Blog stories

Enterprise application – Admin consent workflow
The new built-in admin consent workflow within AzureAD Enterprise Application is amazing! This feature will give you the control that you need to take care of your companies sensitive information like user id`s, files, email accounts etc. Did you know that malicious applications is often a start of a sophisticated phising attack? If a malicious…

Get your data to your home country!
If your Microsoft 365 tenant like mine is located in a region that not`s include your country then this is how you should configure your tenant to get the data as close to you as posible! (if Microsoft has opened a Datacenter in your country of course :)) Why move your data? There are several…

Get started with Microsoft Endpoint Manager
In this post I want to go through some steps that I think is quickest method to get started with Microsoft Endpoint Manager. This will not cover ALL the features but it will give you an quickstart to the service. For instance, what shold you start with? To be honest, start with something easy and…

What is Microsoft Endpoint Manager?
Many people wonder what Microsoft Endpoint Manager is and how to quickly gain value to their company by using it. In this post i will give you some quick information on what it is and later on create a how to get started quckly with Microsoft Endpoint Manager! So what is Microsoft Endpoint Manager? Some…

S for Security in EMS – Cloud App Security
Last but not least in my blog post series “S for Security in EMS” is about Microsoft Cloud App Security! Microsoft Cloud App Security is a CASB (Cloud access security broker) service delivered by Microsoft that will give you several features to protect your data, users and cloud services. MCAS is giving you a great…

S for Security in EMS – Advanced Threat Analytics
So in this fourth blog post in my series S for Security in EMS we will og deeper in Advanced Threat Analytics included within EMS. So what is Advanced Threat Analytics? Well, it`s an on-premises platform that helps protect your enterprise from multiple types of advanced targeted cyber attacks and insider threats. Why is this…

S for Security in EMS – Microsoft Intune
So this is the third post in my blog post series “S for Security in EMS” and I will try to cover some Microsoft Intune benefits and quick-wins meaning how to quickly get started with Intune and to gain some benefits right the way. First, what is Microsoft Intune? Microsoft Intune is an cloud based…

S for Security in EMS – Azure Information Protection
Even tho Azure Information Protection is included within the EMS package i would recomend using the Office 365 Unified Labeling insted. Those labels which can be eather Sensitivity or Retention labels and capabilities comes with in the Office 365 E3 or Office 365 E5 license. Why should you use Unified labels you say? Well, in…

Change to Opt-In in MyAnalytics
Since MyAnalytics is an “Opt-Out” feature in Office 365, some companies wants to change this behavour for their users, meaning that each users should enable this feature them self instead of the service being automatically enabled when users are created. Changing settings in Office 365 to change this behavour: Remove the three ticks on the…

S for Security in EMS – AAD Premium
Let`s start off with the EMS E3 package and that will give you access and user rights to use Azure AD Premium P1 features. So do you need it? Well, Azure AD Premium P1 gives you capabilities for your hybrid users to access both on-prem and cloud resources. The synchronization also provides write-back capabilities so…

S for Security in EMS
Since Enterprise Mobility + Security (EMS) is a core component of Microsoft 365 services you need to understand what services is present within the EMS package. In the same way that Microsoft 365 services comes with a E3 or E5 service level does EMS also that. I will try to give a easy and understandable…

Azure Tags
Azure tags is an important tool of marking your resources with some additional information. This information can be what your business requires and is not set by any templates or so. Keep in mind that when you start with tagging it must give you some sort of value in some reasons this is cost-related that meaning you can tag resources with a costcenter tag like CostCenter : BusinessApplication CostCenter : Human Resources Other departments can also be in use of tags and then i`m thinking of the Security department and their Incidence and Respond team. By adding additional information to your Azure resources, you can set an value on resources and with that also prioritize what resources to mitigate first if there is an security incident. Setting tags can be done at creation of the resource in the Azure Portal but also within ARM templates or you can use Azure Policy to add tags after deployments aswell. When adding tags to a existing resource navigate to the resource and hit the Tags pane in the menu then add a TagName and a Value of the tag. Going forward this can also be done when creating a new resource within the Wizard and also by ARM temlates by adding this to the “Parameter” section of your ARM temlate: “resourceTags”: { “type”: “object”, “defaultValue”: { “CostCenter”: “BusinessApplication”} } And this to the actual resource “tags”: “[parameters(‘resourceTags’)]”, If using Azure Policy to remidiate existing resources you can use a built in policy named “Add a tag to resource” and deploy that to your subscription. By using Azure Policies you can also block creation of new resources without having a Tag set to the resources upon creation. …

Security Defaults – a lifesaver for some and a little pain for others
So lets talk about “Security Defaults” a bit, this new feature in AzureAD who replaces “Baseline policies: ” in the Conditional Access pane within Security in AzureAD. First of all – the baseline policies where in preview and could be changed before the feature went GA so we cant blame anyone of the service changing…

AIP is deprecated, move to Unified labels now!
At 06.01.2020 Microsoft released the deprication notice for Azure Information Protection client and Label management in the Azure portal. The service is deprecated as of March 31, 2021. The notice is telling us that within 15 months you all need to migrate all your labels from AIP in the Azure portal over to the new…

Azure AD Connect sync issues
Now and then we get errors in our Azure AD Connect syncronization, or that said – my customers get errors. And every now and then there is a error wich are not easy to spot what can be wrong. In this case the sollution was not that easy – but when you think of it,…