Katy Nicholson, 12 August, 2022
Windows Autopatch is a service which takes care of updates to Windows, Microsoft 365 Apps for enterprise, Microsoft Edge, and Microsoft Teams across your devices. It is marketed as taking the mundane tasks of managing updates away from IT staff, leaving them free to work on other things. Autopatch uses various policies and profiles through Intune to set the update configuration on the client devices, Windows Update for Business to deliver the updates, and reporting is also done through Intune (or the Update Compliance Log Analytics solution). Autopatch uses four rings to phase updates across your devices - test, first, fast and broad - where test gets the updates as soon as they become available, broad gets them with a 9 day delay, so that any issues are caught in the test or first rings and further deployment can be paused.
Katy Nicholson, 31 July, 2022
Corporate devices can be fully managed and secured using Mobile Device Management (MDM) such as Intune. But what about securing personally owned devices? This is where Mobile Application Management (MAM) steps in. For iOS and Android devices, MAM in Intune is implemented through App Protection Policies. With these policies, we can segregate corporate data on personal devices and also put restrictions in place - for example, don't allow copy/paste between the corporate apps and the rest of the device, or requiring PIN or biometric unlock before the data can be accessed. In this post I'm going to go through how to create an App Protection Policy and cover the differences between iOS and Android.
Katy Nicholson, 23 July, 2022
Katy Nicholson, 21 May, 2022
Surely by now everyone has turned on Multi-Factor Authentication (MFA) as part of their identity protection strategy. Not necessarily - I regularly come across people who have not enabled this crucial feature, usually through the company/institution's management thinking it is not necessary or not worth the hassle. Usually this is followed up with a compromised account sending thousands of emails in an attempt to gather credentials from contacts of the compromised user. I've previously written about Azure Conditional Access and MFA, this post is a more general look at MFA and also covers some of the new Azure MFA features.
Katy Nicholson, 23 April, 2022
This has to be one of the most requested features for Intune - importing Group Policy Objects. It's now a feature! Currently in public preview, so should be available on most tenants. The way this works is that you export your GPOs from Group Policy Management Console, import them into the Group Policy Analytics and it will determine whether they will work as Intune configuration profiles - by trying to map the GPO settings to the corresponding Configuration Service Provier (CSP) setting, if one exists. You'll be shown a report detailing how much of your policies will be transferable, and which individual settings will or won't work.