Modern Device Management

While working on a customer requirement involving implementation of Intune APP (App Protection Policy) on BYOD (Bring Your Own Devices), I came across an issue on Android devices where on accessing Outlook for Android, the end user was being asked to 'Activate device administrator' as shown below. Having dealt with Exchange device mailbox policy in the past, I immediately knew what the issue was and thought of blogging about it to save others some time. If you navigate to Exchange admin portal > Mobile > Mobile device mailbox policy , then you should see a policy that is present in every tenant by default and set as optional . However, in case your users see the prompt to Activate device administrator, then chances are that either you have a separate custom policy created and assigned OR the default policy is modified requiring an encrypted device instead of being optional. As it was in my case. So what is happening here? One can use mobile device mailbox policies to mana...

  When it comes to blocking or preventing users from running an application on Windows devices, one normally uses App locker policy, Windows Defender Application Control and not so new but pretty useful method called Defender Vulnerability management within Microsoft 365 Defender Portal. A recent question on the Tech Community Microsoft forum prompted me to look for all possible alternatives. I started reminiscing over the legacy GPO policies and that is when I stumbled upon the policy  Don’t run specified Windows applications  located under User Administrative Templates - The policy setting does come with its own caveat - " This policy setting only prevents users from running programs that are started by the File Explorer process. It does not prevent users from running programs, such as Task Manager, which are started by the system process or by other processes. Also, if users have access to the command prompt (Cmd.exe), this policy setting does not prevent them from st...

  Working on my own tenant resulted in re-visiting the password protection policies that I had configured some time ago. As a result, I wanted to explore all possible settings and thus came about the idea of putting a blog post together. Recent studies suggest that weak passwords are often the root cause of data breaches, hacks, and other cybersecurity incidents. They’re the weak link in the chain, easily guessable by hackers looking to brute force their way into a business or individual’s online accounts. This is where the need for strong Password protection policies comes into play. Microsoft Entra ID Password Protection   Microsoft Entra ID Password Protection can help you defend against password spray attacks. Most password spray attacks don't attempt to attack any given individual account more than a few times. This behavior would increase the likelihood of detection, either via account lockout or other means. The majority of password spray attacks submit only a small num...