MobileJon | Mobile Jon's Blog

Windows 11 Best Practices Part Four: User Experience

MobileJon / June 17, 2024

This multi-part series on Windows 11 best practices has covered onboarding, security, and advanced security. Part 4 delves into user experiences, addressing Windows Hello for Business with Cloud Kerberos Trust, OneDrive best practices, Microsoft Edge configuration, user password solutions, 3rd party ADMX integrations with Intune, self-service password reset, and Office 365 cloud app policies. These components aim to enhance the end user’s experience.

intune, Security, Windows

Windows 11 Best Practices Part Three: Security Advanced

MobileJon / June 3, 2024

The latest article delves into advanced security technologies for Windows 11, including Endpoint Privilege Management (EPM), Windows Defender Application Control (WDAC), Application Patch Management, and Device Control. EPM leverages Microsoft Intune and features automatic elevation and reporting capabilities. WDAC focuses on restricting app execution, requiring signed apps, and managing policies. Additionally, it provides a detailed outlook on managing WDAC policies and policy considerations, such as managing internal and 3rd party apps, enforcing code signing, and ensuring a scalable approach. The article also explores options for Windows Application Patch Management and Device Control in Microsoft Defender for Endpoint (MDE), emphasizing the importance of tailoring security capabilities to organizational needs to avoid creating an unmanageable security environment.

Security, Windows

Windows 11 Best Practices Part Two: Security

MobileJon / May 14, 2024

The recent security article covered best practices for Windows 11. It stresses personalization of security policies and highlights the significance of the Windows Autopatch feature. Additionally, it addressed the management of security baselines, Microsoft Defender for Endpoint settings, BitLocker usage, personal data encryption, certificate authentication strategies, and device compliance best practices. The emphasis was on utilizing Microsoft Cloud PKI and SCEPman and leveraging custom compliance scripts for specific compliance requirements. This aligns with the focus on modern CSPs and core Intune components for securing Windows 11 effectively. Future chapters will delve into more complex features like EPM, App Control, and Device Control.

Microsoft, Windows

Windows 11 Best Practices Part One: Onboarding

MobileJon / May 6, 2024

Windows 11 best practices are often challenging. It’s a loaded question that encompasses many areas. Today, we will focus on onboarding best practices like Windows Autopilot, debloating, imaging, device join, and much more!

Entra, Microsoft, Security

Demystifying Passkeys and Extending Microsoft Entra with Passwordless Authentication

MobileJon / April 29, 2024

Passkeys, introduced in Entra, are receiving much attention for their cryptographic and phishing-resistant authentication model. They are user-centric, unique per service, and stored only on the user’s device. Supported by Windows with TPM, they provide strong security and cross-device authentication. Implementing passkeys in Entra and Windows is straightforward, enhancing device security.

intune, Workspace ONE

The Workspace ONE Admin’s Guide to Microsoft Intune Part 4: SECURITY!

MobileJon / April 22, 2024

In part 4, of the Workspace ONE Admin’s Guide to Microsoft Intune. It covers security capabilities including Windows patching, security baselines, leveraging profiles for security hardening, account protection, conditional access, and remediations. Final thoughts include an upcoming webinar and future articles on API comparisons.

intune, Security

Deep Dive into Windows Patching with Microsoft Intune

MobileJon / April 16, 2024

Microsoft Intune presents a new approach to Windows patching, replacing on-prem servers with Windows Update for Business (WUfB). It offers features like Update Rings, Automatic Update Behavior, and a Deployment Service. Windows Autopatch on Intune automates patch deployment, but requires specific software/licensing. Best-in-class reporting is also available, addressing traditional reporting issues.

intune

Securing Local Administration with Microsoft Intune

MobileJon / April 10, 2024

The article discusses securing local administrators with Microsoft Intune, covering creating the admin account, deploying the LAPS policy, protecting local administration groups, and working with Entra users and groups. It emphasizes the ease of using Intune for these purposes and shares insights on Entra user and group challenges. Overall, it advocates leveraging Microsoft’s EPM alongside Intune for robust security.

intune, Workspace ONE

The Workspace ONE Admin’s Guide to Microsoft Intune Part 3: Apps

MobileJon / April 3, 2024

In Part 3 of transitioning from Workspace ONE to Microsoft Intune we turn our attention to application delivery. We look at the different ways we can deliver apps on Windows devices.

ControlUp

ControlUp Secure DX: The Next Frontier of the Digital Employee Experience

MobileJon / April 1, 2024

The emergence of Digital Employee Experience Management (DEX) has been influential, with ControlUp Secure DX now enhancing the approach. Built on the ControlUp Edge DX platform, it focuses on security issues, leveraging policies and templates. Configuration is streamlined, and the admin experience offers comprehensive insights.

HEADLINES: