Dumitru Razvan

Into Azure, Intune, Exchange & other related Server, or Cloud technologies. My mission is to help you achieve the needed configuration or learn something new.

Deploy Company Portal on all company Windows devices with Microsoft Intune

Introduction One of the first things you should do once you sort out device onboarding/enrollment to Intune, would be to centrally manage and deploy Company Portal. The Key Benefits of Company Portal: * If you are not familiar with this app, it's like an internal "corporate store&

Members only

How to onboard Intune enrolled Windows devices to Defender 🛡️

SUBSCRIBE NOW TO ACCESS THE DOWNLOAD ↓

Microsoft Intune Device Cleanup Rules

Introduction In large organizations stale devices can become a security threat because enrolled devices can still have access to company ressources, and can be easily misplaced. Our reccomendation is to set an automatic task to purge them after a certain period of time. Configuration Luckily enough, Intune offers a built-in

How to test Conditional Access policies? -> "What If" 🤔tool

Introduction In a previous post we have explored how to create a Conditional Access Policy and have set it to Report Only, so we can observe its potential effects before turning it on. Naturally, we would then use 2 tools provided by Microsoft to assess the impact. One of the

Stop and find out: Why you need Conditional Access Policies

Introduction Conditional Access Policies in Azure are typically one of the first layers of security that a tenant will have as they control who signs in, from where, to what, using what IP/Location etc. Defining a good set of CAs can set you way ahead in securing your O365

Keep Google Chrome Auto-Updating with Intune

Introduction In the previous post we saw how to deploy Chrome via Intune. Now, what happens is that generally you are pushing a certain app version, and some users might never use it (say they have a preference for Mozilla Firefox or Edge). If they never start/use these apps,

How to deploy Google Chrome on Windows Devices via Intune

Introduction In your organization, you might need at some point to centrally deploy apps, if your devices are enrolled in Intune. You may package and deploy a multitude of apps from browsers ; archive/zip managers ; business applications ; media players ; even scripts or drivers. In today's example, we are

Cancel and remove the calendar events for a mailbox in Exchange Online

Introduction There might come a time when you need to cancel or remove the meetings and events from a mailbox. Maybe the user left the organization (and the mailbox is still around), or maybe someone has an unplanned leave of absence and you need to clean up the meetings they&

Restore Deleted Mailbox in O365/M365/EXO

Introduction In the event one of your users has been completely removed from Azure AD/Entra ID (including has been removed from the Entra Deleted Users/recycle bin), you are basically in the worst scenario possible, as a restore of the old account (and relationships in Teams, Exchange, One Drive,

m365

Windows 10/11 Sandbox

Introduction Considering the threats we are facing today, this feature can come in very handy when you need to test some attachments/files. It's basically a VM you can use on your laptop/desktop PC for all sorts of purposes. Configuration Windows Sandbox is the perfect environment to

Intune

Block users from logging in on Windows devices (via Intune)

Introduction In the effort of terminating individual users you may be required to block them from being able to access their Windows devices (logging in). This may be to prevent them from exfiltrating data (downloading stuff, copying work over on USB sticks etc.), or to limit their capability of doing

Manage BitLocker encryption from Intune

Introduction Hello again, and welcome back! We are going to discuss today about a topic that involves security of data at rest. We already know that data in M365 is encrypted, all of the communication channels are encrypted well via SSL or HTTPS, but what about our physical devices? What

How to upgrade all Intune managed devices to Win 11?

Introduction We spoke last time about controlling Windows Updates via Update Rings, you can check that article here - https://www.cloudpersistence.com/can-you-control-windows-updates-with-microsoft-intune-yes-to-a-degree/ This time we are going to discuss Feature Updates which can be found in the same place in Intune: You can use these Feature updates to

Assign Full Access Permissions in Bulk to a list of mailboxes

Introduction You might be handed a task one day to give access to some people to be able to manage the Calendars of all your room mailboxes, or a subset of them from a specific building. It could be that your board wants all time access to know who booked

Archiving in Exchange Online

Introduction First and foremost I would like to make a clear distinction between Archiving and Retention. They are not the same thing. The terms might be used one instead of another here and there, but they define 2 distinct things. In simple terms, I would define archiving as the move

How to enable auto-forwarding in Exchange

Introduction Recently I had the need to enable auto-forwarding for one user account and I figured it would be a perfect subject for another post. It is very important to gain control over forwarding, as this can be the most dangerous method in data exfiltration. Users can easily configure auto-forwarding

Top 6 things to consider when configuring Windows Updates in Intune

Introduction With Intune you have the option to control most parts of Windows Updates for Win10/11 devices. It's very useful to gain control over the behavior of Windows Updates. Options The Winodws Updates in Intune have the following sections: * Windows Update Rings * Feature Updates * Quality Updates * Driver

You need to secure your Windows devices with Microsoft Intune? Here's how

Introduction As the title reads, you might have a request to secure your Windows Devices and you have those devices enrolled in Intune (Endpoint Manager). Well, then you have a very low hanging fruit option, and it's called Security Baseline for Windows. Security Baseline is a group of

SPF

Secure your newly bought email domain (SPF, DKIM, DMARC)

Record Name Type Pointer Data TTL SPF TXT @ v=spf1 include:spf.protection.outlook.com include:service.domain.name -all 3600 Record Name Type Pointer Data TTL DKIM1 CNAME selector1._domainkey selector1-dom-ain._domainkey.domain.onmicrosoft.com 3600 DKIM2 CNAME selector2._domainkey selector2-dom-ain._domainkey.domain.onmicrosoft.com 3600

Microsoft Information Protection (Pureview)

Introduction: One concern with data you might have is labeling or applying a pre-configured set of permissions or encryption on documents. Imagine a very confidential file or email slips out of a VP's One Drive to someone not having clearance for that type of information. The problem here

m365

Backup O365? Retention should be just fine, right?

Introduction: If you recently migrated from on-premises you might be wondering: ok, but how do I backup the cloud? Fair question, especially if you were used to taking backups of your business critical applications and services on-premises. Well.. Once migrated to M365, you'll find out that Microsoft takes

Exchange

Disable M365 group notifications / silent M365 group onboarding

Introduction: As we all know, M365 groups are the way forward for collaboration (in detriment of Distribution Groups, Dynamic Distribution Lists and other ancient forms of grouping users). Whenever you create an M365 group in a medium or large organization you are faced with multiple challenges: * you generally don'

How to find inactive distribution groups?

Introduction: You might be in a scenario in which you have 2-300 Distribution Lists in your Exchange Online organization that have been created in the past 5-7-years or so, and you think that most of them are unused. Well, you might be right. Housekeeping? Context: Distribution Lists (DLs, or formerly

room

Outlook Room Finder, Room Lists and how to use them

Introduction: Assuming you work in a place that has a physical building, that building having meeting rooms, and you/your users are using Exchange Online (O365), then you've come to the right place in order to refine the usage of those rooms, digitally. You need: 1. Room mailboxes

Adding a custom domain to your tenant

Introduction Once you set up your O365 Tenant, time comes to integrate a custom domain. In this article, we'll see in detail how to do that. Office365 is a powerful suite of productivity tools that can help your organization to communicate and collaborate more efficiently. By integrating your