App Enforced Restrictions – All about Microsoft Intune

Combining the different layers of data security on personal Windows devices

May 20, 2024 by Peter van der Woude

This week is a continuation of my previous blog post about working with personal Windows devices. That post was focussed on the different options available for providing secure access to corporate data on personal Windows devices. This post is focussed on providing more details around using those different options actually as different layers in a single solution. All with the focus on providing secure access to corporate data on personal Windows devices, while still providing the user with as much flexibility and options to be productive. Besides that, using different layers of data security also enables the IT administrators to add more granularity to the solution. That makes the total solution less black-and-white. So, for example, not just block the ability of the user to …

Working with personal Windows devices

May 13, 2024 by Peter van der Woude

This week is kind of a follow up on my post of a couple of weeks ago about why enrolling personal Windows devices might be a really bad idea. That post was focussed on advising against allowing enrolling personal Windows devices into Microsoft Intune (or any other MDM provider). The logic follow up question would be: what are the alternatives? And that’s of course a fair question. This post will be about answering that specific question. And to be quite honest, the answer might come very close to a blog post of about four years around supporting unsupported platforms. The main difference will be what Microsoft has provided over the years. And that’s a lot, especially for the Windows platform. This post will focus on …

Using sensitivity labels to manage access to SharePoint sites on unmanaged devices

June 8, 2020 by Peter van der Woude

This week is a follow-up on my post of a few weeks ago about accessing SharePoint and OneDrive content on unmanaged devices. That post showed how to use the SharePoint admin center to manage the organiztion-wide access control for unmanaged devices and showed how to use PowerShell to manage the site-level access control for unmanaged devices. This post will show something similar to that PowerShell configuration, in a way that this will also provide a method for managing access for unmanaged devices on a site-level. The main difference is that this post will look at a new (currently in public preview) feature that is added to sensitivity labels. That feature enables the administrator to configure Site and group settings for sensitivity labels. Within that configuration …

Accessing SharePoint and OneDrive content on unmanaged devices

May 11, 2020 by Peter van der Woude

This week is all about accessing SharePoint sites and OneDrive accounts on unmanaged devices. More specifically, limiting access to SharePoint and OneDrive content on unmanaged devices. Configuring (limited) access to SharePoint sites and OneDrive accounts starts by using conditional access. For applying conditional access to SharePoint sites and OneDrive accounts, the Office 365 SharePoint Online cloud app, or the recently introduced Office 365 (preview) cloud app can be used. The first cloud app is applicable to all services that depend on SharePoint Online (including OneDrive and Teams). The second cloud app is applicable to all productivity and collaboration services of Office 365. An all-in-one app. However, both of these cloud apps don’t provide really granularity to only apply specific behavior for accessing specific SharePoint sites, …

Conditional access and Outlook on the web for Exchange Online

December 3, 2018 by Peter van der Woude

This week a blog post about conditional access. More specifically, about conditional access and enforced restrictions with Outlook on the web for Exchange Online. This can be used to provide users with access to Outlook on the web, but still protect company data. That can be achieved by configuring a limited experience for users with regards to attachments. The enforced restrictions can enable a read only option for attachments in the browser and can completely block attachments in the browser. In this post I’ll walk through the required configurations, with the focus on conditional access, and I’ll show the end-user experience. Configuration Let’s start with looking at the configuration. The main focus in the configuration is conditional access, but as that configuration has no use …

S	M	T	W	T	F	S
	1	2	3	4	5	6
7	8	9	10	11	12	13
14	15	16	17	18	19	20
21	22	23	24	25	26	27
28	29	30	31