 find-email-with-sensitivity-labels informationprotectionlabelid mfcmapi

A reader asked how to find emails with sensitivity labels. Everyone knows that you can find SharePoint files protected by sensitivity labels, but w...

Read Article →

Improving automated Sentinel detection validation.

October 28, 2024 by Tim Groothuis

azure ci-cd-pipeline azure-devops microsoft-sentinel security

IntroductionMicrosoft Sentinel offers a lot of features, one being the ability to manage your analytic rules (detection rules) as infrastructure as...

Read Article →

Patch My PC Home Updater 5.0: Effortless Updates for Over 500 Apps

October 28, 2024 by rudyooms

intune

On October 23rd, 2024, Patch My PC dropped their brand new Home Updater version 5.0, and it’s a serious game-changer for home users. If you’ve been...

Read Article →

The Incredible story of using the Windows Performance Recorder to troubleshoot your Enrollments.

October 28, 2024 by rudyooms

intune

In this blog, I will show you how to set up the Windows Performance Recorder and the Windows Performance Analyzer to troubleshoot Autopilot and Int...

Read Article →

Entra ID Security Config Analyzer - Deep Dive into Configuration Assessment

October 27, 2024 by Dr. Sami Lamppu

entra-id entra-id identity-security configuration-management security-assessment

A comprehensive analysis of security configuration assessment tools and methodologies for Microsoft Entra ID, including automated checks for condit...

Read Article →

Conditional Access Policy Design Patterns for Zero Trust

October 26, 2024 by Thomas Naunheim

conditional-access zero-trust entra-id azure-security authentication

Explore advanced design patterns for implementing Conditional Access policies in Microsoft Entra ID as part of a Zero Trust security strategy. Cove...

Read Article →

Cyber back to school: Microsoft Token Theft Unveiled

October 25, 2024 by Robbe Van den Daele

entra-id

Introduction I am thrilled to participate in the Cyber Back to School initiative hosted during cyber awareness month! This session is all about Pri...

Read Article →

Managed Identity Permission Manager – A new tool is out to test – v. 1

October 25, 2024 by Michael Morten Sonne

azure entra-id cool-tools identity microsoft

Last Updated on October 25, 2024 by Michael Morten Sonne Introduction Introducing a new PowerShell tool for Managing… The post Managed Identi...

Read Article →

Microsoft Says SMEs Can Benefit from Microsoft 365 Copilot

October 25, 2024 by Tony Redmond

microsoft-365-copilot copilot-flaws marketing microsoft-365-copilot-for-smes

An October 17, 2024 report highlights how Microsoft 365 Copilot can benefit SMEs in terms of increased revenue and ROI. But the report is a marketi...

Read Article →

Test Yourself Part 1: Identity

October 25, 2024 by Truls Dahlsveen

security identity

Some tips, tricks and tools to help you get started testing your own infrastructure. This is the part 1 where we'll look into identity and how you ...

Read Article →

Securing Workload Identities in Microsoft Entra ID

October 24, 2024 by Dr. Sami Lamppu

workload-identity entra-id service-principals managed-identity azure-security

Best practices for securing workload identities including service principals and managed identities in Microsoft Entra ID. Discusses credential man...

Read Article →

How to Set Directory Synchronization Features with the Graph

October 24, 2024 by Tony Redmond

entra-id directory-synchronization-setting entra-id-connect get-entradirsyncfeature set-entradirsyncfeature

Directory synchronization features control how the Entra Connect tool works when synchronizing accounts from Active Directory to Entra ID. The curr...

Read Article →

Autopilot Error 0x80280009: TPM Attestation. What is going on?

October 23, 2024 by rudyooms

autopilot intune

In this blog, we’ll explore why 0x80280009 (aka TPM_E_FAIL) is becoming a more common headache, particularly in virtual machines. We’ll look at wha...

Read Article →

How to Force Users to Sign in Weekly

October 23, 2024 by Tony Redmond

administration entra-id revoke-access-to-user-account revoke-mgusersigninsession schedule-reauthentication-for-user-account

A recent question asked how to force users to reauthenticate at 7AM every Monday. The solution seems to revoke access for user accounts. This artic...

Read Article →

Advanced Privileged Identity Management in Entra ID

October 23, 2024 by Thomas Naunheim

pim privileged-access entra-id identity-governance azure-security

Deep dive into Microsoft Entra Privileged Identity Management (PIM) covering just-in-time access, approval workflows, access reviews, and integrati...

Read Article →

Entra ID Protection: Understanding and Implementing Risk-Based Policies

October 22, 2024 by Dr. Sami Lamppu

identity-protection risk-detection entra-id authentication-security threat-detection

Comprehensive guide to Microsoft Entra ID Protection's risk detection capabilities, including sign-in risk and user risk policies, risk investigati...

Read Article →

Microsoft Releases Beta Version of New Cloud Licensing Graph API

October 22, 2024 by Tony Redmond

microsoft-graph cloud-licensing-api service-plan sku usage-right

A new Cloud Licensing API has turned up in the Microsoft Graph beta endpoint. Apparently, the new API aims to improve license management in various...

Read Article →

Azure RBAC Security Best Practices and Common Misconfigurations

October 21, 2024 by Thomas Naunheim

azure-rbac access-control azure-security iam cloud-security

Detailed analysis of Azure Role-Based Access Control (RBAC) security considerations, including custom role design, least privilege principles, scop...

Read Article →

Client Credentials - Client Certificate

October 21, 2024 by Robbe Van den Daele

security

Introduction The process is quite similar to the client secret flow described here, so be sure to take a look! The challenge here lies in generatin...

Read Article →

Microsoft Graph Doesn’t Support Custom Attributes for Groups

October 21, 2024 by Tony Redmond

entra-id microsoft-graph container-management-label control-assignment-of-container-management-label get-mggroup

Container management labels are an effective way to ensure that groups, teams, and sites have the right settings. The Graph doesn't support custom ...

Read Article →

Report license usage rights with Microsoft Graph PowerShell

October 21, 2024 by Daniel Bradley

entra-id microsoft-graph

Learn how to report assigned license and service plans for users in Microsoft 365 using Microsoft Graph PowerShell. The post Report license usage r...

Read Article →

Securing External Identities in Microsoft Entra ID

October 20, 2024 by Dr. Sami Lamppu

external-identities b2b guest-access entra-id collaboration-security

Security considerations for external collaboration using Microsoft Entra External Identities (B2B). Covers guest user lifecycle management, cross-t...

Read Article →

Will Microsoft 365 Copilot Errors and Hallucinations Eventually Corrupt the Microsoft Graph?

October 18, 2024 by Tony Redmond

microsoft-365 copilot-errors microsoft-365-copilot

Copilot errors in generated text can happen for a variety of reasons, including poor user prompts. If the errors end up in documents, they can infe...

Read Article →

Hardening Entra ID

October 17, 2024 by Truls Dahlsveen

azure entra-id

This is an update to a previous article I wrote on hardening Azure Active Directory. The idea of this update is to provide a table of default setti...

Read Article →

Teams Revamps its Calendar with Outlook Components

October 17, 2024 by Tony Redmond

teams new-teams-calendar old-teams-calendar opx teams-calendar-app

The Teams calendar app is being refreshed in November 2024 when Teams takes on the calendar UI used by OWA and the new Outlook for Windows. The uni...

Read Article →

Working with Copilot Pages

October 16, 2024 by Tony Redmond

microsoft-365 copilot-containers copilot-for-microsoft-365 copilot-pages microsoft-copilot

Copilot Pages are part of the September 2024 Copilot Wave 2 announcement. They're a good way to capture the text generated by Copilot in response t...

Read Article →

Using the Members of a Dynamic Microsoft 365 Group to Populate an Adaptive Scope

October 15, 2024 by Tony Redmond

compliance adaptive-scope use-group-membership-for-adaptive-scope

Adaptive searches are a nice way to target users, sites, and groups for Purview retention processing. But a user adaptive scope can't select member...

Read Article →

Client Credentials - Client Secret

October 14, 2024 by Robbe Van den Daele

security

Introduction The next authentication flow in my series will be the Client Credentials Flow. Be sure to check out the first one here! We will first ...

Read Article →

Local Administrator Protection vs. EPM: The Differences Explained!

October 14, 2024 by rudyooms

administrator-protection epm intune

After posting the blog about Administrator Protection, one question kept coming up: What are the key differences between Administrator Protection v...

Read Article →

No Reason to “Upgrade” Distribution Lists to Microsoft 365 Groups

October 14, 2024 by Tony Redmond

exchange-online upgrade-distribution-group upgrade-distribution-list

The Exchange admin center feature to allow administrators to initiate an upgrade distribution list process to request group owners to migrate distr...

Read Article →

How I Write PowerShell Scripts for Microsoft 365

October 11, 2024 by Tony Redmond

powershell github-copilot visual-studio-code write-powershell-for-microsoft-365

The question of how best to write PowerShell for Microsoft 365 was asked during a TEC 2024 PowerShell workshop. There are many variables, and one h...

Read Article →

The New Outlook for Windows Can Start without an Internet Connection…

October 10, 2024 by Tony Redmond

outlook offline-access offline-working the-new-outlook-for-windows

Offline access is a fundamental feature for email clients. The new Outlook introduced initial support in June 2024. Now it can start without a netw...

Read Article →

Free Teams Licenses Now Blocked for Federated Communications

October 09, 2024 by Tony Redmond

teams blocked-teams-external-access blocked-teams-federated-chat blocked-teams-federated-communication

Microsoft announced blocked Teams federated chat for trial tenants in June 2024. That block is now well and truly enforced. If you use an account i...

Read Article →

Unleash The Power Of DeviceTvmInfoGathering

October 09, 2024 by Bert-Jan Pals

defender

The DeviceTvmInfoGathering table in Defender XDR is one of the understudied tables of Defender For Endpoint. With only the small amount of four lis...

Read Article →

Delve Retirement and User Profiles

October 08, 2024 by Tony Redmond

microsoft-365 sharepoint-online delve user-profile-card user-profile-photo

The Delve browser app retires on December 16, 2024. It's time to check if the change will affect how people interact with user profiles in Microsof...

Read Article →

How to automatically migrate to Authentication Methods policies

October 08, 2024 by Daniel Bradley

entra-id

Learn how to automatically migrate to Authentication Methods policies in Microsoft Entra using the built in Wizard. The post How to automatically m...

Read Article →

Adding a Custom Test to the Maester Tool

October 07, 2024 by Tony Redmond

microsoft-365 entra-id custom-maester-tests entra-id-groups-policy microsoft-365-groups

The Maester tool is a great way to get a security assessment for a Microsoft 365 tenant. Being able to create custom Maester tests makes it even be...

Read Article →

Administrator Protection in Windows 11 Explained: How Microsoft Rebuilt Local Admin Security

October 07, 2024 by rudyooms

administrator-protection intune

This blog will focus on a new Windows 11 insider build feature, Administrator Protection, announced in the latest Windows Insider Canary build (277...

Read Article →

Microsoft Defender for Identity – New posture recommendations focusing on Active Directory

October 07, 2024 by Michael Morten Sonne

active-directory attackscompromise identity defender-for-identity security

Last Updated on January 21, 2025 by Michael Morten Sonne Introduction Here at my blog, im committed to… The post Microsoft Defender for Ident...

Read Article →

Microsoft Retires the Revoke-SPOUserSession Cmdlet

October 04, 2024 by Tony Redmond

microsoft-365 powershell sharepoint-online powershell-script-off revoke-mgusersigninsession

Unsurprisingly, Microsoft announced the deprecation of the Revoke-SPOUserSession cmdlet for November 2024. The cmdlet is replaced by the Revoke-MgU...

Read Article →

Bicep: Dynamic naming technique

October 03, 2024 by Robbe Van den Daele

security

Introduction When designing IaC modules finding the correct syntax to deploy a certain resource type is often not the hardest thing to do. What I f...

Read Article →

How to deploy Enterprise App Catalog updates with PowerShell

October 03, 2024 by Daniel Bradley

microsoft-graph intune

Learn how to manage and deploy apps updates in the Intune Enterprise App Catalog using Microsoft Graph PowerShell. The post How to deploy Enterpris...

Read Article →

SharePoint Oversharing, Governance, and Lifecycle

October 03, 2024 by Tony Redmond

sharepoint-online data-governance oversharing restricted-sharepoint-search sharepoint-advanced-management

SharePoint Advanced Management (SAM) is a $3/user/month add-on that can help Microsoft 365 tenants manage problems like oversharing, data governanc...

Read Article →

Making Sure that Outlook Puts Deleted Items in the Right Place

October 02, 2024 by Tony Redmond

outlook delegatewastebasketstyle moving-deleted-items shared-mailboxes

The Outlook (classic) client has a registry setting to control moving deleted items from a shared mailbox. The new Outlook for Windows client doesn...

Read Article →

Cyber Back to School

October 01, 2024 by Robbe Van den Daele

defender sentinel

I spoke together with my colleague Thijs Lecomte at Cyber back to School, where we recorded our session on how to architect a SOC on top of Microso...

Read Article →

Office 365 for IT Pros October 2024 Update

October 01, 2024 by Tony Redmond

book

The Office 365 for IT Pros team is delighted to announce the availability of monthly update #112. Subscribers for the 2025 edition can now download...

Read Article →

Windows 11 24H2 released with Windows LAPS improvements

October 01, 2024 by Daniel Bradley

main

Windows 24H2 has been released with improvements to Windows LAPS, including new automatic account management features. The post Windows 11 24H2 rel...

Read Article →

Accessing Online Archives with Outlook Mobile

September 30, 2024 by Tony Redmond

outlook-mobile archive-mailboxes online-archive

Following a change made to Microsoft Synchronization Technology to support the new Outlook for Windows, Outlook mobile supports access to archive m...

Read Article →

Report Enterprise App Catalog Updates in Intune with PowerShell

September 30, 2024 by Daniel Bradley

microsoft-graph intune

Learn how to use PowerShell to report available Enterprise App Catalog updates in Microsoft Intune with Microsoft Graph PowerShell. The post Report...

Read Article →

Microsoft Graph PowerShell Book

September 29, 2024 by Daniel Bradley

microsoft-graph book

Get the Microsoft Graph PowerShell book and learn to master managing your Microsoft tenant with Microsoft Graph PowerShell. The post Microsoft Grap...

Read Article →

TEC 2024 Rolls Into Dallas

September 27, 2024 by Tony Redmond

microsoft-365 tec-2024

TEC 2024 (aka "The Experts Conference") takes place on Oct 1-2 at the Loews Arlington Hotel. TEC is a great conference for many reasons, notably th...

Read Article →

Understanding Microsoft Entra Licensing With Multiple Tenants

September 27, 2024 by Daniel Bradley

entra-id

Understand the one-person, one-license philosophy for when users need to be assigned Microsoft Entra licenses in multiple tenant scenarios. The pos...

Read Article →

Azug @ Noest

September 26, 2024 by Robbe Van den Daele

azure entra-id identity

At a recent community event, I presented a deep dive into various authentication flows in Entra Id, showcasing how to retrieve an ARC server from a...

Read Article →

No Practical Way to Disable OneDrive for Business

September 26, 2024 by Tony Redmond

onedrive-for-business disable-ondrive-for-business disable-onedrive

Some organizations want to disable OneDrive for Business to force people to use SharePoint Online. This might have been possible in the past. It is...

Read Article →

Troubleshooting Intune Enrollment: Solving the 0x80180031 MDM Not Configured Error

September 26, 2024 by rudyooms

device-enrollment intune

In this blog, we’ll dive into the common headache of enrolling existing devices to Intune and hitting the 0x80180031 error, often caused by the fac...

Read Article →

DLP Policy Tips Get New Premium Conditions

September 25, 2024 by Tony Redmond

compliance data-loss-prevention dlp-policy-conditions dlp-policy-tips

MC894577 announces that DLP policy tips displayed in Outlook will soon support a set of new conditions. That's good, but the text of the announceme...

Read Article →

Import and Export Automation rules for Microsoft Sentinel – Unified SOC Platform

September 24, 2024 by Michael Morten Sonne

automation sentinel security

Last Updated on January 21, 2025 by Michael Morten Sonne Intoduction Microsoft Sentinel, a security information and event… The post Import an...

Read Article →

Installing the Entire Microsoft Graph PowerShell SDK Seems Like the Right Idea

September 24, 2024 by Tony Redmond

microsoft-graph powershell microsoft-graph-powershell-sdk

An article described some benefits that could be gained from not installing the complete Microsoft Graph PowerShell SDK. The question is whether th...

Read Article →

SecureChannelFailure Errors, and the Curious Case of the Failing IME

September 24, 2024 by rudyooms

device-enrollment intune

Have you ever struggled with Lenovo T480 or HP Elitedesk 800 G4 devices that refused to cooperate with Intune? In this blog, we unravel the saga of...

Read Article →

How to Add Contacts to User Mailboxes From a CSV File

September 23, 2024 by Tony Redmond

exchange-online powershell import-contacts-into-mailboxes

A recent script demonstrated how to import contacts into user mailboxes using a list in a SharePoint site as the source. With a quick change, a CSV...

Read Article →

Introducing Azure DevOps Backup Tool 1.1.1.0: Update with new features and bug fixes!

September 22, 2024 by Michael Morten Sonne

azure-devops backup code-repository my-tools software

Last Updated on June 21, 2025 by Michael Morten Sonne Introduction I’m thrilled to announce the latest release… The post Introducing Az...

Read Article →

How Outlook Suppresses Duplicate Contacts (or Not…)

September 20, 2024 by Tony Redmond

outlook duplicate-contacts get-mgusercontact mc835643

The new Outlook for Windows and OWA now can suppress duplicate contacts. This means duplicate contacts are hidden, not removed. Tests reveal that d...

Read Article →

AI Revolution in Cybersecurity: Will It Replace or Redefine Them?

September 19, 2024 by Ankit Gupta

security

Copyright © 2025 Microsoft Security - All Rights Reserved.

Read Article →

Get-Mailbox Versus Get-ExoMailbox

September 19, 2024 by Tony Redmond

exchange-online get-exomailbox get-mailbox powershell-performance

Microsoft's advice is to use the Get-ExoMailbox cmdlet instead of its older Get-Mailbox counterpart. Generally, this is good advice that you should...

Read Article →

Windows Service Monitoring at Scale using Cloud Native Azure Components

September 19, 2024 by Morten Knudsen

ama automation azure azure-arc azure-data-collection-rules

Recently, I was challenged to build a scalable, cloud native solution that should be used for monitoring of critical Windows ... Read more

Read Article →

Understanding ConsistencyLevel Eventual with Microsoft Graph PowerShell

September 18, 2024 by Daniel Bradley

microsoft-graph

Understand the difference between eventual and session consistency when writing and reading changes with Microsoft Graph PowerShell. The post Under...

Read Article →

Using the Get-RecoverableItems Cmdlet to Report Recoverable Items

September 18, 2024 by Tony Redmond

exchange-online get-recoverableitems recoverable-items restore-recoverableitems

Sometimes you don't need the full-fledged Graph API to report details of items in Recoverable Items and the Get-RecoverableItems cmdlet can do the ...

Read Article →

How to Report the Information Stored in Recoverable Items

September 17, 2024 by Tony Redmond

ediscovery mailboxes microsoft-graph get-mgusermailfolder get-mgusermailfolderchildfolder

This article explains how to use the Microsoft Graph PowerShell SDK to report Recoverable Items in a form that is usable for eDiscovery investigato...

Read Article →

Register Yubikeys on behalf of your users with Microsoft Entra ID FIDO2 provisioning APIs

September 17, 2024 by Jan Bakker

entra-id security

Check out this article via web browser: Register Yubikeys on behalf of your users with Microsoft Entra ID FIDO2 provisioning APIs Microsoft recentl...

Read Article →

The New Entra ID Photo Update Settings Policy for User Profile Photos

September 16, 2024 by Tony Redmond

microsoft-365 entra-id microsoft-graph photo-settings-policy photo-update-settings-policy

A new Entra ID photo update settings policy aims to cure the mish-mash of existing settings controlling how user profile photos are updated in Micr...

Read Article →

Deep Dive SSO in Entra Private Access

September 14, 2024 by Christopher Brumm

entra-id security conditional-access

A few days ago, Microsoft announced that Global Secure Access is now generally available. Since I have been working with the product for some time ...

Read Article →

Optimize Costs using Auxiliary Logs for Verbose Logging

September 14, 2024 by Morten Knudsen

ama azure azure-loganalytics azure-logging azure-monitor-agent

Today, we use logging for many purposes including security hunting with SIEM (Sentinel), troubleshooting, performance telemetry, compliance reporti...

Read Article →

Troubleshooting & Monitoring of Log Ingestion with Data Collection Rules

September 14, 2024 by Morten Knudsen

ama azure azure-data-collection-rules azure-data-ingestion-pipeline azure-log-ingestion-api

As I have outlined in the series of blogs, Azure Logging is based on Data Collection Rules (DCRs) and Azure ... Read more

Read Article →

Copilot Usage Report APIs Available

September 13, 2024 by Tony Redmond

graph-api microsoft-graph copilot-for-microsoft-365 copilot-usage-reports microsoft-365-copilot

In MC877369, Microsoft announced the availability of three Copilot usage reports in the Graph usage reports API to track usage of Copilot for Micro...

Read Article →

Speaking at the Workplace Ninja Summit 2024

September 13, 2024 by Kenneth Van Surksum

entra-id conditional-access entra-id identity-protection intune

Next week it’s time again for the annual Workplace Ninja Summit in Lucerne, Switzerland. The summit will start on Monday September 16th till ...

Read Article →

The Subscription Activation Journey: Stuck on Pro

September 13, 2024 by rudyooms

intune subscription-activation

The May update broke Windows Subscription Activation, causing devices to drop from Enterprise to Pro. The primary culprit was a breakdown in Multi-...

Read Article →

Microsoft 365 Licensing Report Script V1.94

September 12, 2024 by Tony Redmond

administration public-folders detailed-licensing-report expired-subscriptions microsoft-365-licensing-report

The Microsoft 365 Licensing Report PowerShell script has been upgraded to generate detailed license information and to deal with expired license su...

Read Article →

Automatic Hiding of Teams Channels Continues

September 11, 2024 by Tony Redmond

teams automatic-hiding-of-teams-channels hide-inactive-channels suppress-channel-notifications

The Teams feature to hide inactive channels is now fully rolled out. Another recent change suppresses notifications from hidden channels, and this ...

Read Article →

Configure File Integrity Monitoring (FIM) using Defender for Endpoint

September 11, 2024 by Jeffrey Appel

security defender-for-cloud defender-for-endpoint

Previously the File Integrity Monitoring (FIM) feature in Defender for Server P2 was based on the MMA and/or Azure Monitor Agent. Since the MMA age...

Read Article →

Microsoft 365 Admin Center to Support Continuous Access Evaluation

September 10, 2024 by Tony Redmond

administration cae continuous-access-evaluation microsoft-365-admin-center

The Microsoft 365 admin center will support continuous access evaluation (CAE) from September 2024 to help revoke access from accounts more quickly...

Read Article →

Use Cases For Sentinel Summary Rules

September 10, 2024 by Bert-Jan Pals

security sentinel

Microsoft has announced a new Sentinel feature: Summary Rules. Those rules are aimed at aggregating large sets of data in the background for a smoo...

Read Article →

Exploring the Microsoft Sentinel Codeless Connector Platform (CCP)

September 09, 2024 by Tim Groothuis

security azure sentinel microsoft-sentinel data-connectors

There are many different ways of getting your security data into Microsoft Sentinel: You can use agent based software, play around with Diagnostic ...

Read Article →

Purview eDiscovery’s Big Makeover

September 09, 2024 by Tony Redmond

compliance content-search ediscovery-premium ediscovery-standard microsoft-purview-portal

eDiscovery is a calling best left to skilled investigators. But Microsoft 365 administrators need to know how to search and how the new Purview eDi...

Read Article →

Deep Dive DNS in Entra Private Access

September 07, 2024 by Christopher Brumm

entra-id security conditional-access

A few days ago, Microsoft announced that Global Secure Access is now generally available. Since I have been working with the product for some time ...

Read Article →

“No Internet access” on Azure VM in new VNET Subnet

September 07, 2024 by Morten Knudsen

uncategorized

Struggling to get internet access from a newly deployed VM in Azure on a new subnet, then check if VM ... Read more

Read Article →

Using Guest Accounts to Bypass the Teams Meeting Lobby

September 06, 2024 by Tony Redmond

teams change-account-to-attend-a-teams-meeting guest-account-required-to-bypass-lobby

One of the things that vexes me is the need to change account to attend a Teams meeting. I forget this all the time and end up with unexpected wait...

Read Article →

Copilot’s Automatic Summary for Word Documents

September 05, 2024 by Tony Redmond

microsoft-365-copilot automatic-document-summary copilot-for-microsoft-365 copilot-for-word copilot-pro

The automatic document summary feature for Word duly turned up and Copilot for Microsoft 365 has been busy generating summaries ever since. The fea...

Read Article →

Cloud PCs? Where we’re going we don’t need Device Query and Support Approved?

September 04, 2024 by rudyooms

device-query epm intune

Are you using a nice Windows 365 Cloud PC and want to use kickass Intune Suite features like Device Query or EPM Support Approved? If you’re ...

Read Article →

Teams Improves Text Pasting and Mic Pending

September 04, 2024 by Tony Redmond

teams teams-mic-mute teams-mic-unmute teams-pasted-text

Thankfully, Teams pasted text no longer contains a timestamp and the author's name. The change is effective worldwide and addresses a longstanding ...

Read Article →

Transferring Reusable PowerShell Objects Between Microsoft 365 Tenants

September 03, 2024 by Tony Redmond

microsoft-graph powershell tojsonstring

People often need to transfer objects or code between Microsoft 365 tenants. When it comes to dealing with objects, the Microsoft Graph PowerShell ...

Read Article →

Mastering the MFA Mandate: Considerations and Recommendations for a Smooth Transition

September 02, 2024 by Nathan Hutchinson

entra-id conditional-access managed-identities

Prepare for Microsoft’s mandatory MFA with practical tips on securing accounts, migrating services, and optimizing Conditional Access.

Read Article →

Office 365 for IT Pros September 2024 Update

September 02, 2024 by Tony Redmond

book office-365-for-it-pros-2025-edition

Files are available to download for the September 2024 update for the Office 365 for IT Pros (2025 edition) eBook. This is monthly update #111 for ...

Read Article →

Speaking at the Cloud Identity Summit 2024 on Thursday September 5th

September 02, 2024 by Kenneth Van Surksum

conditional-access entra-id presentations speaking

This Thursday, I will visit and speak at the Cloud Identity Summit in Cologne, Germany. The Cloud Identity Summit is organized by Thomas Naunheim, ...

Read Article →

Detect Impact MFA Enforcement

August 31, 2024 by Morten Knudsen

azure entra-id identity microsoft-graph microsoft-security

You may have noticed that Microsoft will enforce MFA requirement per October 15, 2024 for Azure/Entra/Intune. If this is new ... Read more

Read Article →

Microsoft Withdraws Copilot Catch Up Feature

August 30, 2024 by Tony Redmond

microsoft-365 copilot-catch-up copilot-for-microsoft-365

After reaching 50% deployment and on track to general availability, Microsoft decided to withdraw the Copilot catch up feature. Catch up shows a se...

Read Article →

Mrs. Resource Performance, you’re trying to seduce me with your CPU Spike. Aren’t you?

August 30, 2024 by rudyooms

intune

Two powerful features have been introduced in the latest update to Microsoft Intune Advanced Analytics: CPU Spike and Memory Spike monitoring. We c...

Read Article →

PnP PowerShell Changes Its Entra ID App

August 29, 2024 by Tony Redmond

powershell sharepoint-online change-in-pnp-powershell-app pnp-powershell

On August 21, 2024, news emerged that the PnP PowerShell module will transition from using a multi-tenant Entra ID app to a tenant-specific app. Th...

Read Article →

The Lakehouse of EPM: Easily Create EPM Elevation Rules based on the Elevation Requests

August 29, 2024 by rudyooms

epm intune

Create EPM Elevation Rules in just a few seconds. It sounds like a dream, right? As IT professionals, we’re always on the lookout for ways to...

Read Article →

Microsoft Defender for Identity – Expands support to servers with Microsoft Entra Connect

August 28, 2024 by Michael Morten Sonne

active-directory attackscompromise entra-id entra-id-connect identity

Last Updated on June 2, 2025 by Michael Morten Sonne Intoduction What is Microsoft Defender for Identity Microsoft… The post Microsoft Defend...

Read Article →

Why Entra ID can Restore Some Types of Deleted Groups and Not Others

August 28, 2024 by Tony Redmond

exchange-online microsoft-365-groups entra-id restore-deleted-distribution-lists restore-deleted-groups

The ability to restore deleted groups only covers Microsoft 365 groups. That's an odd situation to be in given the different types of groups in Mic...

Read Article →

FooUser@ meets the Cosmic Autopilot@ user

August 27, 2024 by rudyooms

autopilot device-enrollment intune

This blog will be about me wrecking a Windows device during Autopilot Pre-Provisioning to see what is happening underneath. While doing so, I stumb...

Read Article →

The Problem with Scoped Audit Log Searches

August 27, 2024 by Tony Redmond

administration scope-microsoft-purview-audit-log-search scoped-audit-log-searches search-unifiedauditlog

Microsoft Purview and the Exchange Online Search-UnifiedAuditLog cmdlet both perform searches of the Microsoft 365 unified audit log. Both mechanis...

Read Article →

Finding Non-Compliant Shared Mailboxes

August 26, 2024 by Tony Redmond

exchange-online get-mgauditlogsignin licensing log-into-shared-mailbox shared-mailboxes

Shared mailboxes have Entra ID accounts. No one needs to sign into the accounts because Exchange Online manages connections using mailbox permissio...

Read Article →

Microsoft Purview Series - Part 3

August 26, 2024 by Ankit Gupta

security

Copyright © 2025 Microsoft Security - All Rights Reserved.

Read Article →

Security Monitoring - Threat Modeling and Data Sources

August 24, 2024 by Truls Dahlsveen

security

One of the most misunderstood aspects of security monitoring is determining what data sources to use for what purpose. In this post, we will go thr...

Read Article →

Teams External Domain Activity Report Gets a Refresh

August 23, 2024 by Tony Redmond

teams advanced-collaboration-analytics collaboration-activity-dashboard external-domain-activity-report teams-analytics

Microsoft says that they plan to refresh the Teams external domain activity report from September 2024. But access to the report requires a Teams P...

Read Article →

You always trust your CSP - Cross Tenant MFA and GDAP

August 23, 2024 by Author

entra-id mfa

Entra ID Multifactor Authentication is on everyone’s mind, as Microsoft will enforce the usage of MFA for most of the Admin portals starting ...

Read Article →

Best practice for emergency access accounts in Microsoft Entra

August 22, 2024 by Daniel Bradley

entra-id

Follow best practice to configure your emergency access accounts in Microsoft Entra to ensure you always can access them securely. The post Best pr...

Read Article →

Evolving Subscription Activation: From Workarounds to a Robust Solution

August 22, 2024 by rudyooms

intune subscription-activation

Microsoft has continuously refined how Windows handles Subscription Activation, particularly in environments with strict Conditional Access policie...

Read Article →

Report Detailing Unlicensed OneDrive for Business Accounts Available

August 22, 2024 by Tony Redmond

onedrive-for-business sharepoint-online unlicensed-onedrive-account-report unlicensed-onedrive-accounts

Microsoft announced their plan to charge for unlicensed OneDrive for Business accounts in July. Now we have an unlicensed OneDrive accounts report ...

Read Article →

The Benefits of Rationalizing License Management in the Microsoft 365 Admin Center

August 21, 2024 by Tony Redmond

administration license-management microsoft-365-license-management mscommerce-powershell-module

The decision to rationalize license management in the Microsoft 365 admin center wasn't popular but the signs are that it could deliver benefits to...

Read Article →

Reporting Entra ID Administrative Role Assignments

August 20, 2024 by Tony Redmond

entra-id administrative-role-assignments get-mgbetarolemanagementdirectoryroleassignmentschedule get-mgbetarolemanagementdirectoryroleeligibilityschedule pim

A recent report highlighted the problem of on-premises accounts synchronized to Entra ID that receive administrative role assignments. This article...

Read Article →

Mandatory MFA Requirement for Access to Azure Sites and Tools

August 19, 2024 by Tony Redmond

administration azure azure-cli azure-mfa-requirement azure-portal

Microsoft's project to impose a mandatory MFA requirement for access to Azure management tools and sites will start enforcement on or after October...

Read Article →

All you need to know about the mandatory multifactor authentication for Azure and other administration portals

August 18, 2024 by Jan Bakker

entra-id security

Check out this article via web browser: All you need to know about the mandatory multifactor authentication for Azure and other administration port...

Read Article →

Security Monitoring Antipatterns

August 18, 2024 by Truls Dahlsveen

security

A little bit of a deconstruction of some antipatterns in Security Operations - Welcome back to another post - this time we are talking about antipa...

Read Article →

Microsoft Copilot to Get Enterprise Data Protection

August 16, 2024 by Tony Redmond

administration edp enterprise-data-protection microsoft-copilot

The August 15 announcement that Microsoft Copilot (the version that doesn’t use the Graph) will benefit from enterprise data protection from Septem...

Read Article →

WINDOWS SERVER AUG2024 PATCH ISSUES | KB5041578

August 16, 2024 by Morten Knudsen

microsoftsecurityupdates

I have seen big problems with KB5041578 on Windows 2019 causing disk i/o issues with massive writes to c:\windows\catroot2\edb.log. In ... Read more

Read Article →

Adding Graph API permissions to Managed Identities

August 15, 2024 by Truls Dahlsveen

entra-id identity

Making a little note of this in Graph API so it's easy to find for using it - In this post, we will go over how to simply add a Graph API permissio...

Read Article →

Microsoft Defender for Identity – How to manually remove a malfunctioning sensor that can’t be installed, uninstalled or removed

August 15, 2024 by Michael Morten Sonne

active-directory attackscompromise automation identity defender-for-identity

Last Updated on September 28, 2024 by Michael Morten Sonne Introduction Microsoft Defender for Identity (MDI) is designed… The post Microsoft...

Read Article →

Switching Microsoft 365 Data Report Privacy On and Off

August 15, 2024 by Tony Redmond

administration microsoft-365 microsoft-graph adminsettings-api microsoft-365-backup

The Usage Reports Graph API is now generally available, which means that it's fully supported. In other news, a Graph API is available for Microsof...

Read Article →

Handling the Too Many Retries Error and Dealing with Odd Numbers of Audit Events

August 14, 2024 by Tony Redmond

microsoft-graph powershell auditlog-query-graph-api get-mgbetasecurityauditlogquery get-mgbetasecurityauditlogqueryrecord

The AuditLog Query Graph API remains in beta status but cmdlets are now available in the Microsoft Graph PowerShell SDK. This led to some oddities ...

Read Article →

How to check your tenants Entra license plan with PowerShell

August 14, 2024 by Daniel Bradley

entra-id microsoft-graph

Learn how to check the license plan level of a Microsoft Entra tenant using the Microsoft Graph PowerShell SDK. The post How to check your tenants ...

Read Article →

Comparing Microsoft Cloud Email Services

August 13, 2024 by Tony Redmond

azure exchange-online microsoft-365 ecs email-collaboration-service

HVE and ECS are two competing Microsoft Cloud Email Services. At least, they seem to compete. In reality, HVE and ECS serve different target audien...

Read Article →

A Deep Dive into Microsoft's SSE Solution - Part 1

August 12, 2024 by Ankit Gupta

security

Copyright © 2025 Microsoft Security - All Rights Reserved.

Read Article →

Handling Online Teams Meetings Organized by Ex-Employees

August 12, 2024 by Tony Redmond

teams ex-employee teams-meeting-organizer teams-online-meeting

When someone leaves a Microsoft 365 organization, the possibility exists that they leave some active Teams online meetings dangling behind them. Wh...

Read Article →

Demystifying New Azure Monitor Auxiliary Logs Plan

August 10, 2024 by Ankit Gupta

azure

Copyright © 2025 Microsoft Security - All Rights Reserved.

Read Article →

Introducing Azure DevOps Backup Tool 1.1.0.0: Major update with new features, bug fixes and enhanced security!

August 10, 2024 by Michael Morten Sonne

azure-devops backup code-repository my-tools software

Last Updated on September 24, 2024 by Michael Morten Sonne Introduction I’m thrilled to announce the latest release… The post Introduci...

Read Article →

Microsoft 365 Admin Center to Take Over License Assignments

August 09, 2024 by Tony Redmond

administration microsoft-365 entra-admin-center license-assignment microsoft-365-admin-center

Microsoft is removing license assignments from the Entra admin center. From Sept 1, new license assignments are done in the Microsoft 365 admin cen...

Read Article →

How to List Details of Teams Apps

August 08, 2024 by Tony Redmond

teams get-mgappcatalogteamapp get-teamsapp teams-app-catalog teams-apps

A question asked about filtering Teams apps based on their blocked status. The Teams admin center doesn't support this kind of filter and getting d...

Read Article →

Microsoft to reduce permissions on Directory Synchronization Accounts

August 08, 2024 by Daniel Bradley

entra-id

Microsoft are reducing the effective permissions on Directory Synchronization Accounts in Microsoft Entra, learn more about it now. The post Micros...

Read Article →

Dealing with Teams Chat Messages When People Leave

August 07, 2024 by Tony Redmond

administration teams compliance-records teams-chat-messages

Tenant administrators know that they need to deal with mailboxes and OneDrive accounts when people leave, but what about Teams chat messages? Or ra...

Read Article →

Global Secure Access in Conditional Access

August 06, 2024 by Christopher Brumm

entra-id security conditional-access

A few days ago, Microsoft announced that Global Secure Access is now generally available. Since I have been working with the product for some time ...

Read Article →

Keep your Interactive Logons close, but your EPM Virtual Account closer.

August 06, 2024 by rudyooms

epm intune

In this blog, I will show you why existing GPO policies could potentially break new products like Intune Endpoint Privilege Management (EPM). I wil...

Read Article →

Teams Tightens Access Controls for Meeting Recordings and Transcripts

August 06, 2024 by Tony Redmond

teams participant-consent sharepoint-block-download-policy teams-meeting-transcripts

Teams meeting transcripts are enormously helpful and are used by many features, including Copilot for Microsoft 365. Access to transcript files nee...

Read Article →

How to check for a healthy Defender for Endpoint environment?

August 05, 2024 by Jeffrey Appel

security defender-for-endpoint defender-xdr

When using Defender for Endpoint it is important to make sure the agent are healthy. I performed many reviews/ configurations in the past years and...

Read Article →

MDM vs. MAM | Personal vs. Corporate

August 05, 2024 by rudyooms

device-enrollment intune

In our previous blog, we explored how to register devices with Entra and manage them, despite certain prerequisites for using Intune. In this blog,...

Read Article →

Microsoft Quashes Bad Habit of Sending Passwords in Email

August 05, 2024 by Tony Redmond

administration microsoft-365 send-password-in-email

MC837081 announces that the Microsoft 365 admin center is to lose its ability to send password in email after updating a user account. It’s the rig...

Read Article →

Identify minimum graph permissions for scripts with the Dev Proxy

August 02, 2024 by Daniel Bradley

microsoft-graph powershell

Learn how to use the Microsoft Graph Developer Proxy to find minimum permissions for your Microsoft Graph PowerShell scripts. The post Identify min...

Read Article →

Microsoft Cloud Revenues Keep on Growing

August 02, 2024 by Tony Redmond

microsoft-365 microsoft-fy24-q4-results office-365-user-number teams-user-number

The Microsoft FY24 Q4 results delivered solid growth in Microsoft Cloud revenues. No new numbers were given for Office 365 or Teams users, possibly...

Read Article →

How to secure OAuth apps with App Governance in Defender XDR

August 01, 2024 by Jeffrey Appel

security app-governance defender-for-cloud-apps

OAuth apps are still an important target for attackers to misuse in organizations. Since the MFA baseline is improved with number matching and addi...

Read Article →

Identify and prevent abuse of Managed Identities with Federated Credentials from unauthorized entities

August 01, 2024 by Thomas Naunheim

entra-id entra-id entra-id workload-id azure

In this article, I would like to point out options to identify, monitor and avoid persistent access on Managed Identities privileges by adding fede...

Read Article →

Office 365 for IT Pros August 2024 Update

August 01, 2024 by Tony Redmond

book automating-microsoft-365-with-powershell office-365-for-it-pros

The first update for Office 365 for IT Pros (2025 edition) or monthly update #110 is now available for subscribers to download. The update covers b...

Read Article →

IsTPMAttested: The Ultimate Attestation Security Gate

July 31, 2024 by rudyooms

device-enrollment intune windows-enrollment-attestation autopilot mdmhardening

This is the fourth and, for now, last blog post in the Windows Enrollment Attestation series. In it, I will explain how the three previous blogs le...

Read Article →

Return a permanently deleted user’s sign-in info with Get-MgUser

July 31, 2024 by Daniel Bradley

entra-id microsoft-graph entra-id

Learn how to use the Get-MgUser cmdlet in Microsoft Graph PowerShell to return the ID and Sign-in information for deleted users. The post Return a ...

Read Article →

Teams App-Centric Management (ACM)

July 31, 2024 by Tony Redmond

teams app-permission-policies app-centric-management teams-acm

Teams ACM replaces app permission policies with an easier method of defining who can use Teams apps. A wizard in the Teams admin center runs a one-...

Read Article →

Microsoft to Charge for Unlicensed OneDrive for Business Accounts

July 30, 2024 by Tony Redmond

administration onedrive-for-business microsoft-365-archive unlicensed-onedrive-accounts unlicensed-onedrive-sites

Microsoft plans to archive unlicensed OneDrive sites starting in January 2025. The obsolete sites will end up in Microsoft 365 archive, from where ...

Read Article →

Overview to Global Secure Access

July 30, 2024 by Christopher Brumm

entra-id security conditional-access

A few days ago, Microsoft announced that Global Secure Access is now generally available. Since I have been working with the product for some time ...

Read Article →

Finding Managers of Users with the Microsoft Graph PowerShell SDK

July 29, 2024 by Tony Redmond

microsoft-graph powershell find-manager-for-entra-id-account microsoft-graph-powershell-sdk

The task to find manager for Entra ID accounts seems simple until you find the bunch of utility accounts created by Exchange Online that should be ...

Read Article →

Find all permissions assigned to all applications in Microsoft Entra

July 28, 2024 by Daniel Bradley

microsoft-graph

Use Microsoft Graph PowerShell to export a list of all permissions assigned to all application in Microsoft Entra. The post Find all permissions as...

Read Article →

Analyzing MDE Network Inspections

July 26, 2024 by Robbe Van den Daele

security defender

Microsoft Defender for Endpoint and Network Monitoring In November 2022, Microsoft announced they integrated the Zeek open-source network traffic a...

Read Article →

How to find settings in the Setting Catalog by custom OMA-URI

July 26, 2024 by Daniel Bradley

microsoft-graph intune

Learn how to use PowerShell to find if the Settings Catalog in Intune contains settings by the custom OMA-URI path. The post How to find settings i...

Read Article →

Saving Upgrade Ryan: How KB5040527 fixed the Subscription Activation issue!

July 26, 2024 by rudyooms

intune subscription-activation

Great news! The July Preview KB5040527 update has finally fixed the Windows subscription activation issue that plagued the upgrade from Windows 11 ...

Read Article →

The Maddening Side of the Microsoft Graph PowerShell SDK

July 26, 2024 by Tony Redmond

microsoft-graph powershell microsoft-graph-powershell-sdk pagination

All software has unique quirks, and the foibles of the Microsoft Graph PowerShell SDK are well known. But it’s much harder when the underlying foun...

Read Article →

The OneDrive for Business Problem Created When Deleting User Accounts

July 25, 2024 by Tony Redmond

onedrive-for-business delete-onedrive-for-business-account preserve-onedrive-for-business-account-data

On the surface, the work to delete OneDrive for Business accounts seems straightforward because Microsoft provides a 30-day deletion period to revi...

Read Article →

InitiateRecovery: The Power of Hardening the Intune Enrollment

July 24, 2024 by rudyooms

intune windows-enrollment-attestation mdmhardening intune

This is the third blog in the Windows Enrollment Attestation / MDM Hardening series. In it, I will examine what happens when we combine the amazing...

Read Article →

Stream Moves to Intelligent Versioning

July 24, 2024 by Tony Redmond

onedrive-for-business sharepoint-online stream stream-intelligent-versioning stream-video-versions

In a change designed to reduce the consumption of storage quota, Stream video versions are no longer being generated for non-video updates such as ...

Read Article →

Adding Cost Center Reporting to the Microsoft 365 Licensing Report

July 23, 2024 by Tony Redmond

administration powershell cost-center microsoft-365-licensing-report

The Microsoft 365 licensing report now supports a cost center analysis based on cost center values stored in an Exchange custom attribute. The new ...

Read Article →

Comparing Shared and Inactive Mailboxes for Retaining Ex-Employee Content

July 22, 2024 by Tony Redmond

administration exchange-online ex-employee-mailboxes leaver-mailboxes

Every Microsoft 365 tenant must deal with ex-employee mailboxes. The default choice is to make the mailboxes into shared mailboxes. But inactive ma...

Read Article →

Microsoft Purview Series - Part 2

July 22, 2024 by Ankit Gupta

security

Copyright © 2025 Microsoft Security - All Rights Reserved.

Read Article →

Entra Suite License Explained

July 21, 2024 by Ankit Gupta

entra-id

Copyright © 2025 Microsoft Security - All Rights Reserved.

Read Article →

How to rotate BitLocker keys with Microsoft Graph PowerShell

July 21, 2024 by Daniel Bradley

microsoft-graph intune

Learn how to rotate BitLocker keys for devices managed with Microsoft Intune using Microsoft Graph PowerShell. The post How to rotate BitLocker key...

Read Article →

Microsoft to start blocking custom OMA-URI settings in Intune

July 20, 2024 by Daniel Bradley

intune

Microsoft will soon start blocking the use of custom OMA-URI settings in Microsoft Intune for settings that existing in the settings catalogue. The...

Read Article →

CrowdStrike issue: Workarounds

July 19, 2024 by Morten Knudsen

uncategorized

From X/Twitter. Thx to @r3srch3r for summarization. Physical machine physical server VM on Hyper-V VM on AWS VM on Azure ... Read more

Read Article →

Self-Service Purchase Notifications for Tenant Administrators

July 19, 2024 by Tony Redmond

administration block-self-service-license-purchases self-service-license self-service-purchases

I dislike the Microsoft 365 self-service purchase mechanism and disable it in any tenant where I can. Global and Billing administrators for tenants...

Read Article →

All the Intune MDM Certificate Recovery We Cannot See

July 18, 2024 by rudyooms

intune windows-enrollment-attestation intune

This blog will be the second one in the Windows Enrollment Attestation Series!! And let me promise you one thing!!! The words rabbit hole will get ...

Read Article →

Exchange Online Previews Inbound SMTP DANE with DNSSEC

July 18, 2024 by Tony Redmond

exchange-online dane-with-dnssec inbound-smtp-dane-with-dnssec

On July 17, Microsoft announced the public preview of inbound SMTP DANE with DNSSEC for Exchange Online, a welcome step forward to improve messagin...

Read Article →

SignToolGUI – A new tool is here for your digital signing experience – Now public!

July 18, 2024 by Michael Morten Sonne

code-repository cool-tools github security software

Last Updated on September 29, 2024 by Michael Morten Sonne Introduction In today’s fast-paced digital world, ensuring the… The post Sig...

Read Article →

How to delete Cloud PKI CAs in Microsoft Intune

July 17, 2024 by Daniel Bradley

microsoft-graph intune

Learn how to delete Microsoft Cloud PKIs in Microsoft Intune using the portal and Microsoft Graph PowerShell. The post How to delete Cloud PKI CAs ...

Read Article →

MDM x TPM: The MDM Hardening

July 17, 2024 by rudyooms

intune windows-enrollment-attestation hardening mdm intune

This blog will be the first one in the Windows Enrollment Attestation / MDM Hardening series. In it, I will take a closer look at a beautiful funct...

Read Article →

Team Owners Can Rename the General Channel

July 17, 2024 by Tony Redmond

microsoft-365 teams rename-general-channel

In what seems to be a small change, team owners can rename general channels (naturally with 'meaningful names.' The change is more important than i...

Read Article →

Monitoring Updates to Sensitivity Label Policies and Labels

July 16, 2024 by Tony Redmond

administration monitor-changes-to-sensitivity-labels sensitivity-label-policies

A reader wanted to know why the Purview Compliance portal doesn't show who last updated sensitivity label policies. The reason why is unclear, but ...

Read Article →

Windows Enrollment Attestation 76: MDM Hardening

July 16, 2024 by rudyooms

intune windows-enrollment-attestation

Welcome to our Windows Enrollment Attestation series overview. This feature is also known as MDM Hardening and MDM Device Attestation. In this blog...

Read Article →

Azure Arc – Windows Admin Center – Cant connect with error: Couldn´t get server data, ajax error

July 15, 2024 by Michael Morten Sonne

azure azure-arc cool-tools kb windows

Last Updated on January 21, 2025 by Michael Morten Sonne Introduction If you’re encountering this error message in… The post Azure Arc ...

Read Article →

Upgrading the Teams and Groups Activity Report to 6.0

July 15, 2024 by Tony Redmond

administration microsoft-graph powershell inactive-groups inactive-teams

The Teams and Groups activity report is a popular script that helps administrators identify inactive teams and groups within a Microsoft 365 tenant...

Read Article →

Entra ID – Global Secure Access – Now Generally Available!

July 14, 2024 by Michael Morten Sonne

attackscompromise entra-id global-secure-access identity security

Last Updated on December 18, 2024 by Michael Morten Sonne Introduction Yes – now its announce that the… The post Entra ID – Global Secu...

Read Article →

Conditional Access Staged Rollout settings

July 12, 2024 by Daniel Bradley

entra-id

A new status filter named 'Staged rollout' has appeared in the Conditional Access portal of Microsoft Entra recently, so what is it? The post Condi...

Read Article →

Outlook Mobile Continues to Set the Standard for Microsoft 365 Email Mobility

July 12, 2024 by Tony Redmond

outlook outlook-mobile contact-editor eas exchange-activesync

It's common to be asked which is the best mobile email client for Exchange Online. My view is that Outlook Mobile is the only client to use (if pos...

Read Article →

The Right Way to Replace the Remove-SPOExternalUser Cmdlet

July 11, 2024 by Tony Redmond

powershell sharepoint-online remove-entrauser remove-mguser remove-spoexternaluser

Microsoft says they will remove the Remove-SPOExternalUser cmdlet starting July 29. They recommend using Remove-AzureADUser as a replacement. It's ...

Read Article →

Introducing Azure DevOps Backup Tool 1.0.5.9: Enhanced security, optimization and bug fixes!

July 10, 2024 by Michael Morten Sonne

azure-devops backup code-repository my-tools software

Last Updated on July 10, 2024 by Michael Morten Sonne Intoduction I’m thrilled to announce the latest release… The post Introducing Azu...

Read Article →

Office Connectors Retirement for Teams

July 10, 2024 by Tony Redmond

teams get-mgteaminstalledapp office-365-connectors office-connectors

In June, Microsoft retired Office Connectors for SharePoint Online and Microsoft 365 Groups. Starting on August 15, they're retiring connectors for...

Read Article →

Configuring Outlook DLP Policy Pop-Ups for Sensitive Content

July 09, 2024 by Tony Redmond

data-loss-prevention outlook dlp-policy-check outlook-pop-up-message

A cloud policy setting enables a delay for evaluating message content and allows Outlook DLP Policy Tips to be displayed after detection of a polic...

Read Article →

Die Hard with a UTC: Fixing Autopilot Device Preparation

July 09, 2024 by rudyooms

autopilot intune

Enrolling devices into Windows Autopilot Device Preparation should be straightforward, but sometimes, unexpected issues require a deeper dive into ...

Read Article →

5 Years On - The Microsoft Sentinel Experience

July 08, 2024 by Truls Dahlsveen

azure sentinel

Around 5 years ago, Microsoft announced the general availability of Azure Sentinel. This post aims to assess how far we along we have come - the go...

Read Article →

Find lateral movement paths using KQL Graph semantics

July 08, 2024 by Author

defender

Graph databases offer great insights into existing data, that relational databases cannot or can only solve with more resources. Tools that leverag...

Read Article →

How to filter users with Extension Attributes using Microsoft Graph

July 08, 2024 by Daniel Bradley

microsoft-graph

Learn how to use Extension Attributes in Microsoft Entra to filter users based on the extension property using Microsoft Graph. The post How to fil...

Read Article →

Outlook Mobile Introduces Synchronization Window

July 08, 2024 by Tony Redmond

outlook-mobile outlook-mobile-synchronization synchronization-window

A new Outlook Mobile synchronization setting allows users to select a window of between 1 and 90 days to download copies of email and attachments. ...

Read Article →

Reflecting on a remarkable first half of the year 2024! ✨

July 07, 2024 by Michael Morten Sonne

community general microsoft mvp-award

Last Updated on September 24, 2024 by Michael Morten Sonne Intoduction As we cross the midpoint of 2024,… The post Reflecting on a remarkable...

Read Article →

New Policy to Disable Some In-Product Messages in Teams

July 05, 2024 by Tony Redmond

teams in-product-ads in-product-messages

In a welcome update, the Teams development group have provided a new policy setting to control the display of some in-product messages in Teams cli...

Read Article →

All SharePoint Online Sharing Links Now Support Expiration Dates

July 04, 2024 by Tony Redmond

onedrive-for-business sharepoint-online expiration-dates setting-expiration-date-for-a-sharing-link sharing-links-expiration

A very useful update to support sharing links expiration for all link types used by SharePoint Online and OneDrive for Business is now rolling out ...

Read Article →

EPM Error 0x8007010B: The Debugging Game

July 03, 2024 by rudyooms

epm intune

In this blog, I will examine a funny 0x8007010B error that Endpoint Privilege Management (EPM) could give you when you try to elevate the CMD using...

Read Article →

Teams to Begin Automatically Hiding Inactive Channels

July 03, 2024 by Tony Redmond

microsoft-365 teams channel-clean-up inactive-channels

From mid-July 2024, Teams will begin hiding inactive channels for users. The inactive channels can be unhidden, and users can opt out of the automa...

Read Article →

Temporary exclusions for Conditional Access using PIM for Groups

July 03, 2024 by Jan Bakker

entra-id security

Check out this article via web browser: Temporary exclusions for Conditional Access using PIM for Groups Conditional Access include and exclude gro...

Read Article →

Introducing the Microsoft Entra Suite license

July 02, 2024 by Daniel Bradley

entra-id

Find out about the new Microsoft Entra Suite licensing which includes step-up features from the Microsoft 365 E5 license, including verified ID, ID...

Read Article →

Prevent Conditional Access bypass with Restricted Management Administrative Units in Entra ID

July 02, 2024 by Jan Bakker

entra-id security

Check out this article via web browser: Prevent Conditional Access bypass with Restricted Management Administrative Units in Entra ID Bypassing Con...

Read Article →

Using Company-wide Sharing Links with Copilot for Microsoft 365

July 02, 2024 by Tony Redmond

information-governance microsoft-365-copilot sharepoint-online company-wide-links sharing-links

Some folks wonder why they can't use documents shared with them using company-wide links with Copilot for Microsoft 365. As it turns out, the answe...

Read Article →

Office 365 for IT Pros 2025 Edition is Now Available

July 01, 2024 by Tony Redmond

book microsoft-365 best-office-365-book office-365-for-it-pros-2025-edition

Office 365 for IT Pros 2025 edition, the 11th edition of the most comprehensive and in-depth book covering the Microsoft 365 Office servers, is now...

Read Article →

Veeam Backup M365 – Exchange Online backup fails with error: Failed to get folder properties. Not allowed to access non IPM folder

June 29, 2024 by Michael Morten Sonne

backup exchange-online microsoft-365 security veeam

Last Updated on September 24, 2024 by Michael Morten Sonne Intoduction This blog post is about an issue… The post Veeam Backup M365 – Exchang...

Read Article →

Teams Chat Gets the Shared Tab

June 28, 2024 by Tony Redmond

teams files-tab shared-tab teams-chat

The old Files tab in Teams chat is being replaced by the Shared tab. The new tab exposes both files and hyperlinks and Microsoft says that the Shar...

Read Article →

How to assess the impact of MFA enforcement in Azure

June 27, 2024 by Daniel Bradley

azure

Learn how to assess how the impact of MFA enforcement on Azure service will impact your users. The post How to assess the impact of MFA enforcement...

Read Article →

Teams to Block Federated Communications with Trial Tenants

June 27, 2024 by Tony Redmond

teams externalaccesswithtrialtenants federated-chat federated-communications get-cstenantfederationconfiguration

Microsoft is moving to block federated communications with trial Microsoft 365 tenants to cut off a potential exploitation route for attackers. The...

Read Article →

I was MSI and PS1. Nothing but Endpoint Privilege Management and a couple of file extensions

June 26, 2024 by rudyooms

epm intune

With all the new features added to Microsoft Endpoint Privilege Management (EPM), we must not forget another new and long-awaited feature. This blo...

Read Article →

T1556.009 - Detect and prevent suspicious conditional access policy modifications

June 26, 2024 by Robbe Van den Daele

entra-id conditional-access

Introduction In April 2024, MITRE came with their new V15 version of ATT&CK. In this version a new sub-technique was introduced called ‘T...

Read Article →

The Curiously Unfinished Outlook Settings API

June 26, 2024 by Tony Redmond

microsoft-graph outlook get-mgusermailboxsetting invoke-mgtranslateuserexchangeid outlook-settings-api

The Outlook settings API is a unfinished Graph API that can read and update some but not all mailbox settings. It's a pity that the API is incomple...

Read Article →

Adding Details of Authentication Methods to the Tenant Passwords and MFA Report

June 25, 2024 by Tony Redmond

administration entra-id powershell authentication-methods mfa

V1.2 of the User Passwords and MFA report includes the names of authentication methods registered for user accounts. V1.3 expands the amount of det...

Read Article →

Microsoft Graph Command Line Tools to become verified in Entra

June 25, 2024 by Daniel Bradley

microsoft-graph

Microsoft have announced that the Microsoft Graph Command Line Tools application will soon become a verified application. The post Microsoft Graph ...

Read Article →

How to find specific permissions assigned to applications in Entra

June 24, 2024 by Daniel Bradley

entra-id microsoft-graph

Learn how to find which applications in Microsoft Entra have specific permissions assigned using Microsoft Graph PowerShell. The post How to find s...

Read Article →

Outlook (Win32) Becomes Outlook (Classic)

June 24, 2024 by Tony Redmond

outlook new-outlook-for-windows outlook-classic

Microsoft has announced the formal renaming of the Win32 version of Outlook to be Outlook (classic). It's preparing for the general availability of...

Read Article →

Authorization Code Flow

June 22, 2024 by Robbe Van den Daele

security

Introduction In the past, I was always curious about the workings of Connect-AzAccount, the authentication command from the Az.Accounts PowerShell ...

Read Article →

Planner User Policy Stops Task and Plan Deletions

June 21, 2024 by Tony Redmond

graph-api microsoft-graph planner powershell remove-planner-plan

The Set-PlannerUserPolicy cmdlet allows Microsoft 365 tenant administrators stop users deleting tasks created by other users. However, an undocumen...

Read Article →

Autopilot Device Preparation and the Enrollment Time Grouping

June 20, 2024 by rudyooms

autopilot intune

This blog will focus on the importance of the Enrollment Time Group (JustIntTimeConfiguration), which is currently only used with Autopilot Device ...

Read Article →

How to onboard and getting started with Copilot for Security

June 20, 2024 by Jeffrey Appel

security defender-xdr security-copilot

Microsoft Copilot for Security is a new tool based on AI, it takes signals from various sources to use the data as additional input and research la...

Read Article →

Test Yourself: The Prelude

June 20, 2024 by Truls Dahlsveen

security defender cloud

Some tips, tricks and tools to help you get started testing your own infrastructure. This is the start, where I'll just lay out some basic principl...

Read Article →

Version 1.9 of the Microsoft 365 Licensing Report

June 20, 2024 by Tony Redmond

administration powershell costs-of-disabled-users costs-of-inactive-users licensing-cost-analysis

The Microsoft 365 Licensing Report is a popular PowerShell script that's just been updated to V1.9 with a bunch of changes to highlight different a...

Read Article →

Data Protection Made a Breeze: MDA integration in Edge for Business

June 19, 2024 by Author

security defender cloud

Microsoft Defender for Cloud Apps is one of the many puzzle pieces of the Microsoft XDR solution that helps you to secure your corporate environmen...

Read Article →

Microsoft Intune to require iOS 16 and macOS 13

June 19, 2024 by Daniel Bradley

intune

Microsoft Intune will soon require a higher version of MacOS and iOS later this year. Learn how to identify the impact in your tenant. The post Mic...

Read Article →

Microsoft Urges Consumer and Enterprise Users to Move to Newer Outlook Versions

June 19, 2024 by Tony Redmond

outlook isoptimizedforaccessibility legacy-outlook-clients legacy-outlook-versions mc801980

Microsoft wants users to upgrade from legacy Outlook clients. The biggest impact for Microsoft 365 tenants might be the loss of OWA light, but cons...

Read Article →

Working with Calendar Permissions using the Microsoft Graph PowerShell SDK

June 18, 2024 by Tony Redmond

exchange-online microsoft-graph powershell calendar-permission default-user-calendar-permission

The Set-MailboxFolderPermission cmdlet is usually used to set calendar permissions, including the permission for the default user to allow everyone...

Read Article →

Using PowerShell to Post Channel Messages with Teams Workflows

June 17, 2024 by Tony Redmond

power-automate teams incoming-webhook-connector teams-post-to-channel-workflow

The incoming webhook connector is a popular method to post information to Teams channels, but Microsoft seems set on retiring the Office connectors...

Read Article →

How to disable per-user MFA using Microsoft Graph PowerShell

June 14, 2024 by Daniel Bradley

entra-id microsoft-graph

Learn how to use Microsoft Graph PowerShell to disable per-user MFA in Microsoft Entra to support migration to Conditional Access. The post How to ...

Read Article →

Per-User MFA State Added to Tenant Passwords and MFA Report

June 14, 2024 by Tony Redmond

administration entra-id microsoft-graph per-user-mfa-state user-passwords-and-authentication-report

A Microsoft Graph update makes per-user MFA state available for user accounts. Being able to access the data means that we can include it in the Us...

Read Article →

Blocking Download Access to Teams Channel Meeting Recordings

June 13, 2024 by Tony Redmond

sharepoint-online stream teams block-downloads channel-meeting-recordings

Our review of the Videos chapter for the Office 365 for IT Pros eBook found a Teams meeting policy setting we hadn't documented to block downloads ...

Read Article →

Debugging the Autopilot Device Preparation Profile

June 13, 2024 by rudyooms

autopilot autopilot-device-preparation graph

In this blog, I’ll explain how we resolved an issue where saving the new Autopilot device preparation profile failed to save the device group...

Read Article →

Report per-user MFA status in Entra using Microsoft Graph PowerShell

June 12, 2024 by Daniel Bradley

entra-id microsoft-graph

Learn how to use Microsoft Graph PowerShell to view the per-user MFA state and method for users in Microsoft Entra. The post Report per-user MFA st...

Read Article →

To Splat or Not to Splat, That’s the Question

June 12, 2024 by Tony Redmond

powershell splatting

Splatting is an optional PowerShell technique designed to make it easier to pass parameter values for cmdlets. It’s a personal choice whether to us...

Read Article →

Azure Monitor alerting with Azure Resource Graph data – using Azure LogAnalytics integration

June 11, 2024 by Morten Knudsen

azure azure-resource-graph kusto

If you need to get an Azure Monitor alert using Azure Resource Graph data, this can easily be accomplished using ... Read more

Read Article →

Platform-level device cleanup rules added to Microsoft Intune

June 11, 2024 by Daniel Bradley

intune

Learn how to configure device clean-up rules at a platform level in Microsoft Intune to target Windows, IOS, Android, Mac or Linux devices. The pos...

Read Article →

The Battle Of The Local Administrator And Autopilot Device Preparation

June 11, 2024 by rudyooms

administrator-protection intune

In this blog, I will discuss how I found out a specific entra setting was interfering, AKA breaking my Windows Autopilot device preparation deploym...

Read Article →

The End for Office 365 Connectors Comes Into Sight

June 11, 2024 by Tony Redmond

microsoft-365-groups power-automate sharepoint-online teams office-365-connectors

Office 365 Connectors bring data from external sources into Microsoft 365 apps like Teams and Outlook. Workflows and Power Automate are replacing C...

Read Article →

Understanding SharePoint Online Storage

June 10, 2024 by Tony Redmond

onedrive-for-business sharepoint-online microsoft-365-archive sharepoint-online-storage

Understanding SharePoint Online storage used to be easy. Then applications like Loop arrived. Other influences like retention and archive can affec...

Read Article →

Interpreting Audit Records for Teams Meeting Recordings (Again)

June 07, 2024 by Tony Redmond

compliance powershell audit-records search-unifiedauditlog teams-meeting-recording

Three years ago, I wrote a script to analyze the audit records generated for Teams meeting recordings. Then things changed in terms of how the audi...

Read Article →

Report Delegated Permission Assignments for Users and Apps

June 06, 2024 by Tony Redmond

entra-id powershell allprincipals delegated-permission microsoft-graph-powershell-sdk

This article describes how to use the Microsoft Graph PowerShell SDK to report delegated permission assignments to user accounts and apps. Like in ...

Read Article →

Autopilot and the Sundance Device Preparation

June 05, 2024 by rudyooms

autopilot intune

In this blog, I will explore the wonders of Autopilot Device Preparation (AP-DP), from the first step of signing in to the last step in the Autopil...

Read Article →

Choosing Between Graph API Requests or Graph SDK Cmdlets

June 05, 2024 by Tony Redmond

microsoft-graph powershell graph-api-request microsoft-graph-powershell-sdk

Deciding whether to use Microsoft Graph PowerShell SDK cmdlets or Graph API requests is sometimes not easy. Some say that it's best to use Graph AP...

Read Article →

Entra ID – Global Secure Access Client – Assign users and groups to forwarding profiles

June 05, 2024 by Michael Morten Sonne

entra-id global-secure-access identity microsoft-365 security

Last Updated on June 5, 2024 by Michael Morten Sonne Intoduction Finally, with the Global Secure Access traffic… The post Entra ID – Global S...

Read Article →

How to deploy Autopilot Device Preparation Policies with PowerShell

June 05, 2024 by Daniel Bradley

microsoft-graph intune

Learn how to deploy Device Preparation Policies in Microsoft Intune programmatically using Microsoft Graph PowerShell. The post How to deploy Autop...

Read Article →

Understanding Primary Refresh Tokens in the Entra ID Sign-in logs

June 05, 2024 by Daniel Bradley

entra-id microsoft-graph

Learn about the different types of security tokens in Microsoft Entra and the Primary Refresh Token in the sign-in logs. The post Understanding Pri...

Read Article →

Experts Live Netherlands

June 04, 2024 by Robbe Van den Daele

security defender sentinel

I spoke together with my colleague Thijs Lecomte at Experts Live, where we talked about how we architecture a Security Operations Center on top of ...

Read Article →

Teams Custom Emojis Arrive in June 2024

June 04, 2024 by Tony Redmond

teams powershell teams-custom-emojis

The latest technology initiative from Microsoft comes in the form of Teams custom emojis, designed to bring light and happiness to Microsoft 365 te...

Read Article →

Notify When Available Comes to Teams 2.1

June 03, 2024 by Tony Redmond

teams notify-when-available presence-status teams-21

Without any fuss or bother, Microsoft announced that the Teams 2.1 client has regained the Notify When Available feature. This functionality allows...

Read Article →

Autopilot Device Preparation: The Hardware Hash Voyage home

June 01, 2024 by rudyooms

autopilot device-preparation

In this blog, I’ll dive into a key difference between traditional Autopilot and Autopilot Device Preparation (APv2). I’ll explain why the har...

Read Article →

Entra Private Access/GSA – Automatic Network Detection

June 01, 2024 by Morten Knudsen

entra-id entra-private-access identity microsoft-security mvpbuzz

This blog covers a custom script solution for Intune, that can be used to automatically detect, if the Entra Private ... Read more

Read Article →

Office 365 for IT Pros June 2024 Update

June 01, 2024 by Tony Redmond

book automating-microsoft-365-with-powershell office-365-for-it-pros-2024-edition ofice-365-for-it-pros-2025-edition

The June 2024 update for the Office 365 for IT Pros 2024 edition ebook is available for download. We're also announcing the availability of the 202...

Read Article →

Better Copilot Audit Records and Copilot Chat Appears in Classic Outlook

May 31, 2024 by Tony Redmond

microsoft-365-copilot outlook copilot-audit-events copilot-for-microsoft-365-chat outlook-classic

Copilot audit records generated for the Microsoft 365 audit log capture details of the resources (files, emails, and documents) used by Copilot in ...

Read Article →

Teams Meeting Audit Events Available to Purview Audit Standard Customers

May 30, 2024 by Tony Redmond

administration teams meetingdetail meetingparticipantdetail teams-meeting-audit-events

Microsoft is deploying additional audit events to tenants with Purview Audit (Standard) licenses. Among the 15 Teams events in the set are Teams me...

Read Article →

How to Manage Microsoft Entra sign-in logs with PowerShell

May 29, 2024 by Daniel Bradley

entra-id microsoft-graph powershell

Learn how to use Microsoft Graph PowerShell to filter, find and manage the sign-in logs for Microsoft Entra. The post How to Manage Microsoft Entra...

Read Article →

Teams Adjusts the Activity Feed

May 29, 2024 by Tony Redmond

microsoft-365 teams calendar-notifications filters teams-activity-feed

The Teams Activity feed received two recent major changes. First, calendar notifications now show up in the feed. Second, the set of filters that w...

Read Article →

Reporting Mailbox Audit Configurations

May 28, 2024 by Tony Redmond

exchange-online powershell mailbox-audit-configuration mailbox-audit-events report

A request came in for a PowerShell script to report mailbox audit configurations to check that the important new events are being generated by mail...

Read Article →

Entra ID Dynamic Groups – Direct reports of a manager

May 27, 2024 by Jan Bakker

entra-id

Check out this article via web browser: Entra ID Dynamic Groups – Direct reports of a manager Here’s a quick tip that I discovered only...

Read Article →

Teams Changes Location for Meeting Transcripts

May 27, 2024 by Tony Redmond

teams teams-meeting-recording teams-meeting-transcripts

Microsoft is changing the storage location for Teams Meeting Transcripts from Exchange Online to OneDrive for Business. The change is designed to s...

Read Article →

Guided application upgrades announced for Microsoft Intune

May 26, 2024 by Daniel Bradley

intune

Enterprise Application Management has announced Guided application upgrades later this year in Microsoft Intune. The post Guided application upgrad...

Read Article →

Introducing a new tool – Lookup IP to DNS Tool – v. 1.0.0.3!

May 25, 2024 by Michael Morten Sonne

c code-repository cool-tools my-tools network

Last Updated on June 29, 2024 by Michael Morten Sonne Intoduction I’m thrilled to announce the latest release… The post Introducing a n...

Read Article →

Stream Development Presses Ahead After Migration Finishes

May 24, 2024 by Tony Redmond

stream copilot-for-microsoft-365 copilot-for-stream stream-browser-client stream-interactive-features

The Stream browser client has received some nice new features including the ability to trim videos in a very efficient manner and to add callouts t...

Read Article →

Microsoft Finally Delivers Promised Audit Events to Purview Audit Standard Tenants

May 23, 2024 by Tony Redmond

administration mailitemsaccessed microsoft-purview-audit-standard new-audit-events

A May 20 post contains the welcome news that the new audit events promised for Purview Audit standard customers should be available in June 2024. S...

Read Article →

Autopilot Device Preparation: First Contact

May 22, 2024 by rudyooms

autopilot intune

Are you anxiously waiting for the Autopilot V2 Announcement? APv2 has just been officially announced and has a nice new shiny name: Autopilot Devic...

Read Article →

New granular security policy permissions in Microsoft Intune

May 22, 2024 by Daniel Bradley

intune

Microsoft are to release new granular security permissions relating to security baselines in Microsoft Intune. The post New granular security polic...

Read Article →

Nobody makes me Config Refresh my own Provider. Nobody!

May 22, 2024 by rudyooms

intune

Welcome to the Config Refresh Blog! Today, I’ll be diving into the fascinating world of Config Refresh. Specifically, we’ll explore how...

Read Article →

Organizers of Teams Recurring Meetings Can Create Loop Workspaces for Shared Content

May 22, 2024 by Tony Redmond

microsoft-loop teams loop-workspaces teams-recurring-meeting

A new feature for Teams recurring meetings allows meeting organizers to create Loop workspaces to hold content shared within the meetings. It's an ...

Read Article →

Big Change Coming in Authentication for Outlook Add-ins

May 21, 2024 by Tony Redmond

outlook naa nested-app-authentication outlook-add-in

On April 9, 2024, Microsoft announced a big change in authentication for Outlook add-ins. It's likely that people don't realize the kind of change ...

Read Article →

European Union Lines up Anti-Trust Charges Against Microsoft Over Teams

May 20, 2024 by Tony Redmond

teams european-union-investigation slack-complaint teams-anti-competitive-behavior

The Financial Times reported that the EU is lining up new charges against Microsoft for Teams anti-competitive behavior. Given that Microsoft has a...

Read Article →

Microsoft Causes Fuss Around Azure MFA Announcement

May 17, 2024 by Tony Redmond

administration azure azure-mfa requirement-for-mfa-to-access-azure-services

On May 14, Microsoft announced that they will require Azure MFA for connections to services starting in July 2024. No details about the implementat...

Read Article →

Teams Adds Slash Commands to the Message Compose Box

May 16, 2024 by Tony Redmond

teams message-compose-box shortcut-commands slash-commands teams-messaging

Teams has added the ability to use slash commands (shortcuts) to the message compose box. Although the feature seems useful, I wonder about its pot...

Read Article →

SharePoint Online Deletion of Non-Empty Folders

May 15, 2024 by Tony Redmond

sharepoint-online deletion-of-non-empty-folders folder-deletion

A recent SharePoint Onlne update enables folder deletion when items are present in a folder. This is probably the way that things should have alway...

Read Article →

Configure External Authentication Methods in Entra ID with Duo Security

May 14, 2024 by Daniel Bradley

entra-id microsoft-graph external-authentication-methods

Setup Cisco Duo as an External Authentication Method in Microsoft Entra ID and satisfy MFA requirements in Conditional Access. The post Configure E...

Read Article →

The Extremely Useful Meeting Follow Response

May 14, 2024 by Tony Redmond

outlook teams follow-response monarch-client owa

The Follow response is a new option for people invited to a meeting to indicate that they can't attend but are interested in what happens. Replying...

Read Article →

Block Device Code Authentication Requests with Conditional Access

May 13, 2024 by Tony Redmond

entra-id conditional-access-policies device-code-authentication

This article describes the process of blocking device code authentication requests against Entra ID with a preview feature for conditional access p...

Read Article →

Thoughts on Copilot for Security’s Early Days

May 13, 2024 by Ru Campbell

copilot-for-security ai copilot

April 1, 2024, seen the release of Microsoft Copilot for Security to general availability (GA). It is a generative AI solution integrating with Def...

Read Article →

Entra ID – Exploring the new feature: What’s New

May 10, 2024 by Michael Morten Sonne

entra-id identity security

Last Updated on May 10, 2024 by Michael Morten Sonne Introduction Let´s explore some of the new in… The post Entra ID – Exploring the new fea...

Read Article →

Team and Channel Creation Simplified in New Design

May 10, 2024 by Tony Redmond

teams team-channel-collaboration

Team channel collaboration might be a better choice than always creating a new team to host discussions about a topic, especially if channels grow ...

Read Article →

Update Entra ID User Role Permissions to Secure Your Tenant

May 09, 2024 by Tony Redmond

microsoft-365 entra-id get-mgpolicyauthorizationpolicy update-mgpolicyauthorizationpolicy user-authorization-policy

The user authorization policy defines user role permissions, or actions that non-admin users can take within an Entra ID tenant. The default settin...

Read Article →

Microsoft Launches Support for Entra ID External Authentication Methods

May 08, 2024 by Tony Redmond

entra-id entra-id-authentication-method

In a May 2 announcement, Microsoft said that they have signed up 9 ISVs to add support for Entra ID authentication methods. The third-party methods...

Read Article →

Remember, remember, the Hybrid Device, the MDM only enrollment Treason and The EPM Agent

May 08, 2024 by rudyooms

device-enrollment epm intune

Are you dealing with Hybrid joined, Intune enrolled devices and wondering why the EPM agent isn’t showing up on your device after activating ...

Read Article →

Teams Adds Background Effects for Mobile Video Messages

May 07, 2024 by Tony Redmond

teams teams-video-clips teams-video-messages

The Teams iOS client can send one-minute Teams video messages (or clips) to chats or channels conversations. Now, the videos can use image or blur ...

Read Article →

More Microsoft Graph PowerShell SDK Problems

May 06, 2024 by Tony Redmond

powershell microsoft-graph-powershell-sdk problems

Some problems emerged in V2.17 and V2.18 of the Microsoft Graph PowerShell SDK. In one case, Microsoft changed cmdlet names. In another, it's an id...

Read Article →

KB5036980 breaks the Windows 11 Enterprise Subscription Activation.

May 03, 2024 by rudyooms

intune subscription-activation

Are you experiencing problems with the automatic upgrade from Windows 11 Pro to Windows 11 Enterprise during Autopilot on the latest Windows build?...

Read Article →

Microsoft Retires Stream Mobile App

May 03, 2024 by Tony Redmond

stream retirement stream-mobile-app

On May 2, 2024, Microsoft announced the retirement of the Stream Mobile app on July 1, 2024. It's all to do with rationalization and focus, or so M...

Read Article →

Setup External Authentication Methods in Microsoft Entra ID

May 03, 2024 by Daniel Bradley

entra-id

Learn about External Authentication Methods in Microsoft Entra and how to setup new External Authentication methods for Entra ID. The post Setup Ex...

Read Article →

Defender for Cloud – Reset to free tier via PowerShell

May 02, 2024 by Michael Morten Sonne

azure code-repository github defender-for-cloud powershell

Last Updated on May 2, 2024 by Michael Morten Sonne Intoduction Resetting Microsoft Defender for Cloud Configuration Are… The post Defender f...

Read Article →

Removing Outlook Add-ins From Mailboxes with PowerShell

May 02, 2024 by Tony Redmond

outlook teams disable-app get-app outlook-add-in

The Share to Teams Outlook add-in posts an email to a Teams chat or channel conversation. I was asked how to disable the add-in for some mailboxes....

Read Article →

Office 365 for IT Pros May 2024 Update Available

May 01, 2024 by Tony Redmond

book office-365-for-it-pros office-365-for-it-pros-2024-edition

Another month, another update for the Office 365 for IT Pros eBook. In this case, it's monthly update #107 for Office 365 for IT Pros (2024 edition...

Read Article →

Report assigned Autopilot profiles with Microsoft Graph PowerShell

May 01, 2024 by Daniel Bradley

microsoft-graph intune powershell autopilot microsoft-graph-powershell

Use Microsoft Graph PowerShell to report which Autopilot profile is assigned to each device in Microsoft Intune. The post Report assigned Autopilot...

Read Article →

Disabling Bits of Copilot for Microsoft 365

April 30, 2024 by Tony Redmond

microsoft-365-copilot copilot-for-microsoft-365 licensing service-plans

The Copilot for Microsoft 365 license has 8 service plans to govern feature availability. You can disable individual components, if you know what y...

Read Article →

Find all license-enabled groups in Microsoft Entra with PowerShell

April 29, 2024 by Daniel Bradley

entra-id microsoft-graph groups

Learn how to use Microsoft Graph PowerShell and filtering to find all license-enabled groups in Microsoft Entra. The post Find all license-enabled ...

Read Article →

Teams Classic Client Slipping Away

April 29, 2024 by Tony Redmond

teams retirement teams-classic-client

The Teams classic client has been replaced by the Teams 2.1 client. Microsoft will block access to the Teams classic client for people running the ...

Read Article →

Analyzing MDE Network Inspections

April 27, 2024 by Robbe Van den Daele

security defender identity

Introduction Defender for Identity is a very important sensor to detect threats in an Active Directory environment. Therefore, it is important to m...

Read Article →

Create client secrets during App Registration in Microsoft Entra

April 26, 2024 by Daniel Bradley

entra-id microsoft-graph

You can now create client secret during app registration in Microsoft Entra using Microsoft Graph PowerShell. The post Create client secrets during...

Read Article →

Microsoft Cloud Exceeds 50% of Microsoft Total Revenues

April 26, 2024 by Tony Redmond

microsoft-365 microsoft-fy24-q3-results microsoft-numbers

The Microsoft FY24 Q3 results didn't contain any new user numbers for Office 365 or Teams. However, we did learn that Copilot and Azure are popular...

Read Article →

Defender for Endpoint status report with Microsoft Graph PowerShell

April 25, 2024 by Daniel Bradley

defender-xdr microsoft-graph

Learn how to generate and export a Defender For Endpoint agent status report using Microsoft Graph PowerShell. The post Defender for Endpoint statu...

Read Article →

Teams Meet Now Feature Gets a Makeover for Group Chats

April 25, 2024 by Tony Redmond

teams group-chats meet-now microsoft-teams

Teams group chats are getting a new Meet Now experience. Is that good news? Well, it's not an earthshattering change, but it is a nice change becau...

Read Article →

MFA issues for Invited guest – Cause: Cross-Tenant Access due to Partner Relationship

April 24, 2024 by Morten Knudsen

cross-tenant-access entra-id identity microsoft-security mvpbuzz

This blog is about an issue, I experienced when I was invited as Guest to a tenant, where cross-tenant access ... Read more

Read Article →

Sending Urgent Teams Chats with PowerShell

April 24, 2024 by Tony Redmond

microsoft-graph powershell teams microsoft-graph-powershell-sdk new-mgchat

A reader asked if it is possible to script sending chat messages. In this article, we explore how to compose and send Teams urgent messages to a se...

Read Article →

Conditional Access Policies - An In-depth Guide

April 23, 2024 by Ankit Gupta

entra-id conditional-access

Copyright © 2025 Microsoft Security - All Rights Reserved.

Read Article →

How to auto-update apps assigned as Available in Microsoft Intune

April 23, 2024 by Daniel Bradley

intune

Learn how to auto-update applications using supersedence in Microsoft Intune for apps assigned as available. The post How to auto-update apps assig...

Read Article →

How to Remove a Single Service Plan from User Accounts with PowerShell

April 23, 2024 by Tony Redmond

entra-id powershell get-mgsubscribedsku get-mguser get-mguserlicensedetail

Some years ago, I wrote a script to demonstrate how to remove service plans with PowerShell. This article describes some upgrades to make the scrip...

Read Article →

May the Intune Suite be with You!

April 23, 2024 by rudyooms

epm intune

This blog will show you something you need to be aware of when you purchase the Intune Suite and use the Cisco DUO desktop app. When activating the...

Read Article →

Disappointing Session Schedule for M365 Conference

April 22, 2024 by Tony Redmond

microsoft-365 m365-community-conference m365-conference

The M365 Conference takes place in Orlando, FL from April 28 to May 2, 2024. I have two sessions, but my attempts to find sessions that cover all o...

Read Article →

Microsoft Fix Intune Personal Device Enrollment Restriction Bypass

April 22, 2024 by Daniel Bradley

intune

Microsoft fix a bypass technique where you can register personal Windows devices in Intune even while they are blocked. The post Microsoft Fix Intu...

Read Article →

Microsoft Purview Series - Part 1

April 20, 2024 by Ankit Gupta

security

Copyright © 2025 Microsoft Security - All Rights Reserved.

Read Article →

Removing Licenses from Entra ID Accounts When a Replacement License Exists

April 19, 2024 by Tony Redmond

entra-id license-management remove-licenses-from-entra-id-accounts

License management is a core competence for Microsoft 365 tenant administrators. This article explains how to use PowerShell to remove licenses fro...

Read Article →

Microsoft Graph Activity Logs Hit General Availability

April 18, 2024 by Tony Redmond

entra-id microsoft-graph microsoft-graph-activity-logs

April 11 saw the general availability of Microsoft Graph activity logs, a new set of data recording details of Graph API HTTP requests made in a te...

Read Article →

How to Create a Password Expiration Report

April 17, 2024 by Tony Redmond

administration microsoft-365 microsoft-graph-powershell-sdk password-expiration-policy password-expiration-report

Although the trend is toward password authentication, many Microsoft 365 tenants still use passwords and some force users to change passwords regul...

Read Article →

Authenticate to Azure DevOps using Managed Identity and REST API

April 16, 2024 by Truls Dahlsveen

azure identity

How to add a managed identity to Azure DevOps and get access tokens for Azure Devops - This one is very short and sweet - how to authenticate to Az...

Read Article →

Download Azure DevOps Repositories using a Managed Identity and REST API

April 16, 2024 by Truls Dahlsveen

azure identity

Everything you need to know to download Azure DevOps repositories using a Managed Identity and REST API - In this post, we will go over how to down...

Read Article →

Exchange Online Moves to Tighten Platform Security

April 16, 2024 by Tony Redmond

exchange-online external-recipient-rate-limit smtp-auth

Exchange Online announced two important changes on April 15. SMTP AUTH is being depreciated and a new external recipient rate limit is being introd...

Read Article →

List All Passkeys and AAGUIDs in Microsoft Entra with PowerShell

April 15, 2024 by Daniel Bradley

entra-id

Use Microsoft Graph PowerShell to create a report of all Passkeys and their AADGUIDs current in use in your Tenant. The post List All Passkeys and ...

Read Article →

Maester: Microsoft Security Test Automation Framework

April 15, 2024 by Tony Redmond

administration entra-id security maester-tool

The Maester tool is a community initiative to create a tool to help tenant administrators improve the security of their Entra ID tenants. It’s stil...

Read Article →

Prepare for Exchange Online Basic Auth Permanent Retirement

April 15, 2024 by Daniel Bradley

exchange-online

Learn how to prepare your email environment for the permanent retirement of SMTP auth in Exchange online by September 2025. The post Prepare for Ex...

Read Article →

Get control over corporate networks with device discovery

April 14, 2024 by Robbe Van den Daele

security sentinel zero-trust

Introduction During the last few years, I worked with a couple of customers who struggle with getting control over their corporate networks. Even t...

Read Article →

Get started with passkeys in Microsoft 365

April 13, 2024 by Jan Bakker

entra-id security

Check out this article via web browser: Get started with passkeys in Microsoft 365 It’s here! A long-awaited feature in Microsoft 365 is fina...

Read Article →

Introducing Azure DevOps Backup Tool 1.0.5.8: Enhanced security, optimization and bug fixes!

April 13, 2024 by Michael Morten Sonne

azure-devops backup code-repository my-tools software

Last Updated on July 10, 2024 by Michael Morten Sonne Intoduction I’m thrilled to announce the latest release… The post Introducing Azu...

Read Article →

Passkey Public Preview for Entra ID

April 13, 2024 by Author

entra-id security

With the release of the public preview for Passkey in Entra ID, I think, the broad adoption of passwordless and phishing resistant authentication a...

Read Article →

Teams Adds Support for Customizable Group Chat Pictures

April 12, 2024 by Tony Redmond

teams group-chat-pictures teams-group-chat

Microsoft Teams now boasts the ability to add customizable group chat pictures to what might be otherwise a set of chats with not-very-good generat...

Read Article →

Automated Microsoft 365 Security Posture Monitoring with Maester

April 11, 2024 by Daniel Bradley

entra-id

Configure an automation Microsoft 365 Security Poster Monitoring solution using the Maester tool using Azure Automation. The post Automated Microso...

Read Article →

How to enable Passkeys for the Microsoft Authenticator app

April 11, 2024 by Daniel Bradley

entra-id

Learn how to enable Passkeys in the Microsoft Authenticator app for FIDO2 compliance authentication to Microsoft Entra. The post How to enable Pass...

Read Article →

Security and Privacy Concerns Continue Swirling Around the new Outlook for Windows

April 11, 2024 by Tony Redmond

outlook monarch privacy security

Monarch client security became an issue last year when a German website reported some issues. It turns out that the reported problems are mostly hy...

Read Article →

I can only show you the Programs Entity, you’re the one that has to Device Query it!

April 10, 2024 by rudyooms

device-query intune device-query intune pivot

This small blog will examine how the Program entity in the Intune suite feature Device Query is a work in progress. I will update this blog every t...

Read Article →

Upgrade Classic Azure Administrator Roles by August 2024

April 10, 2024 by Tony Redmond

azure azure-classic-administrator-roles azure-rbac-roles

A recent note from Microsoft advised that if your tenant uses classic Azure administrative role, you need to switch to Azure RBAC roles by 31 Augus...

Read Article →

Modifying the Teams Tenant Federation Configuration with PowerShell

April 09, 2024 by Tony Redmond

powershell teams

A new parameter for the Set-CsTenantFederationConfiguration cmdlet made me look at the Teams tenant federation configuration again to improve how a...

Read Article →

How to Retrieve Loop Workspaces Data with PowerShell

April 08, 2024 by Tony Redmond

microsoft-loop powershell container get-spocontainer loop-workspaces

A previous attempt to write a script to report all Loop workspaces in a tenant was flawed because it only retrieved the first 200 workspaces. I had...

Read Article →

I have the 2024-03 update! Microsoft, Could you Config Refresh me?

April 08, 2024 by rudyooms

intune

Did Microsoft fix the Config Refresh bug with the March update? However, that doesn’t mean it also works. In this blog, I will examine how Config R...

Read Article →

Use Certificate-Based Authentication in Entra with Cloud PKI

April 08, 2024 by Daniel Bradley

entra-id intune

Learn how to configure Certificate-based authentication in Microsoft Entra using certificates issues from your Intune Cloud PKI. The post Use Certi...

Read Article →

P4: Hidden Gems & Least Used Features

April 06, 2024 by Ankit Gupta

security

Copyright © 2025 Microsoft Security - All Rights Reserved.

Read Article →

P5: Live Response in MDE

April 06, 2024 by Ankit Gupta

security

Copyright © 2025 Microsoft Security - All Rights Reserved.

Read Article →

Protecting Against QR Code Phishing in Defender for Office 365

April 06, 2024 by Ankit Gupta

defender

Copyright © 2025 Microsoft Security - All Rights Reserved.

Read Article →

Security Copilot Cost Management for SOC

April 06, 2024 by Ankit Gupta

security

Copyright © 2025 Microsoft Security - All Rights Reserved.

Read Article →

Microsoft Toughens Premium Sensitivity Label License Requirements

April 05, 2024 by Tony Redmond

microsoft-information-protection rights-management auto-label-policies information-protection-license sensitivity-labels-license

According to Microsoft 365 notification MC736438, Microsoft is getting tougher at enforcing the rules for Purview information protection licenses. ...

Read Article →

Security Copilot Scalable Capacity Management for non-24×7 SOC scenario

April 05, 2024 by Morten Knudsen

m365-security mvpbuzz security sentinel

Background Some of my customers are not having 24×7 SOC but still wants to utilize Microsoft Security Copilot during their ... Read more

Read Article →

Microsoft Defender XDR – Unified Security Operations Platform (Sentinel and Defender)

April 04, 2024 by Michael Morten Sonne

advanced-hunting attackscompromise cool-tools defender-xdr sentinel

Last Updated on April 4, 2024 by Michael Morten Sonne Intoduction What is comming to the Microsoft Defender… The post Microsoft Defender XDR ...

Read Article →

Microsoft Increases Number of Self-Purchase Product Licenses to 25

April 04, 2024 by Tony Redmond

administration get-mscommerceproductpolicies mscommerce mscommerce-powershell-module update-mscommerceproductpolicy

A new major version of the MsCommerce PowerShell module makes you hope that something good is included in the new code. In this case, it’s hard to ...

Read Article →

Defender for Office 365 – Hunting and responding to QR code-based phishing attacks

April 03, 2024 by Michael Morten Sonne

advanced-hunting analyzer attackscompromise identity defender-for-office-365

Last Updated on April 3, 2024 by Michael Morten Sonne Intoduction Now you can strengthening your defense against… The post Defender for Offic...

Read Article →

Enable High Volume Email for Microsoft 365

April 03, 2024 by Daniel Bradley

exchange-online

Learn how to configure High Volume Email in Microsoft 365 to increase the Exchange Online messaging limits for your applications. The post Enable H...

Read Article →

Interpreting Audit Events for Microsoft 365 Copilot

April 03, 2024 by Tony Redmond

compliance copilot-audit-events copilot-for-microsoft-365 unified-audit-log

The unified audit log includes Copilot for Microsoft 365 audit events captured when users interact with Copilot through apps. The information is ve...

Read Article →

Keeping up with the EmmDeviceID And Config Refresh Bug

April 02, 2024 by rudyooms

intune mmpc

This blog will supplement my previous one, in which I explored the new DMClient LinkedEnrollment DiscoveryEndpoint Node. I will guide you through t...

Read Article →

The New Manage Distribution Groups OWA Component Has a Problem with Role Assignments

April 02, 2024 by Tony Redmond

exchange-online distrribution-list-managemnt owa-distribution-list-management role-assignment-policy user-role-assignment-policy

Microsoft announced a new component for OWA distribution list management but clearly the engineers never took role assignment policy customizations...

Read Article →

LAPS Unleashed: Navigating the Future of Windows Admin Security

April 01, 2024 by Nathan Hutchinson

intune

Dive into LAPS for Windows: a game-changer in admin account security. Discovery of the new CSP settings and configurations.

Read Article →

Office 365 for IT Pros April 2024 Update

April 01, 2024 by Tony Redmond

book monthly-update office-365-for-it-pros office-365-for-it-pros-2024-edition

The April 2024 update for the Office 365 for IT Pros eBook is now available for subscribers to download from Gumroad.com or Amazon.com. Like every ...

Read Article →

When and how does a device sync with MMP-C (Next Gen Intune)”

April 01, 2024 by rudyooms

epm intune mmpc windc cooked

In this blog, I will examine the same things as Niehaus but this time the next-generation Intune, MMP-C. I will also examine the sync scheme and sh...

Read Article →

Update Branding With the Organizational Branding Administrator Role

March 31, 2024 by Daniel Bradley

entra-id

Use the Organizational Branding Administrator role to update your organisations branding in Microsoft Entra. The post Update Branding With the Orga...

Read Article →

Introducing GitHub Backup Tool 1.3.0.0: Enhanced customization, security and bug fixes!

March 30, 2024 by Michael Morten Sonne

backup code-repository github my-tools software

Last Updated on June 29, 2024 by Michael Morten Sonne Intoduction I’m thrilled to announce the latest release… The post Introducing Git...

Read Article →

Limit local administrators on Microsoft Entra joined devices

March 29, 2024 by Daniel Bradley

intune

Prevent the global administrators in Microsoft Entra from being added to the local administrators group on Microsoft Entra joined devices. The post...

Read Article →

Local Administrator, and Autopilot Settings, and Entra Settings! Oh, my!

March 29, 2024 by rudyooms

autopilot intune intune windowsautopilot

In this blog, I will examine the new Entra local administrator settings, which prevent users from becoming local administrators on their devices du...

Read Article →

SharePoint Marks Its 23rd Anniversary

March 29, 2024 by Tony Redmond

sharepoint-online information-governance sharepoint-history

On March 27, SharePoint history reached its 23rd year. That's a great achievement and SharePoint Online powers many apps. But dark clouds are on th...

Read Article →

Trimarc Happy Hour

March 29, 2024 by Nathan McNulty

security

I had a great time hanging out and talking about a little bit of everything with some of the Trimarc folks. Thanks to Brandon for inviting me on! :)

Read Article →

All About Microsoft 365 Tenant Identifiers

March 28, 2024 by Tony Redmond

administration microsoft-365 microsoft-365-tenant-identifier tenant-identifier

Every Microsoft 365 tenant has a tenant identifier, a unique GUID that's used within the Entra ecosystem to identify a tenant and its objects. Much...

Read Article →

Demystifying Security Copilot Features & Licensing

March 28, 2024 by Ankit Gupta

security

Copyright © 2025 Microsoft Security - All Rights Reserved.

Read Article →

Do not try and bend the EPM. That’s impossible. Instead… only try to use Support Approved

March 27, 2024 by rudyooms

epm

In this blog, I will dive deep into the Endpoint Privilege Management feature “Support Approved” once more. I will show you how Support Approved wo...

Read Article →

How Many Licensed Microsoft 365 Accounts Use the Loop App?

March 27, 2024 by Tony Redmond

microsoft-365 audit-records-to-find-usage-data microsoft-loop-app

After the welcome announcement that the Loop app will support external access, thoughts might turn to figuring out who uses the app. Fortunately, i...

Read Article →

P2: Securing with Intelligence: Role of AI in Defender

March 26, 2024 by Ankit Gupta

defender

Copyright © 2025 Microsoft Security - All Rights Reserved.

Read Article →

P3: Attack Surface Reduction (ASR) Deployment Using MDE

March 26, 2024 by Ankit Gupta

security

Copyright © 2025 Microsoft Security - All Rights Reserved.

Read Article →

Search-UnifiedAuditLog Gets High Completeness Capability

March 26, 2024 by Tony Redmond

compliance audit-log-search high-completeness-audit-log search-unifiedauditlog

A new preview feature supports high completeness audit log searches. These searches are optimized to make sure that they find every matching audit ...

Read Article →

Microsoft Grounds Copilot Apps with Graph and Web Content

March 25, 2024 by Tony Redmond

microsoft-365 microsoft-365-copilot copilot-for-microsoft-365 copilot-for-microsoft-365-chat copilot-for-word

Message center notification MC734281 explains that Copilot for Microsoft 365 will get better grounding for Word, Excel, PowerPoint, and OneNote fro...

Read Article →

Re-onboard LogAnalytics to Sentinel, if SecurityInsights solution is deleted by mistake

March 25, 2024 by Morten Knudsen

automation azure-loganalytics azure-logging defender-for-cloud microsoft-security

Critical features will break or stop working, if you delete too much in Legacy solutions like SecurityInsights, SQLAdvancedThreatProtection or SQLV...

Read Article →

Azure – Automating Management Group Removal in Azure with PowerShell

March 23, 2024 by Michael Morten Sonne

automation azure code-repository powershell script

Last Updated on March 23, 2024 by Michael Morten Sonne Intoduction Are you tired of spending valuable time… The post Azure – Automating Manag...

Read Article →

Demystifying Microsoft Entra Workload ID Licensing

March 22, 2024 by Ankit Gupta

entra-id

Copyright © 2025 Microsoft Security - All Rights Reserved.

Read Article →

Graph and PowerShell Hiccups for the Groups and Teams Report Script

March 22, 2024 by Tony Redmond

microsoft-365-groups powershell groups-and-teams-activity-report microsoft-365-groups-and-teams-activity-report

The Microsoft 365 Groups and Teams Activity Report is a PowerShell script that I've worked on since 2016 (not all the time). Some recent Graph hicc...

Read Article →

How to Convert an Entra ID External Account to Internal

March 21, 2024 by Tony Redmond

entra-id powershell convert-from-external-to-internal-entra-id-account convertexternaltointernalmemberuser

A new convert to internal user preview feature allows Entra ID administrators to convert external accounts to internal accounts. An option is avail...

Read Article →

Restrict Windows Registry Access with Intune Policy

March 21, 2024 by Ankit Gupta

security intune

The Windows Registry serves as a repository for critical system configurations and preferences, essential for the smooth operation of the Windows O...

Read Article →

Microsoft Entra App Registration Exploitation

March 20, 2024 by Ankit Gupta

entra-id

Copyright © 2025 Microsoft Security - All Rights Reserved.

Read Article →

Understanding How Much Microsoft 365 Backup Charges to Protect Data

March 20, 2024 by Tony Redmond

administration microsoft-365 microsoft-365-backup-costs

Microsoft 365 Backup costs are charged on a PAYG basis against an Azure subscription. You pay a flat fee of $0.15 per month per gigabyte of protect...

Read Article →

Does Microsoft Care about SharePoint Online PowerShell?

March 19, 2024 by Tony Redmond

powershell sharepoint-online get-mgadminsharepointsetting pnp-powershell sharepoint-online-powershell

Microsoft's support for SharePoint Online PowerShell has degraded over the last few years. Pnp.PowerShell is now the best option as not much is hap...

Read Article →

How to simulate risk in Microsoft Entra ID Protection

March 19, 2024 by Jan Bakker

entra-id security

Check out this article via web browser: How to simulate risk in Microsoft Entra ID Protection Entra ID protection is an excellent feature amongst t...

Read Article →

Infusing Sensitivity Labels with Vibrant Colors

March 18, 2024 by Ankit Gupta

security

Copyright © 2025 Microsoft Security - All Rights Reserved.

Read Article →

P1: Microsoft Defender for Endpoint Architecture

March 18, 2024 by Ankit Gupta

defender

Copyright © 2025 Microsoft Security - All Rights Reserved.

Read Article →

The Abuse of Teams Inbound Webhook Connectors and Channel Email Addresses

March 18, 2024 by Tony Redmond

teams channel-email-address email-integration incoming-webhook-connector

An article by security researchers Black Hills pointed to some vulnerabilities with incoming webhook connectors and email connections for Teams cha...

Read Article →

Convert External Users to Internal Users in Microsoft Entra

March 17, 2024 by Daniel Bradley

entra-id microsoft-graph

Learn how to converted guests to internal using in Microsoft Entra using the web portal or Microsoft Graph PowerShell. The post Convert External Us...

Read Article →

How to a Find Microsoft 365 Tenant ID Without Tenant Access

March 15, 2024 by Daniel Bradley

entra-id

Use these 3 methods to find the tenant ID of any Microsoft Entra tenant without access to the tenant. The post How to a Find Microsoft 365 Tenant I...

Read Article →

Introducing GitHub Backup Tool 1.2.0.0: Enhanced Security and Customization

March 15, 2024 by Michael Morten Sonne

backup code-repository github my-tools software

Last Updated on June 29, 2024 by Michael Morten Sonne Intoduction I’m thrilled to announce the latest release… The post Introducing Git...

Read Article →

Microsoft Lifts External Sharing Restriction for Loop App

March 15, 2024 by Tony Redmond

microsoft-365 loop-app-external-access loop-app-external-sharing loop-app-guest-access

The Loop app is a powerful collaborative platform that has been handicapped up to now with a restriction on its External Sharing capabilities. That...

Read Article →

Finding Devices Used for Multifactor Authentication

March 14, 2024 by Tony Redmond

entra-id unused-entra-id-registered-device

This article describes how to use sign-in data to identify unused Entra ID registered devices. It’s an imperfect solution because Entra ID doesn’t ...

Read Article →

Microsoft 365 Developer Program – Attention to all Microsoft 365 developers and learners!

March 14, 2024 by Michael Morten Sonne

attackscompromise lab microsoft microsoft-365 security

Last Updated on July 27, 2024 by Michael Morten Sonne Intoduction The Microsoft 365 Developer Program is an… The post Microsoft 365 Developer...

Read Article →

Customizing Quarantine Notification Messages

March 13, 2024 by Tony Redmond

exchange-online-protection custom-quarantine-notification get-quarantinepolicy

This article describes the experience of creating a custom quarantine message for Exchange Online Protection to send to those with email held in qu...

Read Article →

Can Copilot for Microsoft 365 Save Users 14 Hours a Month?

March 12, 2024 by Tony Redmond

microsoft-365-copilot copilot-for-microsoft-365 personal-experience-of-using-copilot

An interesting LinkedIn post by a Microsoft employees relates how Copilot for Microsoft 365 saves him 14 hours monthly. Reports like this must be t...

Read Article →

Outlook Classic Support Until At Least 2029

March 11, 2024 by Tony Redmond

outlook monarch new-outlook-for-windows

On March 7, Microsoft published a timeline for the New Outlook for Windows client that says that support for the classic client will be until at le...

Read Article →

Despite the Doubters, Microsoft 365 Administrators Should Continue Using PowerShell

March 08, 2024 by Tony Redmond

administration powershell microsoft-365-powershell microsoft-graph-powershell-sdk

A recent article by a Microsoft MVP attempted to lay out a case that tenants should not use Microsoft 365 PowerShell and use ISV products instead. ...

Read Article →

Houston, we have a TPM Attestation problem

March 08, 2024 by rudyooms

attestation-and-compliance-series autopilot hp intune intune

This blog will be an additional blog to the TPM attestation series I wrote some time ago. In this one, I am going to take a closer look at why [...

Read Article →

Setup cloud-based RADIUS for Entra Joined Devices using Cloud PKI

March 08, 2024 by Daniel Bradley

entra-id intune

Learn how to setup RADIUS wireless network authentication in a completely cloud environment using Microsoft Entra, Cloud PKI and RADIUSaaS. The pos...

Read Article →

Microsoft Announces Restricted SharePoint Search

March 07, 2024 by Tony Redmond

sharepoint-online copilot-for-microsoft-365 restricted-sharepoint-search

Restricted SharePoint Search is an answer for customers who don't like the idea of Copilot for Microsoft 365 being able to find documents in any si...

Read Article →

Entra ID – Global Secure Access Client – Setup of the Microsoft 365 Profile – Part 3

March 06, 2024 by Michael Morten Sonne

entra-id cool-tools global-secure-access identity security

Last Updated on March 23, 2024 by Michael Morten Sonne Intoduction In an era defined by the dynamic… The post Entra ID – Global Secure Access...

Read Article →

Secure Boot – What it is and how to update Secure Boot keys

March 06, 2024 by Michael Morten Sonne

attackscompromise code-repository powershell script security

Last Updated on March 6, 2024 by Michael Morten Sonne Intoduction Microsoft have in collaboration with partners and… The post Secure Boot – W...

Read Article →

The Question of Information Protection Sublabels

March 06, 2024 by Tony Redmond

microsoft-information-protection information-protection-sublabels sensitivity-labels

The use of Information Protection sublabels is one of the questions for teams implementing sensitivity labels in Microsoft 365 tenants. Some like t...

Read Article →

Tutorial: How to enable/disable Defender for Servers Plans at resources level

March 06, 2024 by Thomas Verheyden

defender-for-cloud defender-for-endpoint defender-for-servers micorosft-security

Intro I noticed that more and more clients are starting to use mixed license model for Defender for Servers. Previous you could only enable Defende...

Read Article →

Autopilot: Escape the Administrator

March 05, 2024 by rudyooms

autopilot azure intune intune

Did you ever run into an issue in which the user was still in the local administrator group after the device was enrolled with Windows Autopilot (a...

Read Article →

Entra Private Access & Windows Hello for Business Kerberos Trust – Network Drive Fails for 10 min. after restart and user login

March 05, 2024 by Morten Knudsen

entra-private-access intune windows-hello-for-business

If you are using Entra Private Access (or other SSE solutions) – together with Windows Hello for Business Kerberos Trust, ... Read more

Read Article →

GitHub – Get a local backup of your code repositories – v. 1 of the tool

March 05, 2024 by Michael Morten Sonne

automation backup cool-tools github my-tools

Last Updated on June 29, 2024 by Michael Morten Sonne Introduction The GitHub Backup Tool provides an intuitive… The post GitHub – Get a loca...

Read Article →

Under the hood: Preparing your device for mobile device management

March 05, 2024 by rudyooms

autopilot intune

This blog will investigate what happens under the hood when our device is enrolled with Windows Autopilot during the “preparing your device f...

Read Article →

Why It’s a Good Idea to Archive Teams Channels

March 05, 2024 by Tony Redmond

teams archive-teams-channel

An update allows Teams owners to archive Teams channels. This is an excellent way of keeping old channels online while removing them from open view...

Read Article →

Microsoft Releases View Another Mailbox for the New EAC

March 04, 2024 by Tony Redmond

exchange-online eac exchange-admin-center view-another-mailbox

Microsoft has released the View Another Mailbox feature for the new EAC. This is part of the build-out of the new EAC functionality before the reti...

Read Article →

Office 365 for IT Pros March 2024 Update

March 01, 2024 by Tony Redmond

book office-365-for-it-pros

The Office 365 for IT Pros eBook team has released the March 2024 update for the only eBook covering the Microsoft 365 ecosystem that's updated mon...

Read Article →

Using WDAC to ingest missing MDE events and detect token stealing

March 01, 2024 by Robbe Van den Daele

entra-id

Introduction In a previous blog post I talked about how adversaries can exploit SSO capabilities of Hybrid or fully Entra ID joined devices. I ment...

Read Article →

Honored to receive the Microsoft MVP Award in Security – Febuary 2024!

February 29, 2024 by Michael Morten Sonne

community general microsoft mvp-award security

Last Updated on March 15, 2024 by Michael Morten Sonne Intoduction 🎉 I am so thrilled to share… The post Honored to receive the Microsoft MVP...

Read Article →

Restoring Data with Microsoft 365 Backup (Preview)

February 29, 2024 by Tony Redmond

administration microsoft-365 microsoft-365-backup restore-failures-with-microsoft-365-backup

Microsoft has created an easy to use Microsoft 365 Backup solution. Its key feature is speed, including speed to restore data. I tested restores fo...

Read Article →

Reporting Soft-Deleted Entra ID Objects

February 28, 2024 by Tony Redmond

entra-id report-soft-deleted-entra-id-objects

A Microsoft Technical Community article gave some interesting information about how to report soft-deleted Entra ID objects. We think we can improv...

Read Article →

Autopilot: Only fail selected blocking apps in technician phase.

February 27, 2024 by rudyooms

autopilot intune intune win32app windowsautopilot

This blog will explain everything you want to know about this new ESP function called “Only fail selected blocking apps in technician phase (preview).

Read Article →

How to Setup Cloud PKI in Microsoft Intune Step by Step

February 27, 2024 by Daniel Bradley

intune

Learn how to configure you own Certificate Authority in Microsoft Intune Step by Step using Cloud PKI feature of Intune Suite. The post How to Setu...

Read Article →

Protect your users from Device Code Flow abuse

February 27, 2024 by Author

azure

Device Code Flow is a great feature. You are signed in on a machine that does not have any UI but need to connect to an Azure or Microsoft 365 reso...

Read Article →

Report OneDrive for Business Storage Based on Usage Data

February 27, 2024 by Tony Redmond

microsoft-graph onedrive-for-business powershell create-onedrive-for-business-storage-consumption-report graph-usage-reports-api

If you wanted to write a PowerShell script to create a OneDrive storage report, you'd probably use the cmdlets from the SharePoint Online managemen...

Read Article →

Speaking at the February 2024 Azure APE Meetup

February 27, 2024 by Kenneth Van Surksum

entra-id cloud-app-security entra-id events intune

Today (Tuesday February 27th) I have the pleasure to speak at the February 2024 Azure APE Meetup organized by the Azure Platform Engineering (APE) ...

Read Article →

Microsoft Releases Entra ID License Utilization Insights

February 26, 2024 by Tony Redmond

microsoft-365 entra-id entra-id-premium-licenses entra-id-usage-insights

Microsoft has released the preview of the Entra ID usage insights for premium license consumption. This could be the harbinger of a more restricted...

Read Article →

PowerShell – Code Sign and validate files in a folder with optimized logic

February 25, 2024 by Michael Morten Sonne

code-repository powershell script security

Last Updated on February 25, 2024 by Michael Morten Sonne Intoduction Let’s delve into what makes this script… The post PowerShell – Co...

Read Article →

Microsoft Defender for Identity – Updated Advanced Settings Page

February 24, 2024 by Michael Morten Sonne

active-directory attackscompromise identity defender-for-identity defender-xdr

Last Updated on February 24, 2024 by Michael Morten Sonne Intoduction Introducing the Updated Advanced Settings Page for… The post Microsoft ...

Read Article →

Protect the Device Code Authorisation Flow With Conditional Access

February 24, 2024 by Daniel Bradley

entra-id featured

Learn how to protect the device code authorisation flow in Microsoft Entra using Conditional Access policies. The post Protect the Device Code Auth...

Read Article →

Microsoft Kills Viva Topics to Focus on Copilot

February 23, 2024 by Tony Redmond

microsoft-365 microsoft-365-copilot microsoft-viva viva-topics-retirement

The Viva Topics retirement announced on February 22, 2024 is an inevitable side-effect of Microsoft's ongoing focus on Copilot. It is difficult to ...

Read Article →

The Lord of Compliance: The War of the Check Access Button

February 23, 2024 by rudyooms

intune compliance intune

In this updated blog, I will take a closer look at what exactly happens when you press the “Check Access” button in the Company Portal and why it t...

Read Article →

Teams Private and Shared Channels Get Support for Tags

February 22, 2024 by Tony Redmond

teams private-channels shared-channels teams-tags

Teams Tags Support for Private and Shared Channels should arrive in targeted tenants soon. The new tag capability uses channel memberships instead ...

Read Article →

Entra ID – Global Secure Access Client – Installation of the Agent on Windows – Part 2

February 21, 2024 by Michael Morten Sonne

entra-id cool-tools global-secure-access identity security

Last Updated on February 22, 2024 by Michael Morten Sonne Intoduction In an era defined by the dynamic… The post Entra ID – Global Secure Acc...

Read Article →

Microsoft 365 end-user notifications for changes in authentication methods

February 21, 2024 by Jan Bakker

entra-id logic-apps security

Check out this article via web browser: Microsoft 365 end-user notifications for changes in authentication methods When moving away from traditiona...

Read Article →

Report Microsoft Entra License Utilisation with PowerShell

February 21, 2024 by Daniel Bradley

entra-id

Learn how to report on Microsoft Entra Premium license utilisation using Microsoft Graph PowerShell to identify utilisation metrics. The post Repor...

Read Article →

Stopping Copilot Access to SharePoint Online Sites and Document Libraries

February 21, 2024 by Tony Redmond

microsoft-365-copilot copilot-for-microsoft-365 copilot-for-word excluding-sharepoint-sites-from-search

Two methods exist to exclude a SharePoint sites from Copilot being able to use its contents - you can exclude the site (or document library) from s...

Read Article →

Windows LAPS Under the Hood Part 2: Defuncted!

February 21, 2024 by rudyooms

intune windows-laps

This blog will show you how the new Automatic Account Management feature in Windows LAPS, in combination with another new “hidden defunctR...

Read Article →

Automatic attack disruption in Microsoft Defender XDR and containing users during Human-operated Attacks

February 20, 2024 by Jeffrey Appel

security defender-for-endpoint defender-xdr

Microsoft announced last year a new feature with the name; Automatic Attack Disruption in Defender XDR (Microsoft 365 Defender). Since October last...

Read Article →

Why You Should Not Upgrade to Microsoft Graph PowerShell SDK V2.14

February 20, 2024 by Tony Redmond

powershell microsoft-graph-powershell-sdk-v214

Usually, we recommend that Microsoft 365 tenants use the latest version of the Microsoft Graph PowerShell SDK. However, a serious bug in V2.14 mean...

Read Article →

Microsoft Defender XDR – Offboarding scripts will now expire in 3 days and not 30 days

February 19, 2024 by Michael Morten Sonne

attackscompromise defender-for-endpoint defender-xdr security windows

Last Updated on February 21, 2024 by Michael Morten Sonne Intoduction In a proactive move to give us… The post Microsoft Defender XDR – Offbo...

Read Article →

Problems Retrieving SharePoint Online Usage Data with Graph APIs

February 19, 2024 by Tony Redmond

graph-api sharepoint-online sharepoint-site-usage-data sharepoint-usage-data sharepoint-usage-report

A longstanding problem (SP676147) open since September 2023 causes problems retrieving important SharePoint usage data like site URLs and user acti...

Read Article →

Entra ID – Global Secure Access Client – What it is about – Part 1

February 17, 2024 by Michael Morten Sonne

entra-id cool-tools global-secure-access identity security

Last Updated on February 21, 2024 by Michael Morten Sonne Intoduction In an dynamic nature of work, where… The post Entra ID – Global Secure ...

Read Article →

Microsoft maked the source code for MS-DOS and Word for Windows available to the public

February 17, 2024 by Michael Morten Sonne

code-repository community github history microsoft

Last Updated on February 17, 2024 by Michael Morten Sonne Intoduction Unlocking Digital Time Capsules In a noteworthy… The post Microsoft mak...

Read Article →

Office 365 for IT Pros eBook Team Welcomes Michel de Rooij

February 16, 2024 by Tony Redmond

exchange-online exchange-online-protection anti-phishing-policy impersonation-protection defender-for-office-365

The Office 365 for IT Pros team welcomes Michel de Rooij as a new author. As a PowerShell Pro, he'll like the code to update the impersonation prot...

Read Article →

[Updated Feb 2024] Ultimate Comparison of Defender for Endpoint Features by OS

February 16, 2024 by Ru Campbell

defender-xdr defender-for-endpoint defender-xdr atp azure-security-center

Finally, it’s time for a refresh.  It’s been a while!  Due to personal circumstances, I haven’t been able to keep the U...

Read Article →

Copilot for Microsoft 365 to Support Outlook Classic

February 15, 2024 by Tony Redmond

microsoft-365 outlook teams copilot-for-microsoft-365 copilot-support-for-outlook-classic

Microsoft originally said that Copilot for Microsoft would only support the Monarch client. Now it turns out the Outlook Win32 Copilot support is c...

Read Article →

Logging Into the Future: Smart Strategies for Storing Microsoft Entra Logs in Azure

February 15, 2024 by Nathan Hutchinson

entra-id azure

Explore storing Microsoft Entra logs via Azure Monitor, Storage Accounts, and Event Hubs, each offering unique benefits for IT security.

Read Article →

Migrate Identity Protection Risk Policies to Conditional Access

February 14, 2024 by Daniel Bradley

entra-id

Learn how to Migrate Identity Protection Risk policies in Microsoft Entra to Conditional Access Policies before they are retired. The post Migrate ...

Read Article →

Tracking Licensing Costs for Microsoft 365 Tenants

February 14, 2024 by Tony Redmond

administration microsoft-365 powershell microsoft-365-licensing-costs report-microsoft-365-licensing-costs

The latest version of the Microsoft 365 Licensing Report script includes code to generate cost analyses for the departments and countries assigned ...

Read Article →

Checking Out Entra Identity Secure Score

February 13, 2024 by Tony Redmond

entra-id entra-identity-secure-score expiring-app-credentials

If your Microsoft 365 tenant has Entra P2 licenses, you can use the Entra Identity Secure Score feature to measure your tenant against Microsoft be...

Read Article →

New Teams Telephony Admin Role in Teams Admin Center

February 13, 2024 by Daniel Bradley

microsoft-365 microsoft-teams

Learn about the Teams Telephony Admin Role in the Teams Admin Center which is specifically designed to managed telephony-related functions in teams...

Read Article →

Send High Volume Email in Microsoft 365

February 13, 2024 by Daniel Bradley

exchange-online

Learn about the High Volume Email service in Microsoft 365's Exchange Online platform so send bulk emails to external recipients. The post Send Hig...

Read Article →

Configure email authentication for domains you own in Exchange Online (SPF, DKIM, DMARC and MTA-STS)

February 12, 2024 by Michael Morten Sonne

dns exchange-online microsoft-365 security

Last Updated on February 15, 2024 by Michael Morten Sonne Intoduction Why set this up? Configuring email authentication… The post Configure e...

Read Article →

Viewing changes to Conditional Access policies just became easier!

February 12, 2024 by Jan Bakker

entra-id knowledgebase security

Check out this article via web browser: Viewing changes to Conditional Access policies just became easier! Today, a quick tip for all Entra admins ...

Read Article →

Why MFA, Conditional Access, and Sensitivity Labels can Combine to Give Outlook a Problem

February 12, 2024 by Tony Redmond

entra-id microsoft-information-protection outlook all-cloud-apps conditional-access-policies

If conditional access policies impose MFA for all cloud apps, it gives external users a problem when they use Outlook desktop to read protected ema...

Read Article →

How Many Message Center Announcements End Up Being Delayed?

February 09, 2024 by Tony Redmond

administration microsoft-365 powershell get-mgserviceannouncementmessage message-center-posts

This article describes how to use the Microsoft Graph PowerShell SDK to retrieve and interpret Microsoft 365 message center posts with the intentio...

Read Article →

I’m Gonna Config Refresh You So Hard!

February 08, 2024 by rudyooms

intune configrefresh mde intune

This blog introduces a new Intune feature: ConfigRefresh, also known as Config Refresh, designed to enhance device security without the need for re...

Read Article →

Teams Users Can Hide the General Channel

February 08, 2024 by Tony Redmond

microsoft-365 teams general-channel hide-teams-general-channel mc711019

Message center notification MC711019 covers the ability to hide the General channel for a team, a feature designed to free up space in the teams an...

Read Article →

Entra ID Protection – Common Microsoft 365 Security Mistakes Series

February 07, 2024 by Ru Campbell

entra-id entra-id-protection-identity-protection conditional-access ems entra-id

Signals from across Microsoft’s services and ecosystems inform Entra ID Protection to detect risk. The risk detections can alert administrato...

Read Article →

List All Available Apps in the Intune Enterprise App Catalog

February 07, 2024 by Daniel Bradley

microsoft-graph intune

How to quickly list all applications in the Microsoft Intune Enterprise App Catalog using Microsoft Graph PowerShell. The post List All Available A...

Read Article →

Use the Graph SDK to Access Microsoft 365 Service Health Information

February 07, 2024 by Tony Redmond

administration microsoft-365 microsoft-graph powershell get-mgserviceannouncementhealthoverview

The Microsoft Graph includes the Service Communications API. SDK cmdlets can use the API to retrieve and work with service health data. In this art...

Read Article →

Defender for Cloud – Permissions Management – New Features added to Cloud Infrastructure Entitlement Management (CIEM)

February 06, 2024 by Michael Morten Sonne

entra-id code-repository compliance identity defender-for-cloud

Last Updated on April 27, 2024 by Michael Morten Sonne Intoduction In the ever-evolving landscape of cloud-based infrastructures,… The post D...

Read Article →

Register New Applications With Microsoft Graph PowerShell

February 06, 2024 by Daniel Bradley

entra-id microsoft-graph

Learn how to register new applications in Microsoft Entra and assign permissions using Microsoft Graph PowerShell. The post Register New Applicatio...

Read Article →

Reporting App Permissions Used by Managed Identities

February 06, 2024 by Tony Redmond

entra-id managed-identity-permission report-managed-identities-permissions

This article explains how to check Managed Identity permissions, or rather the set of consented Graph and other permissions held by the service pri...

Read Article →

New MSIdentityTools Cmdlet to Report OAuth Permissions

February 05, 2024 by Tony Redmond

entra-id powershell export-msidappconsentgrantreport msidentitytools oauth-permissions

The latest version of the MSIndentityTools PowerShell module includes the Export-MsIdAppConsentGrantReport cmdlet to generate a report of OAuth app...

Read Article →

Anonymous IP address involving Apple iCloud Private Relay

February 04, 2024 by Author

entra-id cloud

Since a few weeks I recognized an uptick in Entra ID Protection alerts regarding “Anonymous IP address” detections. Normally this is a ...

Read Article →

A Thread on Frosty Fiascos: Delving into the Microsoft Midnight Blizzard Hack

February 03, 2024 by Jan Bakker

entra-id security

Check out this article via web browser: A Thread on Frosty Fiascos: Delving into the Microsoft Midnight Blizzard Hack This post is all about the ha...

Read Article →

Device Query: Dead of 64-bit

February 03, 2024 by rudyooms

device-query intune

This blog will show you why the new Device Query Intune Suite feature could give you the wrong information when you are using the WindowsRegistry e...

Read Article →

Microsoft Defender Vulnerability Management – Common Microsoft 365 Security Mistakes Series

February 03, 2024 by Ru Campbell

defender-for-cloud defender-for-endpoint microsoft-defender-vulnerability-management defender-xdr defender

Microsoft Defender Vulnerability Management (MDVM) is an often overlooked service that can be licensed standalone or is included in other Microsoft...

Read Article →

Five Push Notifications at Device Query

February 02, 2024 by rudyooms

device-query intune device-query pivot

In this blog, I am going to take a closer look at how we can troubleshoot a new feature in Intune called Device Query, also known as Intune Pivot. ...

Read Article →

How to Hide Individual Distribution List Members

February 02, 2024 by Tony Redmond

exchange-online add-distributiongroupmember hide-individual-distribution-group-members new-distribytiongroup

A question asked if it's possible to hide individual distribution list members. It's easy to hide the complete membership but not as simple to hide...

Read Article →

AitM detection with Sentinel via custom CSS

February 01, 2024 by Robbe Van den Daele

entra-id sentinel

Introduction You are probably wondering, what has CSS to do with detecting AitM sites. In this blog post, we will go over how we can use a custom C...

Read Article →

Device Query: A Mad Max Intune Suite Feature

February 01, 2024 by rudyooms

device-query intune

This blog will show you how Microsoft is stepping up the real-time reporting game by introducing a new wonderful feature called: Intune Pivot Devic...

Read Article →

How to Deploy Apps from the Enterprise App Catalog In Intune

February 01, 2024 by Daniel Bradley

microsoft-graph intune

Learn how to deploy applications from the Enterprise App Catalog in Microsoft Intune using the web portal and PowerShell. The post How to Deploy Ap...

Read Article →

Office 365 for IT Pros February 2024 Update

February 01, 2024 by Tony Redmond

book office-365-for-it-pros-2024-edition office-365-for-it-pros-ebook

The February 2024 update for the Office 365 for IT Pros eBook (monthly update #104) is now available for download. Lots happened during January in ...

Read Article →

Microsoft Cloud Revenues Powered by Office 365

January 31, 2024 by Tony Redmond

microsoft-365 microsoft-fy24-q2-results office-365-400-million-seats

Office 365 Reaches 400 million. Well, to be precise, in their FY24 Q2 results, Microsoft said that the figure is "over 400 million paid seats," but...

Read Article →

Pivot via OAuth applications across tenants and how to protect/detect with Microsoft technology? (Midnight blizzard)

January 31, 2024 by Jeffrey Appel

security entra-id defender-xdr

Recently threat actors like Midnight Blizzard use the OAuth applications in tenants that they can misuse for malicious activity. Actors use comprom...

Read Article →

Windows LAPS Under the Hood: Automatic Account Management

January 31, 2024 by rudyooms

intune laps windows-laps

This blog is going to show you some magical things that are happening in the background when you have enabled and configured Windows LAPS Automatic...

Read Article →

Global Reader in Microsoft Entra to Allow Access to Teams Devices

January 30, 2024 by Daniel Bradley

entra-id

The Global Administrator role in Microsoft Entra will soon enable administrators to access the Teams Devices section of the Teams admin center. The...

Read Article →

Graph User.ReadBasic.All Application Permission Available

January 30, 2024 by Tony Redmond

entra-id microsoft-graph graph-permissions userreadall userreadbasicall

The Graph User.ReadBasic.All permission is now available for both delegated and application usage. Think before rushing to use the permission. Alth...

Read Article →

Microsoft Deprecates Old Exchange Audit Search Cmdlets

January 29, 2024 by Tony Redmond

compliance powershell exchange-search-cmdlets search-unifiedauditlog

A January 26 post announces the deprecation of four old Exchange audit cmdlets in favor of the Search-UnifiedAuditLog cmdlet. Removing old cmdlets ...

Read Article →

How to Enable Automatic Account Creation for LAPS in Intune

January 27, 2024 by Daniel Bradley

intune

Learn how to Automatically create new accounts using Windows LAPS configuration settings in Microsoft Intune The post How to Enable Automatic Accou...

Read Article →

Exchange Online Optimizes Online Address Book Lookups

January 26, 2024 by Tony Redmond

exchange-online entra-id domain-name-reference get-mgdomainnamereference

Microsoft is changing the way that Exchange Online address book updates work to force users to use search rather than browsing through the GAL/OAB....

Read Article →

Improve Microsoft Graph PowerShell Performance with Batching

January 26, 2024 by Daniel Bradley

microsoft-graph

Learn how to improve the performance of your Microsoft Graph PowerShell scripts by using Graph request batching. The post Improve Microsoft Graph P...

Read Article →

How to Update Tenant Corporate Branding for the Entra ID Sign-in Screen with PowerShell

January 25, 2024 by Tony Redmond

graph-api entra-id microsoft-graph powershell corporate-branding-for-entra-id

The ability to apply custom corporate branding for Entra Id screens has existed since 2020. You can update elements through the admin center or Pow...

Read Article →

Protect against QR Code phishing with Microsoft Defender products

January 25, 2024 by Jeffrey Appel

security defender-for-office-365

In the past months, there has been a growing increase in QR Code phishing, since attackers are using new creative ways to bypass existing protectio...

Read Article →

Windows LAPS: The Desolation of PAA Reboots

January 25, 2024 by rudyooms

intune windows-laps laps windows

While playing around with Windows LAPS with an insider Windows canary build, I noticed that some improvements were made to Post Authentication Acti...

Read Article →

How to Use PowerShell to Retrieve Permissions for Entra ID Apps

January 24, 2024 by Tony Redmond

graph-api microsoft-graph get-mgapplication get-mgserviceprincipalapproleassignment graph-app-permissions

Recent attacker activity made me think that access might have been gained through an OAuth app. Keeping an eye on app permissions is important. Fro...

Read Article →

Speaking at the Cloud Guardians Unleashed event of the Microsoft Cloud and Client Management Community

January 24, 2024 by Kenneth Van Surksum

announcement entra-id conditional-access entra-id modern-workplace

Tomorrow (Thursday January 25th) I have the pleasure to speak at the Cloud Guardians Unleashed event organized by the Microsoft Cloud and Client Ma...

Read Article →

Teams Retires Client Ability to Load Websites from Channel Tabs

January 23, 2024 by Tony Redmond

teams microsoft-graph-powershell-sdk reporting-website-channel-tab teams-website-channel-tab

Microsoft plans to change the way that the Teams website channel tab works in early April 2024. Instead of the client opening a site, a new browser...

Read Article →

Copilot for Teams Extracts Real Value from Meeting Transcripts

January 22, 2024 by Tony Redmond

microsoft-365 copilot-for-microsoft-365 copilot-for-teams

Lots of hype surrounds Copilot for Microsoft 365, but I like the way that Copilot for Teams extracts real value from meeting transcripts to generat...

Read Article →

Configure LAPS in Intune using Microsoft Graph PowerShell

January 21, 2024 by Daniel Bradley

microsoft-graph intune

Quickly configure baseline settings for Windows LAPS in Microsoft Intune using Microsoft Graph PowerShell. The post Configure LAPS in Intune using ...

Read Article →

Microsoft Defender for Identity – What is it, how to install it and setup requirements

January 20, 2024 by Michael Morten Sonne

active-directory attackscompromise entra-id code-repository cool-tools

Last Updated on September 26, 2024 by Michael Morten Sonne Intoduction What is Defender for Identity Microsoft Defender… The post Microsoft D...

Read Article →

Microsoft Encourages More Performant Membership Rules for Dynamic Groups

January 19, 2024 by Tony Redmond

entra-id dynamic-group-rule-builder entra-id group-membership-rule intune

MC705357 (9 Jan 2024) says that the dynamic group rule builder in the Entra ID and Intune admin centers no longer supports the contains and notCont...

Read Article →

A winget match made in heaven

January 18, 2024 by Nathan Hutchinson

intune

Learn how to package and auto-update apps in Intune using community-driven tools, WinTuner and Winget-AutoUpdate-Intune, for an efficient, l

Read Article →

Ignore the Hype Surrounding the Copilot Announcement

January 18, 2024 by Tony Redmond

microsoft-365 copilot-for-microsoft-365-deployments microsoft-365-copilot-deployment

Microsoft's January 15 announcement reduced deployment costs and opened the possibility for Copilot for Microsoft 365 deployments to many Office 36...

Read Article →

Teams Naming Should be Clear and Simple

January 17, 2024 by Tony Redmond

teams teams-directory teams-naming-convention

The essence of a good teams naming convention is simplicity and clarity. This article explains why those aspects are so important in terms of helpi...

Read Article →

How to Report Expiring Credentials for Entra ID Apps

January 16, 2024 by Tony Redmond

entra-id microsoft-graph app-certificate-expiration app-credential-expiration app-secret-expiration

Entra ID registered apps can authenticate using app secrets and certificates. These credentials expire over time, so it’s good to review app creden...

Read Article →

How to use deception in Microsoft Defender for Endpoint/ Defender XDR

January 16, 2024 by Jeffrey Appel

security defender-for-endpoint defender-xdr

Microsoft Defender XDR is expanding in the full attack stage. With the new Deception capability in Microsoft Defender XDR, it is possible to detect...

Read Article →

How to Stop Users Receiving Document Mismatch Notifications

January 15, 2024 by Tony Redmond

sharepoint-online document-mismatch-notification mail-flow-rule

Document mismatch notifications tell users when they apply a higher-priority sensitivity label to documents than applied to the site. Some organiza...

Read Article →

PowerShell – Automatically retrieve download links from Microsoft Evaluation Center

January 15, 2024 by Michael Morten Sonne

automation code-repository github iso powershell

Last Updated on February 19, 2024 by Michael Morten Sonne Intoduction In the ever-evolving realm of IT, efficiency… The post PowerShell – Aut...

Read Article →

Report all Application Owners in Microsoft Entra with PowerShell

January 15, 2024 by Daniel Bradley

microsoft-graph

Learn how to report the owners of all applications in Microsoft Entra using Microsoft Graph PowerShell and export to CSV. The post Report all Appli...

Read Article →

Entra ID – Stale Application Analysis with PowerShell

January 14, 2024 by Michael Morten Sonne

automation entra-id code-repository compliance identity

Last Updated on February 19, 2024 by Michael Morten Sonne Stale Application Analysis for Entra ID – some… The post Entra ID – Stale App...

Read Article →

Export Microsoft 365 Mailboxes with Microsoft Graph PowerShell

January 14, 2024 by Daniel Bradley

microsoft-graph

Learn how to quickly backup any Exchange Online mailbox using Microsoft Graph PowerShell and export the files locally. The post Export Microsoft 36...

Read Article →

Connect to Microsoft Graph PowerShell Using Certificates with Azure Automation

January 12, 2024 by Daniel Bradley

microsoft-graph

Learn how to Connect to Microsoft Graph PowerShell using certificate based authentication in Microsoft Entra. The post Connect to Microsoft Graph P...

Read Article →

How to Deploy Microsoft 365 Apps With Intune

January 12, 2024 by Daniel Bradley

intune

Learn how to deploy the Microsoft 365 applications to Windows 10 and 11 devices using Microsoft Intune. The post How to Deploy Microsoft 365 Apps W...

Read Article →

Mastering Microsoft Graph PowerShell SDK Foibles

January 12, 2024 by Tony Redmond

entra-id microsoft-graph powershell get-graphscriptpermission group-extension-attributes

Entra ID supports user extension attributes but the same facility is unavailable for group objects. That seems strange, but it might be due to the ...

Read Article →

Race for Experiments: EPM vs. Ecs

January 12, 2024 by rudyooms

epm intune intune intune

In this blog, I am going to take a closer look at another EPM “flight” (AKA new feature) that Microsoft seems to be working on in Endpoint Privileg...

Read Article →

Interpreting Audit Events for the New Stream

January 11, 2024 by Tony Redmond

stream stream-advanced-events stream-audit-events

Audit events generated for the new Stream look like any other SharePoint Online event. Extracting the Stream audit events takes a little more effor...

Read Article →

Microsoft Entra Workload ID - Incident Response with Microsoft Sentinel Playbooks and Conditional Access

January 11, 2024 by Thomas Naunheim

entra-id entra-id entra-id workload-id azure

In the recent parts of the blog post series, we have gone through the various capabilities to detect threats and fine-tune incident enrichment of W...

Read Article →

How to protect Microsoft Teams with Microsoft 365 Defender

January 10, 2024 by Jeffrey Appel

security defender-for-office-365

Microsoft released in the past months additional protections for Microsoft Teams. The new Office protection is part of the Defender for Office prod...

Read Article →

Recent Stream Updates Enhance Video Functionality

January 10, 2024 by Tony Redmond

microsoft-365 stream automatic-transcript-generation no-download-link-for-videos stream-browser-app

The Stream browser app has received a bunch of recent enhancements, some of which are still deploying to tenants. The changes make it easier for Mi...

Read Article →

Speaking at the MCT Summit Europe 2024

January 10, 2024 by Kenneth Van Surksum

conditional-access exchange-online intune modern-workplace security

This year, the annual Microsoft Certified Trainer (MCT) summit will be held in the Netherlands. The event which takes place between 14-17 January w...

Read Article →

How to Share Contact Information in Teams Chat

January 09, 2024 by Tony Redmond

teams share-someones-contact-info teams-chat

A new Share Someone's Contact Info feature is available for Teams one-to-one and group chats. The option inserts a link to the person's profile car...

Read Article →

Microsoft Defender XDR – Activity log and change incident severity

January 09, 2024 by Michael Morten Sonne

defender-xdr security

Last Updated on February 19, 2024 by Michael Morten Sonne Intoduction Have you ever thinked about the Activity… The post Microsoft Defender X...

Read Article →

How to Install and Use WinGet During AutoPilot

January 08, 2024 by Daniel Bradley

intune

Learn how to install WinGet on Windows 10 and 11 devices using Microsoft Intune to help with installing and updating applications during the AutoPi...

Read Article →

How to Report User-Consented Permissions on Applications in Microsoft Entra

January 08, 2024 by Daniel Bradley

microsoft-graph

Learn how to use Microsoft Graph PowerShell to generate a report of user permissions consented to applications in Microsoft Entra. The post How to ...

Read Article →

Managing Passwords for Entra ID Accounts with PowerShell

January 08, 2024 by Tony Redmond

entra-id powershell change-account-password password-profile update-entra-id-account-password

Password profiles store the password settings for Entra ID user accounts. By updating the password profile, you can update an account's password an...

Read Article →

Microsoft Defender XDR – Experience Improvements for Advanced Hunting

January 07, 2024 by Michael Morten Sonne

advanced-hunting cool-tools kql defender-xdr security

Last Updated on February 19, 2024 by Michael Morten Sonne Intoduction This blog post covers a few of… The post Microsoft Defender XDR – Exper...

Read Article →

Microsoft Attempts to Retire Search-Mailbox Again

January 05, 2024 by Tony Redmond

compliance exchange-online compliance-search-action compliance-search-purge mc703706

In message center notification MC703706 Microsoft announces yet another attempt to retire the Search-Mailbox cmdlet. This time it's due to happen i...

Read Article →

How to Use SharePoint Metadata with Word Documents

January 04, 2024 by Tony Redmond

sharepoint-online custom-columns custom-document-metadata custom-document-properties sharepoint-online-custom-properties

This article explains how I use custom document properties with SharePoint Online to track the topics covered by blog articles that I write. The cu...

Read Article →

Creating Viva Engage Communities with the Graph API

January 03, 2024 by Tony Redmond

microsoft-365 yammer community-api create-viva-engage-community-with-the-graph viva-engage

A new beta Graph API supports the creation of a Viva Engage community. This article explains how to use the Graph SDK to create a new community wit...

Read Article →

Getting started with Microsoft Entra Private Access

January 03, 2024 by Nathan Hutchinson

global-secure-access entra-id conditional-access

Discover Microsoft Entra Private Access: advanced, secure remote access for corporate resources, surpassing traditional VPN limitations.

Read Article →

Don’t Feed Large Reference Documents to Copilot for Word

January 02, 2024 by Tony Redmond

microsoft-365 copilot-for-word reference-documents-too-large

Copilot for Word reference documents help to ground the prompts sent to LLMs for processing. The documents can be too large, which means that their...

Read Article →

EPM: And the “Flights” of Support Approved

January 02, 2024 by rudyooms

epm intune intune intune windows

This is the first unofficial blog about a nice new Endpoint Privilege Management feature called Support Approved. I will show you what it looks lik...

Read Article →

Office 365 for IT Pros January 2024 Update

January 01, 2024 by Tony Redmond

book office-365-for-it-pros-2024-edition

The January 2024 update for the Office 365 for IT Pros eBook is available for subscribers to download from Gumroad.com or Amazon. Like any monthly ...

Read Article →

Reflecting on 2023: A Year of Achievements, Growth, and Gratitude

December 31, 2023 by Michael Morten Sonne

community general

Last Updated on December 31, 2023 by Michael Morten Sonne Intoduction As we near the end of 2023,… The post Reflecting on 2023: A Year of Ach...

Read Article →

Obtain an Access Token for Graph API PowerShell Using a Device Code

December 28, 2023 by Daniel Bradley

microsoft-graph

Learn how to connect to Microsoft Graph PowerShell using a device code and obtain an access token without the PowerShell modules. The post Obtain a...

Read Article →

Reporting Entra ID Admin Consent Requests

December 22, 2023 by Tony Redmond

entra-id powershell admin-consent-request entra-id get-mgidentitygovernanceappconsentrequest

A question came in about how to report admin consent requests as viewed through the Entra ID admin center. PowerShell does the trick, once you know...

Read Article →

Blocking the Welcome Message for Microsoft 365 Groups

December 21, 2023 by Tony Redmond

microsoft-365-groups block-welcome-message new-mggroup new-team new-unifiedgroup

This article describes how to block welcome messages for new members of Microsoft 365 groups using a resource behavior option (a group setting). Th...

Read Article →

Entra ID – Quota Limit – Learn to manage your usage to avoid maxing it out and extend it before it’s too late

December 21, 2023 by Michael Morten Sonne

automation entra-id code-repository identity powershell

Last Updated on February 19, 2024 by Michael Morten Sonne Intoduction The inability to create new users in… The post Entra ID – Quota Limit –...

Read Article →

From hybrid / fully joined devices to Entra ID

December 21, 2023 by Robbe Van den Daele

azure entra-id cloud

Introduction Adversaries are more and more interested in the data and infrastructure that lives in Cloud environments like Azure and Microsoft 365 ...

Read Article →

How to Enable Defender for Endpoint in Microsoft Intune

December 20, 2023 by Daniel Bradley

intune

Learn how to enable and deploy Microsoft Defender for Endpoint to Windows 10 and 11 devices using Microsoft Intune. The post How to Enable Defender...

Read Article →

Using the SharePoint Online Sensitive by Default Control

December 20, 2023 by Tony Redmond

compliance onedrive-for-business sharepoint-online data-loss-prevention dlp

The Sensitive by Default control allows tenants to prevent external access to newly uploaded documents until DLP processing checks their content. T...

Read Article →

Creating a Hold Report for Purview eDiscovery Cases

December 19, 2023 by Tony Redmond

compliance compliance-hold-report ediscovery-hold-report get-caseholdpolicy get-compliancecase

Microsoft plans to make an eDiscovery hold report available to tenants in January 2024. This article explains how to use PowerShell to create a sim...

Read Article →

Exchange Online Protection & Defender for Office 365 – Common Microsoft 365 Security Mistakes Series

December 19, 2023 by Ru Campbell

exchange-online exchange-online-protection microsoft-365 defender-xdr defender-for-office-365

Exchange Online Protection (EOP) and Microsoft Defender for Office 365 (MDO) are the email and collaboration security services native to Microsoft ...

Read Article →

How to Configure Web Content Filtering with Global Secure Acess

December 18, 2023 by Daniel Bradley

entra-id

Learn how to configure web filtering policies using the Global Secure Access, Internet Access profile in Microsoft Entra. The post How to Configure...

Read Article →

The Demise of Office Delve

December 18, 2023 by Tony Redmond

microsoft-365 delve retirement

The Delve web app will be deprecated by Microsoft in December 2024. It's the end of a line for an app that once promised to reimagine search. The p...

Read Article →

Microsoft Entra Workload ID - Advanced Detections and Enrichment in Microsoft Sentinel

December 17, 2023 by Thomas Naunheim

entra-id entra-id entra-id workload-id azure

Collecting details of all workload identities in Microsoft Entra ID allows to build correlation and provide enrichment data for Security Operation ...

Read Article →

Perform Bulk On-demand Remediation with Microsoft Intune

December 15, 2023 by Daniel Bradley

intune

Learn how to initiate bulk on-demand remediation packages on multiple machines at once using Microsoft Intune. The post Perform Bulk On-demand Reme...

Read Article →

Threat Actors Increase Misuse of OAuth Applications

December 15, 2023 by Tony Redmond

entra-id security audit-events consent-grant-attack consent-to-application

OAuth apps are a big part of the extensibility picture for Microsoft 365 tenants. As such, they are targeted by attackers as a good way to gain acc...

Read Article →

Using Microsoft 365 Copilot for Word

December 14, 2023 by Tony Redmond

microsoft-365 copilot-for-word microsoft-365-copilot

Copilot for Word is an application-specific implementation of Microsoft 365 Copilot. Amongst its capabilities, Copilot can generate and rewrite tex...

Read Article →

How to Create a Local Admin Account on Windows Devices with Intune

December 13, 2023 by Daniel Bradley

intune featured

Lean how to create a local administrator account on your Windows devices really simple with Microsoft Intune. The post How to Create a Local Admin ...

Read Article →

Microsoft’s AI Strategy for Security Depends on Data

December 13, 2023 by Tony Redmond

security kql kusto-query-language sentinel

Microsoft's security strategy is all about AI with Security Copilot leading the charge. Even in a world of AI tools, knowing how to use KQL and Sen...

Read Article →

Exchange Online Retention Policies and the Deleted Items Folder

December 12, 2023 by Tony Redmond

exchange-online default-mrm-policy deleteditems-retention-tag microsoft-365-retention-policies

For whatever reason, it's not possible to update the Default MRM policy to add the DeletedItems retention tag to process items in the Deleted Items...

Read Article →

The 0xd000000d Job 2: Nutty by Intune

December 12, 2023 by rudyooms

intune airwatch intune workspace

In this blog post, a fellow Dutchman (Jos Lieben) asked me if I could assist him with a weird error that occurred during the Intune/MDM enrollment....

Read Article →

Entra ID Improves Registered App Security

December 11, 2023 by Tony Redmond

entra-id powershell app-instance-property-lock entra-id-registrered-app get-mgapplication

The preview app instance property lock feature designed to improve the security of Entra ID registered apps is becoming the default for new apps. I...

Read Article →

How to Create and Manage Access Reviews for Group Owners

December 11, 2023 by Daniel Bradley

entra-id featured

Learn how to enable group owners to managed access reviews for guests in groups/teams that they are the own off. The post How to Create and Manage ...

Read Article →

Microsoft Defender for Endpoint plug-in for Windows Subsystem for Linux (WSL) – finally!

December 11, 2023 by Michael Morten Sonne

cool-tools defender-for-endpoint defender-xdr security windows-10

Last Updated on February 19, 2024 by Michael Morten Sonne Intoduction Yes – now we can see information… The post Microsoft Defender for...

Read Article →

What is this Microsoft SSE solution that everyone is talking about?

December 11, 2023 by Kenneth Van Surksum

entra-id entra-id identity-protection modern-workplace security

On July 11th, Microsoft announced that Azure AD would be renamed to Microsoft Entra ID. Microsoft also announced two new security offerings called ...

Read Article →

Entra ID Captures Timestamp for Last Successful Sign In for User Accounts

December 08, 2023 by Tony Redmond

entra-id powershell entra-id-sign-in-activity-log lastsignindatetime lastsuccessfulsignindatetime

Entra ID captures the lastSuccessfulSignInDateTime property to record the last successful sign-in action against user accounts. The new property is...

Read Article →

Exclude Breakglass Accounts from Conditional Access Policies with PowerShell

December 07, 2023 by Tony Redmond

entra-id breakglass-account conditional-access-policies get-mgidentityconditionalaccesspolicy update-mgidentityconditionalaccesspolicy

Conditional access policies control access to Entra ID connections. Policies should have exclusions for breakglass accounts, but sometimes this doe...

Read Article →

Get email notifications for actions performed in Defender XDR (Defender for Endpoint)

December 07, 2023 by Michael Morten Sonne

attackscompromise automation defender-for-endpoint defender-for-identity defender-for-office-365

Last Updated on May 5, 2024 by Michael Morten Sonne Intoduction Enhancing Cybersecurity Operations Through Timely Stakeholder Notifications… ...

Read Article →

The Day that the Microsoft Teams Group Chats stood still.

December 07, 2023 by rudyooms

intune teams

This time not a deep dive blog but a simple little blog about fixing the missing Microsoft Teams group chats and the “Unknown User” in the mobile T...

Read Article →

What problem do passkeys solve?

December 07, 2023 by Kenneth Van Surksum

entra-id security fido2 passkeys

Sometimes unlearning things is harder than learning As you might have read somewhere Microsoft is busy implementing support for passkeys in their p...

Read Article →

How the Auto-label Policy for Cloudy Attachments Works

December 06, 2023 by Tony Redmond

conferences sharepoint-online cloudy-attachments microsoft-purview-compliance microsoft-purview-ediscovery-premium

Cloudy attachments are links to files sent in messages. An auto-label policy can capture copies of cloudy attachments and make them available for e...

Read Article →

How to Find OS Details From an ISO File

December 06, 2023 by Daniel Bradley

windows-server

Learn how to find which Operating System versions are within an ISO file and the OS details, using DISM commands. The post How to Find OS Details F...

Read Article →

How to Prevent Users From Accessing The Microsoft Entra Portal

December 06, 2023 by Daniel Bradley

entra-id

Learn how to prevent users from accessing the Microsoft Entra Admin portal and understand the impact of restricting access. The post How to Prevent...

Read Article →

Checking Exchange Online Distribution List Activity Over 90 Days

December 05, 2023 by Tony Redmond

exchange-online find-unused-distribution-group historic-message-trace-data start-historicalsearch unused-distribution-list

Exchange Online keeps message trace data online for 10 days and that's what's normally used to check for unused distribution lists. Checking over 9...

Read Article →

Configuring even better Windows Update for Business settings for your Microsoft Intune managed Modern Workplace

December 05, 2023 by Kenneth Van Surksum

intune modern-workplace windows-10 windows-11 windows-update-for-business

In March 2021, I published the blogpost “Configuring Windows Update for Business settings for your Microsoft Endpoint Manager managed Modern ...

Read Article →

SharePoint Online Powers Ahead with Embedded Service

December 04, 2023 by Tony Redmond

sharepoint-online sharepoint-embedded

SharePoint Embedded is a new Microsoft offering for application developers. The big upside is that apps can take advantage of the Microsoft 365 eco...

Read Article →

How to Deploy the Global Secure Access Client with Intune

December 02, 2023 by Daniel Bradley

intune

Learn how to mass-install the Global Secure Access Client using Microsoft Intune. The post How to Deploy the Global Secure Access Client with Intun...

Read Article →

Microsoft Entra Workload ID - Threat detection with Microsoft Defender XDR and Sentinel

December 02, 2023 by Thomas Naunheim

entra-id entra-id entra-id workload-id azure

Attack techniques has shown that service principals will be used for initial and persistent access to create a backdoor in Microsoft Entra ID. This...

Read Article →

December 2023 Update for Office 365 for IT Pros eBook is Available

December 01, 2023 by Tony Redmond

book office-365-for-it-pros office-365-for-it-pros-2024-edition

The December 2023 update (monthly update #102) for the Office 365 for IT Pros eBook is now available for subscribers to download. While Microsoft h...

Read Article →

Belgium Microsoft Cloud & Security Community

November 30, 2023 by Robbe Van den Daele

security cloud

“If you know the enemy and know yourself, you do not need to fear the result of a hundred battles.” ~ Sun Tzu ⚔ I spoke at the Belgian ...

Read Article →

Declined Meetings Show Up in OWA and Monarch

November 30, 2023 by Tony Redmond

outlook owa new-outlook preserve-declined-meetings set-mailboxcalendarconfiguration

A new setting in OWA options allows users to choose to preserve declined meetings. Keeping details of declined meetings can help users to find info...

Read Article →

Prevent AiTM with Microsoft Entra Global Secure Access and Conditional Access

November 29, 2023 by Jan Bakker

entra-id security

Check out this article via web browser: Prevent AiTM with Microsoft Entra Global Secure Access and Conditional Access Microsoft Entra Global Secure...

Read Article →

Use Dictation to Compose Outlook Messages

November 29, 2023 by Tony Redmond

outlook monarch new-outlook outlook-voice-dictation owa

Now available for OWA and the Monarch client, Outlook voice dictation allows users to compose the body text of messages with speech-to-text transcr...

Read Article →

Speaking at the European SharePoint Conference (ESPC) about Microsoft Entra ID Conditional Access

November 27, 2023 by Kenneth Van Surksum

announcement entra-id entra-id modern-workplace speaking

This week, the European SharePoint Conference (ESPC) is held between November 27 – 30 in Amsterdam the Netherlands. The event which will attr...

Read Article →

The Wonderful Story of APV2 Device Preparation

November 24, 2023 by rudyooms

autopilot device-enrollment apv2 intune intune

In one of my last blog posts, I described how I noticed that Autopilot Version 2, AKA APV2, was coming. This blog is the second in the Autopilot v2...

Read Article →

Evilginx resources for Microsoft 365

November 23, 2023 by Jan Bakker

security

Check out this article via web browser: Evilginx resources for Microsoft 365 Okay, let’s start with a disclaimer. This post is created for ed...

Read Article →

Generate Mailbox Usage Reports with Microsoft Graph PowerShell

November 20, 2023 by Daniel Bradley

microsoft-graph

Learn how to generate and export Microsoft 365 mailbox usage reports for Exchange Online using Microsoft Graph PowerShell. The post Generate Mailbo...

Read Article →

Privileged Identity Management (PIM) – Common Microsoft 365 Security Mistakes Series

November 19, 2023 by Ru Campbell

conditional-access entra-id identity-governance privileged-identity-management authentication-context

Entra ID’s P2 license (previously Azure AD Premium P2) unlocks the Privileged Identity Management (PIM). PIM is part of broader identity gove...

Read Article →

Microsoft Error Codes

November 18, 2023 by rudyooms

intune

Here’s a comprehensive overview of all Microsoft error codes. For deeper insights, I’ve linked to the detailed write-ups I’ve created for specific ...

Read Article →

Microsoft Intune Application Deployment Best Practices

November 16, 2023 by Kenneth Van Surksum

intune modern-workplace

In December 2012, I blogged about best practices for deploying applications using System Center Configuration Manager, and while many of those reco...

Read Article →

A love story about Role Based Access Control for Applications in Exchange Online, Managed Identities, Entra ID Admin Units, and Graph API

November 15, 2023 by Jan Bakker

entra-id logic-apps security

Check out this article via web browser: A love story about Role Based Access Control for Applications in Exchange Online, Managed Identities, Entra...

Read Article →

SslClientCertReference Without a Cause

November 13, 2023 by rudyooms

intune intune

This blog will focus on the 0x80190190 Bad Request (400) we could get because the SslClientCertReference is not configured and maybe a couple of ot...

Read Article →

How to Force a Password Change in Microsoft 365 Without Password Reset

November 12, 2023 by Daniel Bradley

main

Learn how to force a password change for a Microsoft 365 user on the next log on, without changing the users password. The post How to Force a Pass...

Read Article →

Customise or Disable Microsoft Managed Conditional Access Policies

November 06, 2023 by Daniel Bradley

entra-id

Learn how to turn off Microsoft Managed Conditional Access policies in Microsoft Entra to prevent them from being created. The post Customise or Di...

Read Article →

New Experience For Resetting Your Microsoft 365 Password Online

November 02, 2023 by Daniel Bradley

news

Users can now change their password in Microsoft 365 online from the My Security Info page without having to enter their existing password. Learn h...

Read Article →

You can now finally upgrade to Windows 11 23H2!

November 02, 2023 by Michael Morten Sonne

intune iso windows windows-11

Last Updated on November 2, 2023 by Michael Morten Sonne Intoduction The next Windows 11 version is here!… The post You can now finally upgra...

Read Article →

How to Simplify using Microsoft Graph PowerShell with PIM

November 01, 2023 by Daniel Bradley

microsoft-graph

Learn how to best use the Directory.AccessAsUser.All permissions as the signed in user with Microsoft Graph PowerShell. The post How to Simplify us...

Read Article →

In the Shadow of the DiscoveryEndpoint

November 01, 2023 by rudyooms

epm intune mmpc dmclient mmpc

This blog will discuss my attempt to enroll my device with the latest 25977.1000 insider preview using Autopilot. I will show you how I stumbled up...

Read Article →

How to Forward Messages in Microsoft Teams Chats

October 29, 2023 by Daniel Bradley

microsoft-365 microsoft-teams

Learn how to forward messages in Microsoft Teams chats from one chat to another and quote the original message. The post How to Forward Messages in...

Read Article →

Microsoft Defender for Endpoint: New and more streamlined device connectivity on the way

October 29, 2023 by Michael Morten Sonne

defender-for-endpoint preview security windows windows-10

Last Updated on June 2, 2025 by Michael Morten Sonne Intoduction Update – 31/10/2023 – MacOS and Linux… The post Microsoft Defend...

Read Article →

How to Change the Default MFA Method for Microsoft 365 Users

October 27, 2023 by Daniel Bradley

entra-id

As an Microsoft 365 admin, you can use the Microsoft Entra admin portal to change a users default MFA method. The post How to Change the Default MF...

Read Article →

Microsoft Sentinel User Forum

October 26, 2023 by Robbe Van den Daele

sentinel

Together with my colleague Louis Mastelinck, we talked on the Microsoft Sentinel user forum about Microsoft Sentinel data ingestion and avoiding al...

Read Article →

Protect Microsoft 365 Break Glass Accounts with Azure Automation

October 26, 2023 by Daniel Bradley

entra-id featured

Learn how to protect your Microsoft 365 Break Glass accounts and never get locked out of your organisations tenant with Azure Automation. The post ...

Read Article →

Entra ID – Comming: Auto-rollout of basic Conditional Access policies to protect your tenant – is missing in so many tenants so finally!

October 25, 2023 by Michael Morten Sonne

entra-id identity microsoft-365 security

Last Updated on February 19, 2024 by Michael Morten Sonne Intoduction Background Companies that do not implement Multi-Factor… The post Entra...

Read Article →

What are Microsoft Applied Skills? Microsoft’s new free certification

October 25, 2023 by Daniel Bradley

news featured

Microsoft Applied Skills have now been released. A new and free verifiable credentials from Microsoft earned through lab-based assessments. The pos...

Read Article →

There will be…..Autopilot Version 2 (APv2)

October 24, 2023 by rudyooms

autopilot device-enrollment intune

This blog will be about my first encounter with APv2. Yeah!! APv2 As in Autopilot version 2. Did I get your attention??? I am going to assume I do....

Read Article →

Microsoft 365 ends support for Office 2016 and Office 2019 clients

October 23, 2023 by Daniel Bradley

news

Microsoft 365 ends support of older clients including Office 2016 and Office 2019. Take action now to ensure you can continue to use the latest Mic...

Read Article →

Microsoft Global Secure Access: Empowering Secure and Seamless Connectivity

October 22, 2023 by Nathan Hutchinson

global-secure-access entra-id conditional-access

Boost security, speed, and access with Microsoft's Entra Internet for M365. A game-changer!

Read Article →

Prepare for passkeys in Entra ID!

October 22, 2023 by Jan Bakker

entra-id security

Check out this article via web browser: Prepare for passkeys in Entra ID! Only a few months until Microsoft Entra ID will support device-bound pass...

Read Article →

How to create a Temporary Access Pass using Logic Apps

October 21, 2023 by Jan Bakker

entra-id logic-apps security

Check out this article via web browser: How to create a Temporary Access Pass using Logic Apps Now that more and more organizations are moving towa...

Read Article →

Get Ahead of Microsoft’s New Free Purview Discovery Plan

October 20, 2023 by Daniel Bradley

news purview

Microsoft has released a new free Microsoft Purview Discovery plan which includes brand new features available for free tier users. The post Get Ah...

Read Article →

Take Advantage of New Exchange and SharePoint Audit logs for Standard Users

October 20, 2023 by Daniel Bradley

news

Microsoft expands their Microsoft Purview audit log availability to standard users for premium exchange and SharePoint activities. The post Take Ad...

Read Article →

How to Apply Conditional Access to PIM Activation in Microsoft Entra

October 18, 2023 by Daniel Bradley

entra-id

Apply strong authentication methods through Conditional Access for PIM (Privileged Identity Management) role activation. The post How to Apply Cond...

Read Article →

Assign Permissions to a Managed Identity with Graph PowerShell

October 17, 2023 by Daniel Bradley

microsoft-graph powershell

Learn how to assign Microsoft Graph API permissions to Managed Identities using Microsoft Graph PowerShell. The post Assign Permissions to a Manage...

Read Article →

The Positively True Adventures of the Alleged MigrateRefreshTask

October 16, 2023 by rudyooms

declared-configuration-enrollment intune mmpc windc

This blog will be the 7th one in the Windows Declared Configuration series (WinDc). In this WinDc series I am focusing on what the “Refresh Schedul...

Read Article →

Allow Unlimited Snoozes for Microsoft Authenticator Registration

October 15, 2023 by Daniel Bradley

entra-id

Learn how to modify the Microsoft Authenticator Registration Campaign settings to allow unlimited snoozes when prompted to register. The post Allow...

Read Article →

How to Bulk Update Microsoft 365 Groups Owners with PowerShell

October 13, 2023 by Daniel Bradley

microsoft-graph powershell

Learn how to perform bulk management of group owners for Microsoft 365 groups using Microsoft Graph PowerShell. The post How to Bulk Update Microso...

Read Article →

How to Output Invoke-MgGraphRequest Responses as a PowerShell Object

October 11, 2023 by Daniel Bradley

microsoft-graph

Learn how to change the output type to a PowerShell Custom Object when working with the Invoke-MgGraphRequest cmdlet in Microsoft Graph. The post H...

Read Article →

Hunting for the Curl vulnerability

October 10, 2023 by Gianni Castaldi

detection level-200 defender-for-endpoint

With the outlook of the release of the new Curl version, I thought it would be nice to know where Curl is being run and where it is making network ...

Read Article →

[issue] Connect-AzAccount : Method not found: System.Threading.Tasks.Task

October 10, 2023 by Morten Knudsen

azure azure-security microsoft-security mvpbuzz powershell

Error Connect-AzAccount : Method not found: ‘System.Threading.Tasks.Task`1 Azure.Identity.InteractiveBrowserCredential.AuthenticateAsync(Azur...

Read Article →

Microsoft Entra MFA Fraud Deep Dive

October 07, 2023 by Christopher Brumm

entra-id mfa

Microsoft Entra MFA Fraud Deep Dive Tags: Entra, ITDR, MFA Published at: October 7, 2023 Summary: Recently, Microsoft released the new feature Repo...

Read Article →

Conditional Access – Common Microsoft 365 Security Mistakes Series

October 05, 2023 by Ru Campbell

access-reviews conditional-access entitlement-management entra-id microsoft-365

Conditional Access (CA) is front and center of any attempt to secure Microsoft 365. If you’ve spent any time securing your tenant and Entra r...

Read Article →

How to Update User Photos with Microsoft Graph PowerShell

October 05, 2023 by Daniel Bradley

microsoft-graph

Learn how to update user photos in Microsoft 365 using Microsoft Graph PowerShell with the Set-MgUserPhoto cmdlet. The post How to Update User Phot...

Read Article →

Lenovo Bios: Dead of Autopilot Marker

October 05, 2023 by rudyooms

autopilot intune

After “finishing” (or maybe not yet) my WinDc blog series I am going to start looking at other stuff. One of the things that I am always interested...

Read Article →

Declared Configurations and the MI Provider

October 02, 2023 by rudyooms

intune mmpc windc declaredconfiguration

This blog will zoom in on, the MOF file and how the MI provider is being used when the declared configuration policies are being set

Read Article →

Sentinel & SOAR: Part 4 - Error handling

October 02, 2023 by Tim Groothuis

soar security sentinel microsoft-sentinel azure

IntroductionHello there, welcome back to part 4 of my Sentinel & SOAR series! If you’re new to this series you might want to check out any earl...

Read Article →

Allow On-Premise Password Change to Reset User Risk in Microsoft Entra

September 29, 2023 by Daniel Bradley

entra-id

Learn how to enable the Allow On-Premise Password Change to Reset User Risk feature in Microsoft Entra to manage risky users. The post Allow On-Pre...

Read Article →

How to Block User Access to BitLocker Keys in Microsoft Entra

September 27, 2023 by Daniel Bradley

entra-id

Learn how to prevent users from accessing BitLocker keys for the devices they own in the Microsoft Entra portal. The post How to Block User Access ...

Read Article →

Along With the Gods: The Two PushLaunch Tasks

September 26, 2023 by rudyooms

intune mmpc pushlaunch

This blog will be about a big underestimated schedule!! I am going to dive into the PushLaunch scheduled task once again. This Task is responsible ...

Read Article →

How to Modify Security Defaults with Microsoft Graph PowerShell

September 23, 2023 by Daniel Bradley

microsoft-graph

Learn how to enable and disable security defaults in Microsoft Entra programmatically using Microsoft Graph PowerShell. The post How to Modify Secu...

Read Article →

10 Great Tips for Admins Working With Microsoft Graph PowerShell

September 22, 2023 by Daniel Bradley

microsoft-graph

Here are ten of my top tips for admins working with Microsoft Graph PowerShell to get the most out of their scripts. The post 10 Great Tips for Adm...

Read Article →

ReconstructQueueAndExecute: The Last Crusade for Declared Configuration Recovery

September 20, 2023 by rudyooms

epm intune mmpc windc

This blog post will be the fifth in the WinDC Refresh Schedule series. In it, I will zoom into what happens when we run into corrupted Declarative ...

Read Article →

Deploying MDE to macOS

September 19, 2023 by Nathan Hutchinson

intune defender-for-endpoint deployment-guides

This guide will get you up and running with MDE for macOS in no time.

Read Article →

How to Restrict Guest User Invites in Microsoft Entra

September 19, 2023 by Daniel Bradley

entra-id

Learn how to restrict who can invite guest users to your tenant in Microsoft Entra and using Microsoft Graph PowerShell. The post How to Restrict G...

Read Article →

Easily import, export and document Intune configurations!

September 18, 2023 by Nathan Hutchinson

intune

Need to bulk import, export or document your Intune configurations, this guide has you covered.

Read Article →

Speaking at the Workplace Ninja Summit, September 27-29 2023

September 14, 2023 by Kenneth Van Surksum

entra-id entra-id events intune modern-workplace

Starting on Wednesday September 27, till Friday September 29 the Workplace Ninja Summit which is an in-person event will take place in Baden, Swits...

Read Article →

Messed up NTFS permissions? – how to cleanup and remove users/groups there should NOT be there

September 10, 2023 by Michael Morten Sonne

code-repository powershell script security windows

Last Updated on February 19, 2024 by Michael Morten Sonne Intoduction Fileservers – the never ending story for… The post Messed up NTFS...

Read Article →

How to Deploy Conditional Access Templates with Graph PowerShell

September 07, 2023 by Daniel Bradley

microsoft-graph

Learn how to deploy conditional access policies from pre-defined templates using Microsoft graph PowerShell. The post How to Deploy Conditional Acc...

Read Article →

Enforce FIDO2 PIN complexity with Microsoft Entra Conditional Access Authentication Strengths.

September 06, 2023 by Jan Bakker

entra-id security

Check out this article via web browser: Enforce FIDO2 PIN complexity with Microsoft Entra Conditional Access Authentication Strengths. As you may o...

Read Article →

How to enable Enterprise Voice with Microsoft Teams PowerShell

September 06, 2023 by Daniel Bradley

microsoft-365 microsoft-teams

Learn how to enable Enterprise Voice for Microsoft Teams direct routing users using Microsoft Teams PowerShell. The post How to enable Enterprise V...

Read Article →

How to Target Specific Tenants with Conditional Access

September 03, 2023 by Daniel Bradley

entra-id featured

Learn how to target specific Microsoft Entra tenants in Multitenant organisations using Conditional Access policies. The post How to Target Specifi...

Read Article →

How to Add Users to Groups with Microsoft Graph PowerShell

August 31, 2023 by Daniel Bradley

microsoft-graph

Learn how to use the New-MgGroupMember cmdlet to add users to groups in Microsoft 365 using Microsoft Graph PowerShell. The post How to Add Users t...

Read Article →

Close Encounters of the Microsoft Azure Attestation

August 30, 2023 by rudyooms

attestation-and-compliance-series intune attestation compliance dha

This blog will be about my first and second encounters with Microsoft Azure Attestation(MAA) and how this new kind of attestation will be dropped d...

Read Article →

How to Setup Multi-Tenant Organisation in Microsoft 365

August 30, 2023 by Daniel Bradley

entra-id featured

Learn how to Setup Cross-Tenant Synchronisation in Microsoft Entra step by step to automatically provision B2B user access. The post How to Setup M...

Read Article →

How to use Automatic Attack Disruption in Microsoft 365 Defender (BEC, AiTM & HumOR)

August 29, 2023 by Jeffrey Appel

security azure-ad-identity-protection defender-for-cloud-apps defender-for-endpoint defender-for-identity

Last year Microsoft announced a new feature called; Automatic attack disruption which uses correlated insights from the Microsoft 365 ecosystem and...

Read Article →

Defender for Endpoint for Linux: new capabilities and enhancements

August 28, 2023 by Thomas Verheyden

defender-for-endpoint linux micorosft-security

Intro Microsoft published this summer new capabilities and enhancements for Defender for Endpoint on linux. In my opinion Defender for Endpoint on ...

Read Article →

How to Report All Users and Group Membership With Microsoft Graph PowerShell

August 26, 2023 by Daniel Bradley

microsoft-graph powershell

Learn how to use Get-MgUserMemberOf in Microsoft Graph PowerShell to find which groups a user is a member of and report for all users. The post How...

Read Article →

How to use Strictly Enforce Location Policies in Conditional Access

August 24, 2023 by Daniel Bradley

microsoft-graph

Learn how to when and how to use the strictly enforce location policies setting in Conditional Access. The post How to use Strictly Enforce Locatio...

Read Article →

Speaking at the Cloud Identity Summit 2023, on September 7th 2023

August 24, 2023 by Kenneth Van Surksum

entra-id events security speaking

On Thursday September 7th, the annual Cloud Identity Summit will take place as an in-person event in Koblenz Germany. This event is organized by Th...

Read Article →

The Adventures of WinDC, Queen of the MMP-C

August 23, 2023 by rudyooms

epm mmpc uncategorized windc declaredconfiguration

This blog post will be the third one in my journey to discover what the “refresh schedule created by Declared Configuration to refresh any settings...

Read Article →

Microsoft Entra Workload ID - Lifecycle Management and Operational Monitoring

August 21, 2023 by Thomas Naunheim

entra-id entra-id entra-id workload-id azure

Workload identities should be covered by lifecycle management and processes to avoid identity risks such as over-privileged permissions but also in...

Read Article →

How to Block a Domain or Email Address in Exchange Online

August 20, 2023 by Daniel Bradley

exchange-online

Learn how to block an email address or Domain for all users in Exchange Online using the Microsoft 365 defender portal. The post How to Block a Dom...

Read Article →

Enabling Time-based Restrictions in Conditional Access

August 17, 2023 by Daniel Bradley

entra-id

Learn how to apply Conditional Access policies based on the time of day and the day of the week by configuring time-based conditions. The post Enab...

Read Article →

Windows Autopilot Profile Resiliency

August 17, 2023 by rudyooms

autopilot

In this blog, I am going back to my “roots” and taking another look at Autopilot. To be a bit more precise, I am going to look at how the […]

Read Article →

How to Create Conditional Access Policies with Microsoft Graph PowerShell

August 15, 2023 by Daniel Bradley

microsoft-graph

Learn how to use New-MgIdentityConditionalAccessPolicy to create Conditional Access policies with Microsoft Graph PowerShell. The post How to Creat...

Read Article →

How to Revoke Application API Permissions with Microsoft Graph PowerShell

August 15, 2023 by Daniel Bradley

microsoft-graph

Learn how to revoke API permissions assigned to applications in Microsoft Entra using Microsoft Graph PowerShell. The post How to Revoke Applicatio...

Read Article →

How to troubleshoot Live Response in Defender for Endpoint

August 15, 2023 by Jeffrey Appel

security defender-for-endpoint

Live Response is a powerful feature as part of the Microsoft 365 Defender portal. With the use of Live Response Security Operations Teams can estab...

Read Article →

How to Setup User Risk Reports to Email in Microsoft Entra

August 14, 2023 by Daniel Bradley

entra-id

Learn how to setup User Risk and Sign-in Risk reports in Microsoft Entra using the admin center and Microsoft Graph PowerShell. The post How to Set...

Read Article →

Entra Registered Devices in Intune: What You Need to Know

August 11, 2023 by rudyooms

device-enrollment intune

This blog is an addition to my previous blog, which showed you the difference between Entra Registered devices and Entra Joined devices. In this bl...

Read Article →

[issue] Connect-MgGraph : Method not found: ‘System.Action`1 Azure.Identity.IMsalPublicClientInitializerOptions.get_BeforeBuildClient()’.

August 11, 2023 by Morten Knudsen

automation azure microsoft-graph mvpbuzz powershell

Cause Old version of Az.Accounts v2.9.1 was being installed on the computer as part of Az.Portal installation, even though newer ... Read more

Read Article →

Collecting DNS events using Azure Monitor Agent

August 10, 2023 by Morten Knudsen

ama azure azure-arc azure-data-collection-rules azure-data-ingestion-pipeline

This blog will give you insight on how to setup collection of DNS Events from Windows devices using Azure Monitor ... Read more

Read Article →

Turn off Directory synchronization with Microsoft Graph PowerShell

August 10, 2023 by Daniel Bradley

microsoft-graph

Learn how to turn off directory synchronisation (Azure AD Connect) using Microsoft Graph PowerShell to disable on-premise synchronisation. The post...

Read Article →

How to Apply Conditional Access to Protected Actions in Microsoft Entra

August 09, 2023 by Daniel Bradley

entra-id

Learn how to configure Protected Actions in Microsoft Entra with an Authentication Context to protect with Conditional Access policies. The post Ho...

Read Article →

Onboard and configure Defender for Endpoint for non-persistent VDI environments

August 08, 2023 by Jeffrey Appel

security defender-for-endpoint

Microsoft supports multiple onboardings methods for Defender for Endpoint. For non-persistent VDI’s there is always a challenge since non-per...

Read Article →

How to Modify DMARC Policies in Microsoft 365 for Inbound Mail

August 07, 2023 by Daniel Bradley

exchange-online

Learn how to modify how Microsoft 365 handles DMARC for inbound mail with DMARC policies in Microsoft Defender. The post How to Modify DMARC Polici...

Read Article →

Microsoft Defender for Endpoint security management (MDE Attach v2) on Linux : A deep dive

August 04, 2023 by Thomas Verheyden

defender-for-endpoint

Intro This blog post is inspired by Rudy Ooms, who wrote a excellent write up about the behind the scenes of the MDE attach v2 process and security...

Read Article →

Using Managed Identities in Logic App HTTP triggers

August 03, 2023 by Robbe Van den Daele

identity

Warning We ‘archived’ this blogpost during a migration from the old HybridBrothers website framework to the new one, since it is more t...

Read Article →

In the name of MMP-C

August 02, 2023 by rudyooms

mmpc

This blog will be just me changing 1 of the four words of MMP-C, nothing more! Curious how I am writing a whole blog about it? Please read on!

Read Article →

Microsoft Entra Workload ID - Introduction and Delegated Permissions

August 02, 2023 by Thomas Naunheim

entra-id entra-id entra-id workload-id azure

Workload identities will be used by applications, services or cloud resources for authentication and accessing other services and resources. Especi...

Read Article →

ERROR: Could not load type ‘Microsoft.Graph.Authentication.AzureIdentityAccessTokenProvider’ from assembly ‘Microsoft.Graph.Core

August 01, 2023 by Morten Knudsen

automation azure m365-security microsoft-graph microsoft-security

After upgrading Microsoft Graph, I noticed an issue when trying to run cmdlet Get-MgGroup or Get-MgUser. I could connect to ... Read more

Read Article →

How to Setup Registration Campaigns for MFA in Microsoft Entra

August 01, 2023 by Daniel Bradley

entra-id

Learn how to configure Registration Campaigns in Microsoft Entra to prompt users to configure the Authenticator app for MFA. The post How to Setup ...

Read Article →

PnP.Powershell – important changes to Powershell version requirement

August 01, 2023 by Morten Knudsen

automation mvpbuzz powershell scripting

[Important changes] PnP.Powershell – Are you using PnP.Powershell (or considering to update) to manage your Microsoft 365 environments and pr...

Read Article →

Refreshing the Declared Configuration Policies

August 01, 2023 by rudyooms

epm intune mmpc windc

This blog post will be the second one in my journey to discover what the “refresh schedule created by Declared Configuration to refresh any setting...

Read Article →

How to Fix Error 550 5.7.509: Access denied in Exchange Online

July 30, 2023 by Daniel Bradley

exchange-online

Learn how to fix 550 5.7.509: Access denied, sending domain contoso.com does not pass DMARC verification and has a DMARC policy of reject in Exchan...

Read Article →

How to use Defender for IoT firmware Scanning for checking potential security vulnerabilities and weaknesses

July 27, 2023 by Jeffrey Appel

iotot security defender-for-iot

Recently Microsoft announced a new firmware scanning feature in Defender for IoT. With the new Defender for IoT Firmware analysis, it is possible t...

Read Article →

Azure Backup: Do I have resources NOT protected by backup?

July 26, 2023 by Morten Knudsen

automation azure azure-resource-graph backup kusto

This blog will show you how you can automate an overview using Kusto queries against Azure Resource Graph (ARG) to ... Read more

Read Article →

0x80072f8f : A BitLocker Odyssey

July 25, 2023 by rudyooms

intune 2147954575 azure bitlocker intune

This time, a simple blog about a BitLocker escrow error (0x80072f8f )that started happening (all of a sudden) on multiple devices when you were try...

Read Article →

Block apps (discovered/ shadow IT) with Defender for Cloud Apps and Defender for Endpoint

July 25, 2023 by Jeffrey Appel

security defender-for-cloud-apps defender-for-endpoint

With the use of Defender for Cloud Apps in combination with Defender for Endpoint it is possible to block unsanctioned apps, the block of apps is p...

Read Article →

How is it now you get a refund for Microsoft 365 and Azure downtime and see service status?

July 24, 2023 by Michael Morten Sonne

azure general microsoft-365

Last Updated on September 24, 2024 by Michael Morten Sonne This may be split up in 2 parts..… The post How is it now you get a refund for Mic...

Read Article →

Protect Microsoft Graph PowerShell Logins with Conditional Access

July 23, 2023 by Daniel Bradley

microsoft-graph

Learn how to use Conditional Access to protect user logins to Microsoft Graph using the Microsoft Graph PowerShell SDK. The post Protect Microsoft ...

Read Article →

The Treasure of the MMP-C Madre

July 23, 2023 by rudyooms

intune mmpc cloud microsoft mmpc

This time, a simple blog without technical details. It will be just me showing you why I am so enthusiastic about a specific service called MMP-C a...

Read Article →

Unleash the power of defender plan 2: Just-in-time VM access – part 4

July 20, 2023 by Thomas Verheyden

defender-for-cloud defender-for-servers just-in-time

Intro Malicious actors actively search for machines with open management ports, such as RDP or SSH, to exploit. All of your virtual machines are po...

Read Article →

Manage Defender for Endpoint for Windows, macOS, and Linux via Security settings management

July 18, 2023 by Jeffrey Appel

security defender-for-endpoint

Recently Microsoft announced a couple of new improvements related to the new security settings management for Windows, macOS, and Linux as part of ...

Read Article →

Under the Hood of: MDE Attach V2 / Security settings management

July 18, 2023 by rudyooms

intune defender-xdr mmpc epm intune

I will guide you through my MDE Attach V2 (Security Management) journey and explain which "service" delivers the Intune policies to your NOT AADJ (...

Read Article →

How to Setup Microsoft Entra Internet Access

July 12, 2023 by Daniel Bradley

entra-id featured

Learn how to setup Microsoft Entra Internet Access with Conditional Access to secure access to Microsoft 365 apps and services. The post How to Set...

Read Article →

Manage user-preferred multi-factor authentication method in Microsoft Entra ID

July 11, 2023 by Jan Bakker

entra-id security

Check out this article via web browser: Manage user-preferred multi-factor authentication method in Microsoft Entra ID This post is all about setti...

Read Article →

The WinDC Refresh Schedule and the Dudes

July 11, 2023 by rudyooms

epm intune mmpc windc declaredconfiguration

In this series, I will try to explain more about a wonderful "refresh schedule" I noticed in the task scheduler after EPM was deployed. This first ...

Read Article →

How to use The Microsoft Graph Explorer Tool

July 10, 2023 by Daniel Bradley

microsoft-graph

Learn how to use the Microsoft Graph Explorer tool to support you with understand the Graph API and writing PowerShell Scripts. The post How to use...

Read Article →

Microsoft Improves and Simplifies Defender for Endpoint Management Capabilities

July 10, 2023 by Ru Campbell

microsoft-365 defender-xdr defender-for-endpoint defender-xdr atp

In one of the biggest changes to Microsoft Defender for Endpoint (MDE) in its product history, you no longer need a separate management engine to c...

Read Article →

How to Monitor for Application Admin Permission Consent in Microsoft Entra

July 09, 2023 by Daniel Bradley

microsoft-graph

Learn how to monitor for application admin permission consents in Azure AD using PowerShell and Azure Automation. The post How to Monitor for Appli...

Read Article →

How to protect Azure storage accounts (Blob) using Defender for Storage

July 05, 2023 by Jeffrey Appel

security defender-for-cloud

Defender for Storage is the Azure-native layer of security intelligence that detects potentially harmful attempts to access or malicious activity. ...

Read Article →

Lets create a Free Lab with Microsoft Defender for Endpoint and Simulate some Ransomware Attacks – get the correct free trial

July 05, 2023 by Michael Morten Sonne

attackscompromise lab defender-for-endpoint security windows

Last Updated on October 6, 2024 by Michael Morten Sonne Intoduction Microsoft’s Defender for Endpoint (MDE) – is… The post Lets create ...

Read Article →

Azure AD – Why use Cloud-Only Administrative/normal accounts and how to protect them in Azure AD from on-premises attacks

July 04, 2023 by Michael Morten Sonne

active-directory attackscompromise entra-id entra-id-connect identity

Last Updated on June 2, 2025 by Michael Morten Sonne Intoduction Frist – sorry for the size og… The post Azure AD – Why use Cloud-Only ...

Read Article →

How to use Managed Identities with Microsoft Graph PowerShell

July 03, 2023 by Daniel Bradley

microsoft-graph

Learn how to use the Connect-MgGraph cmdlet with the -Identity parameter to connect with System and user-assigned managed identities. The post How ...

Read Article →

Tool: MDE-Troubleshooter is born !

June 30, 2023 by Thomas Verheyden

geen-categorie

Background story During my consultancy work, I have received feedback from numerous clients indicating that they consistently encountered difficult...

Read Article →

The Importance of Updating Installed PowerShell Modules – And automate it too with my script

June 29, 2023 by Michael Morten Sonne

automation code-repository powershell script

Last Updated on January 19, 2024 by Michael Morten Sonne Intoduction In the world of PowerShell, modules play… The post The Importance of Upd...

Read Article →

The 0x800705B4 error in our stars

June 28, 2023 by rudyooms

autopilot intune

In this blog, I am going to scuba dive a bit into the wonders of SyncML and how all devices ended up with sync errors and all new Autopilot enrollm...

Read Article →

Secure your Azure Management portal

June 25, 2023 by Michael Morten Sonne

entra-id identity security

Last Updated on June 25, 2023 by Michael Morten Sonne How secure your Azure Management Portal?. By default,… The post Secure your Azure Manag...

Read Article →

Your isolated device stuck in Defender for Endpoint Isolation mode , not anymore !

June 23, 2023 by Thomas Verheyden

geen-categorie

Intro When you want to investigate a endpoint that has indication of being comprised you might want to put the endpoint in Defender for Endpoint is...

Read Article →

MC2MC

June 22, 2023 by Robbe Van den Daele

sentinel

My first public speaking experience! I spoke together with my colleague Sander Bougrine on MC2MC, where we deep dived into how to integrate 3th par...

Read Article →

Company branding and custom CSS in Azure Active Directory

June 21, 2023 by Jan Bakker

entra-id

Check out this article via web browser: Company branding and custom CSS in Azure Active Directory Company branding in Azure AD is a nice feature th...

Read Article →

A Guide to Recognizing Your Post Authentication Actions

June 20, 2023 by rudyooms

windows-laps intune laps intune paa

LAPS everywhere!!!! This time I am deep-diving into the wonders of the Post Authentication Actions (PAA) and what is actually happening (or maybe n...

Read Article →

Azure AD Application Activity Report Analysis

June 19, 2023 by Michael Morten Sonne

entra-id identity security

In the today’s digital age and use all over the world, maintaining the security of an organization has… The post Azure AD Application Activit...

Read Article →

Sending email with Azure Automation and Managed Identity

June 19, 2023 by Nathan Hutchinson

azure-automation managed-identities

Using Azure Automation Accounts to send scheduled emails, ditch those scheduled tasks and insecure scripts!

Read Article →

12 quick tips to secure your identities in Microsoft 365

June 17, 2023 by Michael Morten Sonne

entra-id exchange-online identity microsoft-365 security

Last Updated on March 14, 2024 by Michael Morten Sonne In the post here, I will share 10… The post 12 quick tips to secure your identities in...

Read Article →

The Infernal MMP-C Discovery

June 16, 2023 by rudyooms

epm intune mmpc checkin discovery

This blog will be an additional blog post to the MMP-C one. In this blog, I am deep-diving into the first MDE / MMP-C / Declared Configuration enro...

Read Article →

What is Customer lockbox in Azure, and how to use it?

June 16, 2023 by Michael Morten Sonne

azure compliance security

Last Updated on March 14, 2024 by Michael Morten Sonne Customer Lockbox is a security feature in Microsoft… The post What is Customer lockbox...

Read Article →

Microsoft Defender for Endpoint settings management: Enhancements

June 15, 2023 by Thomas Verheyden

defender-for-endpoint defender-for-servers

*UPDATE 17/07/2023* Added extra information about system labels Intro Microsoft is doing a very good job at listening to their customers, partners ...

Read Article →

Unleash the power of Defender for Servers Plan 2: Agentless scanning – part 3

June 14, 2023 by Thomas Verheyden

defender-for-cloud advanced-protection-features-series defender-for-endpoint defender-for-servers

Intro Welcome to part three of the blog series on Unleach the power of Defender for Servers Plan 2! In our previous blog, we explored how to start ...

Read Article →

LogAnalytics table migration from Classic (v1) to Data Collector Rule-based (v2) video’s – to replace HTTP Data Collector API (v1) with Log Ingestion API (v2)

June 13, 2023 by Morten Knudsen

azlogdcringestps azure azure-data-collection-rules azure-data-ingestion-pipeline azure-log-ingestion-api

Check out my latest 2 videos, which will cover both migration scenarios using my AzLogDcrIngestPS PS-module: Side-by-Side Migration (new table, ......

Read Article →

Running Evilginx 3.0 on Windows

June 13, 2023 by Jan Bakker

entra-id security

Check out this article via web browser: Running Evilginx 3.0 on Windows In case you missed it: Evilginx 3 was recently launched to the public. This...

Read Article →

Protection of privileged users and groups by Azure AD Restricted Management Administrative Units

June 12, 2023 by Thomas Naunheim

entra-id entra-id privilegediam azure

Restricted Management Administrative Unit (RMAU) allows to protect objects from modification by Azure AD role members on directory-level scope. Man...

Read Article →

What is Customer lockbox in Microsoft 365, and how to use it?

June 08, 2023 by Michael Morten Sonne

compliance microsoft-365 security

Last Updated on March 14, 2024 by Michael Morten Sonne Best known as “Customer lockbox”, the new name… The post What is Customer ...

Read Article →

Step-up authentication with Defender for Cloud Apps and Authentication Context

June 07, 2023 by Jan Bakker

cloud-app-security entra-id security

Check out this article via web browser: Step-up authentication with Defender for Cloud Apps and Authentication Context In this post, I will show yo...

Read Article →

The Password Rotation: The Ballad of Windows LAPS and Threadpools

June 06, 2023 by rudyooms

intune windows-laps

In this blog post, I will explore the wonders of Windows LAPS and what happens when you remotely perform a password rotation from Intune—nothing mo...

Read Article →

Direct on board your non-Azure servers to defender for cloud WITHOUT Azure Arc

June 05, 2023 by Thomas Verheyden

defender-for-cloud defender-for-servers

Intro Up until now, onboarding non-Azure servers to Defender for Servers required Azure Arc as a mandatory pre-requisite. With this new release, Mi...

Read Article →

Evaluation Center was unavailable. Where do I download ISOs now if this happen again?

June 05, 2023 by Michael Morten Sonne

iso lab windows windows-10 windows-11

Last Updated on January 10, 2024 by Michael Morten Sonne In case you were trying to download evaluation… The post Evaluation Center was unava...

Read Article →

Exchange Online – Block sign-in from shared mailboxes

June 05, 2023 by Michael Morten Sonne

exchange-online microsoft-365 security

Last Updated on January 10, 2024 by Michael Morten Sonne When you create a new Shared Mailbox in… The post Exchange Online – Block sign-in fr...

Read Article →

Onboard Defender for Endpoint without Azure Arc via Direct onboarding

June 05, 2023 by Jeffrey Appel

security azure-arc defender-for-cloud defender-for-endpoint

Previously, onboarding hybrid servers to Defender for Servers with MDE required Azure Arc as a pre-requisite for the deployment. Since the standalo...

Read Article →

Send an email on a new Azure MFA method registration

June 02, 2023 by Jan Bakker

entra-id power-platform security

Check out this article via web browser: Send an email on a new Azure MFA method registration I’ve done quite some Azure MFA projects over tim...

Read Article →

Microsoft Defender Threat Intelligence (Defender TI) integrations with Microsoft Sentinel

June 01, 2023 by Jeffrey Appel

security defender-ti

Microsoft Defender Threat Intelligence (MDTI) previously known as RiskIQ brings the threat intelligence data together from multiple sources. With t...

Read Article →

The Virtual Account that rocks the EPM!

May 31, 2023 by rudyooms

epm intune logon32_provider_virtual logonuserexexw mem

Are you using Intune Endpoint Privilege Management (EPM) and wondering what is “needed” when you launch a process with elevated access?...

Read Article →

Demystifying Data Collection Rules and Transformations

May 21, 2023 by Robbe Van den Daele

security

Warning We ‘archived’ this blogpost during a migration from the old HybridBrothers website framework to the new one, since it is more t...

Read Article →

Microsoft icons

May 19, 2023 by Jan Bakker

knowledgebase

Check out this article via web browser: Microsoft icons That’s the post for today. Just a bunch of sources with icons from Microsoft 365, Azu...

Read Article →

Easy Riders, Intune Bulls: How the Defender for Endpoint, Live Response, and Rock ‘N’ Roll PowerShell Script Recovered the Intune Certificate

May 18, 2023 by rudyooms

intune

We talked about this in our MMSMOA session, but I still needed to write something about it…..so here we go! This blog will be “again...

Read Article →

Unleash the power of Defender for Servers Plan 2: Adaptive Application Controls – Part 2

May 17, 2023 by Thomas Verheyden

defender-for-cloud advanced-protection-features-series defender-for-servers

Welcome, this is the second part of the Defender for server P2 advanced protection series I will blog about.  If you want to read the other pa...

Read Article →

Building an Active Directory/Windows Server Lab

May 16, 2023 by Michael Morten Sonne

active-directory automation hyper-v lab powershell

Last Updated on March 14, 2024 by Michael Morten Sonne So you’d like to build an Active Directory… The post Building an Active Directory/Wind...

Read Article →

Block gTLD (.zip)/ FQDN domains with Windows Firewall and Defender for Endpoint

May 15, 2023 by Jeffrey Appel

security defender-for-endpoint intune

Recently there was some news with new gTLD domains. Google Registry launched eight new top-level domains: .dad, .phd, .prof, .esq,&#...

Read Article →

Azure DevOps – Use Azure Key Vauls for secrets in your Pipelines

May 13, 2023 by Michael Morten Sonne

azure azure-devops security

Last Updated on June 19, 2023 by Michael Morten Sonne Intoduction What is Azure DevOps Azure DevOps is… The post Azure DevOps – Use Azure Key...

Read Article →

Azure AD Admin and use of PIM Email forwarding for your admin accounts notifications

May 12, 2023 by Michael Morten Sonne

entra-id exchange-online identity security

Last Updated on June 19, 2023 by Michael Morten Sonne Intoduction Seperate accounts in Azure AD for Administrative… The post Azure AD Admin a...

Read Article →

Network Device Discovery & Vulnerability Management with Microsoft 365 Defender

May 08, 2023 by Michael Morten Sonne

defender-xdr security

Last Updated on March 14, 2024 by Michael Morten Sonne Discover & manage vulnerabilities in your network devices… The post Network Device...

Read Article →

Secure authentication method provisioning with Temporary Access Pass

May 07, 2023 by Michael Morten Sonne

entra-id identity passwordless

Last Updated on March 14, 2024 by Michael Morten Sonne What is TAP?  TAP is a time-limited passcode… The post Secure authentication meth...

Read Article →

Azure DevOps – Get a local backup of your code repositories

May 06, 2023 by Michael Morten Sonne

automation azure-devops backup cool-tools github

Last Updated on February 18, 2024 by Michael Morten Sonne Introduction This tool offers a user-friendly interface and… The post Azure DevOps ...

Read Article →

Break Glass account – and how to get notified when a Break Glass account is used

May 04, 2023 by Michael Morten Sonne

entra-id backup identity security

Last Updated on August 13, 2023 by Michael Morten Sonne Intoduction What is a Break Glass Account? Break… The post Break Glass account – and ...

Read Article →

How to work around the Azure Security Agent extension not deploying by default on the latest VM windows images, a currently know limitation…

May 04, 2023 by Thomas Verheyden

defender-for-cloud azure-monitoring-agent defender-for-servers

Intro This blog will be about an issue I bumped into when deploying one of the enhanced protection features in defender for cloud. The enhanced fea...

Read Article →

Lab - Certificate Authority Setup

May 04, 2023 by Nathan McNulty

security

Note This article was last updated on 01/30/2025 for readability and updated URLs

Read Article →

Report Suspicious Activity & Fraud Alert for Azure MFA

May 04, 2023 by Jan Bakker

entra-id security

Check out this article via web browser: Report Suspicious Activity & Fraud Alert for Azure MFA A new feature popped up in Azure AD. Well, not ...

Read Article →

Set up a free Microsoft Intune lab tenant with Microsoft 365 developer subscription

May 04, 2023 by Michael Morten Sonne

entra-id cool-tools intune lab microsoft-365

Last Updated on March 14, 2024 by Michael Morten Sonne Intro Do you want to get started learning… The post Set up a free Microsoft Intune lab...

Read Article →

Veeam Backup for Microsoft 365 – Why you need to back up your Microsoft 365 data!

May 04, 2023 by Michael Morten Sonne

backup microsoft-365 veeam

Last Updated on March 14, 2024 by Michael Morten Sonne Are backups required for Microsoft 365? We look… The post Veeam Backup for Microsoft 3...

Read Article →

How works Microsoft Defender Threat Intelligence / Defender TI – and what is the difference between free and paid

May 03, 2023 by Jeffrey Appel

security defender-ti

Microsoft Defender Threat Intelligence (MDTI), previously known as RiskIQ brings threat Intelligence data together from multiple sources. With Micr...

Read Article →

Endpoint Privilege Management and the Device Health Monitoring Reports: Quantumania

May 02, 2023 by rudyooms

epm intune

This blog will be small and simple, but it will be about me looking at how the Endpoint Privilege Management reports will be delivered to Intune. O...

Read Article →

How to disable Automapping for a shared mailbox in Outlook for Office 365?

May 02, 2023 by Michael Morten Sonne

exchange-online outlook

Last Updated on March 14, 2024 by Michael Morten Sonne If you are like me, you probably use… The post How to disable Automapping for a shared...

Read Article →

The War of the Endpoint Privilege Management Enrollment

May 02, 2023 by rudyooms

epm mmpc

This blog will show you how to “Kickstart” your Declared Configuration enrollment on your own turf when the EPM agent is not being depl...

Read Article →

Block C2 communication with Defender for Endpoint

May 01, 2023 by Jeffrey Appel

security defender-for-endpoint

Human-operated ransomware (HumOR) is growing and needs different layers of protection. Microsoft released some new features to protect against C2 c...

Read Article →

Intune - Microsoft Tunnel VPN Gateway

May 01, 2023 by Nathan McNulty

intune

Note This article was last updated on 01/30/2025 for readability and updated URLs. I am working on updating this for the UI changes that have been ...

Read Article →

Configure Exchange Online Certificate Based Authentication for unattended scripts

April 30, 2023 by Michael Morten Sonne

automation exchange-online powershell security

Last Updated on March 14, 2024 by Michael Morten Sonne How to schedule an Exchange Online PowerShell script… The post Configure Exchange Onli...

Read Article →

How to use Windows LAPS – PowerShell

April 29, 2023 by Michael Morten Sonne

intune powershell security windows

Last Updated on June 19, 2023 by Michael Morten Sonne Intoduction This is in relation to my last… The post How to use Windows LAPS – PowerShe...

Read Article →

I Killed My Endpoint Privilege Management Enrollment, Hung Her on a Meathook, and Now I Have a Three Picture Deal at MMP-C

April 29, 2023 by rudyooms

epm intune mmpc windc declaredconfiguration

This blog will be just me looking at the delivery of the EPMagent in my own troubleshooting style. While doing so, I got focused on something even ...

Read Article →

Find Active Directory accounts configured to use DES and RC4 Kerberos encryption (is insecure!)

April 28, 2023 by Michael Morten Sonne

active-directory powershell security

Last Updated on March 14, 2024 by Michael Morten Sonne While DES has long been considered insecure, CVE-2022-37966… The post Find Active Dire...

Read Article →

Microsoft 365: What is and how to set up “Idle session timeout”?

April 27, 2023 by Michael Morten Sonne

entra-id identity security

Last Updated on March 14, 2024 by Michael Morten Sonne Microsoft has finally implemented the feature “Idle session… The post Microsoft 365: W...

Read Article →

The Microsoft Defender for Office 365 Recommended Configuration Analyzer (ORCA)

April 23, 2023 by Michael Morten Sonne

compliance cool-tools powershell script security

Last Updated on March 14, 2024 by Michael Morten Sonne Introduction ORCA is a report that you can… The post The Microsoft Defender for Office...

Read Article →

Windows LAPS and management through Microsoft Intune

April 23, 2023 by Michael Morten Sonne

active-directory entra-id identity intune security

Last Updated on June 19, 2023 by Michael Morten Sonne What is Windows LAPS Exciting News! New Built-in LAPS… The post Windows LAPS and m...

Read Article →

Azure Automation - Device Cleanup v2

April 22, 2023 by Nathan McNulty

azure

Note This article was last updated on 01/30/2025 for readability and updated URLs. We no longer need to manually load modules as shown, and this ar...

Read Article →

Self Service Password Reset write-back problem – error hr=80230818

April 22, 2023 by Michael Morten Sonne

active-directory entra-id kb windows-server

Last Updated on March 14, 2024 by Michael Morten Sonne This is a knowledgebase item. Hope it helps… The post Self Service Password Reset writ...

Read Article →

Securing your Azure/Microsoft 365 environment with Principle of Least Privilege and Azure PIM

April 20, 2023 by Michael Morten Sonne

entra-id identity security

Last Updated on July 9, 2023 by Michael Morten Sonne Secure your Azure environment with the power of… The post Securing your Azure/Microsoft ...

Read Article →

Are You There Intune? It’s Me, Health Attestation Certificate

April 19, 2023 by rudyooms

attestation-and-compliance-series attestation compliance

A Compliant device, I want myself to have a working Intune enrolled compliant device!!!! Nothing more! Just a compliant device! In this blog, I wil...

Read Article →

Unleash the power of Defender for Servers Plan 2: File integrity monitoring – Part 1

April 19, 2023 by Thomas Verheyden

defender-for-cloud advanced-protection-features-series defender-for-servers

Intro Welcome to part 1 of the blog series about enhanced protection features available in Defender for Servers Plan 2. Part 1 will be about  ...

Read Article →

Configure Azure AD Connect Health email notifications to continue to receive notifications when synchronization errors occur in Azure AD Connect

April 08, 2023 by Michael Morten Sonne

active-directory entra-id entra-id-connect identity

Why is this needed? Admins who are using Azure AD Connect are currently receiving email notifications when there… The post Configure Azure AD...

Read Article →

AzLogDcrIngestPS – how to do data manipulation before sending data via Azure Pipeline, Log ingestion API & Azure Data Collection Rules into Azure LogAnalytics ?

April 07, 2023 by Morten Knudsen

azure-data-collection-rules azure-data-ingestion-pipeline azure-log-ingestion-api azure-loganalytics azure-logging

If you are sending data using HTTP Data Collector API (REST) today, you should continue reading, as this API will ... Read more

Read Article →

AzLogDcrIngestPS – tips & tricks sending data via Azure Pipeline, Azure Log Ingestion API, Azure Data Collections into Azure LogAnalytics

April 07, 2023 by Morten Knudsen

azlogdcringestps azure azure-data-collection-rules azure-data-ingestion-pipeline azure-log-ingestion-api

If you are sending data using HTTP Data Collector API (REST) today, you should continue reading, as this API will ... Read more

Read Article →

Unleash the power of Defender for Servers Plan 2: The Intro – Part 0

April 07, 2023 by Thomas Verheyden

defender-for-cloud advanced-protection-features-series defender-for-servers

Introduction I decided to start a blog series about the Advanced protection features which are included in the Defender for Servers Plan 2 provided...

Read Article →

Microsoft Defender for Cloud– The ultimate blog series (Intro) – P0

April 06, 2023 by Jeffrey Appel

security defender-for-cloud mdc-series

Microsoft Defender for Cloud is a cloud-native application protection platform (CNAPP). Defender for Cloud contains a large set of features and cap...

Read Article →

Block “vulnerable/unwanted” applications with Defender for Endpoint and Vulnerability Management

April 05, 2023 by Jeffrey Appel

security defender-for-endpoint

In all environments, reducing the vulnerability surface and getting insights into the vulnerable applications are recommended and important. Micros...

Read Article →

Deploy Microsoft Teams on Azure Virtual Desktop using Intune

April 05, 2023 by Nathan Hutchinson

azure-virtual-desktop microsoft-teams

Deploy Microsoft Teams to Azure Virtual Desktop using Intune.

Read Article →

Intune - Discover Defender AV exclusions using Proactive Remediation

April 05, 2023 by Nathan McNulty

defender intune

Note This article was last updated on 01/30/2025 for readability and updated URLs. I am working on updating this for the UI changes that have been ...

Read Article →

Microsoft Defender for Identity Deployment Guide

April 04, 2023 by Nathan Hutchinson

deployment-guides defender-for-identity

Deployment guide for Microsoft Defender for Identity.

Read Article →

Intune - Block mounting of ISO files

April 03, 2023 by Nathan McNulty

intune

Note This article was last updated on 01/30/2025 for readability and updated URLs

Read Article →

“AnyConnector” AzLogDcrIngestPS – your helper to send data via Azure Pipeline, Azure Log Ingestion API & Azure Data Collection Rules into Azure LogAnalytics table

April 02, 2023 by Morten Knudsen

ama azure azure-arc azure-data-collection-rules azure-data-ingestion-pipeline

If you are sending data using HTTP Data Collector API (REST) today, you should continue reading, as this API will ... Read more

Read Article →

ClientInspector – a cool showcase to demonstrate Log ingestion API, Azure Log Ingestion Pipeline, Azure Data Collection Rules and my new Powershell module AzLogDcrIngestPS

April 02, 2023 by Morten Knudsen

ama azure azure-arc azure-data-collection-rules azure-data-ingestion-pipeline

Are you in control? – or are some of your core infrastructure processes like patching, antivirus, bitlocker enablement driftin...

Read Article →

Collecting CEF Syslogs using Azure Monitor Agent

April 02, 2023 by Morten Knudsen

ama azure azure-arc azure-data-collection-rules azure-data-ingestion-pipeline

This blog will give you insight on how to setup collection of syslogs (CEF) using Linux forwader server using Azure ... Read more

Read Article →

Collecting IIS logs using Azure Monitor Agent

April 02, 2023 by Morten Knudsen

ama azure azure-arc azure-data-collection-rules azure-data-ingestion-pipeline

This blog will give you insight on how to setup collection of IIS logs from Windows devices using Azure Monitor ... Read more

Read Article →

Collecting Performance data using Azure Monitor Agent, VMInsights and ServiceMap

April 02, 2023 by Morten Knudsen

ama azure azure-arc azure-data-collection-rules azure-data-ingestion-pipeline

This blog will give you insight on how to setup collection of Performance and ServiceMap information from Linux and Windows ... Read more

Read Article →

Collecting Security events using Azure Monitor Agent

April 02, 2023 by Morten Knudsen

ama azure azure-arc azure-data-collection-rules azure-data-ingestion-pipeline

This blog will give you insight on how to setup collection of Security Events (eventlog) from Windows devices using Azure ... Read more

Read Article →

Collecting Syslogs using Azure Monitor Agent

April 02, 2023 by Morten Knudsen

ama azure azure-arc azure-data-collection-rules azure-data-ingestion-pipeline

This blog will give you insight on how to setup collection of syslogs using Linux forwader server using Azure Monitor ... Read more

Read Article →

Collecting System & Application events using Azure Monitor Agent

April 02, 2023 by Morten Knudsen

ama azure azure-arc azure-data-collection-rules azure-data-ingestion-pipeline

This blog will give you insight on how to setup collection of System & Application Events (eventlog) from Windows devices ... Read more

Read Article →

Collecting text logs using Azure Monitor Agent

April 02, 2023 by Morten Knudsen

ama azure azure-arc azure-data-collection-rules azure-data-ingestion-pipeline

This blog will give you insight on how to setup collection of text logs from Linux and Windows devices using ... Read more

Read Article →

How to do data transformation using Workspace transformation for legacy upload methods

April 02, 2023 by Morten Knudsen

ama azure azure-arc azure-data-collection-rules azure-data-ingestion-pipeline

This blog will demonstrate how you can do workspace transformation to support legacy data transformation where data is being uploaded ... Read more

Read Article →

Master Azure Logging in depth

April 02, 2023 by Morten Knudsen

ama azure azure-arc azure-data-collection-rules azure-data-ingestion-pipeline

I am really passioned about the logging capabilities in M365 Defender and Azure with the power to bring data back from cli...

Read Article →

Tutorial – How to make data transformations using Data Collection Rules?

April 02, 2023 by Morten Knudsen

ama azure azure-arc azure-data-collection-rules azure-data-ingestion-pipeline

This section will show you the steps for setting up data transformations – and how you can do the transformation ... Read more

Read Article →

Understanding Azure Data Collection Endpoint

April 02, 2023 by Morten Knudsen

ama azure azure-arc azure-data-collection-rules azure-data-ingestion-pipeline

Azure Data Collection Endpoint (DCE) provide a connection for certain data sources of Azure Monitor. This article gives you an ... Read more

Read Article →

Understanding Azure logging capabilities in depth

April 02, 2023 by Morten Knudsen

ama azure azure-arc azure-data-collection-rules azure-data-ingestion-pipeline

Azure includes lots of great technologies, which can be used for logging purpose. Currently, Microsoft is transitioning from v1-method (MMA) ... Re...

Read Article →

Understanding the fundamentals of log-collection with Azure Monitor Agent & Azure Data Collection Rules

April 02, 2023 by Morten Knudsen

ama azure azure-arc azure-data-collection-rules azure-data-ingestion-pipeline

This blog will take you “under the hood” of extensions, Azure Monitor Agent (AMA) and Azure Data Collection Rules for ... Read more

Read Article →

AWS - Integrating PIM with Azure AD SSO for AWS Single-Account Access

April 01, 2023 by Nathan McNulty

azure entra-id

Note This article was last updated on 01/30/2025 for readability and updated URLs

Read Article →

Welcome!

April 01, 2023 by Michael Morten Sonne

general

Last Updated on April 15, 2023 by Michael Morten Sonne Welcome to My New Blog! Hey there! If… The post Welcome! first appeared on Blog - Sonn...

Read Article →

AWS - Integrating PIM with Azure AD SSO for AWS IAM Identity Center

March 30, 2023 by Nathan McNulty

azure entra-id identity

Note This article was last updated on 01/30/2025 for readability and updated URLs

Read Article →

Triangle of TPM Attestation Sadness

March 29, 2023 by rudyooms

autopilot intune

This small blog will be about the errors 0x81039001 and 0x80190190 you could get when enrolling your device with Autopilot (Self Deploying or Pre-P...

Read Article →

Tutorial: Change the workspace destination of your already provisioned Data Collection Rule used by the Azure Monitoring Agent

March 27, 2023 by Thomas Verheyden

defender-for-cloud azure-monitoring-agent data-collection-rule

Intro This post is inspired on different setups I saw while working with my clients. More and more clients are leveraging the Azure Monitoring Agen...

Read Article →

Mapping MDE and Windows Security Events overlap

March 25, 2023 by Robbe Van den Daele

security

Warning We ‘archived’ this blogpost during a migration from the old HybridBrothers website framework to the new one, since it is more t...

Read Article →

Abuse and Detection of M365D Live Response for privilege escalation on Control Plane (Tier0) assets

March 19, 2023 by Thomas Naunheim

entra-id entra-id privilegediam defender-xdr

Live Response in Microsoft 365 Defender can be used to execute PowerShell scripts on protected devices for advanced incident investigation. But it ...

Read Article →

Don’t Tell Mom the Pre-Provisioned Autopilot device is Compliant.

March 15, 2023 by rudyooms

autopilot

When using Autopilot for pre-provisioned deployments, you might encounter non-compliant devices that have yet to be evaluated. This blog will expla...

Read Article →

Authenticator Lite – Approve Azure MFA prompts with the Outlook app

March 14, 2023 by Jan Bakker

entra-id security

Check out this article via web browser: Authenticator Lite – Approve Azure MFA prompts with the Outlook app Microsoft released a new feature ...

Read Article →

Azure - Securing Subscriptions

March 09, 2023 by Nathan McNulty

azure

Note This article was last updated on 01/30/2025 for readability and updated URLs

Read Article →

The Yin-Yang Store Apps: VPN of Eternity

March 08, 2023 by rudyooms

intune

This blog will show you how I started troubleshooting an issue in which Microsoft Store Apps failed to install. I will guide you through the PowerS...

Read Article →

System-preferred multifactor authentication in Azure AD. Don’t settle for less.

March 03, 2023 by Jan Bakker

entra-id security

Check out this article via web browser: System-preferred multifactor authentication in Azure AD. Don’t settle for less. A new feature has pop...

Read Article →

Microsoft Defender SmartScreen – how to use SmartScreen and Phishing protection

March 02, 2023 by Jeffrey Appel

security defender-for-endpoint

Microsoft Defender SmartScreen is available in various Microsoft products and adds an extra/first layer/filter of protection. The core component of...

Read Article →

Are Proactive Remediations run during Autopilot?

March 01, 2023 by rudyooms

autopilot proactive-remediations

This blog takes a closer look at if—and how Remediations (former name ProActive Remediations) are executed during the Enrollment Status Page (ESP),...

Read Article →

Deploy Microsoft Defender for Endpoint on iOS using Intune/MEM

February 22, 2023 by Jeffrey Appel

security defender-for-endpoint defender-for-endpoint-ios

Microsoft Defender for Endpoint is available for multiple platforms including Windows, macOS, and Linux. For mobile platforms Defender for Endpoint...

Read Article →

Only Autopilot WhiteGlove in the Building

February 22, 2023 by rudyooms

autopilot

This blog focuses on Windows Autopilot, specifically taking a closer look at the 'Allow Autopilot Pre-Provisioning' option in your Windows Autopilo...

Read Article →

Azure AD Conditional Access authentication context now also available for Azure AD Privileged Identity Management

February 20, 2023 by Kenneth Van Surksum

entra-id privileged-identity-management authentication-context authentication-strength conditional-access

Microsoft has extended the capabilities of Azure AD authentication context to Azure AD Privileged Identity Management (PIM). By doing this we can t...

Read Article →

Duplicate Azure Active Directory Conditional Access policies

February 20, 2023 by Jan Bakker

entra-id security

Check out this article via web browser: Duplicate Azure Active Directory Conditional Access policies In this post, we look at managing Conditional ...

Read Article →

[Feb 2023] Ultimate Comparison of Defender for Endpoint Features by OS

February 19, 2023 by Ru Campbell

defender-xdr defender-xdr atp azure-security-center defender

Microsoft Defender for Endpoint (MDE) is a massive stack of endpoint protection and endpoint detection and response (EDR) capabilities. It integrat...

Read Article →

How MSA Tickets are used during Autopilot

February 15, 2023 by rudyooms

autopilot

In this blog, I will show you how important MSA Tickets are. These tickets are of utmost importance when the device needs to authenticate a Microso...

Read Article →

Azure Arc - Onboarding Servers with Group Policy

February 14, 2023 by Nathan McNulty

azure

Note This article was last updated on 01/30/2025 for readability and updated URLs

Read Article →

Microsoft Defender for Endpoint series – Tips and tricks/ common mistakes – Part10

February 14, 2023 by Jeffrey Appel

security defender-for-endpoint mde-series

It is time for part 10 of the Microsoft Defender for Endpoint (MDE) series. The final part of the series. Part 10 is focussed on tips and tricks ar...

Read Article →

Deploy sentinel analytic rules with bicep and PowerShell

February 09, 2023 by Robbe Van den Daele

sentinel

Warning We ‘archived’ this blogpost during a migration from the old HybridBrothers website framework to the new one, since it is more t...

Read Article →

Microsoft Defender for Endpoint series – Automation via Logic Apps and Sentinel – Part9

February 08, 2023 by Jeffrey Appel

security defender-for-endpoint mde-series

It is time for part 9 of the Microsoft Defender for Endpoint (MDE) series. Part 9 is focused on the automation part of Defender for Endpoint with t...

Read Article →

Orphaned Azure Security Principals Clean-up & Azure Policy Managed Identity Role Assignment Automation

February 06, 2023 by Morten Knudsen

azure azure-security defender-for-cloud scripting automation

This blog covers 2 topics : (1) how you can automate clean-up of any orphaned security principal role assignments – ... Read more

Read Article →

Getting started with Azure AD cross-tenant synchronisation

February 05, 2023 by Nathan Hutchinson

entra-id conditional-access microsoft-teams

Cross tenant sync is a feature I've been waiting to see for a while and with the announcement of cross tenant access settings, I knew it...

Read Article →

Automate Reporting of Defender for Cloud recommendations & Role Assignments with 35 different views

February 01, 2023 by Morten Knudsen

azure azure-security defender-for-cloud scripting defender

Background Recently, I was asked to build a simple reporting-script, which integrates data from Microsoft Defender for Cloud and Azure ... Read more

Read Article →

Block the automated onboarding of Defender for Endpoint without disabling the integration in Defender for Cloud:

February 01, 2023 by Thomas Verheyden

defender-for-cloud defender-for-endpoint

You can find my previous blog posts on my medium site. Block the automated onboarding of mde without disabling the mde integration: https://medium....

Read Article →

Azure Automation - Advanced Auditing

January 29, 2023 by Nathan McNulty

azure

Note This article was last updated on 01/27/2025 for readability and updated URLs, and the content itself will be updated in the near future :)

Read Article →

Ghost blogging on Azure Container Apps

January 29, 2023 by Robbe Van den Daele

azure

Introduction Hosting a blog these days can easily be done without having to cost anything. There are a lot of solutions in the likes of Medium, Wee...

Read Article →

Deploy Sysmon and collect additional data with Sentinel and the AMA agent

January 26, 2023 by Jeffrey Appel

security sentinel sysmon

System Monitor (Sysmon) is one of the most common add-ons for Windows logging. With Sysmon, you can detect malicious activity by tracking code beha...

Read Article →

Microsoft Defender for Endpoint series – Advanced hunting and custom detections – Part8

January 23, 2023 by Jeffrey Appel

security defender-for-endpoint mde-series

It is time for part 8 of the Microsoft Defender for Endpoint (MDE) series. Part 8 is focused on the hunting experience in Microsoft 365 Defender. T...

Read Article →

Lab - Server Build

January 22, 2023 by Nathan McNulty

security

Back in May of last year, I started building a new server and had planned to fully share the process of putting it together, setting up the OS, tem...

Read Article →

Using transport rules as a security tool

January 21, 2023 by Nathan McNulty

security

Note Unfortunately, the images from this article were never able to be recovered, and it is unlikely I will be able to recreate them. Email securit...

Read Article →

Something Went Wrong – Fury of the Gods

January 17, 2023 by rudyooms

autopilot intune

This blog will be about me troubleshooting the “Something Went Wrong” error you could get during the Account Enrollment Status Page when enrolling ...

Read Article →

How to implement a gradual (ring) rollout-process for Microsoft Defender updates

January 15, 2023 by Morten Knudsen

defender-for-endpoint microsoft-defender-antivirus antivirus defender defender-for-endpoint

It is important to ensure that your security posture systems are up-to-date to be able to prevent attacks. Microsoft Defender ... Read more

Read Article →

How to save $$$ by storing your Syslog and Defender for Endpoint long-term logs in Azure Data Explorer cluster using Azure Data Factory and Azure Storage Account export – while keeping Kusto query functionalities ?

January 12, 2023 by Morten Knudsen

azure-loganalytics defender-for-endpoint sentinel adf adx

This blog is about keeping long-term Sentinel logs, giving you insight to the options today – with great opportunities to ... Read more

Read Article →

Microsoft Defender for Endpoint series – integrations with other products – Part7

January 12, 2023 by Jeffrey Appel

security defender-for-endpoint mde-series

It is time for part 7 of the Microsoft Defender for Endpoint (MDE) series. All previous parts were focused on Defender for Endpoint and additional ...

Read Article →

The School for Autopilot and DeviceAddRequest

January 11, 2023 by rudyooms

autopilot windows-10

In this blog, I will focus a bit more on what Windows Autopilot is and what it is built upon. To explain the building blocks of Windows Autopilot, ...

Read Article →

Sentinel Alert Rules Management with Add / Update / Remove & Alert Rule Action automation

January 09, 2023 by Morten Knudsen

azure sentinel alert-rules create manage

Do you want to automate alert rules including creating new alert rules and update existing – with checks every x ... Read more

Read Article →

OfflineDeviceID, Multiverse of Madness

January 04, 2023 by rudyooms

autopilot

The first blog of 2023 will be about me staring, gazing, and trying to explain the funny parts of the OfflineDeviceID. While trying to explain, I w...

Read Article →

Microsoft Defender for Endpoint series – Validate Defender protection and additional troubleshooting – Part6

January 03, 2023 by Jeffrey Appel

security defender-for-endpoint mde-series

It is time for part 6 of the Microsoft Defender for Endpoint (MDE) series. All previous parts were focused on onboarding and configuration and Micr...

Read Article →

Mailbox usage reports, Graph API, and Logic Apps. What’s not to like?

December 29, 2022 by Jan Bakker

logic-apps

Check out this article via web browser: Mailbox usage reports, Graph API, and Logic Apps. What’s not to like? Exchange Online does a pretty g...

Read Article →

Real example with 43% cost savings on Sentinel log-costs: How to exclude Syslog log-events from banned IPs using AbuseIPDB-service with integration to firewalls

December 29, 2022 by Morten Knudsen

azure azure-loganalytics azure-security sentinel cost

This is a real-life example of how I helped reduce the log-cost by 43% for LogAnalytics & Sentinel combined for ... Read more

Read Article →

Microsoft Defender Antivirus Performance Analyzer – understand which files, file extensions, or processes that might be causing performance issues on endpoints during antivirus realtime protection scans

December 28, 2022 by Morten Knudsen

m365-security microsoft-defender-antivirus av analyze antivirus

Have you ever wondered what is causing your ‘Antimalware service executable’ (Defender Antivirus) to spike the CPU for longer times? .....

Read Article →

How to do a Password Audit of your Active Directory passwords using DSInternals?

December 27, 2022 by Morten Knudsen

active-directory defender-for-identity m365-security password-audit active-directory

Great job Michael Grafnetter Initially, I would like to thank the author of DSInternals, Microsoft MVP Michael Grafnetter, for creating ... Read more

Read Article →

How to run custom scripts on thousands of servers within a few minutes using Azure Custom Scripts extension and multithreaded jobs – and have them re-run daily?

December 27, 2022 by Morten Knudsen

azure azure-arc azure-extensions scripting automation

Have you ever had a need to collect vital configuration status (inventory) from thousands of servers – with a defined ... Read more

Read Article →

How to migrate from Qualys and enable Microsoft Defender Vulnerability Management (MdeTvm) in Microsoft Defender for Cloud?

December 24, 2022 by Morten Knudsen

azure azure-security defender-for-cloud defender-for-endpoint m365-security

Microsoft’s Defender Vulnerability Management is a built-in module in Microsoft Defender for Endpoint that can: If you’ve enabled ...

Read Article →

How to detect File Deletions using Audit-data (SecurityEvent) & Azure LogAnalytics ?

December 23, 2022 by Morten Knudsen

azure azure-loganalytics azure-security audit delete

Recently I was asked to provide a solution to detect file deletions on a file server in a sensitive folder ... Read more

Read Article →

How to detect impacted files by Controlled Folder Access and Attack Surface Reduction rules using Advanced Hunting queries ?

December 23, 2022 by Morten Knudsen

defender-for-endpoint m365-security asr attack-surface-reduction cfa

CONTROLLED FOLDER ACCESS RULES ControlledFolderAccess – All excluding Temp ControlledFolderAccess – Only Temp ATTACK SURFACE REDUCTION ...

Read Article →

How to do data transformation with Azure LogAnalytics – to enrich information, optimize cost, remove sensitive data?

December 23, 2022 by Morten Knudsen

azure azure-loganalytics azure-security sentinel ama

One of the cool features in Azure LogAnalytics is the capability to do data-transformation before the data enters your LogAnalytics ... Read more

Read Article →

How to manually remove a malfunctioning MDI sensor, which cannot be removed through add/remove programs?

December 23, 2022 by Morten Knudsen

defender-for-identity m365-security cleanup defender-for-identity mdi

Microsoft Defender for Identity (MDI) has a built-in process that handles continues updates. I had a situation, where this process ... Read more

Read Article →

Meet me in Microsoft Security Insights Show Episode 132 – Security Private Preview MVPs!

December 23, 2022 by Morten Knudsen

community cloud cloud-security-private-preview nda private-preview

On December 14, I had the pleasure of participating in a live show, Microsoft Security Insights Show. The topic was ... Read more

Read Article →

Break glass accounts and Azure AD Security Defaults

December 21, 2022 by Jan Bakker

entra-id security

Check out this article via web browser: Break glass accounts and Azure AD Security Defaults Security Defaults is the best thing since sliced bread....

Read Article →

The Kid Who Would Remediate Hardware Data

December 20, 2022 by rudyooms

autopilot

In this blog, I will examine the Autopilot Hardware Mismatch Remediation Data thoroughly. Please note: I will make many assumptions and guesses abo...

Read Article →

Securing privileged user access with Azure AD Conditional Access and Identity Governance

December 19, 2022 by Thomas Naunheim

entra-id entra-id privilegediam identity-governance

Conditional Access and Entitlement Management plays an essential role to apply Zero Trust principles of “Verify explicitly“ and “Use least-privileg...

Read Article →

December 2022 update of the conditional access demystified whitepaper and workflow cheat sheet.

December 15, 2022 by Kenneth Van Surksum

entra-id conditional-access intune microsoft-endpoint-manager modern-workplace

I’m proud to announce the December 2022 update of my Conditional Access demystified whitepaper. With this release, we have reached the fifth ...

Read Article →

Step by Step: How Windows Retrieves the Autopilot Profile

December 13, 2022 by rudyooms

autopilot intune intune token

This blog shows how a Windows device retrieves its Autopilot profile from the ztd.dds.microsoft.com service during OOBE. More importantly, we’ll se...

Read Article →

Secret Society of Second-Born DesktopAppInstaller CSP’s

December 06, 2022 by rudyooms

intune

This blog will be an additional part of the blog I wrote about my experiences when deploying UWP /Store Apps with the New store App functionality i...

Read Article →

Hotel Microsoft Store Apps: Transformania

December 05, 2022 by rudyooms

autopilot intune

This blog will show my experiences with Intune’s new Microsoft Store App functionality. I wanted to publish the next part of my Autopilot ser...

Read Article →

How to manage your Microsoft Edge Enterprise Cloud Site List like a boss

December 01, 2022 by Nathan Hutchinson

intune

In this article I describe how to enable IE mode on your Intune enabled devices and how you can easily manage a corporate site list!

Read Article →

Windows Autopilot and the Autopilot_Marker

November 30, 2022 by rudyooms

autopilot

This new blog will be about me (again) dealing with some issues while enrolling a device with Autopilot. While trying to re-enroll the same device ...

Read Article →

Conditional Access public preview functionality reviewed (22H2) – Part 3: Granular control for external user types

November 25, 2022 by Kenneth Van Surksum

entra-id conditional-access security

In the last couple of months, Microsoft released new functionality for Azure AD Conditional Access. All of this functionality is still in public pr...

Read Article →

All quiet on the Intune Detection Rules

November 23, 2022 by rudyooms

intune

This blog will not be a deep dive into a weird issue but will be more like an explanation of when you want to silently install and uninstall a Win3...

Read Article →

Conditional Access public preview functionality reviewed (22H2) – Part 2: Conditional Access filters for Apps and Workload Identities

November 23, 2022 by Kenneth Van Surksum

entra-id conditional-access security filters

In the last couple of months, Microsoft released new functionality for Azure AD Conditional Access. All of this functionality is still in public pr...

Read Article →

Operationalizing MITRE ATT&CK to support Microsoft Sentinel deployments and detections

November 22, 2022 by Robbe Van den Daele

sentinel

Warning We ‘archived’ this blogpost during a migration from the old HybridBrothers website framework to the new one, since it is more t...

Read Article →

Conditional Access public preview functionality reviewed (22H2) – Part 1: Authentication Strength

November 21, 2022 by Kenneth Van Surksum

entra-id conditional-access security authentication-strength azure-active-directory

In the last couple of months, Microsoft released new functionality for Azure AD Conditional Access. All of this functionality is still in public pr...

Read Article →

Microsoft Defender for Endpoint series – Defender Vulnerability Management – Part5

November 21, 2022 by Jeffrey Appel

security defender-for-endpoint mde-series

It is time for part 5 of the Microsoft Defender for Endpoint (MDE) series. All previous parts were focused on the Defender for Endpoint onboarding ...

Read Article →

Goodbye legacy SSPR and MFA settings. Hello Authentication Methods Policies!

November 18, 2022 by Jan Bakker

entra-id security

Check out this article via web browser: Goodbye legacy SSPR and MFA settings. Hello Authentication Methods Policies! I’ve got some exciting n...

Read Article →

Microsoft Store the Movie: Hoopa and the Clash of Winget

November 16, 2022 by rudyooms

intune

This blog will show you my first experiences dealing with Winget and installing Store Apps from the Microsoft Store as a regular user. I will try t...

Read Article →

Automated Lifecycle Workflows for Privileged Identities with Azure AD Identity Governance

November 14, 2022 by Thomas Naunheim

entra-id entra-id privilegediam identity-governance

Microsoft has been released a feature to automate on- and off-boarding tasks for Azure AD accounts. Lifecycle workflows offers built-in workflow te...

Read Article →

Intune - Using Access Packages to Enable User Device Enrollment

November 14, 2022 by Nathan McNulty

intune

Note This article was last updated on 01/27/2025 for readability and updated URLs, but content review and image updates are in process :)

Read Article →

Synchronize attributes for Lifecycle workflows – Azure AD Connect Sync

November 14, 2022 by Jan Bakker

entra-id

Check out this article via web browser: Synchronize attributes for Lifecycle workflows – Azure AD Connect Sync Azure AD Lifecycle Workflows c...

Read Article →

Defender for Endpoint - Implementing ASR Rules

November 09, 2022 by Nathan McNulty

defender

Note This article was last updated on 01/27/2025 for readability and updated URLs, but content review is in process. New guidance is to enable the ...

Read Article →

Autopilot: Convert your devices!

November 08, 2022 by rudyooms

autopilot

This blog will be about an old Autopilot feature called “Convert All targeted devices to Autopilot”. I dedicated a small blog to this wonderful fea...

Read Article →

Microsoft Defender for Endpoint series – Attack Surface reduction and additional protection – Part4B

November 08, 2022 by Jeffrey Appel

security defender-for-endpoint mde-series

It is time for part 4B of the ultimate Microsoft Defender for Endpoint (MDE) series. Part 4A explains the AV policy baseline. Now it is time f...

Read Article →

The Device With A Clock In Its Service

November 03, 2022 by rudyooms

intune intune

This blog will be about (yes… again) an Intune sync issue. After we took over management of a Microsoft Tenant from a new customer, we notice...

Read Article →

Which data connector and activity is free in Microsoft Sentinel?

November 03, 2022 by Jeffrey Appel

security sentinel

After the initial onboarding of Microsoft Sentinel, connectors can be used for ingesting data. Microsoft invested in pre-build connectors which can...

Read Article →

Microsoft Defender for Endpoint series – Define the AV policy baseline – Part4A

November 01, 2022 by Jeffrey Appel

security defender-for-endpoint mde-series

It is time for part 4A of the ultimate Microsoft Defender for Endpoint (MDE) series. Part 4 explains the AV/ next-generation protection component. ...

Read Article →

Microsoft Defender for Endpoint series – Configure AV/ next-generation protection – Part4

October 26, 2022 by Jeffrey Appel

security defender-for-endpoint mde-series

It is time for part 4 of the ultimate Microsoft Defender for Endpoint (MDE) series. All previous parts were focused on the initial Defender for End...

Read Article →

The school for ADMX upload and Evil

October 26, 2022 by rudyooms

intune

In this blog, I will summarize some of the ADMX/ADML upload errors I got while playing around with them. Of course, I will also try to show you wha...

Read Article →

ADMX: When Nature Calls

October 19, 2022 by rudyooms

intune intune namespace

Today, I wrote a simple blog that will be about troubleshooting one of the ADMX upload (file referenced not found) error you could endure when uplo...

Read Article →

Intune Sync Debug Tool: The Last Royal Treasure

October 18, 2022 by rudyooms

device-enrollment intune powershell

This blog will be about me showing and explaining the Intune Sync Debug PowerShell tool I wrote to fix those damn Intune MDM device CA certificate ...

Read Article →

How to use Microsoft Defender EASM (External Attack Surface Management)

October 13, 2022 by Jeffrey Appel

security defender-easm

Microsoft released a new product with the name; Microsoft Defender EASM (External Attack Surface Management). The new product is based on the earli...

Read Article →

Fullmetal Certificate: The Intune Revenge of Renewal

October 11, 2022 by rudyooms

intune

This blog will be about me looking at the Intune Device Certificate renewal process and what happens behind the curtains 1. Introduction I guess we...

Read Article →

How to keep track of changes on Microsoft Docs & Learn?

October 09, 2022 by Jan Bakker

entra-id logic-apps

Check out this article via web browser: How to keep track of changes on Microsoft Docs & Learn? When working with cloud services like Microsof...

Read Article →

Setting up Azure MFA for VPN and Remote Desktop Gateway

October 07, 2022 by Nathan Hutchinson

entra-id

This article will go into detail on how to configure Azure MFA for access to on-premises VPN and RD Gateway.

Read Article →

The road to Microsoft MVP and beyond

October 05, 2022 by Jan Bakker

entra-id

Check out this article via web browser: The road to Microsoft MVP and beyond Today, a slightly different post. I think it’s time to step away...

Read Article →

Convert Registry Settings to ADMX

October 04, 2022 by rudyooms

intune

This blog is going to show you how to create custom ADMX templates within a couple of minutes to deploy some HKEY_CURRENT_USER settings to your Int...

Read Article →

How to implement Defender for Identity and configure all prerequisites

October 04, 2022 by Jeffrey Appel

security defender-for-identity

Microsoft Defender for Identity MDI (previously called Azure Advanced Threat Protection or Azure ATP) is a Microsoft security solution that capture...

Read Article →

Automate issuing Temporary Access Pass for joiners with LifeCycle Workflows

October 03, 2022 by Jan Bakker

entra-id logic-apps

Check out this article via web browser: Automate issuing Temporary Access Pass for joiners with LifeCycle Workflows On September 30th, 2022, Pim Ja...

Read Article →

Speaking about Mobile Application Management at the AppManagEvent 2022 on October 7 in Utrecht

October 03, 2022 by Kenneth Van Surksum

events intune microsoft-endpoint-manager speaking

On October 7, 2022 the AppManagEvent will be organized in the Media Plaza, Jaarbeurs Utrecht. The AppManagEvent is an initiative from PDS b.v. in t...

Read Article →

Microsoft Defender for Endpoint series – Onboard using Configuration Manager/ GPO – Part3D

September 27, 2022 by Jeffrey Appel

security defender-for-endpoint mde-series

It is time for part 3D of the ultimate Microsoft Defender for Endpoint (MDE) series. After Part 3C (Onboard Defender for Endpoint using Azure Arc) ...

Read Article →

The Man Who Knew Autopilot

September 27, 2022 by rudyooms

autopilot intune

In this new blog, I will discuss a big Windows Autopilot misunderstanding. I will try to explain and convince you why blaming Autopilot is not alwa...

Read Article →

Speaking about Conditional Access at Experts Live Netherlands 2022 on September 30 in Den Bosch

September 26, 2022 by Kenneth Van Surksum

entra-id conditional-access events speaking

Besides helping organizing Experts Live NL 2022 in my role as speaker manager together with Erik Loef, I’m also happy to announce that I will...

Read Article →

Deploying winget apps with Microsoft Endpoint Manager and auto-update!

September 25, 2022 by Nathan Hutchinson

intune

A brief overview on how you can deploy applications using winget in Microsoft Intune and even keep them updated!

Read Article →

How to mitigate MFA fatigue and learn from the Uber breach for additional protection

September 22, 2022 by Jeffrey Appel

security entra-id azure-ad-identity-protection

Hackers are more frequently using social engineering attacks to gain access to corporate credentials and breach large networks. With the rise of mo...

Read Article →

Autopilot & Pre-Provisioning’s Infinite Play…uh…Waiting list

September 21, 2022 by rudyooms

autopilot powershell

This blog will show how a broken PowerShell script could cause a 30-minute delay in your Enrollment Status Page (ESP) when enrolling a device with ...

Read Article →

KB – Write requests (excluding DELETE) must contain the Content-Type header declaration.

September 21, 2022 by Jan Bakker

knowledgebase

Check out this article via web browser: KB – Write requests (excluding DELETE) must contain the Content-Type header declaration. This is a kn...

Read Article →

Configure File Integrity Monitoring (FIM) using Defender for Cloud and AMA-agent

September 20, 2022 by Jeffrey Appel

security defender-for-cloud

File Integrity Monitoring (FIM) is a technology that monitors and detects file changes that could be indicative of a cyberattack. File Integri...

Read Article →

Take control of your guests with the External Identities Policy

September 20, 2022 by Jan Bakker

entra-id

Check out this article via web browser: Take control of your guests with the External Identities Policy Today we take a look at the brand new Exter...

Read Article →

Blocking web push notifications with Endpoint Manager and why you should!

September 16, 2022 by Nathan Hutchinson

intune

Admit it, we've all fallen foul of that annoying (and scary for some) popup that seems to rear it's ugly head after you've spent the last...

Read Article →

Microsoft Defender for Endpoint series – Onboard using Azure Arc or Direct onboarding – Part3C

September 15, 2022 by Jeffrey Appel

security azure-arc defender-for-cloud defender-for-endpoint mde-series

It is time for part 3C of the ultimate Microsoft Defender for Endpoint (MDE) series. After Part 3B (Onboard Defender for Endpoint using Defender fo...

Read Article →

Microsoft Defender for Endpoint series – Onboard using Defender for Cloud – Part3B

September 12, 2022 by Jeffrey Appel

security defender-for-cloud defender-for-endpoint mde-series

It is time for part 3B of the ultimate Microsoft Defender for Endpoint (MDE) series. After Part 3A (Onboard Defender for Endpoint using Microsoft I...

Read Article →

How to make a Team or Microsoft 365 group calendar accessible in Outlook

September 11, 2022 by Nathan Hutchinson

microsoft-teams

Recently I found myself in a scenario where I needed to quickly and easily access a calendar from a Microsoft Teams group, I didn't think...

Read Article →

Microsoft Defender for Endpoint series – Onboard using Microsoft Intune – Part3A

September 08, 2022 by Jeffrey Appel

security defender-for-endpoint intune mde-series

It is time for part 3A of the ultimate Microsoft Defender for Endpoint (MDE) series. After Part 3 (Onboard Defender for Endpoint) it is now time fo...

Read Article →

Intune: The Legend of the Certificate

September 07, 2022 by rudyooms

device-enrollment intune

Do you have devices that are missing the Intune Device Certificate or have sync issues? This blog will show you a possible root cause and how to so...

Read Article →

Tips for preventing against new modern identity attacks (AiTM, MFA Fatigue, PRT, OAuth)

August 31, 2022 by Jeffrey Appel

security entra-id azure-ad-identity-protection defender-for-cloud-apps

Identity attacks are currently changing and focussing on new techniques. In the past years, many organizations protected accounts with MFA/ FIDO2 a...

Read Article →

Microsoft Defender for Endpoint series – Onboard Defender for Endpoint – Part3

August 30, 2022 by Jeffrey Appel

security defender-for-endpoint mde-series

It is time for part 3 of the ultimate Microsoft Defender for Endpoint (MDE) series. After part 2 (configuration MDE) we are now going to ...

Read Article →

The Last TPM Attestation Script from Your Lover

August 30, 2022 by rudyooms

attestation-and-compliance-series autopilot

This blog will discuss some TPM Attestation issues you could encounter when running Windows Autopilot for Pre-provisioned deployments and how to tr...

Read Article →

Ultimate Comparison of Defender for Endpoint Features by OS [Updated August 2022]

August 26, 2022 by Ru Campbell

defender-xdr defender-xdr atp azure-security-center defender

This is the updated “matrix” of OS supported for the almost 80 features, services, and important components that make up Microsoft Defe...

Read Article →

Ready For Attestation: A True Underdog Story

August 17, 2022 by rudyooms

attestation-and-compliance-series autopilot device-enrollment

This blog will explain what the “Ready for Attestation” flag truly means and show you how to ensure the device is Ready for Attestation so you won'...

Read Article →

Speaking about Conditional Access at the Workplace Ninja Summit 2022 on September 12th in Luzern Switzerland

August 17, 2022 by Kenneth Van Surksum

announcement entra-id conditional-access events privileged-identity-management

After speaking virtually on the Workplace Ninja Summit 2020 and Workplace Ninja Summit 2021, I’m really proud to announce that I will also sp...

Read Article →

Block users from viewing their BitLocker keys

August 16, 2022 by Jan Bakker

entra-id intune

Check out this article via web browser: Block users from viewing their BitLocker keys This post is mainly focused on a new tenant setting, where yo...

Read Article →

The Last thing Edge Wanted

August 15, 2022 by rudyooms

autopilot intune

After being on a nice vacation for 2 weeks now, I felt the urge to write this simple blog to show you how to deal with a not responding Microsoft [...

Read Article →

Use the Azure Monitor Agent (AMA) for Defender for Cloud and migrate from MMA agent

August 15, 2022 by Jeffrey Appel

security defender-for-cloud

Defender for Cloud was since the release based on the Microsoft Monitoring Agent (MMA). Since august 2022 it is possible to auto-deploy the Azure M...

Read Article →

Autopilot: Delay Win32 App Installation

August 09, 2022 by rudyooms

uncategorized

This blog shows how to hold off required Intune app installs until after Autopilot enrollment, using a practical PowerShell script as a requirement...

Read Article →

Protect against AiTM/ MFA phishing attacks using Microsoft technology

August 08, 2022 by Jeffrey Appel

security azure-ad-identity-protection

In the last couple of weeks, many researchers warns of a new large-scale phishing campaign that is using the adversary-in-the-middle (AiTM) techniq...

Read Article →

The Ballad of Buster Exit Code’s

August 01, 2022 by rudyooms

intune windows-10

In one of my earlier blogs, I discussed the IME installation flow and the global retry schedule. I showed you how the retry schedule looks at the E...

Read Article →

A Babysitter’s Troubleshooting Guide to breaking Autopilot

July 28, 2022 by rudyooms

autopilot intune windows-10

This blog will be about the 0x800705b4 (Time-Out) error I got during the Autopilot “Preparing your device for mobile management” step. Please note ...

Read Article →

Defender for servers: Defender for Endpoint onboarding behind the scenes

July 27, 2022 by Thomas Verheyden

defender-for-cloud defender-for-endpoint defender-for-servers

You can find my previous blog posts on my medium site. Defender for servers mde onboarding behind the scenes: https://medium.com/@vertho/defender-f...

Read Article →

Microsoft Defender for Endpoint series – Configure Defender for Endpoint – Part2

July 26, 2022 by Jeffrey Appel

security defender-for-endpoint mde-series

It is time for part 2 of the ultimate Microsoft Defender for Endpoint (MDE) series. After part 1 we are now going to deep-dive more into the initia...

Read Article →

Retry Win32 App Lola Retry

July 25, 2022 by rudyooms

intune troubleshooting-win32app-installations

When a Win32app fails to install, figuring out the root cause can be frustrating. We often need to trigger the installation repeatedly to get to th...

Read Article →

How to set up Evilginx to phish Office 365 credentials

July 22, 2022 by Jan Bakker

entra-id security

Check out this article via web browser: How to set up Evilginx to phish Office 365 credentials Update: Evilginx 3 is here! This post is based on Ev...

Read Article →

The TenantID from Toronto

July 21, 2022 by rudyooms

entra-id intune uncategorized

After reading a question on Reddit about how Intune knows which device belongs to which organization, I decided to write a dedicated blog post abou...

Read Article →

OOBEAADV10: Return of the 502 Autopilot Error

July 20, 2022 by rudyooms

autopilot entra-id intune

After all of the Autopilot issues and AAD sign-in errors in March 2022, I need to explain this OOBEAADV10 error a little bit better. 1. Introductio...

Read Article →

Fantastic Apps: The Secrets of Updating Them

July 19, 2022 by rudyooms

powershell uncategorized updating-apps-as-a-non-admin-user

This blog will be about version 3 of the sort of update tool I have been creating or many I am creating. This Update tool will make sure that some ...

Read Article →

How to deal with orphaned objects in Azure AD (Connect)

July 15, 2022 by Jan Bakker

entra-id

Check out this article via web browser: How to deal with orphaned objects in Azure AD (Connect) We have done hybrid identity for a couple of years ...

Read Article →

The Incredibly Strange Device Who Stopped Syncing and Became Certificate Zombies!!?

July 13, 2022 by rudyooms

company-portal intune

This blog will NOT be about the new Autopatch function! Of course not! This blog will be about multiple weird Intune Device sync errors I was asked...

Read Article →

Block internet macros in Office, and don’t wait for Microsoft

July 11, 2022 by Jeffrey Appel

security

Microsoft announced earlier this year that it would block VBA macros on downloaded documents by default for all customers. Last week Microsoft anno...

Read Article →

Microsoft Defender for Endpoint series – What is Defender for Endpoint? – Part1

July 07, 2022 by Jeffrey Appel

security defender-for-endpoint mde-series

It is time for the first part of the ultimate Microsoft Defender for Endpoint (MDE) series. After the announcement and the great response, it is ti...

Read Article →

Night of the Autopilot of the Dawn of the Temporary Access Pass of the MFA of the Return of the RebootRequired of the WUFB of the Attack of the Evil, Mutant, Hellbound, Flesh-Eating SSO Zombified Living Conditional Access, Part 2: In Azure 2-D

July 06, 2022 by rudyooms

autopilot entra-id intune privileged-access-workstation uncategorized

After a nice talk with Yannick Van Landeghem, who made me aware of a “possible” security gap when using a Temporary Access Pass (TAP), I decided to...

Read Article →

Use a FIDO2 security key as Azure MFA verification method

July 04, 2022 by Jan Bakker

entra-id security

Check out this article via web browser: Use a FIDO2 security key as Azure MFA verification method This news seems to be kept under the radar a litt...

Read Article →

Office CSP: DNS and the Journey to Autopilot

July 01, 2022 by rudyooms

autopilot intune uncategorized

In this blog, I’ll discuss the unexpected challenges I encountered during an Autopilot deployment, specifically the 0x000008CA error. This er...

Read Article →

Get alerts on Azure resource assignments made outside PIM

June 30, 2022 by Jan Bakker

entra-id security

Check out this article via web browser: Get alerts on Azure resource assignments made outside PIM Microsoft released a new public preview where adm...

Read Article →

Troubleshooting Intune MDM Device enrollment errors.

June 29, 2022 by rudyooms

entra-id intune

Troubleshooting Windows Device Enrollment errors can be a pain! In this post, we will guide you through resolving issues that may arise when enroll...

Read Article →

How to upgrade from MMA-based Defender for Endpoint to MDE unified solution in Defender for Cloud?

June 28, 2022 by Jeffrey Appel

security defender-for-cloud defender-for-endpoint

The new Defender for Endpoint unified agent is generally available for some time (since April 11th, 2022. The new unified Microsoft Defender for En...

Read Article →

Retirement of superseded Microsoft Entra Connect Connect Sync versions

June 23, 2022 by Michael Morten Sonne

active-directory entra-id entra-id-connect software windows-server

Last Updated on January 4, 2024 by Michael Morten Sonne Intoduction As part of its ongoing enhancements and… The post Retirement of supersede...

Read Article →

Microsoft Defender for Business – How to use it, and what are the differences with P2?

June 22, 2022 by Jeffrey Appel

security defender-for-business defender-for-endpoint

Microsoft Defender for Business (MDB) is the new Defender product scoped for small businesses. Defender for Business is a new endpoint security sol...

Read Article →

The Adventures Of the Broken Store Apps Across The 8th S-1-15-2-1

June 22, 2022 by rudyooms

store-app-issues windows-10

This blog will be, again about some nasty Store Apps issues!. In the conclusion of my last blog, I mentioned the fact that I was looking into some ...

Read Article →

Detecting the DFSCoerce attack

June 21, 2022 by Gianni Castaldi

detection kusto-query-language level-200 defender-for-endpoint kql

Today the threat researcher Filip Dragovic released a new PoC: DFSCoerce for us all to play with. I tested the PoC against a Microsoft Defender for...

Read Article →

Microsoft Defender for Endpoint can now isolates hacked, unmanaged Windows devices

June 17, 2022 by Michael Morten Sonne

microsoft-365 defender-for-endpoint defender-xdr security windows

Last Updated on December 17, 2023 by Michael Morten Sonne Microsoft has announced a new feature for Microsoft… The post Microsoft Defender fo...

Read Article →

Microsoft: Windows update to permanently disable Internet Explorer

June 17, 2022 by Michael Morten Sonne

edge security windows

Last Updated on January 6, 2024 by Michael Morten Sonne Internet Explorer is dead Microsoft confirmed today that… The post Microsoft: Windows...

Read Article →

The Microsoft Store Apps and the City of a Thousand missing Frameworks

June 17, 2022 by rudyooms

autopilot company-portal store-app-issues

This blog will be about some weird issues with some Microsoft Store apps, such as when the device was wiped before being handed over to a new colle...

Read Article →

The Microsoft Store for Business: The Curse of the retirement

June 14, 2022 by rudyooms

uncategorized

This blog will be about me trying to explain why in my opinion it isn’t a big issue that the Microsoft Store for Business (MSfB) will be reti...

Read Article →

LOB Apps & Win32 Apps: The Intune Lightning Thief

June 09, 2022 by rudyooms

intune

This blog will show you how to get back your LOB (MSI) apps from Intune. Last week I noticed a question popping up on Reddit asking for the same th...

Read Article →

How to manage M365 portal directly from Microsoft Teams?

June 05, 2022 by Michael Morten Sonne

identity microsoft-365 teams

Last Updated on April 13, 2025 by Michael Morten Sonne Microsoft Teams is packed with a lot… The post How to manage M365 portal directly from...

Read Article →

Bill & Ted Face the NCE

June 03, 2022 by rudyooms

windows-10 windows-licensing-series

This blog will show you an issue in which your lovely Windows Enterprise subscription license could be downgraded to Pro out of the blue. I decided...

Read Article →

Protocol Nightmare on Elmstreet: The Dream CVE-2022-30190

June 03, 2022 by rudyooms

intune microsoft-365-business powershell proactive-remediations

This blog will be about how I am protecting my Windows 10 Pro devices to ensure they aren’t vulnerable to the nasty CVE-2022-30190 bug, also known ...

Read Article →

Use automation/playbooks in Microsoft Sentinel during incident update activity using update triggers

June 01, 2022 by Jeffrey Appel

security sentinel

Automation is critical for modern SOC environments to handle the volume of upcoming threats and manage day-to-day tasks. Ideally most of the featur...

Read Article →

Dynamic Administrative Units using on-prem Organizational Units

May 31, 2022 by Jan Bakker

entra-id

Check out this article via web browser: Dynamic Administrative Units using on-prem Organizational Units Gone are the days that I could start a work...

Read Article →

0x80073cfb: The Company Portal Awakens

May 30, 2022 by rudyooms

autopilot company-portal

This blog will show you what could be causing the Enrollment status page to fail with a 0x80073cfb error when enrolling a Windows 11 Insider Previe...

Read Article →

Get started with Azure AD B2B direct connect

May 28, 2022 by Jan Bakker

entra-id

Check out this article via web browser: Get started with Azure AD B2B direct connect We all love seamless collaboration, right? Well, here’s ...

Read Article →

Night at the Windows Store API Service: Secret of the Subscription Activation

May 25, 2022 by rudyooms

autopilot device-enrollment windows-licensing-series

This blog will show you what else could break when there are Authentication Issues at Microsoft. It was definitely something I wasn’t expecti...

Read Article →

Intune - Edge in iOS Kiosk Mode

May 24, 2022 by Nathan McNulty

intune

Note This article was last updated on 01/26/2025 for readability and changes to URLs.

Read Article →

Managing Microsoft Defender for Endpoint with the new Security Management feature in MEM/Intune

May 24, 2022 by Jeffrey Appel

modern-workplace security defender-for-endpoint intune

Currently in general availability is the new Security Settings Management in Microsoft Defender for Endpoint. Security Management for Microsoft Def...

Read Article →

KB – Reset cross-tenant access policies back to the system default.

May 20, 2022 by Jan Bakker

entra-id

Check out this article via web browser: KB – Reset cross-tenant access policies back to the system default. This is a knowledgebase item. Hop...

Read Article →

Azure AD - Integrating Azure AD logs with Azure Monitor

May 19, 2022 by Nathan McNulty

azure entra-id

Note This article was last updated on 01/26/2025 for readability and updated URLs

Read Article →

The 100-Year-Old Quick Assist tool Who Climbed Out the Window and Disappeared

May 19, 2022 by rudyooms

autopilot

This week (16-05-2022 / 19-05-2022), was a week with many Autopilot issues. Some were caused by the broken latest Office 365 build, and some were c...

Read Article →

Microsoft Defender for Endpoint Troubleshooting mode – how to use it?

May 18, 2022 by Jeffrey Appel

security defender-for-endpoint

Microsoft announced recently the new troubleshooting mode functionality for Defender for Endpoint. With the new troubleshooting mode, it is possibl...

Read Article →

Speaking about Mobile Application Management at the Techorama Belgium 2022 event

May 18, 2022 by Kenneth Van Surksum

intune microsoft-endpoint-manager presentations speaking

On Wednesday, May 25, 2022, I will be speaking together with Peter Daalmans at the Techorama Belgium event. Techorama 2022 will be an in-person con...

Read Article →

ESP: Cultural Learnings of Online Microsoft Store Apps for Make Benefit Glorious Nation of Autopilot

May 17, 2022 by rudyooms

autopilot company-portal uncategorized

This blog will be about some possible time-out issues you could encounter during the Account ESP phase when using Autopilot and requiring Online Mi...

Read Article →

Defender AV - Improving Windows Defender Update Efficacy

May 15, 2022 by Nathan McNulty

defender

Note This article was last updated on 01/26/2025 for readability and updated URLs. Unfortunately, images were not able to be restored from a previo...

Read Article →

Multi-stage approval for privileged roles using Azure AD Identity Governance

May 15, 2022 by Jan Bakker

entra-id security

Check out this article via web browser: Multi-stage approval for privileged roles using Azure AD Identity Governance Privileged Identity Management...

Read Article →

MyStaff - Simplified Administrative Password Reset

May 15, 2022 by Nathan McNulty

security

Note This article was last updated on 01/26/2025 for readability and updated URLs. Unfortunately, images were not able to be restored from a previo...

Read Article →

OSINT - Using Shodan.io to protect your school district

May 15, 2022 by Nathan McNulty

security

Note This article was last updated on 01/26/2025 for readability and updated URLs. Unfortunately, images were not able to be restored from a previo...

Read Article →

The 41-Year-Old Hardware Hash Who Knocked Up Autopilot and Felt Superbad About It

May 11, 2022 by rudyooms

autopilot entra-id hardwarehash intune marker

In this blog, I will be talking about a sudden “HardwareMismatchDetected” I got when I was trying to enroll my Windows 10/11 device with Autopilot ...

Read Article →

Microsoft Defender for Endpoint – The ultimate blog series for Windows (Intro) – P0

May 10, 2022 by Jeffrey Appel

security defender-for-endpoint mde-series

Microsoft Defender for Endpoint is an endpoint security platform designed to help customers prevent, detect, investigate, and respond to advanced t...

Read Article →

Defender for Endpoint - Removable Storage Access Control

May 04, 2022 by Nathan McNulty

defender intune

Note This article was last updated on 01/26/2025 for readability and new images due to UI changes made in Intune. I tried to keep the original styl...

Read Article →

Speaking about implementing Microsoft Endpoint Manager for Operations and Mobile Application Management at the Microsoft 365 Virtual Marathon 2022 event

May 03, 2022 by Kenneth Van Surksum

uncategorized

On Friday, May 6th 2022, I will be speaking at the Microsoft 365 Virtual Marathon 2022 event. Microsoft 365 Virtual Marathon is a free, online, 60-...

Read Article →

Detect and block Credential Dumps with Defender for Endpoint & Attack Surface Reduction

May 02, 2022 by Jeffrey Appel

security defender-for-endpoint defender-for-identity

Credential dumping or password dump is a technique used by cybercriminals to gain access to a network. They will enter the workstation through phis...

Read Article →

KB – mobile phone number not in sync Azure AD Connect

May 01, 2022 by Jan Bakker

entra-id knowledgebase

Check out this article via web browser: KB – mobile phone number not in sync Azure AD Connect This is a knowledgebase item. Hope it helps you...

Read Article →

MFA prompt spamming/ MFA fatigue – What can you do to prevent/ detect attacks?

April 21, 2022 by Jeffrey Appel

security azure-ad-identity-protection

MFA prompt spamming/ MFA fatigue is a quite new term and seeing more after the LAPSUS$ attack. Currently there are many MFA options including SMS, ...

Read Article →

Don’t Be a Menace to Autopilot While configuring Your WUfB in the Hood

April 20, 2022 by rudyooms

autopilot

This blog will discuss why your device could get an expected reboot during Windows Autopilot and also shows you how to fix it!

Read Article →

Use Microsoft Defender for Identity Response Actions for on-premises AD accounts

April 07, 2022 by Jeffrey Appel

security defender-for-identity

Microsoft announced recently the public availability of the native response actions in Defender for Identity. Security teams can now directly impac...

Read Article →

Download Intune PowerShell scripts with Graph Explorer

April 05, 2022 by Jan Bakker

entra-id intune

Check out this article via web browser: Download Intune PowerShell scripts with Graph Explorer This quick post will show an easy method to fetch yo...

Read Article →

Forgive Us Our BitLocker suspension

April 04, 2022 by rudyooms

intune powershell

When deleting the Intune object, I noticed that Bitlocker had somehow been suspended. With Bitlocker suspended, the Protection was off. If the Bitl...

Read Article →

Mamma Mia! Here we Wipe Again!

April 04, 2022 by rudyooms

intune magical-miehh-wipe-series

This blog will show you the “other paths” available to ensure that your device is wiped before it is trashed or sent back to the supplier. 1. Intro...

Read Article →

Wrath of the 0x81036501 MDM Error

April 02, 2022 by rudyooms

autopilot intune

This blog will be about the error 0x81036501 we got during the MDM enrollment while enrolling a device with Autopilot white-glove AKA Pre-Provision...

Read Article →

Updated March 2022: Ultimate Comparison of Defender for Endpoint Features by Operating System

March 29, 2022 by Ru Campbell

microsoft-365 defender-for-endpoint defender-xdr windows atp

It’s been about 5 months since I last updated my comparison of Defender for Endpoint features by OS. This is a “matrix” of the to...

Read Article →

Honest Win32App Thief

March 23, 2022 by rudyooms

company-portal troubleshooting-win32app-installations

This blog will show you an alternative method to download your Win32Apps sources from Intune WITHOUT having the Encryption key information. Besides...

Read Article →

What happens without RDP protection after 24+ hours in Microsoft Sentinel & Microsoft security products

March 23, 2022 by Jeffrey Appel

security sentinel

For many years, abuse of Remote Desktop Protection (RDP) has been the most common root cause of all ransomware events. At the moment one of the mos...

Read Article →

10 tips to secure your identities in Microsoft 365

March 21, 2022 by Jan Bakker

entra-id security

Check out this article via web browser: 10 tips to secure your identities in Microsoft 365 I was recently invited by the Dutch Virtual Desktop User...

Read Article →

2022-03 Update: The Search for Sp… Uhh Shift+F10

March 17, 2022 by rudyooms

magical-miehh-wipe-series uncategorized windows-10

This blog will discuss Microsoft's “their” solution to remove the lingering Windows.old folder after a remote wipe. I noticed that when using Micro...

Read Article →

Office Templates, The Rise of Gru

March 16, 2022 by rudyooms

onedrive sharepoint windows-10

This time, I’m writing a simple and short blog about what options you have when you want to deploy your Office templates to your users. Again...

Read Article →

Get started with multi-stage access reviews in Azure AD

March 13, 2022 by Jan Bakker

entra-id

Check out this article via web browser: Get started with multi-stage access reviews in Azure AD Access reviews, part of the Azure AD Identity Gover...

Read Article →

The Intune Remote”Wipe” fix!

March 09, 2022 by rudyooms

magical-miehh-wipe-series windows-10 windows-update-for-business

I guess you have all been reading my blog series. Magical Mi…Ehh Wipe Series – Call4Cloud. It will show you some weird issues with the ...

Read Article →

I’ll Always Know What You Did Last Wipe

March 03, 2022 by rudyooms

autopilot intune magical-miehh-wipe-series windows-10

In this blog, I will try to explain the Technical flow behind the Push Button Reset. I was intrigued to do so after writing my blog about the linge...

Read Article →

Protecting Microsoft Teams with Microsoft Sentinel

March 02, 2022 by Jeffrey Appel

security sentinel

Microsoft Teams and other online collaboration tools increases massively in the last 2-3 years. Working from home became the new normal in most of ...

Read Article →

Silence of the Microsoft Teams Notifications

March 01, 2022 by rudyooms

teams

This blog will be about some issues I encountered with Microsoft Teams notifications on especially IOS devices. I am writing this blog to make sure...

Read Article →

Apple Business Manager device import options for later use within Microsoft Endpoint Manager

February 22, 2022 by Kenneth Van Surksum

abm intune microsoft-endpoint-manager modern-workplace

This blogpost is a continuation of two earlier blogposts about integrating Apple Business Manager with Azure Active Directory and Apple Business Ma...

Read Article →

Collect Security Events in Microsoft Sentinel with the new AMA agent and DCR

February 21, 2022 by Jeffrey Appel

security sentinel

The Microsoft Sentinel Data Connector that utilizes the modern agent (AMA) for collecting Windows Security Events is for a couple of months general...

Read Article →

KB – SelfServicePasswordReset write-back problem – error hr=80230818

February 21, 2022 by Jan Bakker

knowledgebase

Check out this article via web browser: KB – SelfServicePasswordReset write-back problem – error hr=80230818 This is a knowledgebase it...

Read Article →

ADMX ingestion for Centero Agent and Carillon Client using Intune

February 20, 2022 by Jan Bakker

knowledgebase

Check out this article via web browser: ADMX ingestion for Centero Agent and Carillon Client using Intune This article is about the ADMX templates ...

Read Article →

The Dark and the Windows “Remote/Local” Wipe

February 17, 2022 by rudyooms

intune magical-miehh-wipe-series windows-10

This blog will be about my experience performing a remote wipe of Windows 10 and 11 devices in Intune. I noticed some weird and awful behavior when...

Read Article →

Connecting Microsoft Endpoint Manager to Apple Business Manager

February 15, 2022 by Kenneth Van Surksum

abm microsoft-endpoint-manager modern-workplace intune mem

This article will continue where we finished in the article I wrote about setting up Apple Business Manager for use with Azure Active Directory. In...

Read Article →

Autopilot: Across the TimeOut-Verse

February 11, 2022 by rudyooms

autopilot intune

This blog will discuss the 0x800705b4 error that “could” occur during the “Preparing your device for mobile management” ESP Autopilot phase. ...

Read Article →

Access reviews for Azure AD directory roles

February 10, 2022 by Jan Bakker

entra-id security

Check out this article via web browser: Access reviews for Azure AD directory roles This blog post is for all those organizations out there with st...

Read Article →

Azure AD Connect: Escape to Proxy Addresses

February 09, 2022 by rudyooms

entra-id powershell

This blog will be about some stuff you need to beware of when you are setting up Azure AD Connect. It’s a topic I haven’t written a lot about but [...

Read Article →

Setting up Apple Business Manager for use with Azure Active Directory

February 08, 2022 by Kenneth Van Surksum

abm entra-id intune microsoft-endpoint-manager modern-workplace

Apple Business Manager is a service provided by Apple which helps to deploy Apple devices and apps in your organization. By leveraging Apple Busine...

Read Article →

Protect against AzureAD OAuth Consent phishing attempts (Illicit consent attack)

February 02, 2022 by Jeffrey Appel

security entra-id

In the last couple of months, there is a large increase visible in consent phishing emails (illicit consent attacks). Microsoft threat analysts are...

Read Article →

Escape from Windows Pro/Business

February 01, 2022 by rudyooms

intune windows-10 windows-licensing-series

This blog will explain why an existing Windows Business device isn’t automatically upgraded to Windows Enterprise after assigning the MS365 E5 lice...

Read Article →

Pause Update Rings: No Way Home

January 28, 2022 by rudyooms

proactive-remediations windows-update-for-business

This blog will show you how to handle the issue where your device stops receiving updates due to the “Windows Updates Paused” setting, ...

Read Article →

Proactive Remediatons: The Hidden World

January 28, 2022 by rudyooms

intune proactive-remediations

Introduction: Understanding and Utilizing Proactive Remediations in Intune Proactive remediations are a powerful feature in Microsoft Intune that e...

Read Article →

Monitor Microsoft Sentinel Data Connectors using Health Monitoring and Logic App

January 27, 2022 by Jeffrey Appel

security sentinel

Microsoft announced a new public preview which contains the new Microsoft Sentinel Health Monitoring feature. Microsoft Sentinel now provides the&#...

Read Article →

Updating Apps: A New Era

January 27, 2022 by rudyooms

intune powershell troubleshooting-win32app-installations updating-apps-as-a-non-admin-user

Updating Applications can be a real headache, especially when certain apps require administrative permissions that standard users don’t have. This ...

Read Article →

How I Fell in Love with App Updates

January 22, 2022 by rudyooms

adminless intune powershell troubleshooting-win32app-installations updating-apps-as-a-non-admin-user

Today, I was called in to devise a solution to allow some DDS-CAD users (NO LOCAL ADMINS!) to install the necessary DDS-CAD updates themselves. Of ...

Read Article →

Deploy OOB Update with PowerShell

January 19, 2022 by rudyooms

powershell proactive-remediations windows-update-for-business

This blog will be about Patch Tuesday and how to deal with those optional OOB (out-of-band) updates when you configure some nice Windows Update for...

Read Article →

Tag domain controllers automatically in Defender for Endpoint using KQL, Logic App, and API

January 15, 2022 by Jeffrey Appel

security defender-for-endpoint

The use of device tags within Microsoft Defender for Endpoint (MDE) is important for environments. Device tags can be used to give more control ove...

Read Article →

Microsoft 365 self-service using Power Apps

January 12, 2022 by Jan Bakker

entra-id intune power-platform

Check out this article via web browser: Microsoft 365 self-service using Power Apps This article was originally posted on the Microsoft 365 PnP Blo...

Read Article →

Onboard Microsoft Defender for Endpoint using Azure Arc for non-Azure devices

January 11, 2022 by Jeffrey Appel

security azure-arc defender-for-cloud defender-for-endpoint

Microsoft Defender for Endpoint deployment is possible based on multiple deployment mechanisms. Microsoft Defender for Cloud (previous Azure Defend...

Read Article →

Act on group membership changes in Azure Active Directory

January 10, 2022 by Jan Bakker

entra-id power-platform

Check out this article via web browser: Act on group membership changes in Azure Active Directory Did you ever want to act on a change in group mem...

Read Article →

Deploying Defender for Endpoint on iOS with zero-touch onboarding

January 04, 2022 by Jeffrey Appel

modern-workplace security defender-for-endpoint intune

Defender for Endpoint is available for multiple platforms. For mobile platforms Defender for Endpoint is supported for iOS en Android. In this blog...

Read Article →

Speaking about Conditional Access at the M365 Chicago Virtual Event on January 14th, 2022

January 04, 2022 by Kenneth Van Surksum

entra-id conditional-access events speaking

On Friday, January 14, 2022 I will be speaking at the M365 Chicago Virtual event. You can attend the event for free, by signing up via the Eventbri...

Read Article →

Exploring Microsoft 365’s NOBELIUM Defence Capabilities

December 24, 2021 by Ru Campbell

entra-id microsoft-365 defender-xdr windows-server defender

I recently read through an excellent article by Mandiant, which recently split with FireEye, on their findings and analysis of the continued action...

Read Article →

Log4j and CVE-2021-44228: Use Microsoft Defender for Endpoint for software/ threat investigation

December 14, 2021 by Jeffrey Appel

security defender-for-endpoint

One of the most important and trending topics in the last couple of days is related to Log4j, log4shell, and the attached CVE 2021-44228. A zero-da...

Read Article →

Speaking at the December 2021 – MC2MC Evening event about Designing and building Microsoft Endpoint Manager for Operations

December 14, 2021 by Kenneth Van Surksum

announcement microsoft-endpoint-manager modern-workplace presentations speaking

On Thursday, December 16, the Microsoft Cloud and Client Management Community (MC2MC) is organizing its December Evening event. The MC2MC team cons...

Read Article →

Onboard FIDO2 keys using Temporary Access Pass in Azure AD

December 13, 2021 by Jan Bakker

entra-id security

Check out this article via web browser: Onboard FIDO2 keys using Temporary Access Pass in Azure AD One of the requirements to use FIDO2 security ke...

Read Article →

Use Registration campaign to promote Microsoft Authenticator App

November 28, 2021 by Jan Bakker

entra-id security

Check out this article via web browser: Use Registration campaign to promote Microsoft Authenticator App With all the new improvements to the Micro...

Read Article →

Gradual rollout options for upgrading to Windows 11 are now available in Microsoft Endpoint Manager

November 25, 2021 by Kenneth Van Surksum

modern-workplace windows-10 windows-11 windows-update-for-business

Microsoft has made available service release 2111 for Microsoft Endpoint Manager, this release contains a lot of updates which are described on the...

Read Article →

Identity Protection Risk Analysis workbook: Get more Azure AD Identity Protection insights

November 22, 2021 by Jeffrey Appel

security azure-ad-identity-protection

During Ignite ’21 Microsoft announced multiple new functionalities, renames, and new products. In the upcoming weeks, more blogs are coming w...

Read Article →

Microsoft Endpoint Manager and the issue of the tattooing Block write access to removable data-drives not protected by BitLocker setting

November 18, 2021 by Kenneth Van Surksum

microsoft-endpoint-manager troubleshooting windows-11

Today I experienced an issue which I want to share on my blog, it is related to a setting related to BitLocker which gets tattooed meaning that it ...

Read Article →

Microsoft Sentinel content hub: Using solutions and start with the Training Lab content

November 18, 2021 by Jeffrey Appel

security sentinel

Microsoft Sentinel is in the last months improved with a huge amount of new interesting features. One of the announced features is the content hub....

Read Article →

Conditional Access announcements from Ignite November 2021 reviewed

November 17, 2021 by Kenneth Van Surksum

entra-id conditional-access modern-workplace security

During the Microsoft Ignite conference in November 2021 Microsoft made several announcements related to Azure AD conditional access. You can read t...

Read Article →

The day I bought my WinRAR license

November 17, 2021 by Jan Bakker

uncategorized

Check out this article via web browser: The day I bought my WinRAR license This post is about WinRAR. We all know WinRAR for it’s never expir...

Read Article →

My appearance in the Cloud Conversations podcast #32

November 16, 2021 by Kenneth Van Surksum

conditional-access microsoft-endpoint-manager modern-workplace wpninjasnl

On Saturday, October 30th I was a guest in the Cloud Conversations podcast which is hosted by Kat Greenan, Peter Rising and Ru Cambell. The Cloud C...

Read Article →

Speaking at the HTMD Conference 2021 about Designing and building Microsoft Endpoint Manager for Operations

November 16, 2021 by Kenneth Van Surksum

microsoft-endpoint-manager modern-workplace speaking

On Saturday, November 20, the How to Manage Devices Community Group India, which is led by Microsoft MVP enterprise mobility Anoop C Nair organizes...

Read Article →

Manage Device control with Microsoft Defender for Endpoint and Endpoint Manager

November 10, 2021 by Jeffrey Appel

modern-workplace security defender-for-endpoint intune

Microsoft Defender for Endpoint contains multiple protections layers like EDR, ASR, Network Protection, and many more. Protecting against unwanted ...

Read Article →

Azure AD Conditional Access sign-in troubleshooting tip: Flag sign-in errors for review

November 01, 2021 by Kenneth Van Surksum

entra-id conditional-access modern-workplace troubleshooting

If you have Conditional Access configured and active within your Azure AD environment, there might be some scenario’s where users are not abl...

Read Article →

Continuous Access Evaluation configuration is now part of Conditional Access

October 30, 2021 by Kenneth Van Surksum

entra-id conditional-access modern-workplace security

While browsing through the options in my Conditional Access policies I noticed a new session related to Continuous Access Evaluation (CAE). Time fo...

Read Article →

Announcing #WPNinjasNL Meetup #1, Thursday November 4th – Microsoft Ignite edition

October 29, 2021 by Kenneth Van Surksum

announcement entra-id events microsoft-endpoint-manager modern-workplace

For next week, Thursday November 4th, we are proud to announce that we are hosting our first on-premised event again. The event will be held in the...

Read Article →

Speaking at the AppManagEvent 2021 about Designing and building Microsoft Endpoint Manager for Operations

October 29, 2021 by Kenneth Van Surksum

announcement microsoft-endpoint-manager modern-workplace speaking

On Friday, November 12th Professional Development Services is organizing its annual event AppManagEvent again. This in-person full day event which ...

Read Article →

Enable Location Information and Code Match for Azure MFA

October 28, 2021 by Jan Bakker

entra-id security

Check out this article via web browser: Enable Location Information and Code Match for Azure MFA Update 26-11-2021 As this feature is now in public...

Read Article →

Create Role Assignable Groups based on existing groups

October 27, 2021 by Jan Bakker

entra-id security

Check out this article via web browser: Create Role Assignable Groups based on existing groups Today’s post is about Role Assignable Groups. ...

Read Article →

Enabling and configuring Web content filtering in Microsoft Defender for Endpoint (MDE)

October 25, 2021 by Jeffrey Appel

security defender-for-endpoint

Web content filtering is part of the Microsoft Defender for Endpoint solution. One of the previous blogs explained the feature during the preview r...

Read Article →

10 productivity tips for M365 administrators

October 23, 2021 by Jan Bakker

entra-id

Check out this article via web browser: 10 productivity tips for M365 administrators I have worked with Microsoft 365 over the past few years, and ...

Read Article →

Announcing #WPNinjasNL Tuesdays Webinar #32, Tuesday October 26, featuring Isidora Katanic, Holly Lehman and Nicole Enders #WomenInTech

October 22, 2021 by Kenneth Van Surksum

announcement modern-workplace wpninjasnl

For next week, Tuesday, October 26 we are proud to announce that we have a special edition of our #WPNinjasNL Tuesdays Webinar. This time, Isidora ...

Read Article →

Updated October 2021: Availability of Defender for Endpoint Features by Operating System

October 19, 2021 by Ru Campbell

microsoft-365 defender-for-endpoint defender-xdr windows atp

In July, I released v1 of The Big Comparison of Defender for Endpoint Features by Operating System (or, what I think is much catchier, TBCMDEFOS). ...

Read Article →

October 2021 update of the conditional access demystified whitepaper and workflow cheat sheet

October 14, 2021 by Kenneth Van Surksum

entra-id conditional-access modern-workplace security

I’m proud to announce the October 2021 update of my Conditional Access demystified whitepaper. With this release, we have reached the fourth ...

Read Article →

Install the new unified Microsoft Defender for Endpoint agent on Server 2012R2 and 2016

October 11, 2021 by Jeffrey Appel

security defender-for-endpoint

Since April 11th, 2022, the new unified Microsoft Defender for Endpoint solution is generally available for Server 2016 and Server 2016. The unifie...

Read Article →

Speaking about Conditional Access at the Centric Craft webinar on Wednesday October 13, 2021

October 08, 2021 by Kenneth Van Surksum

entra-id conditional-access speaking

On Wednesday October 13, I will be speaking at the free online webinar hosted by Centric Craft. Craft is a community initiative from the company Ce...

Read Article →

Control Azure AD Conditional Access policy behavior during an Azure AD outage

October 07, 2021 by Kenneth Van Surksum

entra-id conditional-access modern-workplace security

In December last year, Microsoft announced that per April 1, 2021 they updated their service level agreement(SLA) for Azure AD user authentication ...

Read Article →

Customize the MFA registration policy in Azure AD Identity Protection

October 06, 2021 by Jan Bakker

entra-id security

Check out this article via web browser: Customize the MFA registration policy in Azure AD Identity Protection Disclaimer: this is a proof of concep...

Read Article →

Warn/monitor users for Shadow IT usage with Microsoft Cloud App Security

October 04, 2021 by Jeffrey Appel

security defender-for-cloud-apps

Cloud App Discovery is one of the most interesting functions available in Microsoft Cloud App Security. This blogpost is about the new MCAS monitor...

Read Article →

With Windows Update for Business configured, will my devices automagically start updating to Windows 11?

October 04, 2021 by Kenneth Van Surksum

microsoft-endpoint-manager windows-10 windows-11 windows-update-for-business

Tomorrow, on October 5th Microsoft will make Windows 11 Generally Available. Many of my customers already asked if this will have any impact on the...

Read Article →

KB – Add account operation is blocked by policy on the device

October 02, 2021 by Jan Bakker

knowledgebase

Check out this article via web browser: KB – Add account operation is blocked by policy on the device This is a knowledgebase item. Hope it h...

Read Article →

Using Mozilla Firefox as a browser when using Azure AD Conditional Access on your Modern Workplace

October 02, 2021 by Kenneth Van Surksum

entra-id conditional-access modern-workplace security

Starting with Firefox version 91, Mozilla is now supporting Single sign-on support (SSO) and device-based Conditional Access as announced by Micros...

Read Article →

Role Assignable Groups and Privileged Identity Management.

October 01, 2021 by Jan Bakker

entra-id security

Check out this article via web browser: Role Assignable Groups and Privileged Identity Management. I have used this feature from the very beginning...

Read Article →

Stream Azure AD Identity Protection events to Microsoft Sentinel/ Log Analytics

September 21, 2021 by Jeffrey Appel

security azure-ad-identity-protection sentinel

Microsoft recently added a new function that gives the option for stream events from Azure AD Identity Protection into Microsoft Sentinel. In this ...

Read Article →

Preventing account breaches leveraging SIM swapping techniques by nudging your users to start using the Microsoft authenticator app

September 17, 2021 by Kenneth Van Surksum

entra-id modern-workplace security identity

The last couple of years, Microsoft has been pushing the usage of Multi Factor Authentication for logins to their Cloud Services. MFA, which requir...

Read Article →

Cloud App Discovery with MCAS & MDE for Shadow IT monitoring and integration with Azure Sentinel

September 13, 2021 by Jeffrey Appel

security defender-for-cloud-apps sentinel

Cloud discovery is one of the most interesting functions available with the Cloud App Discovery product. With Cloud Discovery, organizations will g...

Read Article →

OneDrive client sign-in issues due to Conditional Access policies in Azure AD tenant where you are a guest user

September 10, 2021 by Kenneth Van Surksum

entra-id conditional-access troubleshooting

Today I experienced an interesting issue, for which I thought it was interesting sharing how I figured out what was going on. The issue/challenge T...

Read Article →

This might be the FIDO2 key for you! Authentrend ATKey.Pro

August 19, 2021 by Jan Bakker

security

Check out this article via web browser: This might be the FIDO2 key for you! Authentrend ATKey.Pro In the past few years, I tried different types o...

Read Article →

Protecting against Lateral Movement with Defender for Identity and monitor with Azure Sentinel

August 11, 2021 by Jeffrey Appel

security defender-for-identity sentinel

Lateral movement refers to the techniques that a cyber attacker uses, after gaining initial access, to move deeper into a network in search of sens...

Read Article →

How to build a PowerApp – Temporary Access Pass Manager – Part 1

August 09, 2021 by Jan Bakker

entra-id power-platform security

Check out this article via web browser: How to build a PowerApp – Temporary Access Pass Manager – Part 1 Part 1 – Introduction an...

Read Article →

How to build a PowerApp – Temporary Access Pass Manager – Part 2

August 09, 2021 by Jan Bakker

entra-id power-platform security

Check out this article via web browser: How to build a PowerApp – Temporary Access Pass Manager – Part 2 Part 2: App registration and G...

Read Article →

How to build a PowerApp – Temporary Access Pass Manager – Part 3

August 09, 2021 by Jan Bakker

entra-id power-platform security

Check out this article via web browser: How to build a PowerApp – Temporary Access Pass Manager – Part 3 Part 3: Graph API and Graph Explorer...

Read Article →

How to build a PowerApp – Temporary Access Pass Manager – Part 4

August 09, 2021 by Jan Bakker

entra-id power-platform security

Check out this article via web browser: How to build a PowerApp – Temporary Access Pass Manager – Part 4 Part 4: Build a custom connector bas...

Read Article →

How to build a PowerApp – Temporary Access Pass Manager – Part 5

August 09, 2021 by Jan Bakker

entra-id power-platform security

Check out this article via web browser: How to build a PowerApp – Temporary Access Pass Manager – Part 5 Part 5: Create an app in PowerApps u...

Read Article →

Searching and finding data

August 09, 2021 by Gianni Castaldi

sentinel kusto-knight kusto-query-language kql

Welcome to the fifth blog post in the series becoming a Kusto Knight. While the previous blog post was about time in Kusto, this blog post will be ...

Read Article →

(Bonus) How to build a PowerApp – Temporary Access Pass Manager – Part 6

August 08, 2021 by Jan Bakker

entra-id power-platform security

Check out this article via web browser: (Bonus) How to build a PowerApp – Temporary Access Pass Manager – Part 6 (Bonus) Part 6: Integr...

Read Article →

Protecting against password spray attacks with Azure Sentinel and Azure AD

August 04, 2021 by Jeffrey Appel

security azure-ad-identity-protection sentinel

A Password Spraying Attack is a type of brute force attack where a malicious actor attempts the same password on many accounts before moving on to ...

Read Article →

Hunting for unsigned drivers, like Printer Nightmare

August 02, 2021 by Gianni Castaldi

sentinel knowledge kusto-query-language level-200 defender-for-endpoint

It has been busy times, and I have not written much lately. So, I have had some time to think about new detections. And while there are enough blog...

Read Article →

Security Hygiene, Azure Security Center, and Secure Score

August 01, 2021 by Ru Campbell

azure defender-for-cloud azure-security-center cis

The basics Let’s start this article with some basic cybersecurity terminology. Security hygiene, or cyber hygiene, is a general term used to ...

Read Article →

Use Sysmon for monitoring servers with Microsoft Sentinel

July 27, 2021 by Jeffrey Appel

security sentinel sysmon

System Monitor (Sysmon) is one of the most common add-ons for Windows logging. With Sysmon, you can detect malicious activity by tracking code beha...

Read Article →

Speaking at the Workplace Ninja Virtual Edition 2021 about Designing and building Microsoft Endpoint Manager for Operations

July 26, 2021 by Kenneth Van Surksum

announcement intune microsoft-endpoint-manager speaking wpninjasnl

From Tuesday August 31 till Thursday September 2, the 2nd edition of the Workplace Ninja Virtual Edition will take place. The event will be hosted ...

Read Article →

Using Defender for Endpoint Live response API with Sentinel Playbooks/ Automation

July 15, 2021 by Jeffrey Appel

security defender-for-endpoint sentinel

Live response is a function from Defender for Endpoint and is available for Windows 10 and Server 1803/1903. Live response gives security operation...

Read Article →

Azure AD Identity Protection: User Risk and Sign-in Risk protection with automation

July 12, 2021 by Jeffrey Appel

modern-workplace security azure-ad-identity-protection

Azure AD Identity Protection is one of the security tools available in the Microsoft E5 license. With Azure AD Identity Protection it is possible t...

Read Article →

The Big Comparison of Defender for Endpoint Features by Operating System

July 11, 2021 by Ru Campbell

microsoft-365 defender-for-endpoint defender-xdr windows atp

Microsoft Defender for Endpoint (MDE) is a massive platform. It’s not a single product, and it’s more than just a service. It’s a...

Read Article →

Using the Azure Sentinel Windows Security Events Connector for getting custom events

July 07, 2021 by Jeffrey Appel

security sentinel

Microsoft announced on 14th June 2021 a new version of the Windows Security Events data connector. The new feature reached currently the public pre...

Read Article →

Announcing #WPNinjasNL Tuesdays Webinar #28, Tuesday July 6, featuring Jeremy Moskowitz

July 01, 2021 by Kenneth Van Surksum

announcement security wpninjasnl

Our # WPNinjasNL “Live – Ask us Anything” session planned for Tuesday June 29 has been rescheduled to Monday July 5th, you can st...

Read Article →

Getting everyone enrolled for Azure MFA and SSPR. How hard can it be?

July 01, 2021 by Jan Bakker

entra-id power-platform security

Check out this article via web browser: Getting everyone enrolled for Azure MFA and SSPR. How hard can it be? I’ve done quite some Azure MFA ...

Read Article →

My session about Conditional Access at the Microsoft 365 Security & Compliance User Group on June 30, 2021

July 01, 2021 by Kenneth Van Surksum

entra-id conditional-access events presentations security

On Wednesday June 30, I spoke at the monthly user group meeting of the Microsoft 365 Security & Compliance user group. The Microsoft 365 Securi...

Read Article →

PrintNightmare – Use Microsoft Defender/ Sentinel toolings to get insights

July 01, 2021 by Jeffrey Appel

security defender-for-cloud defender-for-endpoint defender-for-identity sentinel

Technical details and a proof-of-concept (PoC) exploit have been accidentally leaked for a currently unpatched vulnerability in Windows that makes ...

Read Article →

Reauthorise Windows Server DHCP with One Line of PowerShell

June 26, 2021 by Ru Campbell

dhcp powershell windows-server

This will be a brief blog, as I am certainly not a DHCP expert or day-to-day administrator. I do, however, run a DHCP server on Windows Server 2019...

Read Article →

A first look at Azure AD Conditional Access authentication context

June 23, 2021 by Kenneth Van Surksum

entra-id conditional-access modern-workplace security

During Microsoft Ignite in March this year, Microsoft announced several new upcoming functionalities for Azure Active Directory. One of the announc...

Read Article →

Monitor RDP Brute Force Attack with Azure Sentinel & Azure Security Center

June 23, 2021 by Jeffrey Appel

security sentinel

Since the last years, there is a large increase in cybercriminals attempting to run attacks by exploiting the login credentials. With the current w...

Read Article →

Announcing #WPNinjasNL Tuesdays Webinar #27 (Tomorrow), Tuesday June 22, featuring Peter Daalmans

June 21, 2021 by Kenneth Van Surksum

announcement modern-workplace security wpninjasnl

For Tuesday, June 22 (yes, thats Tomorrow) we are proud to announce that our very own Peter Daalmans, Microsoft MVP Enterprise Mobility will host a...

Read Article →

Review service principals with Azure AD Access Reviews and monitor with Azure Sentinel

June 18, 2021 by Jeffrey Appel

security sentinel

A new feature in public preview is the Azure AD access review functionality. With the new AzureAD access reviews function it is possible to review ...

Read Article →

Change billing model for Azure AD guest users

June 16, 2021 by Jan Bakker

entra-id

Check out this article via web browser: Change billing model for Azure AD guest users Back in 2020, Microsoft announced a change in the pricing mod...

Read Article →

Power Automate: not your daddy’s RSS reader

June 16, 2021 by Jan Bakker

power-platform

Check out this article via web browser: Power Automate: not your daddy’s RSS reader Here’s a quick tip for all you eager learners out t...

Read Article →

Deploying Office 365 with Intune as a Win32 App (and Why You’d Want To)

June 15, 2021 by Ru Campbell

autopilot intune microsoft-365 intune office-365

Office 365, or Microsoft 365 Apps for Enterprise, or whatever it’s called this month, can be deployed by Intune to Windows 10 devices using a...

Read Article →

Monitor Azure AD break-glass accounts with Microsoft Sentinel

June 14, 2021 by Jeffrey Appel

security sentinel

Conditional Access configuration for AzureAD accounts is important. With Conditional Access you can protect easy accounts, block outdated protocols...

Read Article →

Three Cool Things To Do With Azure Information Protection

June 13, 2021 by Ru Campbell

microsoft-365 sensitivity-labels-azure-information-protection aip ems information-protection

In my last blog, I wrote about three considerations for your Azure Information Protection deployments and commented on often overlooked potential d...

Read Article →

Speaking about Conditional Access at the Microsoft 365 Security & Compliance User Group on June 30, 2021

June 10, 2021 by Kenneth Van Surksum

entra-id conditional-access speaking

On Wednesday June 30, I will be speaking at the monthly user group meeting of the Microsoft 365 Security & Compliance user group. The Microsoft...

Read Article →

Export Microsoft 365 Defender security events with the streaming API

June 07, 2021 by Jeffrey Appel

security defender-for-endpoint

By default Microsoft Defender for Endpoint stores Endpoint events in Defender for Endpoint for the configured retention period; Max: 180 days. ...

Read Article →

Announcing #WPNinjasNL Tuesdays Webinar #26, Tuesday June 8th, featuring Thorsten Pickhan and Michael Plettner

June 03, 2021 by Kenneth Van Surksum

announcement modern-workplace wpninjasnl

For next week, Tuesday, June 8th we are proud to announce that Thorsten Pickhan, Senior Microsoft UC Consultant and Michael Plettner, Microsoft MVP...

Read Article →

Received the Microsoft Most Valuable Professional (MVP) award in Enterprise Mobility

June 03, 2021 by Kenneth Van Surksum

announcement microsoft-endpoint-manager wpninjasnl

On Thursday June 1st 2021, I received an email from Microsoft telling me that I received the Microsoft Most Valuable Professional (MVP) award. My a...

Read Article →

Enroll Android smartphones into Microsoft Defender for Endpoint for blocking FluBot

June 02, 2021 by Jeffrey Appel

modern-workplace security defender-for-endpoint intune

The Flubot-malware is currently active in the news. The malware with the name FluBot will be sent to mobile endpoints with a text message or WhatsA...

Read Article →

Endpoint Manager filters: Use filtering for assigning policies, profiles and apps to specific devices

May 31, 2021 by Jeffrey Appel

modern-workplace intune

Microsoft recently announced a new existing feature in Microsoft Endpoint Manager with the name: “filters”. With the new feature, it is...

Read Article →

Our session about Modern Authentication at the May 2021 meetup of the Microsoft Cloud and Client Management Community #MC2MC

May 28, 2021 by Kenneth Van Surksum

entra-id security speaking

Yesterday, on Thursday May 27, Erik Loef and I delivered a session at the May virtual event of the Microsoft Cloud and Client Management Community....

Read Article →

A first look at using Filters for devices as conditions in Azure AD Conditional Access policies

May 27, 2021 by Kenneth Van Surksum

entra-id conditional-access security

Earlier this month I wrote an article about using filtering in assignments for apps, compliance policies and configuration profiles in Microsoft En...

Read Article →

MDM policy processing on Windows 10 with Microsoft Endpoint Manager, a closer look

May 25, 2021 by Kenneth Van Surksum

intune microsoft-endpoint-manager

The goal of this blogpost is to explain more about what happens between the moment that a configurations setting in Microsoft Endpoint Manager (MEM...

Read Article →

Announcing #WPNinjasNL Tuesdays Webinar #25, Tuesday May 25, featuring Jan Bakker

May 20, 2021 by Kenneth Van Surksum

announcement wpninjasnl

For next week, Tuesday, May 25 we are proud to announce that Jan Bakker, Microsoft 365 Consultant and Microsoft Enterprise Mobility MVP will be hos...

Read Article →

Integrate Azure Sentinel with Microsoft Teams for seamlessly collaboration

May 18, 2021 by Jeffrey Appel

security sentinel

Working from home became the new normal in most of the work environments. With the increase of working from home also the security impact changed. ...

Read Article →

Announcing #WPNinjasNL “Live – Ask us Anything” #5, on Tuesday May 18, 2021 (Tomorrow) about Endpoint Analytics

May 17, 2021 by Kenneth Van Surksum

announcement wpninjasnl

On Tuesday, May 18 we are proud to announce our fifth  “Live – Ask us Anything” session, hosted by Ronny de Jong and Frans O...

Read Article →

Three Considerations for Azure Information Protection Deployments

May 15, 2021 by Ru Campbell

microsoft-365 sensitivity-labels-azure-information-protection aip entra-id information-protection

Azure Information Protection (AIP) – more accurately exposed to Microsoft 365 now as sensitivity labels – is close to the top of my fav...

Read Article →

A first look at expediting Windows 10 Quality Updates when using Windows Update for Business and Microsoft Endpoint Manager

May 11, 2021 by Kenneth Van Surksum

microsoft-endpoint-manager security

During Microsoft Ignite, Microsoft announced the option to bypass pre-configured Windows Update for Business policies to immediately deploy a secur...

Read Article →

A first look at filtering when assigning apps, compliance policies and configuration profiles in Microsoft Endpoint Manager

May 11, 2021 by Kenneth Van Surksum

microsoft-endpoint-manager modern-workplace

Microsoft is currently in the process of rolling out a preview of filtering for apps, policies and profiles in Microsoft Endpoint Manager. With thi...

Read Article →

Use Azure Security Center workbooks for detailed information/ dashboards

May 11, 2021 by Jeffrey Appel

security defender-for-cloud

Azure Security Center included integration with Azure Workbooks. With the new Workbooks feature is it possible to build custom reports. From Azure ...

Read Article →

Speaking about Modern Authentication at the May 2021 meetup of the Microsoft Cloud and Client Management Community #MC2MC

May 06, 2021 by Kenneth Van Surksum

announcement modern-workplace security speaking wpninjasnl

On Thursday May 27, Erik Loef and I will speak at the May virtual event of the Microsoft Cloud and Client Management Community. The Microsoft Cloud...

Read Article →

Announcing #WPNinjasNL Tuesdays Webinar #24, Tuesday May 11, featuring Nico Zieck

May 04, 2021 by Kenneth Van Surksum

announcement wpninjasnl

For next week, Tuesday, May 11 we are proud to announce that Nico Zieck, Director Technology & Solutions at Liquit B.V. will be hosting a sessi...

Read Article →

Automatically Hide IP Addresses When Recording Demos or Screen Sharing

May 03, 2021 by Ru Campbell

miscellaneous

The Azure Mask browser extension is a really great tool when either recording on-screen demos or sharing your screen. Available for Edge/Chrome and...

Read Article →

Defender for Endpoint Device Discovery: Discover the unmanaged part of the corporate network

May 03, 2021 by Jeffrey Appel

security defender-for-endpoint

Unmanaged devices are most of the time a weak point in the corporate network/ environment. With the current situation more and more BYOD devices ar...

Read Article →

Customizing the Microsoft Endpoint Manager company portal and my experiences doing so.

April 20, 2021 by Kenneth Van Surksum

microsoft-endpoint-manager modern-workplace windows-10

The Microsoft Company Portal app is a cross platform app available in the app stores of Apple, Android and Microsoft. The app, depending on the ins...

Read Article →

Time is of the essence

April 19, 2021 by Gianni Castaldi

kusto-knight

Welcome to the fourth blog post in the series becoming a Kusto Knight. While the previous blog post was about data types in Kusto, this blog post w...

Read Article →

Troubleshooting Hybrid Azure AD Intune Automatic Enrollment

April 19, 2021 by Ru Campbell

entra-id intune microsoft-365 intune windows

As I have blogged about a lot, there are a bunch of hoops to be jumped through and prerequisites to be met for a successful hybrid Azure AD join an...

Read Article →

Announcing #WPNinjasNL “Live – Ask us Anything” #4, on Tuesday April 20 about Expediting Windows 10 Quality Updates

April 16, 2021 by Kenneth Van Surksum

microsoft-endpoint-manager wpninjasnl

On Tuesday, April 20 we are proud to announce our fourth  “Live – Ask us Anything” session, hosted by Ronny de Jong and Fran...

Read Article →

Using Conditional Access to provide more granularity when registering or joining devices

April 09, 2021 by Kenneth Van Surksum

entra-id conditional-access microsoft-endpoint-manager

This month Microsoft released a new “User Action” for Conditional Access in public preview. The new user action called “Register ...

Read Article →

Revoke Access to Office Files with Sensitivity Labels and Azure Information Protection

April 08, 2021 by Ru Campbell

sensitivity-labels-azure-information-protection aip information-protection office-365 sensitivity-labels

Most of us have had that “oh <blank>” moment where we have given someone access to someone only to immediately or later need to...

Read Article →

Designing and configuring compliance policies for your Windows Modern Workplace using Microsoft Endpoint Manager

April 07, 2021 by Kenneth Van Surksum

conditional-access intune microsoft-endpoint-manager modern-workplace security

Measuring your managed systems against a baseline has been around for a while, in Microsoft Endpoint Configuration Manager(MECM)/ConfigMgr we can a...

Read Article →

Announcing #WPNinjasNL Tuesdays Webinar #23, Tuesday April 13, featuring Greg Ramsey

April 06, 2021 by Kenneth Van Surksum

announcement microsoft-endpoint-manager wpninjasnl

For next week, Tuesday, April 13 we are proud to announce that Greg Ramsey, Enterprise Mobility MVP and Enterprise Tools Strategist at Dell, Inc. w...

Read Article →

Require MFA for Azure AD domain join and Device Registration

April 04, 2021 by Jan Bakker

entra-id security

Check out this article via web browser: Require MFA for Azure AD domain join and Device Registration Today we take a look at a new feature in Azure...

Read Article →

Conditional Access: Skip MFA for Company Devices on the Company Network

March 31, 2021 by Ru Campbell

conditional-access entra-id microsoft-365 condittional-access ems

A common Conditional Access policy is to add trusted locations as an exception to multi-factor authorisation requirements. The logic goes, if you a...

Read Article →

Configuring Windows Update for Business settings for your Microsoft Endpoint Manager managed Modern Workplace

March 30, 2021 by Kenneth Van Surksum

microsoft-endpoint-manager modern-workplace security windows-10 windows-update-for-business

Keeping Microsoft windows devices up-to-date has been a challenge I have been dealing with for a long time now. Within Microsoft Endpoint Configura...

Read Article →

Defender for Endpoint on Linux onboarding and behavior monitoring detection

March 29, 2021 by Jeffrey Appel

security defender-for-endpoint defender-for-endpoint-linux

Het bericht Defender for Endpoint on Linux onboarding and behavior monitoring detection verscheen eerst op Jeffrey Appel - Microsoft Security blog.

Read Article →

Announcing #WPNinjasNL Tuesdays Webinar #22, Tuesday March 30, featuring Dirk-jan Mollema, security researcher at Fox-IT

March 24, 2021 by Kenneth Van Surksum

announcement entra-id security wpninjasnl

For next week, Tuesday, March 30 we are proud to announce that Dirk-jan Mollema, one of the core researchers of Active Directory and Azure AD at Fo...

Read Article →

Announcing #WPNinjasNL “Live – Ask us Anything” #3, on Tuesday March 23 about Microsoft Ignite

March 22, 2021 by Kenneth Van Surksum

modern-workplace wpninjasnl

Starting in January 2021, the Workplace Ninja User Group Netherlands has started a new initiative, the “Live – Asks us Anything” ...

Read Article →

Update BitLocker Unique Identifiers with Intune

March 22, 2021 by Ru Campbell

bitlocker intune microsoft-365 intune windows

BitLocker unique identifiers are values used to identify the ownership of an encrypted volume. The device that performs the encryption holds the un...

Read Article →

Azure Active Directory Connect – Cloud Sync

March 20, 2021 by Jan Bakker

entra-id

Check out this article via web browser: Azure Active Directory Connect – Cloud Sync When organizations want to extend Active Directory to Azu...

Read Article →

My presentations at the Workplace Ninja User Group Switzerland 2103 virtual meetup

March 19, 2021 by Kenneth Van Surksum

entra-id microsoft-endpoint-manager modern-workplace presentations wpninjasnl

On Friday, the 19th of March, I spoke at the 2103 virtual meetup of the Workplace Ninja User Group Switzerland. During this event which lasts a who...

Read Article →

Have you already started your journey towards Passwordless authentication on your Modern Workplace?

March 16, 2021 by Kenneth Van Surksum

entra-id modern-workplace security windows-10

One of the main Identity related topics during Microsoft Ignite March 2021 edition was passwordless. Microsoft announced at the event that password...

Read Article →

Block Legacy Authentication now, and don’t wait for Microsoft

March 15, 2021 by Jeffrey Appel

modern-workplace security

Legacy authentication is the most compromising sign-in.  Microsoft is going to disable basic/ legacy authentication. It is recommended to impl...

Read Article →

Microsoft Defender Antivirus – Schedule & Install Updates via Network Shares

March 13, 2021 by Ru Campbell

microsoft-365 defender-xdr defender-for-endpoint defender-xdr powershell

Although not common, there are scenarios out where you will have LAN-only devices onboarded in Microsoft Defender for Endpoint (MDE), or at least u...

Read Article →

Enable external sender identification in Exchange Online

March 12, 2021 by Kenneth Van Surksum

exchange-online powershell security

Microsoft has rolled out a new feature in Exchange Online called External Sender Identification. It allows for tags to be added to email messages c...

Read Article →

Create Powershell Session is failed using OAuth when using the Exchange Online V2 PowerShell module

March 11, 2021 by Kenneth Van Surksum

exchange-online microsoft-endpoint-manager powershell windows-10

Update: Since September 2022, the v3.0 PowerShell module of Exchange Online is available, which when used solves this issue as well. You can update...

Read Article →

A first look at the Microsoft 365 Apps admin center

March 09, 2021 by Kenneth Van Surksum

modern-workplace office-365 overview security

The Microsoft 365 Apps admin center, available via https://config.office.com provides a portal where admins can manage Microsoft 365 Apps for Enter...

Read Article →

Announcing #WPNinjasNL Tuesdays Webinar #21, Tuesday March 16, featuring Patrick van den Born and Rick Stijnman

March 09, 2021 by Kenneth Van Surksum

announcement windows-10 wpninjasnl

For next week, Tuesday, March 16 we are proud to announce that Patrick van den Born and Rick Stijnman will be hosting a session about: Deploying Wi...

Read Article →

Track the registration and usage of all authentications methods with AzureAD

March 08, 2021 by Jeffrey Appel

passwordless passwordless

As part of the new Passwordless GA announcement, Microsoft created a new activity blade in AzureAD. With the new Authentications methods Activity b...

Read Article →

Microsoft Defender Network Protection – Not Enabling via Intune – Troubleshooting & Fix

March 07, 2021 by Ru Campbell

intune microsoft-365 defender-for-endpoint intune smartscreennetwork-protection

When configuring Defender for Endpoint (MDE) customer recently, I ran into a problem when trying to enable network protection. Network protection i...

Read Article →

Review guest access across Microsoft 365 groups (teams)

March 07, 2021 by Jan Bakker

entra-id

Check out this article via web browser: Review guest access across Microsoft 365 groups (teams) In a previous blog post I wrote about Azure AD Acce...

Read Article →

Modern Workplace Management key takeaways from the Microsoft Ignite March 2021 announcements

March 03, 2021 by Kenneth Van Surksum

uncategorized

This week, during the virtual Ignite event Microsoft made several announcements related to the Modern Workplace. The event started yesterday (March...

Read Article →

Detect critical 0-day exploits with Defender for Endpoint

March 02, 2021 by Jeffrey Appel

security defender-for-endpoint

Microsoft has detected multiple 0-days exploits being used to attack on-premises versions of Microsoft Exchange Servers. Microsoft releases today m...

Read Article →

Get insights into device restart frequency with Endpoint Analytics

March 01, 2021 by Jeffrey Appel

modern-workplace intune

A well-running workplace environment is critical to have a great endpoint user-experience. With a not stable configuration/ device the productivity...

Read Article →

Speaking at the Workplace Ninja User Group Switzerland 2103 virtual meetup on March 19, about Modern Authentication and Designing & Building MEM for Operations

March 01, 2021 by Kenneth Van Surksum

announcement microsoft-endpoint-manager modern-workplace security speaking

On Friday, the 19th of March, I will speak at the 2103 virtual meetup of the Workplace Ninja User Group Switzerland. During this event which lasts ...

Read Article →

Microsoft Information Protection Sensitivity Labels – Custom User Permissions and Do Not Forward

February 25, 2021 by Ru Campbell

microsoft-365 office-365 sensitivity-labels-azure-information-protection aip ems

With Microsoft Information Protection, you can apply sensitivity labels to files, emails, and containers such as SharePoint Libraries. These labels...

Read Article →

Announcing #WPNinjasNL Tuesdays Webinar #20, Tuesday March 2nd, featuring Thomas Maurer

February 24, 2021 by Kenneth Van Surksum

announcement azure wpninjasnl

For next week, Tuesday, February 16 we are proud to announce that Thomas Maurer, Senior Cloud Advocate at Microsoft will be hosting a session about...

Read Article →

Azure Active Directory Temporary Access Pass

February 21, 2021 by Jan Bakker

entra-id security

Check out this article via web browser: Azure Active Directory Temporary Access Pass This blog post is all about the new Temporary Access Pass in A...

Read Article →

A first look at the settings catalog in Microsoft Endpoint Manager

February 18, 2021 by Kenneth Van Surksum

microsoft-endpoint-manager modern-workplace

With the 2101 Service Release of Microsoft Intune, released this week (February 1, 2021) Microsoft released a lot of new features. One of those fea...

Read Article →

Microsoft Defender for Endpoint – Offline Onboarding for Windows 10 via a Proxy

February 18, 2021 by Ru Campbell

group-policy microsoft-365 defender-xdr defender-for-endpoint windows

Getting your devices into Defender for Endpoint is referred to as onboarding and can be done in lots of different ways, depending on the scenario. ...

Read Article →

My presentation about Conditional Access at the Workplace Ninja User Group Netherlands

February 17, 2021 by Kenneth Van Surksum

entra-id conditional-access presentations security speaking

Yesterday, on Thursday February 16, I presented at the 19th Workplace Ninja User Group Netherlands Tuesdays Webinar. My session, titled “Azur...

Read Article →

February 2021 update of the Azure AD Conditional Access demystified whitepaper and workflow cheat sheet.

February 16, 2021 by Kenneth Van Surksum

announcement entra-id conditional-access modern-workplace security

I’m proud to announce the February 2021 update of my Conditional Access demystified whitepaper. With this release, we have reached the third ...

Read Article →

Go fully passwordless with the new Azure AD Temporary Access Pass feature

February 16, 2021 by Jeffrey Appel

security passwordless

The new Azure AD Temporary Access Pass preview feature is available in the tenant.  With the new preview feature, it is possible to configure ...

Read Article →

Privileged Identity Management Discovery and insights

February 12, 2021 by Jan Bakker

entra-id security

Check out this article via web browser: Privileged Identity Management Discovery and insights Privileged Identity Management (PIM) in Azure Active ...

Read Article →

My presentation about Conditional Access at the Nordic Virtual Summit 2021

February 11, 2021 by Kenneth Van Surksum

entra-id presentations speaking

Today, on Thursday February 11, I presented for at the second day of the Nordic Virtual Summit 2021 event. The event was very well organized by sev...

Read Article →

Use Intune to Manage Microsoft Defender for Endpoint Tags and Device Groups

February 11, 2021 by Ru Campbell

intune microsoft-365 defender-for-endpoint defender mem

In Microsoft Defender for Endpoint (MDE), tags can be attached to a device for reporting, filtering, and as a dynamic attribute for membership of a...

Read Article →

First look at Access Reviews for guests in all Teams and Microsoft 365 Groups

February 09, 2021 by Kenneth Van Surksum

entra-id modern-workplace privileged-identity-management security

In January, Microsoft announced that they released a public preview allowing entitled customers to create Azure AD access reviews for guest users a...

Read Article →

Number matching with Microsoft Authenticator App in Azure MFA

February 09, 2021 by Jan Bakker

entra-id security

Check out this article via web browser: Number matching with Microsoft Authenticator App in Azure MFA Number matching and passwordless phone sign-i...

Read Article →

One year anniversary JanBakker.tech

February 07, 2021 by Jan Bakker

uncategorized

Check out this article via web browser: One year anniversary JanBakker.tech This month, janbakker.tech becomes one year old. On February 16th 2020,...

Read Article →

Speaking at Global Automation Bootcamp 2021

February 06, 2021 by Jan Bakker

speaking

Check out this article via web browser: Speaking at Global Automation Bootcamp 2021 I’m very excited to announce my session for the Global Au...

Read Article →

Turn Existing Azure AD Devices into Windows Autopilot Devices

February 06, 2021 by Ru Campbell

autopilot entra-id intune microsoft-365 intune

To provision Windows 10 PCs using Autopilot and Intune, they must first be registered as Windows Autopilot devices in the Device Directory Service,...

Read Article →

Demystifying Windows 10 in cloud configuration

February 05, 2021 by Kenneth Van Surksum

microsoft-endpoint-manager modern-workplace windows-10

On February 2, 2021 Microsoft announced “Windows 10 in cloud configuration”, when reading the title I was immediately interested to fin...

Read Article →

Updating your Security baselines in Microsoft Endpoint Manager to a newer version

February 04, 2021 by Kenneth Van Surksum

intune microsoft-endpoint-manager modern-workplace security windows-10

With the 2101 Service Release of Microsoft Intune, released this week (February 1, 2021) Microsoft released a lot of new features (more on that in ...

Read Article →

Which data types do we have

February 04, 2021 by Gianni Castaldi

kusto-knight

Welcome to the third blog post in the series becoming a Kusto Knight. While the previous blog post was about where we store data in Kusto, this blo...

Read Article →

Kusto Gym

February 03, 2021 by Gianni Castaldi

kusto-knight

Welcome to the Kusto Gym, On your road to become a Kusto Knight, there are some exercises to put the theory into action. Where do we store the data...

Read Article →

Speaking at the Workplace Ninja User Group Netherlands meetup webinar on February 16, about Conditional Access

February 03, 2021 by Kenneth Van Surksum

announcement conditional-access events wpninjasnl

On Tuesday the 16th of February, I will speak at the webinar of the Workplace Ninja User Group Netherlands. This session, which is updated monthly ...

Read Article →

Where do we store the data in Kusto

February 02, 2021 by Gianni Castaldi

kusto-knight

Welcome to the second blog post in the series becoming a Kusto Knight. While the previous blog post was more about what Kusto Query Language is, an...

Read Article →

Understanding Application Guard for Office, Now Generally Available

January 30, 2021 by Ru Campbell

application-guard intune microsoft-365 defender-xdr news

Application Guard first appeared in Windows 10 1709 (“Fall Creators Update”) to isolate Edge browser activity within a Hyper V containe...

Read Article →

Speaking at the Nordic Virtual Summit 2021 about Conditional Access

January 28, 2021 by Kenneth Van Surksum

announcement entra-id conditional-access modern-workplace security

On Wednesday 10 and Thursday 11 February, several communities (A joint venture by #SGUCSE #SCUGDK #SCUGFI #MMUGNO and #MSEndpointMgr) in the Nordic...

Read Article →

Announcing #WPNinjasNL Tuesdays Webinar #2, Tuesday February 2nd featuring Kenny Buntinx & Merlijn Van Waeyenberghe

January 27, 2021 by Kenneth Van Surksum

announcement microsoft-endpoint-manager wpninjasnl

For Tuesday, February 2nd we are proud to announce that community friend Kenny Buntinx & Merlijn Van Waeyenberghe are hosting a session about: ...

Read Article →

Browser restrictions and configuration when using Conditional Access on your modern workplace

January 27, 2021 by Kenneth Van Surksum

conditional-access microsoft-endpoint-manager

This article is about a subject I covered before in my blogpost titled: “Understanding and governing reauthentication settings in Azure Activ...

Read Article →

Enabling Self Service Password Reset (SSPR) for your Modern Workplace users

January 26, 2021 by Kenneth Van Surksum

entra-id modern-workplace security windows-10 m365

On modern workplaces we use authentication techniques provided by Windows Hello for Business, like biometric and PIN. Due to this, user don’t...

Read Article →

Understanding Modern vs. Legacy Authentication in Microsoft 365

January 24, 2021 by Ru Campbell

entra-id microsoft-365 entra-id-connect-aad-connect entra-id-premium-aad-premium mfa

Since October 2019, Microsoft has enabled Security Defaults by default in new Microsoft 365 tenants. Security Defaults are a group of best-practice...

Read Article →

Announcing #WPNinjasNL “Live – Ask us Anything” #1, on Tuesday January 26 about Security Awareness

January 22, 2021 by Kenneth Van Surksum

announcement wpninjasnl

Starting in January 2021, the Workplace Ninja User Group Netherlands has started a new initiative, the “Live – Asks us Anything” ...

Read Article →

My presentation about Conditional Access at the Workplace Ninja User Group München

January 22, 2021 by Kenneth Van Surksum

conditional-access modern-workplace speaking wpninjasnl

Yesterday, on Thursday January 21, I presented for the Workplace Ninja User Group München about one of my favorite topics “Conditional Access...

Read Article →

Announcing #WPNinjasNL Tuesdays Webinar #1, January 19, 2021 featuring Adnan Hendricks

January 19, 2021 by Kenneth Van Surksum

announcement entra-id identity-protection modern-workplace wpninjasnl

For Today, January 19th we are proud to announce that our own Adnan Hendricks, Microsoft Azure MVP will host a session about: Azure AD Identity Pro...

Read Article →

Enable automatic Access Reviews for Guest users in Teams and Microsoft 365 Groups

January 19, 2021 by Jeffrey Appel

security

Azure AD access reviews feature is now in public preview for the Teams and Microsoft 365 Groups. In this blog post an overview of the new public pr...

Read Article →

Self Service in Microsoft 365

January 16, 2021 by Jan Bakker

entra-id delegation groups it-staff microsoft-365

Check out this article via web browser: Self Service in Microsoft 365 One of the great things about Azure Active Directory is the capability of sel...

Read Article →

Store BitLocker Recovery Keys in Azure AD for Devices Already Encrypted

January 15, 2021 by Ru Campbell

bitlocker entra-id intune microsoft-365 intune

As you move from on-premises or third-party infrastructure to Microsoft 365 and Azure AD, you will want to keep those BitLocker recovery keys safe....

Read Article →

Enrich Microsoft 365 profile card with extensions and custom attributes

January 08, 2021 by Jan Bakker

entra-id

Check out this article via web browser: Enrich Microsoft 365 profile card with extensions and custom attributes Microsoft 365 is equipped with a ve...

Read Article →

Your road to become a Kusto Knight starts here

January 06, 2021 by Gianni Castaldi

kusto-knight

Welcome to the first blog post in the series becoming a Kusto Knight. Besides blogging about the latest and greatest detections I also want to help...

Read Article →

Speaking about Conditional Access at the Workplace Ninja Usergroup München on Thursday January 21st 2021

January 05, 2021 by Kenneth Van Surksum

entra-id conditional-access modern-workplace speaking wpninjasnl

On Thursday, January 21st 2021 I’m honored to announce that I will be speaking at the Workplace Ninja Usergroup München meetup. The Workplace...

Read Article →

Rebranding the Windows Management User Group Netherlands to Workplace Ninja User Group Netherlands

January 04, 2021 by Kenneth Van Surksum

announcement events wmugnl community webinar

In February 2013 Bob Cornelissen, Marnix Wolf, Peter Daalmans and myself founded the Windows Management User Group Netherlands (WMUG_NL) foundation...

Read Article →

Azure Active Directory Identity Governance – Azure AD Entitlement Management

December 20, 2020 by Jan Bakker

entra-id security access-package access-review approval

Check out this article via web browser: Azure Active Directory Identity Governance – Azure AD Entitlement Management In this series, we take a look...

Read Article →

Use Microsoft technology for the detection and prevention of the SolarWinds chain attack

December 16, 2020 by Jeffrey Appel

security defender-for-endpoint sentinel

SolarWinds has revealed how monitoring products it released earlier this year may have been tampered with in a supply chain attack. In this blog po...

Read Article →

Azure Active Directory Identity Governance – Privileged Identity Management

December 09, 2020 by Jan Bakker

entra-id security administrative-roles administrators entra-id

Check out this article via web browser: Azure Active Directory Identity Governance – Privileged Identity Management In this series, we take a look ...

Read Article →

Deploy and configure Microsoft Defender for Endpoint on iOS devices

December 08, 2020 by Jeffrey Appel

security defender-for-endpoint intune

Het bericht Deploy and configure Microsoft Defender for Endpoint on iOS devices verscheen eerst op Jeffrey Appel - Microsoft Security blog.

Read Article →

Defining more granularity for your Conditional Access App Enforced Restrictions using Sensitivity Labels

December 04, 2020 by Kenneth Van Surksum

entra-id conditional-access modern-workplace office-365 security

In June this year I wrote an article about: Limit Access to Outlook Web Access, SharePoint Online and OneDrive using Conditional Access App Enforce...

Read Article →

Designing and building your Microsoft Endpoint Manager/Intune environment for Operations

November 29, 2020 by Kenneth Van Surksum

entra-id conditional-access microsoft-endpoint-manager modern-workplace windows-10

In my work as a modern workplace consultant, I see a lot of Microsoft Endpoint Manager/Intune environments. Many of these environments have been bu...

Read Article →

Announcing #WMUG_NL Tuesdays Webinar 15 on December 1st, 2020 featuring Alex Verboon

November 25, 2020 by Kenneth Van Surksum

announcement security wmugnl

For Tuesday, December 1 we are proud to announce that Alex Verboon, Cyber Security Consultant at baseVISION in Switzerland will host a session abou...

Read Article →

Azure Active Directory Identity Governance – Access Reviews

November 23, 2020 by Jan Bakker

entra-id security access access-review admins

Check out this article via web browser: Azure Active Directory Identity Governance – Access Reviews In this series, we take a look at Azure A...

Read Article →

Conditional Access demystified: My recommended default set of policies

November 18, 2020 by Kenneth Van Surksum

entra-id conditional-access modern-workplace security conditional-access

In August last year, I published eight articles in a series on Conditional Access, and later once finished I decided to bundle those articles in a ...

Read Article →

Endpoint Data Loss Prevention (DLP): Protect cloud uploads and printing

November 17, 2020 by Jeffrey Appel

security purview

Managing the risks around data has become increasingly complex for organizations. At the current stage more and more employees are working from hom...

Read Article →

Get all Conditional Access Query’s with a single click using Graph API

November 12, 2020 by Jeffrey Appel

modern-workplace conditional-access

Conditional Access is one of the available tools used by Azure Active Directory to bring different signals together. Based on different signals it ...

Read Article →

Announcing #WMUG_NL Tuesdays Webinar 14 on November 10, 2020 featuring Ronni Pedersen

November 05, 2020 by Kenneth Van Surksum

uncategorized

For Tuesday, November 10 we are proud to announce that Ronni Pedersen, Cloud Architect at APENTO will host a session about: “How to get succe...

Read Article →

Protect files on download using Cloud App Security and Azure Information Protection

October 30, 2020 by Jan Bakker

cloud-app-security security azure-information-protection byod download

Check out this article via web browser: Protect files on download using Cloud App Security and Azure Information Protection If you have read my blo...

Read Article →

The 10 Technical IT Books of Most Influence on Me

October 28, 2020 by Ru Campbell

books miscellaneous career personal

In the name of transparency, or maybe stating the bleeding obvious, I confess I am that guy who can happily read an IT reference book or something ...

Read Article →

PowerShell: Run Cmdlet If Another Was Successful (And Keep Trying Until It Is)

October 23, 2020 by Ru Campbell

exchange-online office-365 powershell exo

Today I’m sharing a useful bit of PowerShell I gracelessly punt from script to script whenever I need to make sure a prerequisite it met befo...

Read Article →

Fast response with Azure AD Continuous Access Evaluation (CAE) and Conditional Access

October 22, 2020 by Jeffrey Appel

modern-workplace security

Continuous Access Evaluation (CAE) for AzureAD is one of the latest functions and is available in public preview. With this new technique, it is po...

Read Article →

Understanding and governing reauthentication settings in Azure Active Directory

October 22, 2020 by Kenneth Van Surksum

entra-id conditional-access microsoft-endpoint-manager modern-workplace security

Governing when users receive authentication prompts when authenticating to Azure Active Directory (Azure AD) is depending on more than one setting,...

Read Article →

Announcing #WMUG_NL Tuesdays Webinar 13 on October 27th featuring Erik Loef and Kenneth van Surksum

October 20, 2020 by Kenneth Van Surksum

announcement entra-id conditional-access modern-workplace speaking

For Tuesday, October 27th we are proud to announce that Erik Loef, CTO and Microsoft MVP at Proxsys, and Kenneth van Surksum, Modern Workplace cons...

Read Article →

Microsoft Defender for Office 365: Check protection policies with Configuration Analyzer

October 20, 2020 by Jeffrey Appel

security defender-for-office-365

Microsoft Defender for Office 365 is one of the three types of Advanced Threat Protection that Microsoft offers. With Microsoft Defender for Office...

Read Article →

License on-demand with Power Automate and Azure AD

October 18, 2020 by Jan Bakker

entra-id power-platform entra-id groups license

Check out this article via web browser: License on-demand with Power Automate and Azure AD Most organizations are using group-based licensing in Az...

Read Article →

Block low reputation apps or newly detected cloud apps with Microsoft Defender for Endpoint, MCAS and Endpoint Manager

October 15, 2020 by Jeffrey Appel

security defender-for-cloud-apps defender-for-endpoint

One of the benefits of Microsoft 365/ Microsoft Endpoint is the interaction across all the different products. With the connection between multiple...

Read Article →

Mobile Application Management for Mobile Devices with Microsoft Endpoint Manager/Intune deep dive

October 13, 2020 by Kenneth Van Surksum

conditional-access intune microsoft-endpoint-manager mobile-application-management modern-workplace

With Microsoft Intune, there is a lot of focus on the Mobile Device Management (MDM) aspects of the product. This is logical because from a managem...

Read Article →

Azure AD Continuous access evaluation (CAE), a first look

October 10, 2020 by Kenneth Van Surksum

entra-id conditional-access identity-protection modern-workplace security

In April 2020 Alex Weinert, Director of Identity Security at Microsoft announced that Microsoft was working on moving towards real time policy and ...

Read Article →

Announcing #WMUG_NL Tuesdays Webinar 12 featuring Thijs Lecomte

October 01, 2020 by Kenneth Van Surksum

announcement entra-id wmugnl wmugnl community

Due to the COVID-19 crisis, we (the Windows Management User Group Netherlands) were forced to move our activities to virtual events, which we call ...

Read Article →

Collect Microsoft Teams activity in Azure Sentinel and start hunting

September 29, 2020 by Jeffrey Appel

security sentinel

Azure Sentinel is a cloud-native security information and event management platform. (SIEM). Sentinel uses AI to analyze large volumes of data. Azu...

Read Article →

Enabling Plus Addressing in Office 365 Exchange Online

September 29, 2020 by Kenneth Van Surksum

exchange-online modern-workplace office-365

In December 2019 Microsoft included support for Plus Addressing in their roadmap (ID 59441) for Office 365. In the meantime this feature is release...

Read Article →

Food for thought – Bring Your Own Disaster.

September 28, 2020 by Jan Bakker

intune security app-protection byod mam

Check out this article via web browser: Food for thought – Bring Your Own Disaster. Today a slightly different blog post. It’s a common...

Read Article →

Microsoft Endpoint Data Loss Prevention: Blokkeren van USB bestandstransfers

September 23, 2020 by Jeffrey Appel

security purview

Databeveiliging en classificatie is belangrijk. Een datalek via een verkeerde aanzender of toegang tot externe databronnen is snel gemaakt, waardoo...

Read Article →

Announcing #WMUG_NL Tuesdays Webinar 11 featuring Tim Hermie & Jasper Bernaers on Tuesday September 29th

September 22, 2020 by Kenneth Van Surksum

advanced-threat-protection announcement modern-workplace wmugnl

Due to the COVID-19 crisis, we (the Windows Management User Group Netherlands) were forced to move our activities to virtual events, which we call ...

Read Article →

Block outdated operating systems with Cloud App Security

September 20, 2020 by Jan Bakker

entra-id security

Check out this article via web browser: Block outdated operating systems with Cloud App Security It is not unlikely that some of your users still u...

Read Article →

Announcing #WMUG_NL Tuesdays Webinar 10 featuring Ronny de Jong on Tuesday September 15th

September 14, 2020 by Kenneth Van Surksum

announcement configuration-manager modern-workplace wmugnl community

Due to the COVID-19 crisis, we (the Windows Management User Group Netherlands) were forced to move our activities to virtual events, which we call ...

Read Article →

Inzicht in Brute-force & Password spray attack via Azure Sentinel

September 10, 2020 by Jeffrey Appel

security sentinel

Azure Sentinel is een cloud-native Security Information Event Management-oplossing, ook wel bekend als een SIEM-oplossing. Azure Sentinel is cloud-...

Read Article →

Azure MFA authentication method analysis. Share the results with Power Automate!

September 08, 2020 by Jan Bakker

entra-id power-platform security azure-mfa flow

Check out this article via web browser: Azure MFA authentication method analysis. Share the results with Power Automate! You might have seen the sa...

Read Article →

The Difference Between Cloud App Security Discovery (CAD), Office 365 Cloud App Security (OCAS), and Microsoft Cloud App Security (MCAS)

September 07, 2020 by Ru Campbell

microsoft-365 defender-xdr defender-for-cloud-apps office-365 entra-id-premium-aad-premium

Microsoft Cloud App Security (MCAS), Redmond’s cloud app security broker (CASB) offering, is a powerful tool for investigating and pro-active...

Read Article →

Microsoft Secure Score Series – 15 – Do not expire passwords

September 06, 2020 by Jan Bakker

entra-id secure-score security entra-id azure-ad-identity-protection

Check out this article via web browser: Microsoft Secure Score Series – 15 – Do not expire passwords Research has found that when periodic password...

Read Article →

Control access from unmanaged devices with Cloud App Security

September 05, 2020 by Jan Bakker

uncategorized access byod cloud-app-security data

Check out this article via web browser: Control access from unmanaged devices with Cloud App Security When COVID-19 hit the world, most people had ...

Read Article →

Are you already synchronizing your Message Center messages to Planner? Here is why you should

August 31, 2020 by Kenneth Van Surksum

modern-workplace office-365 overview power-platform changes

Microsoft 365 changes regularly, changes are implemented almost on a daily basis and as an Admin responsible for the service you must be aware of w...

Read Article →

How to prevent your users from downloading and installing Office via the Office portals

August 25, 2020 by Kenneth Van Surksum

modern-workplace office-365

If your goal is to restrict the usage of Office applications on non-managed devices and only allow Web access in limited mode (as explained in my a...

Read Article →

Microsoft is making changes related to automatic email forwarding for ATP customers, here is what you need to know

August 25, 2020 by Kenneth Van Surksum

advanced-threat-protection office-365 security

In February this year I blogged about Stopping automatic email forwarding in your Exchange Online environment in a controlled way providing a struc...

Read Article →

Assigning groups to Azure AD roles and Privileged access groups, a first look!

August 20, 2020 by Kenneth Van Surksum

entra-id modern-workplace privileged-identity-management role-based-access-control security

On August 13th 2020, Alex Simons (Microsoft Identity PM) announced that assigning groups to Azure AD roles in now in public preview. This feature i...

Read Article →

Use Microsoft Graph Security for end-user notifications

August 19, 2020 by Jan Bakker

logic-apps power-platform security azure-ad-identity-protection cloud-app-security

Check out this article via web browser: Use Microsoft Graph Security for end-user notifications In this short blog post, I want to show how you can...

Read Article →

Inzage in malware via Cloud App Security en acties via de Microsoft threat intelligence engine

August 17, 2020 by Jeffrey Appel

security defender-for-cloud-apps

Microsoft Cloud App Security is geplaatst als Cloud App Security broker in het landschap van Microsoft en heeft meerdere mogelijkheden welke aanslu...

Read Article →

Self Service Purchasing for Power Platform, Visio and Project, should you keep it enabled or disable the functionality?

August 17, 2020 by Kenneth Van Surksum

licensing modern-workplace office-365 office-365 m365

In October 2019, Microsoft announced that it would enable end users to buy and manage their own licenses within their corporate account. At that ti...

Read Article →

Getting Started with Azure AD Identity Governance – Part 3: Privileged Identity Management (PIM)

August 16, 2020 by Ru Campbell

entra-id identity-governance microsoft-365 privileged-identity-management ems

This blog is the last in a small series on Azure AD Premium P2’s Identity Governance toolkit. Part 1: Entitlement Management Part 2: Access R...

Read Article →

Office 365 Templated policies and Preset security policies in Exchange Online Protection and Office 365 ATP

August 13, 2020 by Kenneth Van Surksum

advanced-threat-protection exchange-online modern-workplace office-365 security

In my deep dive article on Office 365 Advanced Threat Protection (ATP) I mentioned that Microsoft provides best practices as described in the follo...

Read Article →

Bulk dismiss risky users with Power Automate or Logic Apps

August 06, 2020 by Jan Bakker

entra-id logic-apps power-platform security azure-ad-identity-protection

Check out this article via web browser: Bulk dismiss risky users with Power Automate or Logic Apps Update 08-10-2020: Microsoft released an officia...

Read Article →

Getting Started with Azure AD Identity Governance – Part 2: Access Reviews

August 02, 2020 by Ru Campbell

access-reviews entra-id identity-governance microsoft-365 collaboration

This blog is the second in a small series on Azure AD Premium P2’s Identity Governance toolkit. Part 1: Entitlement Management Part 2: Access...

Read Article →

Prepopulate phone methods for MFA and SSPR using Graph API

July 30, 2020 by Jan Bakker

entra-id logic-apps power-platform security graph-api

Check out this article via web browser: Prepopulate phone methods for MFA and SSPR using Graph API Part 1 – Graph API What is the number one ...

Read Article →

Prepopulate phone methods using a Custom Connector in Power Automate

July 30, 2020 by Jan Bakker

entra-id logic-apps power-platform security custom-connector

Check out this article via web browser: Prepopulate phone methods using a Custom Connector in Power Automate Part 2 – Automation In the previ...

Read Article →

Getting Started with Azure AD Identity Governance – Part 1: Entitlement Management

July 26, 2020 by Ru Campbell

entitlement-management entra-id identity-governance microsoft-365 ems

This blog is the first in a small series on Azure AD Premium P2’s Identity Governance toolkit. Part 1: Entitlement Management (this post) Par...

Read Article →

Close the gap. Azure AD Identity Protection & Conditional Access.

July 14, 2020 by Jan Bakker

entra-id security automation azure-ad-identity-protection conditional-access

Check out this article via web browser: Close the gap. Azure AD Identity Protection & Conditional Access. This blog is about Azure AD Identity...

Read Article →

Downloads blokkeren via Conditional Access App Control vanuit Microsoft Endpoint Manager

July 10, 2020 by Jeffrey Appel

security conditional-access defender-for-cloud-apps

Microsoft Cloud App Security is een behoorlijk uitgebreid product met verschillende mogelijkheden en toepassingen. In een eerder blog was al te lez...

Read Article →

Apps vanuit Cloud App Security blokkeren via Microsoft Defender ATP + Microsoft Endpoint Manager

July 08, 2020 by Jeffrey Appel

security defender-for-cloud-apps defender-for-endpoint

Microsoft Defender ATP is de Advanced Threat Protection dienst van Microsoft. Bij Microsoft gaan de ontwikkelingen snel, waarmee er steeds meer fun...

Read Article →

Microsoft Defender ATP web content filtering; Zo werkt deze functionaliteit

July 06, 2020 by Jeffrey Appel

security defender-for-endpoint

Microsoft Defender ATP is al een tijd als preview te vinden in Microsoft Defender ATP – sinds 6 juli is hierop een wijziging geweest vanuit M...

Read Article →

Edge Chromium; zo configureer je de tracking prevention functionaliteit vanuit Microsoft Endpoint Manager

July 05, 2020 by Jeffrey Appel

modern-workplace intune

De nieuwe Microsoft Edge webbrowser is gebaseerd op Chromium en geeft verschillende voordelen welke voor de beheerders interessant zijn. Door de on...

Read Article →

Microsoft Defender for Endpoint Web Content Filtering – Migrate Rules from Existing Security Software

July 04, 2020 by Ru Campbell

microsoft-365 defender-xdr defender-for-endpoint atp cyren

In my last blog, I wrote about web content filtering in MDATP and how it now allows you to block website categories on the client across all apps. ...

Read Article →

Use Power Automate as your Conditional Access Police Department

July 04, 2020 by Jan Bakker

entra-id logic-apps power-platform security administrators

Check out this article via web browser: Use Power Automate as your Conditional Access Police Department Last week, I was working on a new blog for ...

Read Article →

Microsoft Secure Score Series – 14 – Designate more than one global admin

July 03, 2020 by Jan Bakker

entra-id secure-score security

Check out this article via web browser: Microsoft Secure Score Series – 14 – Designate more than one global admin Designate more than one global ad...

Read Article →

Microsoft Secure Score Series – 13 – Set automated notifications for new and trending cloud applications in your organization

July 02, 2020 by Jan Bakker

secure-score security

Check out this article via web browser: Microsoft Secure Score Series – 13 – Set automated notifications for new and trending cloud applications in...

Read Article →

Announcing #WMUG_NL Tuesdays Webinar 9 featuring Derk van der Woude on Tuesday July 7th

July 01, 2020 by Kenneth Van Surksum

announcement wmugnl community meetup webinar

Due to the COVID-19 crisis, we (the Windows Management User Group Netherlands) were forced to move our activities to virtual events, which we call ...

Read Article →

Monitor Teams activiteiten via Microsoft Cloud App Security Activity templates

June 30, 2020 by Jeffrey Appel

security defender-for-cloud-apps

Sinds de coronasituatie is Teams in een versnelling gekomen bij de meeste organisaties. In de meeste gevallen een versnelde uitrol, waardoor er nie...

Read Article →

Microsoft Defender for Endpoint Web Content Filtering – Administration, Limitations, and User Experience

June 28, 2020 by Ru Campbell

configuration-manager microsoft-365 defender-xdr defender-for-endpoint intune

Historically, one of the big features missing “out of the box” with MDATP was web content filtering. Customers typically look at MDATP ...

Read Article →

Use Power Automate or Logic Apps to keep an eye on your licenses

June 27, 2020 by Jan Bakker

entra-id logic-apps power-platform alerts entra-id

Check out this article via web browser: Use Power Automate or Logic Apps to keep an eye on your licenses I guess we’ve all been there; you ra...

Read Article →

Limit Access to Outlook Web Access, SharePoint Online and OneDrive using Conditional Access App Enforced Restrictions

June 26, 2020 by Kenneth Van Surksum

entra-id conditional-access modern-workplace app-enforced-restrictions

One of the scenario’s we can build with Conditional Access, is the scenario where we restrict access inside the web application itself. By do...

Read Article →

Microsoft Defender ATP voor Android: Zo werkt de configuratie en gebruikerservaring tijdens de public preview

June 25, 2020 by Jeffrey Appel

security defender-for-endpoint

Microsoft heeft sinds deze week Microsoft Defender Advanced Threat Protection voor mobiele devices in public preview fase uitgebracht. Met deze rel...

Read Article →

Completed the Azure Solution Architect Expert Certification

June 24, 2020 by Kenneth Van Surksum

azure certification security az-300 az-500

After earning my Microsoft 365 Certified Enterprise Administrator Expert certification in May, I decided to continue my certification journey and e...

Read Article →

Announcing #WMUG_NL Tuesdays Webinar 8 featuring Tim De Keukelaere on Tuesday June 30th

June 23, 2020 by Kenneth Van Surksum

announcement wmugnl wmugnl community configmgr

Due to the COVID-19 crisis, we (the Windows Management User Group Netherlands) were forced to move our activities to virtual events, which we call ...

Read Article →

A first look at Administrative Units and My Staff in Azure Active Directory

June 20, 2020 by Jan Bakker

entra-id security administrative-units admins delegation

Check out this article via web browser: A first look at Administrative Units and My Staff in Azure Active Directory Recently, Microsoft introduced ...

Read Article →

Automatisch contacten synchroniseren vanaf Microsoft Outlook naar native contact app via Microsoft Endpoint Manager

June 19, 2020 by Jeffrey Appel

modern-workplace intune

Met de komst van multifactor en moderne authenticatie stappen steeds meer bedrijven over op de Outlook app voor de mobiele devices. Dit heeft voora...

Read Article →

Microsoft Secure Score Series – 12 – Turn on customer lockbox feature

June 14, 2020 by Jan Bakker

entra-id secure-score security customer-data customer-lockbox

Check out this article via web browser: Microsoft Secure Score Series – 12 – Turn on customer lockbox feature Turning on the customer lockbox featu...

Read Article →

Android Enterprise via Microsoft Endpoint Manager als vervanger van Android device administrator

June 08, 2020 by Jeffrey Appel

modern-workplace intune

Met de aflopende support van Android device administrator is het van groot belang om te zoeken naar een passend alternatief. Vanuit Microsoft Endpo...

Read Article →

Microsoft Secure Score Series – 11 – Turn on user risk policy

June 08, 2020 by Jan Bakker

entra-id secure-score security azure-ad-identity-protection block-access

Check out this article via web browser: Microsoft Secure Score Series – 11 – Turn on user risk policy With the user risk policy turned on, Azure AD...

Read Article →

Controle op Azure AD machtigingen met de Admin consent workflow; zo werkt het

June 07, 2020 by Jeffrey Appel

security

Tegenwoordig worden steeds meer applicaties via de cloud aangesloten en geconfigureerd. Als we naar Microsoft kijken, is het mogelijk om vele appli...

Read Article →

Sign In to Azure AD Using Google with Azure AD External Identities

June 07, 2020 by Ru Campbell

entra-id external-identities microsoft-365 collaboration entra-id

External Identities is a new public preview feature of Azure AD which allows external users to authenticate with a non-Microsoft account such as th...

Read Article →

Edge Chromium; zo configureer je beheerde favorieten via Microsoft Endpoint Manager

June 06, 2020 by Jeffrey Appel

modern-workplace intune

Edge Chromium is de nieuwe versie van Edge welke is gebaseerd op de opensource Chromium. Vanuit Microsoft Endpoint Manager is het mogelijk om deze ...

Read Article →

Microsoft Secure Score Series – 10 – Discover trends in shadow IT application usage

June 06, 2020 by Jan Bakker

entra-id secure-score security cloud-app-security cloud-discovery

Check out this article via web browser: Microsoft Secure Score Series – 10 – Discover trends in shadow IT application usage Add a data source in au...

Read Article →

Announcing #WMUG_NL Tuesdays Webinar 7 featuring Jörgen Nilsson

June 04, 2020 by Kenneth Van Surksum

announcement configuration-manager wmugnl community configmgr

Due to the COVID-19 crisis, we (the Windows Management User Group Netherlands) were forced to move our activities to virtual events, which we call ...

Read Article →

Set additional clocks to Windows 10 using Intune

June 01, 2020 by Jan Bakker

intune uncategorized windows-10 app clocks

Check out this article via web browser: Set additional clocks to Windows 10 using Intune When you work for an international company, or you have to...

Read Article →

The Differences Between (and History of) the Microsoft 365 Security Centre, Compliance Centre, and Security & Compliance

June 01, 2020 by Ru Campbell

microsoft-365 office-365

There are currently three separate admin consoles in Microsoft 365 for administrators to view or configure security and compliance policies, alerts...

Read Article →

Microsoft Secure Score Series – 09 – Do not allow users to grant consent to unmanaged applications

May 30, 2020 by Jan Bakker

entra-id secure-score security approval apps

Check out this article via web browser: Microsoft Secure Score Series – 09 – Do not allow users to grant consent to unmanaged applications Tighten ...

Read Article →

Announcing #WMUG_NL Tuesdays Webinar 6 featuring Bob Cornelissen

May 28, 2020 by Kenneth Van Surksum

announcement wmugnl community monitoring webinar

Due to the COVID-19 crisis, we (the Windows Management User Group Netherlands) were forced to move our activities to virtual events, which we call ...

Read Article →

Legacy Authentication; Zo blokkeer je Legacy Authentication voordat Microsoft het voor je doet

May 28, 2020 by Jeffrey Appel

security

Microsoft heeft laten weten dat het Legacy Authentication protocol in de 2e helft van 2021 geblokkeerd zal worden. Om de security te verbeteren is ...

Read Article →

Hybrid Azure AD Join + Intune Enrollment – Prerequisites Checklist and Process Flow

May 25, 2020 by Ru Campbell

entra-id intune microsoft-365 co-management entra-id-connect-aad-connect

I’m a simple person, and sometimes it just helps to have a checklist to refer to when you’re troubleshooting rather than navigating the...

Read Article →

May 2020 update of the Conditional Access Demystified Whitepaper, Workflow cheat sheet, Implementation workflow and Documentation spreadsheet

May 25, 2020 by Kenneth Van Surksum

entra-id conditional-access modern-workplace security conditional-access

In August last year, I published eight articles in a series on Conditional Access, and later when finished I decided to bundle those articles in a ...

Read Article →

Install Windows Package Manager (winget) using Intune

May 23, 2020 by Jan Bakker

intune windows-10 appx lob windows-10

Check out this article via web browser: Install Windows Package Manager (winget) using Intune Microsoft released a preview of the Windows Package M...

Read Article →

Announcing #WMUG_NL Tuesdays Webinar 5 featuring Alexander Benoit

May 22, 2020 by Kenneth Van Surksum

events wmugnl community webinar wmugnl

Due to the COVID-19 crisis, we (the Windows Management User Group Netherlands) were forced to move our activities to virtual events, which we call ...

Read Article →

Some welcome additions to the Admin consent workflow in Azure AD

May 22, 2020 by Kenneth Van Surksum

entra-id modern-workplace security consent sso

Update October 7 2020: This functionality is now GA, see Publisher verification and app consent policies are now generally available In February th...

Read Article →

Sure, keep me signed in! And don’t prompt for MFA!

May 22, 2020 by Jan Bakker

entra-id security cookies frequency kmsi

Check out this article via web browser: Sure, keep me signed in! And don’t prompt for MFA! Today a short blog about MFA prompts, session life...

Read Article →

Microsoft 365 Updates from Build 2020

May 21, 2020 by Ru Campbell

microsoft-365 news

Build 2020 had some nice bits of M365 related news. Microsoft deserves commendation for sticking to the schedule and pulling this off (remotely) du...

Read Article →

5 Manieren om Azure Active Directory accounts veiliger te maken

May 20, 2020 by Jeffrey Appel

security

De cloud is trending en steeds meer applicaties en diensten zijn afhankelijk van de cloud. Een cloud omgeving geeft vele voordelen maar geeft ook e...

Read Article →

Aanmelden zonder wachtwoord via Phone sign-in: Zo gebruik je het!

May 20, 2020 by Jeffrey Appel

security

Een wachtwoord is als je er over nadenkt best lastig, en je vergeet hem vast wel eens. Ook heeft een gebruiker tegenwoordig meerdere accounts – en ...

Read Article →

Android Enterprise fully managed beschikbaar in Microsoft Intune voor zakelijke omgevingen

May 20, 2020 by Jeffrey Appel

modern-workplace intune

Microsoft heeft vandaag laten weten dat de Intune support voor “Android Enterprise fully managed devices” nu volledig beschikbaar is. Hiermee is he...

Read Article →

Azure Active Directory Password Protection; hoe werkt deze extra beveiliging?

May 20, 2020 by Jeffrey Appel

security

Azure AD Password Protection is een functionaliteit welke de mogelijkheid geeft om het wachtwoordbeleid te versterken op basis van informatie welke...

Read Article →

Azure AD aanmelden via een FIDO2 Security Key; zo werkt het!

May 20, 2020 by Jeffrey Appel

security passwordless

Een wachtwoord is als je er over nadenkt best lastig, en je vergeet hem vast wel eens. Ook heeft een gebruiker tegenwoordig meerdere accounts – en ...

Read Article →

Azure AD Sign-In Risk Policy: Zo werkt deze functionaliteit

May 20, 2020 by Jeffrey Appel

security azure-ad-identity-protection

De Azure AD beveiligen is tegenwoordig van groot belang. Vanuit de Microsoft Secure Score krijg je een aantal adviezen op basis van de kennis bij M...

Read Article →

Azure Sentinel: Wat kan je met de nieuwe security oplossing van Microsoft?

May 20, 2020 by Jeffrey Appel

security sentinel

Azure Sentinel is een van de nieuwste security producten van Microsoft. Maar wat is nu precies het doel van Azure Sentinel binnen de Microsoft omge...

Read Article →

Completed the Microsoft 365 Certified Enterprise Administrator Expert Certification

May 20, 2020 by Kenneth Van Surksum

certification compliance configmgr governance iam

Yesterday I completed the last exam in order to earn the Microsoft 365 Certified Enterprise Administrator Expert certification. Microsoft 365 Enter...

Read Article →

Intune 2005: Aanpassen van Self service acties in Company Portal

May 20, 2020 by Jeffrey Appel

modern-workplace intune

Een verzoek hoog op de wensenlijst van vele beheerders. De mogelijkheid om de self-service acties te wijzigen in de Company Portal. In de praktijk ...

Read Article →

Password-less werken: Is het de toekomst via Yubikey, Windows Hello en Authenticator?

May 20, 2020 by Jeffrey Appel

security

Wachtwoorden zijn momenteel nog de meest gebruikte mogelijkheid voor het inloggen. Een groot deel van de online accounts bevat vooralsnog een wacht...

Read Article →

Veilig werken met Teams en Office365, dit zijn quick wins vanuit Office365 en AzureAD

May 20, 2020 by Jeffrey Appel

security

Teams is enorm populair, en is wereldwijd in een behoorlijke versnelling gekomen vanwege het vele thuiswerken. Microsoft Teams is een online samenw...

Read Article →

Windows 10 co-management: Flexibel naar de cloud

May 20, 2020 by Jeffrey Appel

modern-workplace intune

Steeds meer bedrijven maken de overstap richting de cloud. Uiteraard zijn de cloud functionaliteiten enorm, toch zijn bedrijven terughoudend vanweg...

Read Article →

Register Domain-Joined Computers as Devices – The Redundant and Broken Hybrid Azure AD Join GPO

May 19, 2020 by Ru Campbell

entra-id group-policy microsoft-365 windows-server entra-id

The group policy object Register domain-joined computers as devices, or Automatically workplace join client computers in older templates, was previ...

Read Article →

Going passwordless with the FEITIAN Fingerprint card

May 17, 2020 by Jan Bakker

entra-id security windows-10 entra-id biometrics

Check out this article via web browser: Going passwordless with the FEITIAN Fingerprint card A quick word upfront. I'm not a salesperson. I'm inter...

Read Article →

Connect a Work or School Account – MDM vs. MAM in Self Enrolment

May 16, 2020 by Ru Campbell

intune microsoft-365 intune mam mem

A Windows 10 user can self-enrol in MDM or MAM from Settings > Accounts > Access work or school > Connect. What happens next depends on...

Read Article →

Windows Information Protection (WIP) App Protection Policies: Protected and Exempt; Denied and Allowed – What Do They Mean?

May 14, 2020 by Ru Campbell

intune microsoft-365 intune windows-information-protection

One of things that strikes me as vague in Windows Information Protection (WIP) policies in Intune is configuring targeted apps: what’s the ex...

Read Article →

Announcing #WMUG_NL Tuesdays Webinar 4 featuring Wim Matthyssen

May 13, 2020 by Kenneth Van Surksum

announcement wmugnl community webinar wmugnl

Due to the COVID-19 crisis, we (the Windows Management User Group Netherlands) were forced to move our activities to virtual events, which we call ...

Read Article →

Use Graph API data in Power BI using Logic Apps

May 09, 2020 by Jan Bakker

entra-id logic-apps power-bi power-platform app-registration

Check out this article via web browser: Use Graph API data in Power BI using Logic Apps Some things in the modern connected world seem so common th...

Read Article →

Announcing #WMUG_NL Tuesdays Webinar 3 featuring Mirko Colemberg

May 06, 2020 by Kenneth Van Surksum

announcement wmugnl community meetup webinar

Due to the COVID-19 crisis, we (the Windows Management User Group Netherlands) were forced to move our activities to virtual events, which we call ...

Read Article →

Speaking at Workplace Ninja Virtual Edition 2020

May 05, 2020 by Kenneth Van Surksum

configuration-manager events intune modern-workplace speaking

I’m very proud to announce that I will be speaking at the Workplace Ninja Virtual Edition 2020 event. The Workplace Ninja Virtual Edition 202...

Read Article →

What admins should know about the combined registration portal for Azure MFA and Self Service Password Reset

May 02, 2020 by Jan Bakker

entra-id security authentication entra-id combined

Check out this article via web browser: What admins should know about the combined registration portal for Azure MFA and Self Service Password Rese...

Read Article →

Microsoft Secure Score Series – 08 – Use Cloud App Security to detect anomalous behavior

May 01, 2020 by Jan Bakker

entra-id secure-score security alerts cloud-app-security

Check out this article via web browser: Microsoft Secure Score Series – 08 – Use Cloud App Security to detect anomalous behavior Cloud App Security...

Read Article →

Announcing #WMUG_NL Tuesdays Webinar 2 featuring Michael van Horenbeeck

April 30, 2020 by Kenneth Van Surksum

announcement wmugnl community microsoft-365 security

Due to the COVID-19 crisis, we (the Windows Management User Group Netherlands) were forced to move our activities to virtual events. We started thi...

Read Article →

Office 365 Advanced Threat Protection (ATP) deep dive

April 29, 2020 by Kenneth Van Surksum

advanced-threat-protection exchange-online office-365 atp email

Around 5 years ago (April 2015) Microsoft announced Exchange Online Advanced Threat Protection (ATP), which was renamed to Office 365 Advanced Thre...

Read Article →

How to keep an eye on your Teams with Log Analytics and Azure Monitor?

April 26, 2020 by Jan Bakker

entra-id security alerts azure-monitor changes

Check out this article via web browser: How to keep an eye on your Teams with Log Analytics and Azure Monitor? In my previous blog post, I wrote ab...

Read Article →

Activity policy templates for Teams in Microsoft Cloud App Security

April 19, 2020 by Jan Bakker

security access-level-change cloud-app-security external-users mass-deletion

Check out this article via web browser: Activity policy templates for Teams in Microsoft Cloud App Security The usage of Teams is massively increas...

Read Article →

Announcing the #WMUG_NL Tuesday Webinars

April 17, 2020 by Kenneth Van Surksum

uncategorized

Due to the current COVID-19 crisis, we were forced to postpone our in- person meetings for our Windows Management User Group Netherlands community....

Read Article →

Manage Teams custom backgrounds using Intune

April 16, 2020 by Jan Bakker

intune windows-10 custom-background teams win32

Check out this article via web browser: Manage Teams custom backgrounds using Intune Update! I got some feedback on this blog. Seems that if your u...

Read Article →

Microsoft Secure Score Series – 07 – Turn on sign-in risk policy

April 13, 2020 by Jan Bakker

entra-id secure-score security azure azure-ad-identity-protection

Check out this article via web browser: Microsoft Secure Score Series – 07 – Turn on sign-in risk policy Turning on the sign-in risk policy ensures...

Read Article →

Microsoft Secure Score Series – 06 – Enable policy to block legacy authentication

April 08, 2020 by Jan Bakker

entra-id secure-score security authentication block

Check out this article via web browser: Microsoft Secure Score Series – 06 – Enable policy to block legacy authentication Today, most compromising ...

Read Article →

Azure AD Identity Protection deep dive

April 07, 2020 by Kenneth Van Surksum

entra-id conditional-access identity-protection security identity

One of the advantages of Microsoft having many customers using its services is that Microsoft can leverage data from those customers and apply some...

Read Article →

Use Power Automate for your custom “dynamic” groups

April 01, 2020 by Jan Bakker

power-platform automate entra-id dynamic flow

Check out this article via web browser: Use Power Automate for your custom “dynamic” groups Azure AD Dynamic Groups Dynamic groups in A...

Read Article →

Microsoft Secure Score Series – 05 – Enable self-service password reset

March 30, 2020 by Jan Bakker

entra-id secure-score security automation azure

Check out this article via web browser: Microsoft Secure Score Series – 05 – Enable self-service password reset With self-service password reset in...

Read Article →

Microsoft Secure Score Series – 04 – Ensure all users can complete multi-factor authentication for secure access

March 27, 2020 by Jan Bakker

entra-id secure-score security entra-id identity

Check out this article via web browser: Microsoft Secure Score Series – 04 – Ensure all users can complete multi-factor authentication for secure a...

Read Article →

Lessons learned while implementing Azure AD Privileged Identity Management (PIM)

March 25, 2020 by Kenneth Van Surksum

entra-id privileged-identity-management security pim

Lessons learned while implementing Azure AD Privileged Identity Management (PIM) The post Lessons learned while implementing Azure AD Privileged Id...

Read Article →

Microsoft Secure Score Series – 03 – Enable Password Hash Sync if hybrid

March 23, 2020 by Jan Bakker

secure-score security adfs azure-ad-connect entra-id

Check out this article via web browser: Microsoft Secure Score Series – 03 – Enable Password Hash Sync if hybrid Password hash synchronization is o...

Read Article →

How to publish on-premises applications and protect them with MFA

March 13, 2020 by Jan Bakker

entra-id security application-proxy entra-id mfa

Check out this article via web browser: How to publish on-premises applications and protect them with MFA Using Azure Application Proxy you can pub...

Read Article →

Microsoft Secure Score Series – 02 – Require MFA for administrative roles

March 11, 2020 by Jan Bakker

secure-score security administrative-roles entra-id mfa

Check out this article via web browser: Microsoft Secure Score Series – 02 – Require MFA for administrative roles Require MFA for administrative ro...

Read Article →

Announcing WMUG_NL Saturday, on March 28 2020

March 05, 2020 by Kenneth Van Surksum

wmugnl community presentation workshops

On Saturday March 28th, 2020 the Windows Management User Group Netherlands (WMUG_NL) will organize a full Saturday with Workshops. Together with Pe...

Read Article →

Speaking at RDW Techday on April 1st 2020

March 05, 2020 by Kenneth Van Surksum

modern-workplace presentations presentation windows-10

On Wednesday April 1st, I have the opportunity to present at the RDW Techday. RDW Techday is a community event organized by the RDW, the goal is to...

Read Article →

Microsoft Secure Score Series – 01 – What is Microsoft Secure Score?

March 04, 2020 by Jan Bakker

secure-score improvement microsoft-365 office-365 security

Check out this article via web browser: Microsoft Secure Score Series – 01 – What is Microsoft Secure Score? What is Microsoft Secure S...

Read Article →

License requirements for administering Microsoft 365 services

March 02, 2020 by Kenneth Van Surksum

entra-id cloud-app-security intune licensing modern-workplace

Microsoft licensing is tough and vague but something we must deal with while implementing our solutions. I’m also aware that some of the feat...

Read Article →

Microsoft is going to disable basic/legacy authentication for Exchange Online. What does that actually mean and does that impact me?

March 01, 2020 by Kenneth Van Surksum

entra-id exchange-online modern-workplace security exo

Update: On September 23, 2021, the Exchange Team announced that effective October 1st, 2022 basic authentication, regardless of usage will be perma...

Read Article →

Azure AD tenant branding; size does matter!

February 26, 2020 by Jan Bakker

entra-id entra-id background-image tenant-branding tinypng

Check out this article via web browser: Azure AD tenant branding; size does matter! Earlier today, I read this article from Alex Simons about the c...

Read Article →

A guide to implementing Applocker on your Modern Workplace

February 24, 2020 by Kenneth Van Surksum

intune modern-workplace security windows-10 applocker

At our last Windows Management User Group Netherlands meeting, we had the honor to have Sami Laiho, one of the world’s leading professionals in the...

Read Article →

Get started with web content filtering in MDATP

February 23, 2020 by Jan Bakker

security defender intune mdatp network-protection

Check out this article via web browser: Get started with web content filtering in MDATP Update 7-7-2020: Microsoft anounced that you no longer need...

Read Article →

Require trusted location for MFA and SSPR registration

February 22, 2020 by Jan Bakker

security entra-id conditional-access mfa sspr

Check out this article via web browser: Require trusted location for MFA and SSPR registration This article shows how you can block MFA and SSPR re...

Read Article →

Windows Update for Business. “Just” a free cloud service.

February 21, 2020 by Jan Bakker

windows-10 cloud config-manager intune modern-workspace

Check out this article via web browser: Windows Update for Business. “Just” a free cloud service. Since the introduction of the “...

Read Article →

Stopping automatic email forwarding in your Exchange Online environment in a controlled way

February 20, 2020 by Kenneth Van Surksum

exchange-online email exo office-365 security

Working as a modern workplace consultant also means that sometimes you have to go deep into Exchange Online options in order to make sure that (sen...

Read Article →

Secure your Azure Management portal

February 16, 2020 by Jan Bakker

security administrators azure manangement portal

Check out this article via web browser: Secure your Azure Management portal Today a quick tip to secure your Azure Management Portal. By default, t...

Read Article →

Challenges while managing administrative privileges on your Azure AD joined Windows 10 devices

February 11, 2020 by Kenneth Van Surksum

entra-id security windows-10 intune laps

By default, on Windows 10 devices which are Azure AD joined, the user performing the join is added to the Local Administrator group. Besides the us...

Read Article →

Did you already modify your Azure AD consent defaults settings? Here is why you should

February 09, 2020 by Kenneth Van Surksum

entra-id cloud-app-security consent security sso

As you may know, it’s possible for your users to sign-in to SaaS based applications using their Azure AD account. By doing this, a Single Sig...

Read Article →

Using Intune to Deploy the Azure Information Protection (AIP) Unified Labeling Client (Win32 MSI)

January 18, 2020 by Ru Campbell

intune microsoft-365 intune sensitivity-labels-azure-information-protection aip

Unified labels refer to a movement whereby Azure Information Protection (AIP) labels are now being replaced by sensitivity labels. Sensitivity labe...

Read Article →

Blocking access to Cloud apps by integrating Microsoft Cloud App Security with Microsoft Defender Advanced Threat Protection

January 17, 2020 by Kenneth Van Surksum

cloud-app-security uncategorized mcas mdatp security

Microsoft has quietly introduced the option to automatically block connections to unsanctioned cloud apps from the Microsoft Cloud App Security (MC...

Read Article →

Microsoft deprecates Conditional Access baseline policies in favour of Security Defaults, here is what you need to know and do

January 12, 2020 by Kenneth Van Surksum

entra-id conditional-access policies

Last week, Microsoft announced that the Azure AD conditional access baseline policies will not make it out of their current preview status. The fun...

Read Article →

Deploy Microsoft Store Apps using Intune with Configuration Manager (SCCM) Co-Management (Fix ‘Not Applicable’ Status)

January 10, 2020 by Ru Campbell

configuration-manager intune microsoft-365 intune microsoft-store

Intune provides an interface to easily deploy apps from the Microsoft Store to your registered users and devices, but even if you have SCCM (Config...

Read Article →

Prerequisites and Planning for Centrally Deploying Office 365 Outlook Add-Ins

January 05, 2020 by Ru Campbell

microsoft-365 office-365 outlook add-ins

Deploying Outlook add-ins (“apps”) for your O365 tenant is an intuitive experience via AppSource. As a Global Administrator, click GET ...

Read Article →

Implementing RBAC and Scoping in Microsoft Intune

December 04, 2019 by Kenneth Van Surksum

intune role-based-access-control rbac roles scope-groups

When you create an Intune tenant within your environment, you execute the creation with an account which is Global Administrator within Azure Activ...

Read Article →

Did you already enable DKIM and DMARC for your Office 365 domains?

November 25, 2019 by Kenneth Van Surksum

uncategorized exchange-online exo security

When you host your email on the Exchange Online (EXO) platform part of Office365 you can implement several security measures to make sure that emai...

Read Article →

Intune: Choosing whether to assign to User or Device Groups

November 22, 2019 by Kenneth Van Surksum

intune entra-id configuration-profiles

One of the disadvantages of being an experienced consultant in IT is the fact that once in a while you need to re-learn. With re-learn I mean that ...

Read Article →

Report-only mode, and some more handy reporting functionality for Conditional Access and Azure AD

November 06, 2019 by Kenneth Van Surksum

entra-id conditional-access report-only

During its annual Microsoft Ignite 2019 conference this week, Microsoft announced a new feature for Conditional Access called Report-Only mode in p...

Read Article →

What are Guided Scenarios in Microsoft 365 Device Management/Intune?

October 29, 2019 by Kenneth Van Surksum

intune device-management policy-sets

While browsing the new Microsoft 365 Device Management portal I noticed the following option: “Guided scenarios (preview)”. From the Wh...

Read Article →

iOS restore behaviour when re-enrolling devices with backup data into Intune

October 28, 2019 by Kenneth Van Surksum

intune backup enrollment ios

While implementing Intune at my customers I rarely encounter green field implementations where computers and mobile devices are newly delivered and...

Read Article →

Extending Conditional Access to Microsoft Cloud App Security using Conditional Access App Control

October 25, 2019 by Kenneth Van Surksum

entra-id conditional-access mcas session-control

In my blog article series on Conditional Access Demystied I mentioned that Conditional Access can be used to route sessions toward Microsoft Cloud ...

Read Article →

What are Intune Policy Sets?

October 25, 2019 by Kenneth Van Surksum

uncategorized intune policy-sets

Starting with the Intune release from October 14th 2019, Microsoft made available a new functionality called “Policy Sets”.  ...

Read Article →

Litetouch deployment failed, Return Code = -2147467259 0x80004005 when installing Surface Pro 6 devices using MDT

October 22, 2019 by Kenneth Van Surksum

uncategorized bcdboot mdt osd surface-pro-6

TL;DR; – When reinstalling Windows on a Surface Pro 6 and it fails, make sure that you “temporarely” disable the ” Enable b...

Read Article →

Manage MyAnalytics Weekly Insight Digest Emails and App Availability

October 21, 2019 by Ru Campbell

microsoft-365 myanalytics office-365

Made available to more than just E5 licencees earlier this year, MyAnalytics will, by default, send users weekly emails regarding their work patter...

Read Article →

Ask yourself if you still really need ADFS

August 05, 2019 by Kenneth Van Surksum

entra-id modern-workplace office-365 security

In Q1 2017 Microsoft released the Pass Through Authentication (PTA) functionality as part of Azure AD connect. With the release of Azure Active Dir...

Read Article →

Conditional Access demystified, part 8: Resources and further references

August 01, 2019 by Kenneth Van Surksum

entra-id conditional-access overview identity intune

Now available: May 2020 update of the Conditional Access Demystified Whitepaper, Workflow cheat sheet, Implementation workflow and Documentation sp...

Read Article →

Conditional Access demystified, part 6: Troubleshooting Conditional Access

July 31, 2019 by Kenneth Van Surksum

entra-id conditional-access overview identity intune

Now available: May 2020 update of the Conditional Access Demystified Whitepaper, Workflow cheat sheet, Implementation workflow and Documentation sp...

Read Article →

Conditional Access demystified, part 7: Modifying Conditional Access to suit your special needs

July 31, 2019 by Kenneth Van Surksum

entra-id conditional-access overview identity intune

Now available: May 2020 update of the Conditional Access Demystified Whitepaper, Workflow cheat sheet, Implementation workflow and Documentation sp...

Read Article →

Conditional Access demystified, part 4: Designing a Conditional Access strategy

July 30, 2019 by Kenneth Van Surksum

entra-id conditional-access overview identity intune

Now available: May 2020 update of the Conditional Access Demystified Whitepaper, Workflow cheat sheet, Implementation workflow and Documentation sp...

Read Article →

Conditional Access demystified, part 5: Implementing Conditional Access

July 30, 2019 by Kenneth Van Surksum

entra-id conditional-access overview identity intune

Now available: May 2020 update of the Conditional Access Demystified Whitepaper, Workflow cheat sheet, Implementation workflow and Documentation sp...

Read Article →

Conditional Access demystified, part 2: What is Conditional Access?

July 29, 2019 by Kenneth Van Surksum

entra-id conditional-access overview identity intune

Now available: May 2020 update of the Conditional Access Demystified Whitepaper, Workflow cheat sheet, Implementation workflow and Documentation sp...

Read Article →

Conditional Access demystified, part 3: How does Conditional Access work?

July 29, 2019 by Kenneth Van Surksum

entra-id conditional-access overview identity intune

Now available: May 2020 update of the Conditional Access Demystified Whitepaper, Workflow cheat sheet, Implementation workflow and Documentation sp...

Read Article →

Conditional Access demystified, part 1: Introduction

July 26, 2019 by Kenneth Van Surksum

entra-id conditional-access identity intune security

Now available: May 2020 update of the Conditional Access Demystified Whitepaper, Workflow cheat sheet, Implementation workflow and Documentation sp...

Read Article →

Course: 20533C – Implementing Microsoft Azure Infrastructure Solutions–Study reference

November 11, 2016 by Kenneth Van Surksum

azure 20533 course reference

While teaching the 20533C course to students I provide them with more information about the topics covered in the training. Perhaps they can help y...

Read Article →

The new Self Service Portal for System Center 2012 R2 Service Manager and my experiences installing and using it so far – UPDATED

November 12, 2015 by Kenneth Van Surksum

service-manager ssp

Update (December 11th 2015): Today Microsoft released a hotfix for the Self Service Portal, the hotfix (KB3124091) can be downloaded from Microsoft...

Read Article →

Distributing content to Distribution points and Distribution point groups in ConfigMgr 2012

June 10, 2015 by Kenneth Van Surksum

configuration-manager configmgr configmgr-2012 content-distribution distribution

With the release of System Center 2012 Configuration Manager, Microsoft introduced the distribution point groups functionality. Distribution point ...

Read Article →

Installing the Service Manager Self Service Portal (SSP) on Windows Server 2012 R2

May 21, 2015 by Kenneth Van Surksum

service-manager scsm self-service-portal ssp

When Microsoft released System Center 2012 R2 Service Manager in October 2013, I was quite suprised that the server the webparts for the Self Servi...

Read Article →

SCSM 2012: Failed to execute Submit Operation, event id 26319

November 26, 2014 by Kenneth Van Surksum

service-manager troubleshooting rbac system-center

At a customer of mine a issue with Incident Requests in System Center 2012 R2 Service Manager was reported. Some users reported that they received ...

Read Article →

Service Manager Related Links

July 08, 2014 by Kenneth Van Surksum

uncategorized

The post Service Manager Related Links appeared first on Modern Workplace Blog.

Read Article →

Next WMUG NL meeting announced with Kent Agerlund and Brian Mason

April 14, 2014 by Kenneth Van Surksum

announcement

Last week we announced our next Windows Management User Group Netherlands meeting. On May the 22nd we have invited Enterprise Client Management MVP...

Read Article →

Next WMUG NL Webinar announced with Johan Arwidmark

April 14, 2014 by Kenneth Van Surksum

announcement wmugnl

Last week we announced our next Windows Management User Group Netherlands Webinar. On May the 6th we have invited Enterprise Client Management MVPs...

Read Article →

Implementing RBAC in System Center 2012 R2 Service Manager

March 29, 2014 by Kenneth Van Surksum

service-manager rbac

This blogpost will detail my experiences and insights gained from implementing Role Based Access Control (RBAC) in a System Center 2012 R2 Service ...

Read Article →

WMUG NL Meeting on subject Monitoring on the 12th of February

February 03, 2014 by Kenneth Van Surksum

events wmug

On Wednesday evening the 12th of February the Windows Management User Group Netherlands is organizing a new event. This time the subject throughout...

Read Article →

Event: Dutch VMware User Group conference on March 6th

January 31, 2014 by Kenneth Van Surksum

announcement

On the 6th of March, the Dutch VMware User Group, which is a subsidairy of the global VMware User Group organizes a conference in the Netherlands. ...

Read Article →

Configuring Group Policies for your ConfigMgr Servers

January 11, 2014 by Kenneth Van Surksum

configuration-manager gpo policies

Disclaimer: Please test and validate this in your test environment, don’t take the information i provide for granted. This article describes ...

Read Article →

Some things to consider before installing the ConfigMgr database on a SQL cluster

November 27, 2013 by Kenneth Van Surksum

configuration-manager cluster sql

Note: I’ve already posted this article a while ago, but since my ex-employer decided to whipe the whole website without asking me if I would ...

Read Article →

System Center 2012 R2 Configuration Manager prerequisite overview on Windows Server 2012 R2

November 27, 2013 by Kenneth Van Surksum

configuration-manager installation overview prerequisites

Before you can start installing System Center 2012 R2 Configuration Manager in your environment you have to install the servers with an OS and conf...

Read Article →

The self signed certificate could not be created successfully error in the Create Site System Server Wizard

November 22, 2013 by Kenneth Van Surksum

configuration-manager certicate site-system troubleshooting

Today, a customer contacted me with a very strange issue while installing a new Site System Server in his System Center 2012 R2 Configuration Manag...

Read Article →

Windows Management User Group Netherlands: Meeting on the 17th of September

August 07, 2013 by Kenneth Van Surksum

uncategorized

On Tuesday evening the 17th of September the Windows Management User Group Netherlands organizes its 3rd meeting. The announcement, which is in Dut...

Read Article →

How to create ConfigMgr 2012 boot images from scratch

August 01, 2013 by Kenneth Van Surksum

configuration-manager boot-image configmgr-2012

Today, after installing a fresh System Center 2012 Configuration Manager Service Pack 1 environment, we experienced that the Boot images for both 3...

Read Article →

Introducing the Windows Management User Group Netherlands (WMUG NL)

April 02, 2013 by Kenneth Van Surksum

announcement community wmug

Text below is in Dutch, together with Bob Cornelissen, Marnix Wolf and Peter Daalmans we created a new User Group called the Windows Management Use...

Read Article →

Role Based Access Control in ConfigMgr 2012: Part 1 – Introduction

March 11, 2013 by Kenneth Van Surksum

configuration-manager configmgr-2012 rbac

One of the reasons to install multiple primary sites in a System Center Configuration Manager 2007 hierarchy often was due to the fact that Adminis...

Read Article →

Role Based Access Control in ConfigMgr 2012: Part 2 Scenario

March 11, 2013 by Kenneth Van Surksum

configuration-manager configmgr-2012 rbac

In the previous post I introduced Role Based Access Control in ConfigMgr 2012 as the new way to delegate administrative access to a ConfigMgr hiera...

Read Article →

Role Based Access Control in ConfigMgr 2012: Part 3 Mapping OpCo roles to ConfigMgr roles

March 11, 2013 by Kenneth Van Surksum

configuration-manager configmgr-2012 rbac

In the first part of this series I outlined what Microsoft changed in ConfigMgr 2012 in order to introduce Role Based Access Control. In the second...

Read Article →

Role Based Access Control in ConfigMgr 2012: Part 4 Outcome

March 11, 2013 by Kenneth Van Surksum

configuration-manager configmgr-2012 rbac

In the first part of this series I outlined what Microsoft changed in ConfigMgr 2012 in order to introduce Role Based Access Control. In the second...

Read Article →

Techdays NL 2013: ConfigMgr 2012: Notes from the field

March 08, 2013 by Kenneth Van Surksum

configuration-manager configmgr-2012 presentation speaking

During Techdays, the annual event organized by Microsoft in the Netherlands, i had the honor of presenting a session together with Peter Daalmans, ...

Read Article →

Beware when installing ConfigMgr SP1 when still using vSphere 4 or running other platforms not supporting Windows 8 – UPDATED

January 14, 2013 by Kenneth Van Surksum

configuration-manager bootimages configmgr-2012-sp1 vsphere

Update: Microsoft has released CU2 for Configuration Manager 2012 Service Pack 1, allowing you to use Boot images based on Windows 7 from the WAIK ...

Read Article →

Best practices for Implementing drivers in ConfigMgr

January 13, 2013 by Kenneth Van Surksum

configuration-manager best-practices configmgr-2007 configmgr-2012 drivers

One of the most time consuming tasks when working with OS Deployment in ConfigMgr is implementing the drivers needed to support different hardware ...

Read Article →

How to add Branding to your OS Deployment in ConfigMgr 2012 – Part 3: Create Compliance Baseline

December 28, 2012 by Kenneth Van Surksum

configuration-manager branding configmgr-2012 configuration-baseline configuration-item

In part 1, I showed you how to enable the Branding to Reg steps, and where you could find the information in the registry. Part 2 showed you how yo...

Read Article →

How to add Branding to your OS Deployment in ConfigMgr 2012 – Part 2: Modify OSDBranding

December 27, 2012 by Kenneth Van Surksum

configuration-manager branding configmgr-2012 osd

In part 1 of this series, I showed you how to enable the Branding to Reg steps, so that during a Task Sequence some information about the Task Sequ...

Read Article →

No posts found matching your criteria. Try adjusting your filters or search terms.

You've reached the end of all posts!