Microsoft in recent months has made leaps and bounds to support Multitenant organizations utilizing Cross-tenant Synchronization to attempt to build a seamless end-user experience. Have they succeeded? Almost! Let’s take a look in this last blogpost of the year. Why even have multiple tenants? In a perfect world, every organization
It’s been almost a year since I published my original post about how to migrate BitLocker Recovery Key(s) to Azure AD (Microsoft Entra ID) using a remediation script. It didn’t take long before several companies started using it, and since then, I’ve received a few inquiries about support for multiple
Why do we need Role based access controls (RBAC)? In the dynamic world of modern IT management, the need for fine-tuned control and enhanced efficiency has become more crucial than ever. Microsoft Intune, a powerful cloud-based solution, empowers organizations to streamline their endpoint management and secure their devices, applications, and
Microsoft Remote Help is a powerful tool that allows users to get technical support and assistance from your company’s IT Pros without leaving the comfort of their own homes or offices. With Microsoft Remote Help, users can connect remotely to a support technician who can troubleshoot, diagnose, and solve technical
Welcome to Part 4 in this new Windows 365 End-User Experience blog series. This series will be an educational journey exploring several features that can potentially help improve the end-user experience. Below you’ll find all parts of this blog series. In this part, I‘ll cover the following topics. The Windows
Yes, you read it right. Assign ASR rules with Intune on servers. This does not mean we can enroll servers to Intune, so how is this then possible? If you remember my post back in 2022 where I wrote about MDE managed devices and the way to apply policies to
In September 2022, Microsoft announced the public preview of single sign-on (SSO) and passwordless authentication for Azure Virtual Desktop. – Since then, many of us have been waiting for Windows 365 Azure AD Join SSO support. The wait is finally over because Microsoft has recently announced that Windows 365 now
Are you also in the middle of transitioning from on-premises to the cloud, or are you currently planning this journey? If so, you also want a modern way to migrate Bitlocker recovery key(s) to Azure AD when moving away from on-premises MBAM/Active Directory escrowing. I help our customers achieve this
We often get the question how to we setup Azure AD B2B direct connect with Mindcore. So why not create a blog post regarding this topic, that also show the required setup. Why do we want to do this in the first place? Because we want to use Shared Channels
Sorry new guy in the class, didn’t read the memo, so my first blog post is in Danish. 🙂 Jeg arbejdede fornyeligt for en kunde hvor der skulle bruges Hardware tokens i Azure AD. I “gamle” dage før vi alle fik en mobil telefon, var det jo den mest almindelige
When we use Windows Hello for Business and a user forgets the PIN, it can be reset directly from the sign-in page. By default, this will be a destructive PIN reset, the existing PIN, and underlying credentials, including any keys or certificates added to their Windows Hello container, will be
We have a lot of customers who use Windows Hello for Business Azure AD joined Key trust. But now that Windows Hello for Business cloud trust is available (preview), we expect to see a move towards Cloud Trust, maybe this could also be interesting for your setup? Key trust is
When we share data In SharePoint with a user outside our directory, SharePoint will by default use a one-time code sent to the user so the user can verify their identity. This is also the case with OneDrive and if you do it from teams using open in SharePoint. But
This time we will take a closer look at the new group writeback functionality in Azure AD. I really think this will open a lot of possibilities also on-premises. Prerequisites Azure AD Premium license Azure AD Connect version 2021 December release or later. Enable Azure AD Connect group writeback But
Identity theft is a major concern for most companies. Complex Conditional Access rules/setups may unintentionally leave accounts without multifactor authenticaton. Another aspect of this “not following up” on the technical security features that is set up, is that every day tasks tends to take precedence over tasks that has an
Windows 365 Enterprise Azure AD join – Microsoft Hosted Network. Introduction Many of us have been waiting for native Azure AD join for Windows 365 Enterprise since its release in August 2021. But wait no longer! The native Azure AD join support has finally become a reality. In this
Secure your Windows 365 Cloud PC(s) with Conditional Access and FIDO2 security keys. Introduction We have already written about FIDO2 security keys on several occasions (I will add the links below), which has inspired me to see how I could secure Windows 365 using Conditional Access and a FIDO2
Managing local administrator rights on Windows 365 Cloud PCs. Introduction I’ve been writing about Windows 365 over the past few months, and in the original Windows 365 blog post I quickly mentioned that users by default doesn’t have local admin rights on their Cloud PC(s), and how to grant users
This time we will have a closer look at Identity Protection and possible impact for guest users (B2B collaboration users). So in order to test this out we will create a Identity protection user risk policy requiring all users to change password if there risk is calculated to medium
Introduction Some time ago I was asked by FEITIAN if I would like to test their FIDO2 key. I said yes, because I am in a project where we will onboard Microsoft HoloLens’s in production, in that journey, we will make use of FIDO2 keys + Windows Hello for Business
Introduction Today I will be looking at enrollment restrictions in Intune, which is a method to block personally owned devices. Did you know that all users (with an Azure AD P1 and Intune license) in your Azure AD by default is allowed to enroll (Azure AD join) their devices
Introduction This is my notes while playing around with kiosk. I was testing the brand-new Kiosk setting for the new Microsoft Edge and the only result I got out of that was a non-working device. Eventlog saying MDM Session: Failed to get AAD Token for sync session User Token: (Unknown
“This collection cannot be made available to assign policies from Microsoft Endpoint Manager admin center.” Is that the message you are encountering while trying to make your collection available for MEMAC? Then read along. Go to Co-management and double click CoMgmtSettingsProd Go to the configure upload tab and
Introduction When you use the Configuration Manager tenant attach scenario, you can deploy endpoint security policies from Intune to devices you manage with Configuration Manager. Prerequisites The tenant attach and CMG can be configured by using this blogpost by Lars Lohmann here Collection to assign policies First, we
Introduction Microsoft just introduced an updated kit for IT pros to plan, test and validate deployment and management of desktops running Windows 10 Enterprise and Microsoft 365 Apps for enterprise. This was earlier known as “Windows insider lab for Enterprise” or “Olympia”. The lab will cover technologies: So
Modern Workplace consultant and a Microsoft MVP in Windows and Devices.
Infrastructure architect with focus on Modern Workplace and Microsoft 365 security.
Cloud & security specialist with focus on Microsoft backend products and cloud technologies.
Cloud & Security Specialist, with a passion for all things Cybersecurity
Cloud and infrastructure security specialist with background in networking.
Infrastructure architect with focus on design, implementation, migration and consolidation.
Infrastructure consultant with focus on cloud solutions in Office365 and Azure.
Modern workplace and infrastructure architect with a focus on Microsoft 365 and security.
