I have had and still have customers that want to restrict access via Outlook Web App (OWA) to Exchange Online. For instance, they want to block download of attachments when users access their mailbox via OWA. Until recently this could be done via the OWA Mailbox Policy in Exchange (Online), by setting the DirectFileAccessOnPublicComputersEnabled and […]READ MORE
RBAC in Azure AD, Intune and scope tags explained
Microsoft Intune has a pretty good RBAC model to allow you to give permissions to users who need to be able to perform an administrative task or role within Intune. A role can be for instance a predefined role in Intune or a custom role. Before digging into the Intune roles, there are also Intune […]READ MORE
Global- , Exchange-, SharePoint-, Conditional Access Admins -> action required!
Yesterday I was triggered by a colleague of mine that administrators of services in Azure or Office 365 are automatically required to login via Multi-Factor Authentication (MFA) when accessing the service in the future. When logging in to one of my tenants indeed a new conditional access policy listed in the conditional access blade of […]READ MORE
Tune your Microsoft Intune device compliance behavior
Last year Microsoft was planning to mark devices that were not evaluated by a compliance policy as non-compliant. The default behavior is that if a device is not evaluated by a compliance policy that it is being marked as compliant and therefor the user has access to services controlled by Conditional Access in Azure AD, […]READ MORE
Intune Company Portal for Macos in preview
Microsoft released almost two weeks ago Conditional Access for Macos operating systems as part of Azure AD, which allows you to control that you only allow access from devices that are managed by Microsoft Intune and that are compliant. At the same time Microsoft released the preview of the Company Portal for the same device […]READ MORE
New Azure AD Application Proxy Connector Available – action required
Microsoft released a new version of the Azure Active Directory Application Proxy connector. This updated version uses now SHA2 for signing. Until now only SHA1 signing was used but since SHA1 is deprecated since it is not considered secure anymore. Be sure to update to the latest version if you are using the Azure AD […]READ MORE
Action required: Check your Conditional Access policies!
Due to an incident (IT85607) while moving the Conditional Access policies from “Preview phase” to “general availability” in Azure Active Directory, the Conditional Access policies in Microsoft Intune might be disabled. Since the two are basically the same you need to check your Conditional Access policies are still configured correctly.READ MORE
Book released: Microsoft EMS: Planning and Implementation
The last year my buddy Kent Agerlund and me have been working on a brand new book about the Microsoft Enterprise Mobility Suite. After hard work we were able to finally present our new book at the Midwest Management Summit earlier this week! So proud to be able to hold my third book finally in […]READ MORE
Last week I was invited to present one session at BriForum London. BriForum is all about end-user computing as they on the website: “We live, eat and breathe at the point where end users intersect with enterprise IT technology”. A very nice conference and setup about virtualization, VDI, enterprise mobility, DaaS platforms and much more, […]READ MORE
Upgrading DirSync to AAD Connect is easy
In an earlier blog I showed you that Azure Active Directory Connect is the successor of DirSync and AADSync, both are still supported but will be replaced in the future. So while being in the process of preparing my Microsoft Enterprise Mobility Suite session at BriForum this month I wanted to upgrade to the latest […]READ MORE
Microsoft AAD Connect Preview is the next step
When setting up an Enterprise Mobility Suite (EMS) environment and you want to use your own Active Directory domain you definitely need to setup synchronization services with Azure AD. Where we needed to setup DirSync in the past we now need to install and configure the successor Azure AD Sync or the Azure AD Connect […]READ MORE
About Peter Daalmans
Peter tries to speak every year on several events like TechDays Netherlands, ExpertsLive, IT/Dev Connections, BriForum, Midwest Management Summit, TechEd Australia, TechEd New Zealand and in 2017 Peter had the honor to speak at Microsoft Ignite. See more here.
Author of four books about Configurtion Manager and Microsoft Enterprise Mobility +Security