In my previous post “What is your excuse for passwords”, I wrote about going passwordless all the way and how to enroll a Windows device with Autopilot using Azure Temporary Access Pass (TAP), and a FIDO2 security key. Working passwordless on Windows is easy, but when it comes to working passwordless on Mobile devices like […]

What is your excuse for passwords
What is your excuse for passwords and why is it, that we still heavily rely on passwords? Is it because passwords are easier to remember by end-users, or is it that someone thinks that end-users are not capable of handling anything else then a simple password. In other words, do we tend to think of […]

Conditional Access policies in Report-only Mode. Now what?
Conditional Access policies in Report-only Mode…Now what? Conditional access policies in Report-only mode allow you to evaluate the impact of Conditional Access policies before you enable them. For instance, you can see conditional access policies in Report-only mode in the Azure AD sign-in logs, but there’s more to it and that’s what this post is […]

Blocking access to Microsoft 365 outside the Android for Work Profile with Endpoint Manager
This post is about blocking access to Microsoft 365 outside the Android for Work Profile with Endpoint Manager. After seeing a question on techcommunity I thought I might as well do a quick post on this topic. Please note: Normally you would block access to Microsoft 365 resources by using a combination of device compliance […]

What Zombies can teach you about Security Baselines
This month, we had a company event at Rapid Circle and I did a presentation about Security Baselines vs Endpoint Protection templates vs Settings Catalog vs device configuration policies. Yeah… that’s a mouth full. For a change, I didn’t want to do a technical deep dive, but instead, talk more about some best practices and […]

Blocking BYOD based on unsupported OS versions
A couple of days ago, a colleague asked me if it was possible to Block BYOD based on unsupported OS versions from accessing Microsoft 365 resources like Exchange Online or SharePoint Online and Teams, when using the desktop apps on unmanaged devices with older OS versions. In this scenario, BYOD’s are not allowed to MDM […]

Android Enterprise Personally owned devices with a work profile and device PIN
When you configure Android Enterprise Personally owned devices with a work profile in Microsoft Endpoint Manager (Intune) to support BYOD, you probably configured the option for a Work Profile Password like the example below. If you did, and your wondering why some users complain they have to set a device PIN, the device PIN they’ve […]

OneDrive and its (Un)known Folder Move (KFM) – Part 2
Last time I wrote about the magic at work when OneDrive performs its Known Folder Move (KFM). This time, I’ll show you how to get your overalls dirty and tinker under the hood of this beast. Buckle up, it’s going to be a wild ride. Also, please be kind to me in the comments. This […]

OneDrive and its (Un)known Folder Move (KFM) – Part 1
Sometimes I stumble upon app behavior that intrigues me. In this case, there appeared to be a disconnect between the naming of Known Folders in OneDrive across users. Somehow, some users had English folder names, while others showed Dutch folder names. I couldn’t, for the life of me, see the logic in it. At first […]

going passwordless on shared Windows devices
Do you still prefer the password madness? While shared windows 10 scenario’s are excellent for passwordless, most users still sign in with their username and password which is old-school these days right? Besides using passwords, most will complain about long lasting logon times, low disk space due to many users and updates that install during […]