Frustration is my fuel
Guides showing how to configure and secure your IT infrastructure.
Using various tools and techniques to our advantage.
By now you should be aware that as of September 30, 2025, authentication methods can't be managed in these legacy MFA and SSPR policies. You will need to use the new unified Authentication methods policy. "2025" I hear you shout! "we've got ages". Well, it can seem that way however authentication methods, and conditional access …
In the previous article we covered disabling legacy authentication, and configuring SPF, DKIM and DMARC. This article will cover Exchange Online Protection, Microsoft Defender for Office 365 Plan 1, and external email tagging. As always, these are recommendations which may impact a live environment. If you are starting from scratch within a new tenant then …
Continue reading "Securing Exchange Online 2 – First Steps Part 2."
In this new mini series we are going to be looking at the tasks we should be undertaking when we first start to use Exchange Online. As with our other guides, we start with the basics and then move on with improving our posture over time as we know we cannot resolve everything at once. …
Continue reading "Securing Exchange Online Part 1 – First Steps"
As we have covered previously, if you are a using Microsoft products and services a vast amount of guidance and documentation is available online. This can get confusing as there is the Cloud Adoption Framework, Azure Well-Architected Framework, Microsoft Cybersecurity Reference Architecture, Microsoft Cloud Security Benchmark, and the new Security Adoption Framework (SAF). This guide …
In part 1 and 2 we looked at creating our enrolment profile and configuration policy, and in this final part we will be creating our compliance policies, tagging devices as corporate owned and finally enrolling an iPad to show the complete onboarding process. There are two parts to compliance policies in Intune: Compliance policy settings – …
Continue reading "Microsoft Intune 12 – Enrol and configure iOS and iPadOS – Part 3"
In the previous guide we created our Apple MDM certificate, and our enrolment profile. Next we need to create our compliance and configuration profiles. When creating our configuration profiles we need to pay attention to which ones apply to our enrolment method, as some settings are only available when using Apple School Manager or Apple …
Continue reading "Microsoft Intune 11 – Enrol and configure iOS and iPadOS – Part 2"
We are going to look at how we can enrol iOS and iPadOS devices into Intune without having either Automated Device Enrolment (ADE), or Apple Configurator. The reason for this? As we have discussed throughout most of these blogs, most companies cannot afford all the bells and whistles so there's no point making guides that …
Continue reading "Microsoft Intune 10 – Enrol and configure iOS and iPadOS – Part 1"
Verifying that our Windows endpoints are using the expected configuration is a key part of ensuring our attack surface is as we expect, this is also known as OS hardening. Endpoints and servers are obviously one of the most at-risk components of our infrastructure and so we want to ensure they have a strong baseline …
Continue reading "Endpoint Configuration Checks Using the Microsoft Security Compliance Toolkit"
In this guide we will be creating some further additional policies before fully enabling conditional access within our tenant. If you have not carryied out the required preparation from parts 1 and 2 then go back and read them to ensure you are ready and have carried out the required prerequisites. In the previous guide …
Continue reading "Securing Azure 6 – Identity and Access – Conditional Access Part 3"
In the previous guide we created our log analytics workspace, and took care of a few prerequisites which would allow us to create and troubleshoot our conditional access policies before they are fully implemented. In this guide we will create our conditional access policies in report-only mode, and using the built-in conditional access workbooks we …
Continue reading "Securing Azure 5 – Identity and Access – Conditional Access Part 2"
@2codemonte 