Conditional Access policies in Report-only Mode…Now what? Conditional access policies in Report-only mode allow you to evaluate the impact of Conditional Access policies before you enable them. For instance, you can see conditional access policies in Report-only mode in the Azure AD sign-in logs, but there’s more to it and that’s what this post is […]
Tag: Intune

Blocking access to Microsoft 365 outside the Android for Work Profile with Endpoint Manager
This post is about blocking access to Microsoft 365 outside the Android for Work Profile with Endpoint Manager. After seeing a question on techcommunity I thought I might as well do a quick post on this topic. Please note: Normally you would block access to Microsoft 365 resources by using a combination of device compliance […]

Blocking BYOD based on unsupported OS versions
A couple of days ago, a colleague asked me if it was possible to Block BYOD based on unsupported OS versions from accessing Microsoft 365 resources like Exchange Online or SharePoint Online and Teams, when using the desktop apps on unmanaged devices with older OS versions. In this scenario, BYOD’s are not allowed to MDM […]

Android Enterprise Personally owned devices with a work profile and device PIN
When you configure Android Enterprise Personally owned devices with a work profile in Microsoft Endpoint Manager (Intune) to support BYOD, you probably configured the option for a Work Profile Password like the example below. If you did, and your wondering why some users complain they have to set a device PIN, the device PIN they’ve […]

Support Windows 10 BYOD with Microsoft Endpoint Manager and WIP-WE
If you’ve read my previous post about Windows Information Protection Without Enrollment (WIP-WE), than you probably figured out it’s a great solution but also comes with some limitations. However, I’m a fan of WIP and in this post I want to talk a little more about how to support Windows 10 BYOD with Microsoft Endpoint […]

Testing virtual Android Devices with Microsoft Endpoint Manager
When you’re testing Microsoft Endpoint manager, chances are, you’re using a virtual Windows 10 device to do most of your testing. For Windows 10, there are many virtualization platforms like Hyper-V, VMWare or Virtual Box. But when it comes to Android, it’s a different ballgame. There are emulators out there, but I find that most […]

Passwordless authentication with windows 10 and Azure AD
While passwordless authentication with Windows 10 and Azure AD is possible for quite some time, many organizations still use older and less secure authentication methods. I guess there is still a lot of mystery around going passwordless. Some System administrators are concerned about difficult time consuming configuration changes and user adoption challenges. With this blog, […]

Troubleshooting Windows Information Protection on Windows 10
Troubleshooting Windows Information Protection can be a lengthy and time consuming process. If all goes according to plan, you can sit back and relax. If not, I hope this post will help you get on the right track again. There are a couple of other post you might want to read: This post is part […]

WIP Without Enrollment Selective Wipe
In my previous post I’ve walked through the WIP-WE user experience (Windows Information Protection without enrollment) and showed you what the users experience when working on a Windows 10, BYOD (Bring Your Own Device). In the first part this post I’ll show you what happens to corporate data when an administrator performs a selective wipe […]

Azure Rights Management for WIP
This post is part of the Windows Information Protection (WIP) series. Firstly I walked through the basic, the actual WIP configuration and deployment. Secondly I wrote about the user experience on both MDM enrolled (company owned) and BYO devices (personally owned). Finally in this post I will focus on Azure Rights Management and how it […]