Getting started with Windows Defender Credential Guard

This week is again back to Windows. This week is all about Windows Defender Credential Guard (Credential Guard). Credential Guard is definitely not something new, it’s actually available since the beginning of Windows 10, but it’s still a little unknown and still not always used. A little awareness is on its place. Credential Guard uses virtualization-based security to isolate secrets and to make sure that only privileged access is allowed. That helps with preventing unauthorized access that can lead to known credential theft attacks, like Pass-the-Hash and Pass-the-Ticket. Besides awareness, there is also another new configuration location within Microsoft Intune that might be interesting. This post will start with a quick introduction about Credential Guard, followed with the steps to configure Credential Guard by using …

Read more

Getting started with Shared iPad devices

This week is all around Shared iPad devices with Microsoft Intune. Shared iPad is an iPadOS configuration that easily lets multiple user share the same iPad. That configuration enables a personal experience for a user, on a device that is shared between multiple users. That personal experience enables users to be more productive, as users can simply pick-up where they left off previously. This post will start with a short introduction to Shared iPad devices, followed with the configuration steps for those devices. This post will end by describing and showing the user experience with Shared iPad devices. Introduction to Shared iPad devices With shared devices, this post is referring to company-owned multi-user devices that can be used – depending on the use case – …

Read more

Using Microsoft Defender for Endpoint in app protection policies for Android and iOS

This week is all about some new and exiting functionality related to Microsoft Defender for Endpoint (MDE) that was announced around Microsoft Ignite. That new and exiting functionality is that MDE risk signals can now be used in app protection policies for Android and iOS. Those signals are based on the protection against phishing, unsafe network connections (on Android and iOS), and malicious apps (on Android only). That enables the usage of MDE on unmanaged devices for even better protection of work data. This behavior can be achieved by configuring an integration between MDE and Microsoft Intune, to send the required signals to Microsoft Intune, and by configuring an app protection policy, to create a conditional launch for the app, based on the signals provided …

Read more

Getting started with Microsoft Defender Application Guard

This week is back to Windows. This week is all about Microsoft Defender Application Guard (Application Guard). Recently Application Guard functionality was added to Microsoft 365 apps for enterprise and those configuration options recently became available in Microsoft Intune. A good trigger for a new post. Application Guard uses hardware isolation to isolate untrusted sites and untrusted Office files, by running the application in an isolated Hyper-V container. That isolation makes sure that anything that happens within the isolated Hyper-V container is isolated from the host operating system. That provides an additional security layer. This post will start with a quick introduction about Application Guard, followed with the steps to configure Application Guard by using Microsoft Intune. Introduction to Microsoft Defender Application Guard Application Guard …

Read more

Integrating Samsung Knox E-FOTA One with Microsoft Intune

This week is all about Samsung Knox Enterprise Firmware-Over-The-Air (E-FOTA). Samsung Knox E-FOTA is available in three editions, of which Samsung Knox E-FOTA One is the most advanced edition. That edition is also the subject of this post. Knox E-FOTA enables organizations to manage OS versions and security updates on corporate Samsung Knox devices. That enables organizations to extensively test updates on their devices in combination with their apps to make sure that new OS versions and security updates won’t cause any issues. Together with Microsoft Intune that experience can be even better. Microsoft Intune can be used to configure already managed Samsung Knox devices to use Knox E-FOTA and Microsoft Intune can also be used to synchronize groups with Samsung Knox devices to Knox …

Read more