Enterprise application – Admin consent workflow

The new built-in admin consent workflow within AzureAD Enterprise Application is amazing! This feature will give you the control that you need to take care of your companies sensitive information like user id`s, files, email accounts etc. Did you know that malicious applications is often a start of a sophisticated phising attack? If a malicious…

Continue reading

Get your data to your home country!

If your Microsoft 365 tenant like mine is located in a region that not`s include your country then this is how you should configure your tenant to get the data as close to you as posible! (if Microsoft has opened a Datacenter in your country of course :)) Why move your data? There are several…

Continue reading

Get started with Microsoft Endpoint Manager

In this post I want to go through some steps that I think is quickest method to get started with Microsoft Endpoint Manager. This will not cover ALL the features but it will give you an quickstart to the service. For instance, what shold you start with? To be honest, start with something easy and…

Continue reading

What is Microsoft Endpoint Manager?

Many people wonder what Microsoft Endpoint Manager is and how to quickly gain value to their company by using it. In this post i will give you some quick information on what it is and later on create a how to get started quckly with Microsoft Endpoint Manager! So what is Microsoft Endpoint Manager? Some…

Continue reading

S for Security in EMS – Cloud App Security

Last but not least in my blog post series “S for Security in EMS” is about Microsoft Cloud App Security! Microsoft Cloud App Security is a CASB (Cloud access security broker) service delivered by Microsoft that will give you several features to protect your data, users and cloud services. MCAS is giving you a great…

Continue reading

S for Security in EMS – Advanced Threat Analytics

So in this fourth blog post in my series S for Security in EMS we will og deeper in Advanced Threat Analytics included within EMS. So what is Advanced Threat Analytics? Well, it`s an on-premises platform that helps protect your enterprise from multiple types of advanced targeted cyber attacks and insider threats. Why is this…

Continue reading

S for Security in EMS – Microsoft Intune

So this is the third post in my blog post series “S for Security in EMS” and I will try to cover some Microsoft Intune benefits and quick-wins meaning how to quickly get started with Intune and to gain some benefits right the way.  First, what is Microsoft Intune?   Microsoft Intune is an cloud based…

Continue reading

S for Security in EMS – Azure Information Protection

Even tho Azure Information Protection is included within the EMS package i would recomend using the Office 365 Unified Labeling insted. Those labels which can be eather Sensitivity or Retention labels and capabilities comes with in the Office 365 E3 or Office 365 E5 license. Why should you use Unified labels you say? Well, in…

Continue reading

Change to Opt-In in MyAnalytics

Since MyAnalytics is an “Opt-Out” feature in Office 365, some companies wants to change this behavour for their users, meaning that each users should enable this feature them self instead of the service being automatically enabled when users are created. Changing settings in Office 365 to change this behavour: Remove the three ticks on the…

Continue reading

S for Security in EMS – AAD Premium

Let`s start off with the EMS E3 package and that will give you access and user rights to use Azure AD Premium P1 features. So do you need it? Well, Azure AD Premium P1 gives you capabilities for your hybrid users to access both on-prem and cloud resources. The synchronization also provides write-back capabilities so…

Continue reading

S for Security in EMS

Since Enterprise Mobility + Security (EMS) is a core component of Microsoft 365 services you need to understand what services is present within the EMS package. In the same way that Microsoft 365 services comes with a E3 or E5 service level does EMS also that. I will try to give a easy and understandable…

Continue reading

Azure Tags

Azure tags is an important tool of marking your resources with some additional information.  This information can be what your business requires and is not set by any templates or so.  Keep in mind that when you start with tagging it must give you some sort of value in some reasons this is cost-related that meaning you can tag resources with a costcenter tag like  CostCenter : BusinessApplication CostCenter : Human Resources  Other departments can also be in use of tags and then i`m thinking of the Security department and their Incidence and Respond team. By adding additional information to your Azure resources, you can set an value on resources and with that also prioritize what resources to mitigate first if there is an security incident.   Setting tags can be done at creation of the resource in the Azure Portal but also within ARM templates or you can use Azure Policy to add tags after deployments aswell.   When adding tags to a existing resource navigate to the resource and hit the Tags pane in the menu then add a TagName and a Value of the tag.  Going forward this can also be done when creating a new resource within the Wizard and also by ARM temlates by adding this to the “Parameter” section of your ARM temlate: “resourceTags”: { “type”: “object”, “defaultValue”: { “CostCenter”: “BusinessApplication”} } And this to the actual resource  “tags”: “[parameters(‘resourceTags’)]”, If using Azure Policy to remidiate existing resources you can use a built in policy named “Add a tag to resource” and deploy that to your subscription.   By using Azure Policies you can also block creation of new resources without having a Tag set to the resources upon creation.  …

Continue reading

Security Defaults – a lifesaver for some and a little pain for others

So lets talk about “Security Defaults” a bit, this new feature in AzureAD who replaces “Baseline policies: ” in the Conditional Access pane within Security in AzureAD. First of all – the baseline policies where in preview and could be changed before the feature went GA so we cant blame anyone of the service changing…

Continue reading

AIP is deprecated, move to Unified labels now!

At 06.01.2020 Microsoft released the deprication notice for Azure Information Protection client and Label management in the Azure portal. The service is deprecated as of March 31, 2021. The notice is telling us that within 15 months you all need to migrate all your labels from AIP in the Azure portal over to the new…

Continue reading

Azure AD Connect sync issues

Now and then we get errors in our Azure AD Connect syncronization, or that said – my customers get errors. And every now and then there is a error wich are not easy to spot what can be wrong. In this case the sollution was not that easy – but when you think of it,…

Continue reading