Frustration is my fuel
In part 1 and 2 we looked at creating our enrolment profile and configuration policy, and in this final part we will be creating our compliance policies, tagging devices as corporate owned and finally enrolling an iPad to show the complete onboarding process. There are two parts to compliance policies in Intune: Compliance policy settings – …
Continue reading "Microsoft Intune 12 – Enrol and configure iOS and iPadOS – Part 3"
In the previous guide we created our Apple MDM certificate, and our enrolment profile. Next we need to create our compliance and configuration profiles. When creating our configuration profiles we need to pay attention to which ones apply to our enrolment method, as some settings are only available when using Apple School Manager or Apple …
Continue reading "Microsoft Intune 11 – Enrol and configure iOS and iPadOS – Part 2"
We are going to look at how we can enrol iOS and iPadOS devices into Intune without having either Automated Device Enrolment (ADE), or Apple Configurator. The reason for this? As we have discussed throughout most of these blogs, most companies cannot afford all the bells and whistles so there's no point making guides that …
Continue reading "Microsoft Intune 10 – Enrol and configure iOS and iPadOS – Part 1"
Verifying that our Windows endpoints are using the expected configuration is a key part of ensuring our attack surface is as we expect, this is also known as OS hardening. Endpoints and servers are obviously one of the most at-risk components of our infrastructure and so we want to ensure they have a strong baseline …
Continue reading "Endpoint Configuration Checks Using the Microsoft Security Compliance Toolkit"
In this guide we will be creating some further additional policies before fully enabling conditional access within our tenant. If you have not carryied out the required preparation from parts 1 and 2 then go back and read them to ensure you are ready and have carried out the required prerequisites. In the previous guide …
Continue reading "Securing Azure 6 – Identity and Access – Conditional Access Part 3"
After years of neglect we're allocating finance to cyber security tools, we try and purchase a new system every year to keep progressing and improving, we try and stretch our budgets to afford the best, but things never seem to really get any better. Before identifying the next new system to procure, we should ask …
Continue reading "Cyber Security is easy, right? – Can we buy our way out of cyber security debt?"
In the previous guide we created our log analytics workspace, and took care of a few prerequisites which would allow us to create and troubleshoot our conditional access policies before they are fully implemented. In this guide we will create our conditional access policies in report-only mode, and using the built-in conditional access workbooks we …
Continue reading "Securing Azure 5 – Identity and Access – Conditional Access Part 2"
Rolling out conditional access is a big topic, and we will split it into three main phases, preparation, audit and implementation. Conditional access has the potential to break stuff, a lot of stuff, especially if you are using Intune compliance configurations to block non-compliant devices. If you don't adequately test your conditional access policies before …
Continue reading "Securing Azure 4 – Identity and Access – Conditional Access Part 1"
This guide is not going to go into why securing privileged access is so important. If you're here for this guide, I'll assume you understand its importance. This guide will not cover all the different privileged roles and what they should be used for, nor will we be covering the monitoring of privileged access in …
Continue reading "Securing Azure 3 – Identity and Access – Securing Privileged Access"
I want to start off by saying I don’t believe compliance is a bad thing. It’s an important part of doing business and a way to provide assurance to customers and partners in the absence of any other method. We also need a way to evidence that we are meeting a law or regulation, and …
Continue reading "Cyber Security is easy, right? – Confusing compliance with security."
@2codemonte 