Modern Device Management

  Microsoft Defender XDR (Rebranded and formerly known as Microsoft 365 Defender) has many features and as part of Advanced hunting under incident & response, Custom detections is a great way to create rules to monitor events and system states proactively, including suspected breach activity and misconfigured endpoints. One can then enable & configure response actions using various device & identity attributes and set them to run at regular intervals, generating alerts. Custom detections uses Advanced hunting which is based on the Kusto Query Language (KQL) which is a powerful tool that uses schema entities organized in a hierarchy similar to SQL. The language is expressive, easy to read and understand. To manage custom detections, you need to be assigned one of these roles permissions at a minimum: - Security settings - Security administrator - Security operator To understand Custom detections better, I wanted to explore the possibility of initiating a response action on

  I have finally jumped on the Copilot bandwagon and started familiarizing myself with the feature. For those who are unware or getting to know it like me, then it is Microsoft's latest AI-powered productivity tool that uses large language models (LLMs) and integrates data with the Microsoft Graph and Microsoft 365 apps and services. I don't intend to do a deep dive into what Copilot is as there is plenty of material available online for that, but I will like touch base on commercial data protection and what organizations can do to manage Copilot on mobile devices using Intune. According to Microsoft , To provide chat responses, Copilot uses global data centers for processing and may process data in the United States. Optional, Bing-backed connected experiences don't fall under Microsoft's EU Data Boundary (EUDB) commitment.  They also don't fall under the terms of the Data Protection Addendum (DPA) which requires company data to remain inside geographic or tenant b

I have recently been testing and  familiarizing myself with Microsoft Single-sign on (SSO) extensible configuration for websites and apps on macOS. While the feature is still in preview, it has immense potential and has already proved to be a worthy edition in the management of Apple devices in general. While exploring the configuration, I felt the need to configure Microsoft 365 apps, particularly Microsoft OneDrive. In this blog, I will cover the configuration required to setup and manage Microsoft OneDrive on macOS devices using Intune. Intune Configuration Part 1 - As the first step, I will encourage to configure the SSO extension on the macOS devices to make the sign-in as seamless as possible. If you are interested in knowing how to go about this, then I recently blogged about  Reduce app sign-in prompts with SSO on macOS using settings catalog in Intune   which covers the steps and details. Part 2 - As the second step, Microsoft OneDrive app needs to be installed on the macOS.

  The Microsoft Enterprise SSO plug-in provides single sign-on (SSO) to apps and websites that use Microsoft Entra ID for authentication, including Microsoft 365. This plug-in uses the Apple single sign-on app extension framework and it reduces the number of authentication prompts users get when using devices managed by Intune. I recently blogged about configuring SSO plug-in for iOS devices and wanted to cover a part of the SSO configuration for reducing Microsoft Entra ID sign-in prompts on a macOS, with a focus on Microsoft 365 apps using Intune. My test device is already enrolled, installed with Company Portal app and I manually changed its ownership to Corporate. What are the pre-requisites? - The device is managed by Intune. - macOS 10.15 and newer - The Microsoft Company Portal app must be installed and configured on the device. Intune Configuration There are multiple configurations needed for this to work - a. Extensible Single Sign-on (SSO) settings catalog 1. Sign-in to the