How to test Conditional Access policies? -> "What If" 🤔tool Introduction In a previous post we have explored how to create a Conditional Access Policy and have set it to Report Only, so we can observe its potential effects before turning it on. Naturally, we would then use 2 tools provided by Microsoft to assess the impact. One of the
Stop and find out: Why you need Conditional Access Policies Introduction Conditional Access Policies in Azure are typically one of the first layers of security that a tenant will have as they control who signs in, from where, to what, using what IP/Location etc. Defining a good set of CAs can set you way ahead in securing your O365
Keep Google Chrome Auto-Updating with Intune Introduction In the previous post we saw how to deploy Chrome via Intune. Now, what happens is that generally you are pushing a certain app version, and some users might never use it (say they have a preference for Mozilla Firefox or Edge). If they never start/use these apps,
How to deploy Google Chrome on Windows Devices via Intune Introduction In your organization, you might need at some point to centrally deploy apps, if your devices are enrolled in Intune. You may package and deploy a multitude of apps from browsers ; archive/zip managers ; business applications ; media players ; even scripts or drivers. In today's example, we are
Cancel and remove the calendar events for a mailbox in Exchange Online Introduction There might come a time when you need to cancel or remove the meetings and events from a mailbox. Maybe the user left the organization (and the mailbox is still around), or maybe someone has an unplanned leave of absence and you need to clean up the meetings they&
Restore Deleted Mailbox in O365/M365/EXO Introduction In the event one of your users has been completely removed from Azure AD/Entra ID (including has been removed from the Entra Deleted Users/recycle bin), you are basically in the worst scenario possible, as a restore of the old account (and relationships in Teams, Exchange, One Drive,
m365 Windows 10/11 Sandbox Introduction Considering the threats we are facing today, this feature can come in very handy when you need to test some attachments/files. It's basically a VM you can use on your laptop/desktop PC for all sorts of purposes. Configuration Windows Sandbox is the perfect environment to
Intune Block users from logging in on Windows devices (via Intune) Introduction In the effort of terminating individual users you may be required to block them from being able to access their Windows devices (logging in). This may be to prevent them from exfiltrating data (downloading stuff, copying work over on USB sticks etc.), or to limit their capability of doing
Manage BitLocker encryption from Intune Introduction Hello again, and welcome back! We are going to discuss today about a topic that involves security of data at rest. We already know that data in M365 is encrypted, all of the communication channels are encrypted well via SSL or HTTPS, but what about our physical devices? What
How to upgrade all Intune managed devices to Win 11? Introduction We spoke last time about controlling Windows Updates via Update Rings, you can check that article here - https://www.cloudpersistence.com/can-you-control-windows-updates-with-microsoft-intune-yes-to-a-degree/ This time we are going to discuss Feature Updates which can be found in the same place in Intune: You can use these Feature updates to
Assign Full Access Permissions in Bulk to a list of mailboxes Introduction You might be handed a task one day to give access to some people to be able to manage the Calendars of all your room mailboxes, or a subset of them from a specific building. It could be that your board wants all time access to know who booked
Archiving in Exchange Online Introduction First and foremost I would like to make a clear distinction between Archiving and Retention. They are not the same thing. The terms might be used one instead of another here and there, but they define 2 distinct things. In simple terms, I would define archiving as the move
How to enable auto-forwarding in Exchange Introduction Recently I had the need to enable auto-forwarding for one user account and I figured it would be a perfect subject for another post. It is very important to gain control over forwarding, as this can be the most dangerous method in data exfiltration. Users can easily configure auto-forwarding
Top 6 things to consider when configuring Windows Updates in Intune Introduction With Intune you have the option to control most parts of Windows Updates for Win10/11 devices. It's very useful to gain control over the behavior of Windows Updates. Options The Winodws Updates in Intune have the following sections: * Windows Update Rings * Feature Updates * Quality Updates * Driver
You need to secure your Windows devices with Microsoft Intune? Here's how Introduction As the title reads, you might have a request to secure your Windows Devices and you have those devices enrolled in Intune (Endpoint Manager). Well, then you have a very low hanging fruit option, and it's called Security Baseline for Windows. Security Baseline is a group of
SPF Secure your newly bought email domain (SPF, DKIM, DMARC) Record Name Type Pointer Data TTL SPF TXT @ v=spf1 include:spf.protection.outlook.com include:service.domain.name -all 3600 Record Name Type Pointer Data TTL DKIM1 CNAME selector1._domainkey selector1-dom-ain._domainkey.domain.onmicrosoft.com 3600 DKIM2 CNAME selector2._domainkey selector2-dom-ain._domainkey.domain.onmicrosoft.com 3600
Microsoft Information Protection (Pureview) Introduction: One concern with data you might have is labeling or applying a pre-configured set of permissions or encryption on documents. Imagine a very confidential file or email slips out of a VP's One Drive to someone not having clearance for that type of information. The problem here
m365 Backup O365? Retention should be just fine, right? Introduction: If you recently migrated from on-premises you might be wondering: ok, but how do I backup the cloud? Fair question, especially if you were used to taking backups of your business critical applications and services on-premises. Well.. Once migrated to M365, you'll find out that Microsoft takes
Exchange Disable M365 group notifications / silent M365 group onboarding Introduction: As we all know, M365 groups are the way forward for collaboration (in detriment of Distribution Groups, Dynamic Distribution Lists and other ancient forms of grouping users). Whenever you create an M365 group in a medium or large organization you are faced with multiple challenges: * you generally don'
How to find inactive distribution groups? Introduction: You might be in a scenario in which you have 2-300 Distribution Lists in your Exchange Online organization that have been created in the past 5-7-years or so, and you think that most of them are unused. Well, you might be right. Housekeeping? Context: Distribution Lists (DLs, or formerly
room Outlook Room Finder, Room Lists and how to use them Introduction: Assuming you work in a place that has a physical building, that building having meeting rooms, and you/your users are using Exchange Online (O365), then you've come to the right place in order to refine the usage of those rooms, digitally. You need: 1. Room mailboxes
Adding a custom domain to your tenant Introduction Once you set up your O365 Tenant, time comes to integrate a custom domain. In this article, we'll see in detail how to do that. Office365 is a powerful suite of productivity tools that can help your organization to communicate and collaborate more efficiently. By integrating your
News Licensing via Azure Groups In this blog post, we are going to cover how we can leverage Azure groups to assign licenses to users. "How does this benefit me?" you might ask, and the answer is simple: * It offers clear visibility over who has what license * Can help structure your license assignments,