Frustration is my fuel
Guides showing how to configure and secure your IT infrastructure.
Using various tools and techniques to our advantage.
It's taken 16 blogs in this series to get here, but here we are, updating! Before we start, let's put it out there that we should all be working towards auto updating. Yes it's easier said than done, yes there are some very complicated infrastructures with legacy apps, different builds, oddities and exceptions, but even …
Continue reading "Microsoft Intune 16 – Windows and Driver Updates."
In previous series' and blogs we have covered disabling legacy authentication to protect Exchange Online, Azure and Office 365, however while going through the Microsoft Cloud Security Benchmark and something caught my eye. "Ensure modern authentication for SharePoint applications is required" NOTE: We have covered the Cloud Security Benchmark previously, and the blog can be …
Continue reading "Securing SharePoint 1 – Block legacy authentication."
If you haven't been following this series from the start, we have gone from setting up Intune from scratch which included device onboarding, autopilot, MDE, LAPs and compliance and configuration policies. This is part 15 in a step by step approach to securing endpoints and devices, with this guide covering Attack Surface Reduction (ASR) Rules. …
Continue reading "Microsoft Intune 15 – Attack Surface Reduction Rules."
Intune allows us to control which device types can join Microsoft Entra based on the platform they have installed. As we have covered many times previously, there are no technical control silver-bullets in cyber security, however lot's of small configurations will add up to provide large returns in security posture and a reduction overall in …
Continue reading "Microsoft Intune 14 – Block and Control Device Enrolment."
To be honest this guide could sit in our securing Azure series under Identity Access Management, however as this is specifically for controlling Local Administrative accounts, and the policies sit within Intune, it does sit better within our Intune series. What is LAPS? Windows LAPS is a feature that allows us to manage and back …
Continue reading "Microsoft Intune 13 – Configure Local Administrator Password Solution (LAPS)."
By now you should be aware that as of September 30, 2025, authentication methods can't be managed in these legacy MFA and SSPR policies. You will need to use the new unified Authentication methods policy. "2025" I hear you shout! "we've got ages". Well, it can seem that way however authentication methods, and conditional access …
In the previous article we covered disabling legacy authentication, and configuring SPF, DKIM and DMARC. This article will cover Exchange Online Protection, Microsoft Defender for Office 365 Plan 1, and external email tagging. As always, these are recommendations which may impact a live environment. If you are starting from scratch within a new tenant then …
Continue reading "Securing Exchange Online 2 – First Steps Part 2."
In this new mini series we are going to be looking at the tasks we should be undertaking when we first start to use Exchange Online. As with our other guides, we start with the basics and then move on with improving our posture over time as we know we cannot resolve everything at once. …
Continue reading "Securing Exchange Online Part 1 – First Steps"
As we have covered previously, if you are a using Microsoft products and services a vast amount of guidance and documentation is available online. This can get confusing as there is the Cloud Adoption Framework, Azure Well-Architected Framework, Microsoft Cybersecurity Reference Architecture, Microsoft Cloud Security Benchmark, and the new Security Adoption Framework (SAF). This guide …
In part 1 and 2 we looked at creating our enrolment profile and configuration policy, and in this final part we will be creating our compliance policies, tagging devices as corporate owned and finally enrolling an iPad to show the complete onboarding process. There are two parts to compliance policies in Intune: Compliance policy settings – …
Continue reading "Microsoft Intune 12 – Enrol and configure iOS and iPadOS – Part 3"
@2codemonte 