Modern Device Management

Windows 365 Cloud PC is the next generation of cloud computing which takes virtualization of the PC to a whole new level. PC-as-a-service or SaaS as Microsoft puts it, is a highly available, optimized, and scalable virtual machine providing end users with a rich Windows desktop experience. It is hosted in the Windows 365 service and is accessible from anywhere, on any device. Windows 365 service uses the following: 1. Microsoft Endpoint Manager to manage the Cloud PCs. 2. Azure Active Directory (Azure AD) for identity and access control. (HAADJ is also supported) 3. Azure Virtual Desktop for remote connectivity. 4. [Optional] Create Azure network connections, which are links between the Cloud PCs and an on-premises resources. In this blog we will cover details around creating AAD dynamic groups, AAD conditional access policy to enforce MFA and provisioning of a Windows 365 Cloud PC with AAD identity using Intune. Configuring Windows 365 Cloud PC in Intune Cloud PCs are created and assi...

Consider a scenario where an organization has different teams for managing security of devices across the board using Defender portal and another team for managing endpoints using MEM admin portal. When you have Intune integrated with Microsoft Defender for Endpoint, the security team can request remediation from MEM team in form of a ticket, which will then open a security task for action in the MEM admin portal. The activity of the same can then be monitored in MDE portal by the security team. This integration allows synergy across different teams in an organization by leveraging vulnerability management capabilities within Defender for Endpoint. After you connect Intune to Microsoft Defender for Endpoint, Defender for Endpoint receives threat and vulnerability details from managed devices. There are obviously some pre-requisites involved that you need to take care of - 1. Configure a service-to-service connection with Microsoft Defender for Endpoint. 2. Deploy a device configuration...

  Microsoft releases security baseline for Microsoft 365 apps every 6 months keeping in with the release cadence of Microsoft 365 apps semi-annual channel which normally happens in June and December. At the time of writing this blog, following are the available deployment methods: Cloud policies - Can be deployed with the Office cloud policy service for policies in HKCU.  Cloud policies apply to a user on any device accessing files in Office apps with their AAD account. ADMX policies - Can be deployed with Microsoft Endpoint Manager (MEM) for both HKCU and HKLM policies. These settings are written to the same place as Group Policy, but managed from the cloud in MEM using either Administrative templates or the settings catalog. Group Policy - Can be deployed with on premise AD DS to deploy Group Policy Objects (GPO) to users and computers. Note: Depending on the deployment method, registry keys will be written accordingly and they will be observed in order of precedence:...