Modern Device Management

I recently worked on a project that required setting up Intune and Defender for Endpoint enrolment policies for iPadOS. While some might say that this is a pretty routine task and in an absolute sense, it may very well be to some extent, I actually went another way. Let me start by mentioning that the iPadOS devices in scope were existing devices and in some come cases BYO so resetting them was not an option. Therefore, a user based enrolment had to be the choice of enrolment. Now back in the days, one would normally enroll the iOS\iPadOS devices using Company Portal and while this is still supported, with the introduction of support of Single Sign On extensions (SSO) of Apple devices, I chose to configure Web based device enrolment together with Just-in-time (JIT) for iPadOS devices. Web-based enrolment utilizes just in time (JIT) registration with the Apple single sign-on (SSO) extension to facilitate Microsoft Entra registration within the work apps thus reducing the number of authe...

On August 15 2024, Microsoft released a communication  stating that enabling multifactor authentication (MFA) will be enforced by October 15 2024, in order to access Microsoft Azure portal, Microsoft Entra admin center, and Microsoft Intune admin center.  The enforcement is planned to be rolled out in 2 phases: Phase 1: Starting in the second half of 2024, MFA will be required to sign in to the Azure portal, Microsoft Entra admin center, and Microsoft Intune admin center. The enforcement will gradually roll out to all tenants worldwide. This phase won't impact other Azure clients such as Azure CLI, Azure PowerShell, Azure mobile app, or IaC tools.  Phase 2: Beginning in early 2025, MFA enforcement gradually begins for sign in to Azure CLI, Azure PowerShell, Azure mobile app, and IaC tools. Some customers may use a user account in Microsoft Entra ID as a service account. It's recommended to migrate these user-based service accounts to secure cloud based service accounts with wo...