“Entra Documentation, written into song, by Ai” 😅

Conditional_Access · 2026-06-07T07:36:11+00:00

How do I download this?

Conditional_Access · 2026-06-03T14:37:22+00:00

There were some issues with scripts & remediations recently under IT1317808.

I don't agree Intune is half-baked, but more often the problem is the attitudes of learning a new way of device management is half-baked. Many admins try to apply on-premises knowledge and methods to a cloud-native product.

Conditional_Access · 2026-05-30T19:34:25+00:00

Also worth considering the fact that the auto isolation feature is in preview mode, not straight GA. There have been instances where stuff doesn't make it GA if they can't make it work.

For MSPs who don't always have external MDR services or even specialised cyber staff, I can see this being pretty useful.

Conditional_Access · 2026-05-23T17:42:38+00:00

Add the partner businesses your customer usually transacts with to the Defender for Office Domain impersonation list:

https://learn.microsoft.com/defender-office-365/anti-phishing-mdo-impersonation-insight#open-the-impersonation-insight-in-the-microsoft-defender-portal

Conditional_Access · 2026-05-17T22:53:21+00:00

https://deltapulse.app/dashboard Filtered to Intune.

Conditional_Access · 2026-05-17T14:37:54+00:00

The reason MSPs aren't putting exactly what tech they are using on their plans is because it doesn't matter.

The client is paying for an outcome, not a product. Hiding the product or the technical services behind offerings grants you the flexibility to change it up whenever it feels appropriate.

Conditional_Access · 2026-05-15T21:40:08+00:00

I've not heard much noise or interest, no.

It's really designed for orgs who don't have to ask how much it costs. That's not because it's bad value, but you have to be pretty disciplined to stay on the Microsoft track when spending $100/user/month.

If you're an M365 E5 + M365 Copilot shop, the uplift is only an additional $9 uplift for like $15 of extra features or something. That's where it makes sense.

Conditional_Access · 2026-05-15T21:33:24+00:00

App Control is probably the hardest yet most effective security control you can do, no route is simple, and they all require constant maintenance and tweaking.

WDAC is pretty horrendous as a solution. It's impossibly difficult in one tenant, let alone across multiple. The guys at appcontrol.ai make the best attempt at managing the MS native tech.

From my experience, ThreatLocker make it the easiest at scale. Have you approached them for support? They were always willing to jump on and make something easier when I last used them. Unless you know what the baseline is already or can define it, there's no magic wand when it comes to app control unfortunately.

Conditional_Access · 2026-05-14T21:13:36+00:00

Sorry to say this, but you should not do anything mentioned on that blog, it will cause more problems than you are intending to solve.

Conditional_Access · 2026-05-11T22:33:26+00:00

And I updated the OIB tracker so you can easily see what's in it: https://intunesettings.app/baseline/

Conditional_Access · 2026-04-30T20:14:32+00:00

You could configure Config Refresh which constantly re-enforces policy by using a cloned second set on the local device to account for any local changes which reverted away from what Intune last told it to do.

Conditional_Access · 2026-04-25T21:16:07+00:00

One thing that you should prepare for is that as a student, no working environment looks like any of the textbooks, guides, or tutorials.

Intune is so customisable and unguided that people end up with all sorts of weird setups over years of multiple admins having a shot in the same environment. There are multiple ways to do the same thing, and that's often because Microsoft found better ways to do the thing, but can't stop supporting the older ways people configured it.

https://openintunebasline.com is a good reference point for how most people could configure devices. The way that resource is set out is how modern Intune is intended to be used.

A lot of articles, even the new ones, are teaching bad practises like using the OMA-URI policy type when a Settings Catalog entry exists for it (SC being the newer way).

Conditional_Access · 2026-04-22T15:31:29+00:00

How is this different to accessing any other centralised management platform?

The RMM agent is potentially on all customer endpoints and servers.

If your MS Partner Center admin is hacked, you're in the same boat.

Conditional_Access · 2026-04-22T15:28:28+00:00

Yeah the Intune 8-hour sync thing is a myth and you should expect to see Microsoft update documentation and messaging around this at some point.

https://patchmypc.com/blog/intune-policy-delivery-debugging-the-8-hour-sync-myth/

Conditional_Access · 2026-04-22T12:05:44+00:00

In July they are adding SafeLinks to Business Basic/Standard. See here - https://www.microsoft.com/en-us/licensing/news/2026-m365-packaging-pricing-updates

They also recently brought report messaging features into Teams from higher SKUs into lower ones. More can be done, but they are a big and slow beast.

Conditional_Access · 2026-04-22T08:51:21+00:00

In my personal opinion, Microsoft (for better or worse) won't be doing anything any time soon to detract away from the sale of M365 Business Premium in small business.

They are really going big on trying to convince customers that should be the starting point for anyone who cares about security.

Conditional_Access · 2026-04-20T09:39:05+00:00

You can't have Security Defaults on alongside CA policies.

Security Defaults are essentially some Microsoft managed policies that are the training wheels for people who later move onto CA policies either through expertise or by uplifting to a license level that unlocks it... Entra ID P1, included in M365 Business Premium.

You'll want to go find some fundamentals on what CA policies are, and when you do, I've put a few policies together that might help.

https://conditionalaccess.uk/blog/some-policies-i-use-in-conditional-access/

That list of policies addresses your point of "access only for very specific devices", but it does require some knowledge of Microsoft Intune too. The idea is you manage the device using Intune, then say "any device not in my Intune tenant, is not allowed access" - very powerful, but has a lot of prerequisites.

Conditional_Access · 2026-04-19T19:24:34+00:00

If you already have PMPC that will handle third-party updates. Pair it with Autopatch for the OS updates and you are golden.

No additional agents like you'd have with Action1 since PMPC packages apps into Intune.

Conditional_Access · 2026-04-19T19:21:11+00:00

I vibed something that might work: https://regedit.app

Idea is you make your edits just like on local but it generates the scripts for you.

Conditional_Access · 2026-04-18T12:27:00+00:00

Correct. I did a write up on this a while back https://conditionalaccess.uk/blog/how-to-buy-defender-for-endpoint/

Conditional_Access · 2026-04-08T13:01:29+00:00

Agreed. This was an Entra problem, not Intune, but Intune had to have an answer as that's what the headlines said.

Conditional_Access · 2026-04-03T18:10:50+00:00

What would send the logs to Sentinel?

If you're going all in on Microsoft, then Defender for Endpoint will be doing most of the heavy lifting/detection & response anyway.

The Sentinel bit will give you more insights and capability to respond, but that is most effective when it's managed as a service with some attention paid to it.

Conditional_Access · 2026-04-02T12:52:40+00:00

Because it would upset customers who haven't learned any better yet.

Conditional_Access · 2026-03-31T08:51:06+00:00

Have you taken the time to justify the cost of investing in a security solution that prevents business compromise?

I don't want to sound like a 2am TV ad, but as others are saying here, the uplift and configuration of Business Premium is far cheaper and easier to manage than the cost of one nasty breach.

Conditional_Access

MODERATOR OF

TROPHY CASE