Set additional clocks to Windows 10 using Intune

When you work for an international company, or you have to deliver support in other timezones, you might find yourself Googling for time in different timezones from time to time. At least I did. Then I start looking for a way to make this easier and I was thinking to use BGInfo do reflect the time on my background. When struggling with this for 2 hours, I accidentally stumbled upon this setting, where you can display 2 additional clocks: I… Read More »Set additional clocks to Windows 10 using Intune

Microsoft Secure Score Series – 09 – Do not allow users to grant consent to unmanaged applications

What’s on the menu today? Today we take a look at a serious problem in the modern IT landscape: consent to 3rd party applications. First, we need to understand what app consent is. Let’s say one of your users is going to join the Microsoft Tech Community website. When the users sign up, the application requests a couple of permissions. These permissions are used to access resources on behalf of the user. In this case, Microsoft Tech Community asks for… Read More »Microsoft Secure Score Series – 09 – Do not allow users to grant consent to unmanaged applications

Install Windows Package Manager (winget) using Intune

Microsoft released a preview of the Windows Package Manager. I’m not going into detail about the product itself, because there are a lot of (better) alternatives for this already in the market. Today, we focus on how to get this tool installed on your endpoints, so you can use it for your software distribution. In this approach I use the APPX package. Normally I would use the Business Store for this, that version does not (yet) contain the winget feature.… Read More »Install Windows Package Manager (winget) using Intune

Sure, keep me signed in! And don’t prompt for MFA!

Today a short blog about MFA prompts, session lifetime, and cookies. This will give you an idea of how you can tune the end-user experience and where to configure these settings. Session lifetime in Azure AD is often mistaken. When you start working with Azure AD, Conditional Access, and Multi-factor authentication, there are a couple of things you should know. The Azure AD defaults are pretty loose. When you leave every setting to default, the user experience is pretty good.… Read More »Sure, keep me signed in! And don’t prompt for MFA!

Going passwordless with the FEITIAN Fingerprint card

A quick word upfront. I’m not a salesperson. I’m interested in FIDO2 because it delivers passwordless and strong authentication. That means that you should be free using any FIDO2 security key or card you want. Whether it’s Yubico, FEITIAN, Solo, or any other brand. USB-A, USB-C, NFC, Bluetooth, Lightning, with or without biometrics. This blog is not what to buy and where to buy. This blog is about security. That being said: on with the show! I’ve tested a bunch… Read More »Going passwordless with the FEITIAN Fingerprint card

Use Graph API data in Power BI using Logic Apps

Some things in the modern connected world seem so common that you just assume it’s possible by nature. Getting your Microsoft Graph API data into Microsoft Power BI for example. That must be easy peasy right? Well…. When I start looking for ways to do this, I assumed there was a builtin connector available in Power BI that I could use. Guess what? There is not (yet). There is a connector for the Microsoft Security Graph, but that one “only”… Read More »Use Graph API data in Power BI using Logic Apps

SharePoint Online, Authentication Tags and Conditional Access. What’s not to like?

I should start with a warning. The feature we are going to talk about is new. Brand new. Please start by reading the limitations that come with this feature, and I strongly suggest to only apply this in test or demo environments. That being said, I want to point out how psyched I am about this new functionality. Despite the limitations, this is something you should start to look in to. In the meantime, I’ll keep updating this post with… Read More »SharePoint Online, Authentication Tags and Conditional Access. What’s not to like?

What admins should know about the combined registration portal for Azure MFA and Self Service Password Reset

The (long) title pretty much reveals the purpose of this blog post. This one was on my to-do list for a while now, and now the combined registration portal is General Available, the time was there. In my previous MFA related blogs, I always encouraged my readers to turn on the combined registration portal, even when it was in public preview. But if you start using this portal, there are quite some settings that can change the user experience of… Read More »What admins should know about the combined registration portal for Azure MFA and Self Service Password Reset

Microsoft Secure Score Series – 08 – Use Cloud App Security to detect anomalous behavior

What’s on the menu today? Today we take a look at Cloud App Security. I recently wrote a blog about the new activity policies in Cloud App Security, so if your organization uses Teams, you should definitely take a look a that one. The improvement action we’re talking about has no user impact and might no increase your score right away. But if you dó own Microsoft Cloud App Security licenses, and you never have seen the portal before, this… Read More »Microsoft Secure Score Series – 08 – Use Cloud App Security to detect anomalous behavior

How to keep an eye on your Teams with Log Analytics and Azure Monitor?

In my previous blog post, I wrote about the new Teams activity policy templates in Cloud App Security. A great addition to easily keep an eye on your teams. Let’s take a short look a the policies before we continue. The policies will create alerts when: a team’s access level is changed from private to public an external user is added to a team a user deletes a large number of teams These templates are easy to use, and will… Read More »How to keep an eye on your Teams with Log Analytics and Azure Monitor?