Frustration is my fuel
Guides showing how to configure and secure your IT infrastructure.
Using various tools and techniques to our advantage.
Rolling out conditional access is a big topic, and we will split it into three main phases, preparation, audit and implementation. Conditional access has the potential to break stuff, a lot of stuff, especially if you are using Intune compliance configurations to block non-compliant devices. If you don't adequately test your conditional access policies before …
Continue reading "Securing Azure 4 – Identity and Access – Conditional Access Part 1"
This guide is not going to go into why securing privileged access is so important. If you're here for this guide, I'll assume you understand its importance. This guide will not cover all the different privileged roles and what they should be used for, nor will we be covering the monitoring of privileged access in …
Continue reading "Securing Azure 3 – Identity and Access – Securing Privileged Access"
Before you start shouting at me, "passwords are dead", they aren't quite, and yes we will be configuring multifactor authentication, but mistakes happen such as misconfigurations where multifactor may not be applied, so we should still be ensuring that strong passwords are being used across our organisation, and it's important to have knowledge of how …
Continue reading "Securing Azure 2 – Identity and Access – Passwords"
In this series we will be looking at securing an Azure cloud tenant from scratch. At this stage, our environment does not have any virtual machines (VMs), virtual networks, web application firewalls or other Azure services. This will be an Azure tenant and O365 subscription with a Business Premium licence, which means we have an …
In the previous eight guides we have setup Intune and Autopilot from scratch, and this guide is where we test the onboarding process by joining a device to AAD and then logging in with a user account which is a member of our Remote Users Group. (You should use a user account based on your …
Continue reading "Microsoft Intune 9 – AAD Join and Intune Onboarding (User-Driven Autopilot)."
We have completed the device configuration profiles, and our compliance policy, which means we now need to move onto deployment. Before we get into the configuration there are a few things to understand. During enrollment, Microsoft Intune installs a mobile device management (MDM) certificate on the device, which enables the two-way communication and is what …
Continue reading "Microsoft Intune From Scratch 8 – Deployment Configuration (Autopilot)."
This is a quick guide for configuring Edge SmartScreen, which is set as a separate policy as generally we are going to need different configurations for different user groups, so it's a good idea to have your Edge policy separate from other endpoint policies. IMPORTANT NOTE. Don't deploy anything without testing first as you cannot …
Continue reading "Microsoft Intune From Scratch 7- Edge Configuration"
In the previous guide we configured Antivirus which controls settings like malware scan schedules, network protection, PUA protection, and remediation actions based on alert types. Endpoint protection covers things like Application Guard, Windows Firewall, Credential Guard, and SmartScreen. IMPORTANT NOTE. Don't deploy anything without testing first as you cannot easily roll back restrictive policies applied …
Continue reading "Microsoft Intune From Scratch 6 – Endpoint Protection"
Configuring antivirus and endpoint protection can get very complicated as there are a LOT of settings which can be enabled, these are split across different configuration areas, and they can be set it different ways. Microsoft provides a Microsoft Security Baseline which can be enabled and applied straight out of the box. The list of …
Continue reading "Microsoft Intune From Scratch 5 – Antivirus Policy"
The Device Compliance Policy is the minimum baseline we require all assets to meet on a daily basis for business as usual (BAU) operations. Be careful not to confuse configuration and compliance policies, Microsoft explains the difference as below. "Compliance policies are 'rules' that govern whether a device is allowed/blocked. They are settings that devices …
Continue reading "Microsoft Intune From Scratch 4 – Compliance Policies"
@2codemonte 