Using Filters with Conditional Access: Protect your privileged users with an additional layer of security

Introduction

So, I’m quite far behind in my blogging schedule, and I’m merely picking up on a feature which released in preview back some time in May. Luckily, this doesn’t impact the importance of the topic, and therefore I’m still putting it out there.

A neat example of putting Filters to use with Conditional Access, is by protecting your privileged users, like your Global Administrators, with an additional layer, only allowing access to resources if coming from specific devices.

Curious? This post will walk you through how to achieve just that. 🙂

Read more…

Setting up Microsoft Tunnel Gateway with Microsoft Endpoint Manager and Linux VM(s) in Azure

Introduction

I typically blog about topics, that I’m currently addressing in my own daily work, and this time is no different.

Covid-19 surely has a saying on this particular topic as well, and empowering our users to do more, working securely from home and remote, is key.

In that regard, we needed a simple VPN solution for our iOS devices, and while making my way through the setup and configuration of Microsoft Tunnel Gateway, I decided it was worth blogging as well.

This post will walk you through everything you need know, in order to successfully setup Microsoft Tunnel Gateway as a proof of concept.

This includes:

  • Creating the VM(s) in Azure
  • Assigning static public IP
  • Hardening of the inbound traffic
  • Configuring public DNS record
  • SSH’ing to the Linux server
  • Installing Docker on Linux
  • Setting up configuration in Microsoft Endpoint Manager
  • Installing Microsoft Tunnel on Linux
    • Copying down TLS certificate to Linux
  • Deploying VPN profile in Microsoft Endpoint Manager
  • Verifying connection to VPN on iOS is successful

Read more…

Comparing Security Baselines in Endpoint Manager using Powershell and Microsoft Graph API

Introduction

I just very recently discovered, that a new version of the Security Baseline for Windows 10 was made available in Microsoft Endpoint Manager Intune.

It’s been a while since the last version, more than a year in fact, so it was a pleasant surprise seeing an update on this area.

Security Baselines, and those for Windows 10 in particular, consist of a lot settings. So I wondered what’s changed and started browsing and comparing the various settings via the admin portal.

Then I realized how that’s not very optimal, and began looking for alternatives. I eventually got myself into trying something new, and went on to compare the Security Baselines Profiles using Powershell and the Microsoft Graph. The result of that journey is this post. 🙂

Read more…