Skip to content

Manage Teams custom backgrounds using Intune

Update! I got some feedback on this blog. Seems that if your users are not members of the local administrator group, install will faill with error: 0x80070001. I’ve updated the article to solve this problem. I replaced the cmd files for Powershell scripts and did some minor changes to the detection and uninstall scripts. This should now work for users without admin permissions. Microsoft introduced background effects in Teams. All of a sudden you see people having their custom backgrounds.… 

Microsoft Secure Score Series – 06 – Enable policy to block legacy authentication

Today, most compromising sign-in attempts come from legacy authentication. Older office clients such as Office 2010 don’t support modern authentication and use legacy protocols such as IMAP, SMTP, and POP3. Legacy authentication does not support multi-factor authentication (MFA). Even if an MFA policy is configured in your environment, bad actors can bypass these enforcements through legacy protocols. In this blog post, we take a look at legacy authentication and how to block it on your tenant. Legacy protocols are not… 

Use Power Automate for your custom “dynamic” groups

Azure AD Dynamic Groups Dynamic groups in Azure AD are awesome. I use them a lot. Dynamic groups can create groups based on attributes. For example, you can create a group that includes all the users from the Sales Team. The query for the group would look like this: If a new user comes along with the same attribute, the user will automatically be added to this group. This can be really helpful for onboarding. You can pick a lot… 

Microsoft Secure Score Series – 05 – Enable self-service password reset

With self-service password reset in Azure AD, users no longer need to engage helpdesk to reset passwords. This feature works well with Azure AD dynamically banned passwords, which prevents easily guessable passwords from being used. In this blog post, we are going to take a look at Self Service Password Reset in Azure AD. Self Service Password Reset allows your users to quickly unblock their account without the help of IT staff or helpdesk. For readability, I use SSPR for… 

Microsoft Secure Score Series – 04 – Ensure all users can complete multi-factor authentication for secure access

Multi-factor authentication (MFA) helps protect devices and data that are accessible to these users. Adding more authentication methods, such as the Microsoft Authenticator app or a phone number, increases the level of protection if one factor is compromised. In this blog post, we take a look at the different ways to make sure that your users can register for multi-factor authentication. Enabling Multi-Factor Authentication is a no-brainer giving the fact that your identity is your key to almost all your… 

Microsoft Secure Score Series – 03 – Enable Password Hash Sync if hybrid

Password hash synchronization is one of the sign-in methods used to accomplish a hybrid identity. Azure AD Connect synchronizes a hash, of the hash, of the user’s password from an on-premises Active Directory instance to a cloud-based Azure AD instance. Password hash synchronization helps by reducing the number of passwords your users need to maintain to just one. Enabling password hash synchronization also allows for leaked credential reporting. In this blog post, we are going to take a look at… 

How to publish on-premises applications and protect them with MFA

Using Azure Application Proxy you can publish your on-premises web applications in a secure way. Combining this with Conditional Access, you can configure MFA for example. Now Coronavirus is hitting us hard, you might have to take a look at this feature. Assume the following use case: you have Citrix or RDS available for 50% of your users, so they can work from home or elsewhere. Now, because of the Coronavirus (or any future disaster), all of your employees have… 

Microsoft Secure Score Series – 02 – Require MFA for administrative roles

Require MFA for administrative roles Requiring multi-factor authentication (MFA) for all administrative roles makes it harder for attackers to access accounts. Administrative roles have higher permissions than typical users. If any of those accounts are compromised, critical devices and data is open to attack. In this post, we take a look at enabling MFA for your administrators. As stated in the description, users with administrative roles are interesting targets for hackers. Of course, it is recommended to enable MFA for… 

Microsoft Secure Score Series – 01 – What is Microsoft Secure Score?

What is Microsoft Secure Score? Microsoft Secure Score offers a list of actions and recommendations to strengthen your security on your Office 365 workloads. Each completed action will impact your overall score. It covers SharePoint Online, Exchange Online, OneDrive for Business, Microsoft Information Protection, Azure AD, Microsoft Defender ATP, and Cloud App Security among other things. It is not 100% waterproof, but it will give you a great baseline to start with. It will help you to protect your environment…