Skip to main content

Announcing #WMUG_NL Tuesdays Webinar 13 on October 27th featuring Erik Loef and Kenneth van Surksum

For Tuesday, October 27th we are proud to announce that Erik Loef, CTO and Microsoft MVP at Proxsys, and Kenneth van Surksum, Modern Workplace consultant at Insight24 will host a session about: “What is this Modern Authentication everyone is talking about, and why you should phase out Legacy authentication?”

Read More

Mobile Application Management for Mobile Devices with Microsoft Endpoint Manager/Intune deep dive

With Microsoft Intune, there is a lot of focus on the Mobile Device Management (MDM) aspects of the product. This is logical because from a management perspective, if you manage a device using MDM, you can configure almost all settings remotely, something we as System Administrators have been doing for many years.

In many situations, just managing the Apps which you use to access your company data hosted in Office 365 is a more suitable solution, there are a couple of reasons for that.

  • Many companies who want to implement measures to protect their company data, already allow access to company data via email, apps but now want to manage that. End users, even the ones provided with a device owned by the company, use the device for personal usage as well.
  • Implementing a MDM solution for mobile devices, is far more complex and more intensive from a system management point of view, in many cases the MDM solution provides way more functionality than what’s really required (protect the company data)

Mobile Application Management (MAM) in some cases is a perfect way to let your end-users use their device the way they are used to, but also implement security measures which protect your company’s most valuable asset: The data.

In this article I will go into more detail of the MAM without enrollment (MAM-WE) functionality provided by Microsoft Intune/Microsoft Endpoint Manager.

Disclaimer: This post reflects the status of assigning groups to Azure AD roles as of October 10, 2020. Functionality may change, even right after this post has been published.

Read More

Azure AD Continuous access evaluation (CAE), a first look

In April 2020 Alex Weinert, Director of Identity Security at Microsoft announced that Microsoft was working on moving towards real time policy and security enforcement. The first implementation for this move is now available as an option you can enabled within Azure AD, called Continuous access evaluation (CAE). The functionality released in April was only applicable for customers using the Azure AD Security defaults, on which I wrote a blogpost in January this year. Yesterday (October 9th 2020) though, Alex Simons announced that the CAE functionality is now also available for customers using Conditional Access policies. Keep in mind though that at time of writing this functionality is still in preview, and works with Exchange Online, SharePoint Online and Teams for now.

Continuous access evaluation allows for a quicker response by forcing an access token refresh in case of a certain events taking place. In this version of the preview the following events will be supported:

  • User Account is deleted or disabled
  • Password for a user is changed or reset
  • MFA is enabled for the user
  • Admin explicitly revokes all Refresh Tokens for a user
  • Elevated user risk detected by Azure AD Identity Protection
Read More

Enabling Plus Addressing in Office 365 Exchange Online

In December 2019 Microsoft included support for Plus Addressing in their roadmap (ID 59441) for Office 365. In the meantime this feature is released but needs to be enabled before it can be used.

Roadmap item 59441

What is Plus Addressing?

Plus addressing has been available for a while now in other email services like Google Gmail. It allows you to extend your email address in front of the @ sign with a + and a tag of your choice. By doing so, you can easily distinct between where you used that email address and use the tagging to handle the message once it arrives in your mailbox.

Read More

Announcing #WMUG_NL Tuesdays Webinar 11 featuring Tim Hermie & Jasper Bernaers on Tuesday September 29th

Due to the COVID-19 crisis, we (the Windows Management User Group Netherlands) were forced to move our activities to virtual events, which we call WMUG_NL Tuesdays Webinars.

For next week Tuesday, September 29th we are proud to announce that Tim Hermie, senior Modern Workplace architect at Synergics and Enterprise Mobility MVP & Jasper Bernaers, Modern Workplace lead at Synergics will host a session titled: “MDATP & Chocolatey! We Belgians love our Chocolate(y)’s”

Session abstract:

Avoid exploits in Microsoft Defender Advanced Threat Protection by setting up an auto-updating framework for your standard apps with Chocolatey & Intune. This will keep your software vulnerabilities low. Session full of tips & tricks

The webinar will start at 16:00 CEST (Amsterdam time zone), please click here to find out how late the webinar will start in your time zone. You can join the webinar by signing up at our Meetup page, where after registration you will find the link for the webinar.

Announcing #WMUG_NL Tuesdays Webinar 10 featuring Ronny de Jong on Tuesday September 15th

Due to the COVID-19 crisis, we (the Windows Management User Group Netherlands) were forced to move our activities to virtual events, which we call WMUG_NL Tuesdays Webinars.

We hope you enjoyed your holiday even in these strange times, we from the WMUG_NL did and are looking forward to organize meetings again for our still growing community.

For tomorrow, September 15th we are proud to announce that Ronny de Jong, lead consultant and Enterprise Mobility & Security MVP at InSpark will host a session about: “Improve the user experience of your workplace with “Insight-driven IT” Endpoint Analytics, a first impression!”

Session abstract:

Read More

Are you already synchronizing your Message Center messages to Planner? Here is why you should

Microsoft 365 changes regularly, changes are implemented almost on a daily basis and as an Admin responsible for the service you must be aware of which changes are coming to your tenant.

In order to inform administrators Microsoft uses the Message Center. From within the message center administrative users are also automatically subscribed to weekly digest and major update emails. Within the message center message are categorized in the following categories:

Read More

How to prevent your users from downloading and installing Office via the Office portals

If your goal is to restrict the usage of Office applications on non-managed devices and only allow Web access in limited mode (as explained in my article: Limit Access to Outlook Web Access, SharePoint Online and OneDrive using Conditional Access App Enforced Restrictions) you might ask yourself if you want the Office applications to be downloadable from the different portals.

You should ask yourself, do I want my users to able to download the Office Apps on devices on which they have rights to install software and use Office Apps on those devices consuming one of the licenses the user has? Of no keep reading.

Read More

Assigning groups to Azure AD roles and Privileged access groups, a first look!

On August 13th 2020, Alex Simons (Microsoft Identity PM) announced that assigning groups to Azure AD roles in now in public preview. This feature is one of the most requested features to be found in the Azure AD feedback forum.

I have been following this feature request for a while now, and up until recently Microsoft stated that implementing Azure AD role assignment for Azure AD groups wasn’t the issue, the issue was more related to who is able to manage those groups. For example, if enabled how can we circumvent that someone with the “User Administrator” role (capable of adding users to groups) is capable of adding someone to the group used to assign Global Administrator rights. When implemented incorrectly, this new “feature” could then introduce a new security risk in your environment.

Assigning groups to Azure AD roles requires an Azure AD Premium P1 license at minimum, for the Privileged Identity Functionality an Azure AD Premium P2 license is needed.

Disclaimer: This post reflects the status of assigning groups to Azure AD roles as of August 20, 2020. Functionality may change, even right after this post has been published.

So, let’s walk through on what was announced and see..

Read More

Self Service Purchasing for Power Platform, Visio and Project, should you keep it enabled or disable the functionality?

In October 2019, Microsoft announced that it would enable end users to buy and manage their own licenses within their corporate account. At that time this “feature” was announced for the Power Platform: PowerApps, Flow (now Power Automate) and Power BI.

After that announcement Microsoft received critical feedback from tenant administrators where eventually Microsoft allowed tenant administrators to disable this functionality using PowerShell, the self-service feature is enabled by default in every tenant though.

Last week, on August 12th Microsoft announced that they will expand this functionality and also allow end users to buy Visio and Project licenses in the same way starting September 15th 2020 (at time of writing in less than a month).

Read More