Skip to content

WorkplaceAsCode

Code from the field

  • Home
  • Modern workplace
  • About me
  • Disclaimer

Category: Modern workplace

Employees are more productive if they can do their work from a Cloud management workplace they love and wherever they want to work. The capabilities within the Microsoft 365 and EM+S suite have enough capabilities to make this happen. The blog articles into the modern workplace area describing my personal questions as well as customers or specific scenarios.

The modern workplace topics are related but not limited to the Endpoint Manager + security (EM+S) product suite of Microsoft. It includes features like Microsoft Endpoint manager (former known as Intune).

Hyper-connected world

Nowadays, the modern workplace managed by a Cloud service like Intune is essential to protect the organization’s data (intellectual properties). During any authentication attempt, the workplace compliance level is checked automatically. The Azure AD (IDP) calculates a risk score based on values like your location, type of application, and your digital footprint of a couple of weeks. The IT PRO or SecOps engineer needs to configure the requirements in Conditional Access (CA). Based on the configured CA policies, the authentication request is verified, and access is granted, blocked, or reported.

Enabling Cloud services

However, we are in a connected world, many enterprise organizations using on-premises IT components like Configuration Manager. It is essential to understand that the level of protection increases as soon as Cloud services are activated. Therefore, organizations are preparing workplace management workloads to the Cloud (co-managed/Cloud attached). For example, MBAM (disk encryption) to Intune.

In a lightweight or greenfield workplace management scenario, this approach is often different. Those organizations start managing their workplace fully from the Cloud (Intune). I experience that the employees become self-reliant as soon as the Cloud manages the workplace. They can do simple IT tasks themselves, like installing the workplace via Autopilot (+ Enrollment Status Page (ESP) + White Glove).

Management requirements

Businesses have requirements and demands for the technical configuration of a workplace. Often the configuration needs to meet (government) regulators or internationally recognized security frameworks like NIST. Endpoint Manager is capable of enforcing this via configuration-items. They also must distribute line-of-business applications or scripts. Intune as well Configuration Manager can distribute several types of applications to the managed device, independent of locations.

Security items & baselines
January 13, 2021 Tristan van Onselen

Unexpected autopilot restart

Warning! An unexpected restart during autopilot ESP can happen if you assign a configuration component to a device group. Many

Continue reading
Proactive Remediations
November 10, 2020 Tristan van Onselen

3 incredible Intune proactive remediation scripts

I was thrilled when I heard that Microsoft worked on proactive remediation (Windows Analytics) feature in Endpoint manager. Our customers

Continue reading
Blog illustration
August 25, 2020 Tristan van Onselen

Quickly Assign autopilot profiles

P1 (QR-Code) I was always curious about the content of the QR code that I see during Autopilot WhiteGlove enrollments.

Continue reading
Recover
June 24, 2020 Tristan van Onselen

Discover the Intune Graph APIs with fiddler

Do you want to recover an Intune PowerShell script but cannot find it at your computer? Yes, this was me

Continue reading
rust 3745490 1280
June 9, 2020 Tristan van Onselen

Explain Conditional Access understandable

Most employees are working from home due to the COVID-19 situation. Therefore, organizations have the challenge if they permit using

Continue reading
photo 1547068961 aa008634973d
April 17, 2020 Tristan van Onselen

Distribute custom backgrounds for Teams via Intune

Finally, it’s GA the capability to use custom backgrounds during a Microsoft Teams meeting. I’ve found tens of blogs that

Continue reading
Robust Conditional Access
April 13, 2020 Tristan van Onselen

A robust Conditional Access baseline sample

Are you preparing yourself for the implementation of a Conditional Access Baseline? Continue reading. In this article, I describe the

Continue reading
photo 1531206715517 5c0ba140b2b8
March 5, 2020 Tristan van Onselen

Insights in privilege accounts via workbooks

Azure workbooks can give you insights into the impact of your Conditional Access baseline. The Azure workbooks are easy to

Continue reading
photo 1513021032795 a0af6e8e87ef
February 28, 2020 Tristan van Onselen

Why do I need a second authentication factor?

Only 11% had a Multi-Factor-Authentication (MFA) solution enabled, as of January 2020, Microsoft said. My opinion is that any organization

Continue reading

Recent Posts

  • Unexpected autopilot restart
  • 3 incredible Intune proactive remediation scripts
  • It’s remarkably easy to create a custom connector
  • Quickly Assign autopilot profiles
  • Discover the Intune Graph APIs with fiddler

Archives

  • January 2021 (1)
  • November 2020 (1)
  • October 2020 (1)
  • August 2020 (1)
  • June 2020 (2)
  • April 2020 (2)
  • March 2020 (1)
  • February 2020 (1)

Categories

  • Automation
  • Modern workplace

Tags

1074 Automation Autpilot Azure Active Directory Baseline CloudExpierienceHostbroker.exe Custom connector device group Edge Browser Endpoint Manager Enterprise application ESP EventID Flow Graph API Group Tag icons Intune IT admin KFM Microsoft security Microsoft Teams OneDrive PowerApp PowerAPps Proactive remediation Profiles reboot restart Scripts SecOps Security Security baseline Security item user group Windows 10 Windows Analytics

RSS Device Management

  • 4 ways to get your client policy synchronized with the Intune service.
  • How the management team at MS integrates with engineering
  • Experience with Apple Business Manager Implementation
  • How the MEM @ Microsoft team combines various technologies to build automation.
  • VMSS based CMGs and the Cloud heavy ConfigMgr – Part 2
  • Deploy Teams media optimization with Intune Proactive Remediation to Windows 365
  • Zero Trust Networking and the Cloud heavy ConfigMgr – Part 1
  • AD Joined Hybrid Windows 365 management in Intune
  • Client Management
  • Dynamic Scaling of ConfigMgr Site Systems in Azure
WordPress Theme: Wellington by ThemeZee.