The rapid and widespread rollout of Microsoft 365 Copilot has created a governance challenge for organizations. Features are often enabled before corresponding controls are available, leaving administrators struggling to manage where and how Copilot appears. This article addresses that gap, the lack of centralized governance by outlining how to regain control, standardize deployment, and prevent…
Category: Security
Governing access to app stores in Microsoft 365 apps
Introduction Within Microsoft 365, users can extend app functionality directly from built‑in app stores. Outlook add‑ins, Teams apps, and Office extensions for Word, Excel, PowerPoint, and OneNote provide powerful integration options but also introduce governance and compliance risks if unmanaged. By default, users can access Microsoft and third‑party apps freely through these app stores, allowing…
MAM vs. MDM: Choosing the Right Mobile Management Approach
With the increasing reliance on mobile devices in the workplace, organizations must choose the right strategy to manage and secure corporate data. Microsoft offers two primary options: Mobile Application Management (MAM) and Mobile Device Management (MDM). Understanding the differences between these approaches is essential for balancing security, user experience, and administrative effort. This article provides…
Comparing Web Filtering and Security: Microsoft Entra Internet Access (Global Secure Access) vs. Microsoft Defender for Endpoint (MDE)
Organizations face increasing challenges in securing internet traffic and enforcing web access policies in today’s hybrid work environment. Two key tools from Microsoft, Microsoft Entra Internet Access (Global Secure Access) and Microsoft Defender for Endpoint (MDE), offer robust capabilities for managing security and productivity on the endpoint. This article provides an in-depth comparison between the…
Navigating New Authentication Methods: SMS for Password Reset, Not for MFA
With the introduction of a converged policy combining settings from the legacy MFA portal and SSPR configuration, separating the use of SMS for password resets from its use as an MFA method has become challenging. This guide explains how to configure authentication policies effectively using authentication strengths in Microsoft Entra to address this issue. Table…
From SPF to DANE: Securing Microsoft 365 Email Communications
Enhancing the security of your organization’s communication channels is more critical than ever. Building on foundational protocols like SPF, DKIM, and DMARC, you can implement advanced technologies such as IPv6, DNSSEC, STARTTLS, DANE, and RPKI to secure Microsoft 365 email environments, specifically focusing on Exchange Online functionality. These protocols work in tandem to mitigate risks,…
Protecting your Break Glass accounts in Entra now that MFA gets enforced on more and more Admin portals
As Microsoft continues to enhance security across its platforms, Multi-Factor Authentication (MFA) is becoming mandatory for an increasing number of administrative portals. This shift means that relying solely on a username and complex password for break glass accounts is no longer viable and should be revisited (if not already done). This initiative aligns with Microsoft’s…
Governing OS Versions in Microsoft Intune: Best Practices and Configuration
In a modern managed workplace environment, ensuring that devices meet minimum operating system (OS) requirements is a critical aspect of security and compliance. By governing the OS versions allowed within your Microsoft Intune environment, you can prevent unsupported or outdated systems from accessing corporate resources. Additionally, having well-configured Windows Update for Business (WUfB) settings can…
Speaking at the February 2024 Azure APE Meetup
Today (Tuesday February 27th) I have the pleasure to speak at the February 2024 Azure APE Meetup organized by the Azure Platform Engineering (APE) community. The event, which is hosted by ShareValue, is held in Gouda, the Netherlands and starts at 18:00. At this event, I will be speaking about Microsoft Entra Id Conditional Access,…
Speaking at the Cloud Guardians Unleashed event of the Microsoft Cloud and Client Management Community
Tomorrow (Thursday January 25th) I have the pleasure to speak at the Cloud Guardians Unleashed event organized by the Microsoft Cloud and Client Management Community. The event, which is hosted by The Collective offices, is held in Zele, Belgium and starts at 17:00 At this event, I will be speaking about Microsoft Entra Id Conditional…
Speaking at the MCT Summit Europe 2024
This year, the annual Microsoft Certified Trainer (MCT) summit will be held in the Netherlands. The event which takes place between 14-17 January will take place at location “De Loods” in Rijswijk which is near The Hague. The event has a limited capacity of 200 attendees, which guarantees an intimate and engaging experience. At the…
What is this Microsoft SSE solution that everyone is talking about?
On July 11th, Microsoft announced that Azure AD would be renamed to Microsoft Entra ID. Microsoft also announced two new security offerings called Microsoft Entra Internet Access and Microsoft Entra Private Access as part of a Security Service Edge (SSE) solution. SSE covers the security aspects of a Secure Access Service Edge (SASE) solution. In…
What problem do passkeys solve?
Sometimes unlearning things is harder than learning As you might have read somewhere Microsoft is busy implementing support for passkeys in their product. I was always under the impression that these passkeys were device bound, meaning that it must be available on the device where you authenticate. Yesterday I watched an announcement video about upcoming…
Speaking at the Workplace Ninja Summit, September 27-29 2023
Starting on Wednesday September 27, till Friday September 29 the Workplace Ninja Summit which is an in-person event will take place in Baden, Switserland. This event is organized by the diverse Workplace Ninja User Groups throughout the world which provide delegates helping to organize this 3 day event. The event will have more than 100,…
Speaking at the Cloud Identity Summit 2023, on September 7th 2023
On Thursday September 7th, the annual Cloud Identity Summit will take place as an in-person event in Koblenz Germany. This event is organized by Thomas Naunheim, Gregory Reimling and René Wasel, you can find more information about them here. At this event, I will be speaking about Microsoft Entra Id/Azure AD Conditional Access in my…