Veeam ONE Part2

Veeam ONE Part2

Monitor Veeam Backup server Adding a Veeam Backup & Replication server to Veeam ONE enables you to collect data from your backup infrastructure. This means you can monitor your Veeam Backup & Replication servers, as well as Veeam Backup for Microsoft 365. For Veeam Backup & Replication, two types of server can be added: Veeam Backup & Replication for monitoring stand-alone backup servers Veeam Backup Enterprise Manager for supervision of all servers added to Veeam Backup Enterprise Manager.

Veeam One Part1

Veeam One Part1

Veeam One is the monitoring solution provided by Veeeam. It enables management of both virtual environments and backup infrastructure. With Veeam One 12.1, it is possible to support your Veeam for M365 environment. Veeam One also offers monitoring and reporting capabilities.

Full VM Recovery

Full VM Recovery

In a previous post, we looked at instant VM Recovery. Now we’ll take a look at Full VM Recovery. How restoration works Veeam Backup & Replication lets you restore a virtual machine using a backup file. During the restore step, you can select the last restore point to obtain the latest state of the VM (last saved state). It is of course possible to select an earlier restore point.

Instant VM Recovery

Instant VM Recovery

Veeam offers a number of different recovery modes. Here we’ll take a look at vm recovery.Other catering options will be covered in a separate post in the near future.

Different backup methods

Different backup methods

Backup with Veeam It is very important to test a backup. Untested backups are unreliable. This also applies to disaster recovery plans. All this, of course, to avoid stress in the event of the loss of an important resource. The various tests must be carried out at regular intervals.

VBO – Backup a lot of object

VBO – Backup a lot of object

Backup a lot of object Veeam for M365 can backup Mailbox, OneDrive, Sharepoint and Teams on your Tenant. All these solutions can contain a large amount of data, which will lengthen backup times. In some cases, Error 429 too many requests may appear. This error is due to the fact that the backup job takes a long time to connect to the Microsoft 365 tenant. This error can be seen in the backup job log. As a reminder, the backup…

Read More Read More

RPO and RTO

RPO and RTO

The RPO and RTO RPO and RTO are part of the disaster recovery policy. It’s very important to understand the difference between RPO (Relative Point Objective) and RTO (Recovery Time Objective). The RPO is the maximum time we allow ourselves to lose. This time can be expressed in minutes, hours or, in the worst case, days. This is the time between the incident and the last backup. In the case of a very short RPO, several daily backups will be…

Read More Read More

Send Organizational messages

Send Organizational messages

This features permit to send important messages to employees. They need have a Windows 11 PC managed by Intune. It’s an interesting features for remote and hybrid work scenarios. The message is send to Azure AD users and the delivery status can be tracked.

Manage Tape drive

Manage Tape drive

The 3-2-1-1-0 rule The availability of the IT system and the integrity of the data is an important point not to be neglected. The tape drive is therefore an essential part of the backup system.The 3-2-1-1-0 rule is a good practice that should be followed. This involves 3 : Keep three copies of the data. One copy concerns the “primary” data, the other two are two backups. This prevents data loss in the event of a location malfunction or data…

Read More Read More

Migrate MFA & SSPR

Migrate MFA & SSPR

Why migrate MFA and SSPR Microsoft has announced the depreciation of historical portals. All DSIs have until January 2024 to proceed with the migration. We will see in this post how to operate this migration step by step. The migration can be done respecting its own schedule with a deadline of January 2024. Please note that the process is fully reversible. The tenant-wide MFA & SSPR policies can continue to be used during the migration. A user group is used…

Read More Read More

Windows LAPS with Intune

Windows LAPS with Intune

Overwiew of Microsoft LAPS Windows LAPS or Local Administrator Password Solution is a Microsoft tools used by the DSI team for manage local password. The password of the local administrator password can be modify and stored in Active Directory and Azure Active Directory. It’s a fantastic tools for on-premise or Hybrid AD Join computer. The computer can be configured by Microsoft intune. With Microsoft Intune, the Windows LAPS CSP (Configuration Service Provider) must be used. If you save the password…

Read More Read More

Veeam for M365 v7

Veeam for M365 v7

New features implemented Veeam for M365 v7 gives you the possibility to manage your data in M365. You can backup and recovery Exchange, Sharepoint, OneDrive for Business and Microsoft Teams. This version of Veeam for Microsoft 365 offers a number of new features Integration with Veeam ONE v12 A new integration with Veeam ONE v12 is inmplemented in this version. It’s now possible to have visibility and control of the Veeam for M365 in veeam ONE. More than 10 alarms…

Read More Read More

Endpoint Privilege Management

Endpoint Privilege Management

Intune Endpoint Privilege Management is an interesting feature, he permit to a standard user (so without administrator rights) the possibility to elevate privileges if needed. The policy of least privilege is respected. Prerequisites Endpoint Privilege Management require Intune suite or standalone licence.

Group Policy analytics

Group Policy analytics

The GPO analytics tools The Group Policy anlytics tools is a very interesting tools if you want migrate to the modern management and configure computer with Intune. He offer few scenarios Analyzes on-premise GPOs Validate if the parameter configured by Active Directory GPO is supported by Intune (configured through Intune) Verify if any setings in the GPO is deprecated or not available Export a GPO From the Group Policy Management console, expand domain name and click on Group Policy Objects.

Upgrade to veeam v12

Upgrade to veeam v12

Backup configuration Veeam v12 is now officaliy available. We can see on this post the upgrade of the version of Veeam v11 to v12) and the upgrade of the database (SQL to PostGreSQL). The upgrade has performed on the same server. If you have installed Veeam Backup Enterprise Manager, you need to upgrade it before.

Administrative units in Azure AD

Administrative units in Azure AD

Administrative units is an Azure AD features. She contains only users, groups or devices and permit to restrict permissions in a role. One user can be members of multiple administrative units(by division and country for example.

Veeam 12 – New Features 3

Veeam 12 – New Features 3

Add Tape Server on Linux server You can with Veeam Backup & Replication v12, install Tape Server on Linux server. From the Veeam Backup & Replication console, open Tape Infrastructure, click on Tape Infrastructure then on Add Tape Server.

Use Wasabi with Veeam

Use Wasabi with Veeam

Wasabi is a cloud storage service. It can be used as primary storage with Veeam for backup OnPrem or Cloud workloads. It can also be used as secondary storage (backup, archiving, etc.). This solution offers a system availability of 99.99%. Architecture of Wasabi Wasabi is composed of a scalable and distributed architecture with no single point of failure. The Wasabi service is composed by servers, hard drives and network device. For reasons of compliance with certain constraints, it may be…

Read More Read More

Veeam 12 – New Features 2

Veeam 12 – New Features 2

What new in Veeam v12 Hardened Repository is now an important security for the backup chain. Cryptolocker try frequently to encrypt the backup file. A lot of new features is present in the Veeam v12. Compatibility with Hardened Repository Before the v12, you can use Hardened Repository for :

Manage Ubuntu Linux with Microsoft Intune

Manage Ubuntu Linux with Microsoft Intune

It is now possible to register in Microsoft Intune Linux workstations. To date, the equipment must run the Ubuntu distribution Ubuntu Desktop 22.04 or 20.04 LTS. When installing the Linux distribution, it is recommended to activate encryption. This may be required by Microsoft Intune.

Veeam 12 – New Features 1

Veeam 12 – New Features 1

Backup directly to cloud storage Since Veeam v12, it is possible to backup resources and then store the backup chain in a cloud storage. From the Veeam console, click on Backup Infrastructure then on Add repositories.

Veeam Backup & Replication 12 – Install Server

Veeam Backup & Replication 12 – Install Server

Install Veeam v12 A lot of new feature is available with Veeam Backup & Replication. We will see in future posts these different features. Let’s see today how to install Veeam v12 using a PostGre SQL database and enable Double-factor authentification. Launch Veeam Backup & Replication 12 install wizard then click on Veeam Backup & Replication Install.

Hardened Repository

Hardened Repository

The Hardened backup repository is a backup repository who contain an option for immutability. This feature permit to protect data against data loss due to malware. Indeed, deletion of data is temporarily prohibiting. Note that only Linux backup repository provices the immutability option. Job type supported The immutability option can be enable only for this job :

Configure Autopatch

Configure Autopatch

What is Autopatch Windows Autopatch is a cloud services that permit to automate windows update, M365 apps Microsoft Edge and Microsoft Teams. Updates are provided to devices registered in Microsoft Intune. Following this registration the following services are offered : Windows quality updates : Windows Autopatch keeps at least 95% of eligible devices on the latest quality Windows update. Windows feature updates : Windows Autopatch aims to keep at least 99% of eligible devices on a supported version of Windows….

Read More Read More

Azure AD – Group writeback

Azure AD – Group writeback

Group writeback permit to write Azure Group on Active Directory OnPrem. For this operation, Azure AD Connect Sync is used. Limitation The following limitation must be taken into account when Group writeback is implemented.

Restore physical Windows computer

Restore physical Windows computer

Create recovery image For restore completely your computer you need create recovery image (CD/DVD/removable device). On the Veeam console, click on Inventory tab. Select the server group that contains the server to be restored. Select de server and click on Recovery Media on the rubban.

Manage user account

Manage user account

Account protection allows you to protect user identities and accounts. It is also possible to manage group membership built into the device. With Account Protection, you can configure Account protection or Local user group membership

Use Remote Help

Use Remote Help

Remote help is a tool included in Microsoft Intune, he permit to get assistance at user connected on Windows 10 computer enrolled in Microsoft Intune. Microsoft Intune subscription is required. The workstation must perform Windows 10 or Windows 11. Very important ! Remote help app must be installed on the workstation. Network Prerequisites The tool Remote help use port 443 for communicates and connects to the Remote Assistance Service at https://remoteassistance.support.services.microsoft.com. Note that traffic is encrypted with TLS 1.2. All…

Read More Read More

Configure Microsoft Sentinel

Configure Microsoft Sentinel

Microsoft Sentinel is a SIEM (Security Information and Event Management) and SOAR (Security Orchestrated Automated Response) solution of Microsoft. She permit alert detection, threat visibility, proactive hunting, and threat response.

Protect Azure AD Connect

Protect Azure AD Connect

Today, it is important to respect the policy of least privilege. We had the ability to configure the Active Directory connector for Azure AD Connect with user account. User account without admin right. However, the Azure AD connector still needed an Azure AD account with the Global Admin role.

Cloud Connect for Enterprise

Cloud Connect for Enterprise

cloud connect for enterprise allows companies to have an off-site backup and delivery solution. This allows you to have all backups from different sites to a single location (a private or public datacenter).

Backup Copy

Backup Copy

The Backup Copy feature allows you to create multiple instances of the same backup file. This file is then copied to a second location (fairly regularly off-site). Since the file on the secondary location has the same format as the primary backup, it is possible to restore from the secondary site directly. This solution is very useful in the event of a disaster at the primary site. The Following types of backup has supported

Azure AD SSO Key

Azure AD SSO Key

Azure AD Seamless SSO permit to enable SSO (Single Sign On) with Azure AD/Office 365 portal. When users try to connect to portal, their computer computer is be able to carry out Kerberos authentification to pass credential via the web browser. The password is not requested from the user.

Restore backup to Azure

Restore backup to Azure

Veeam PN for Azure This solution is a free solution at Veeam. I use Veeam PN for more security but it is not mandatory to restore VMs in Azure.It brings new features to the Veeam solution by allowing restoration in Azure or creation of a VPN connection. It can be used for the following purposes : Create site-to-site VPN betweeen company office and Microsoft Azure to connect VM restored in Azure Create point-to-site VPN between remote computers and Microsoft Azure…

Read More Read More

Defender for Identity

Defender for Identity

Microsoft Defender for Identity permit to monitor Azure Active Directory and Active Directory infrastructure. You can easily analyses the data of potential attacks. A Defender for Identity sensor is installed on domain controllers or AD FS servers to access the event logs of these servers. The logs and network traffic will be analyzed by the sensor and then the information needed by Microsoft Defender for Identity will be sent to the Defender for Identity cloud service.

Azure AD Password Protection

Azure AD Password Protection

Azure AD Password Protection it’s an interested feature. He permit to secure your authentification by deny simple password. Microsoft update frequently a list of simple password. When you enable this feature, this list is used for deny user password if it’s on this list. This verification is performed when the password is modified by user or resetted by IT Admins

Autopilot with VPN

Autopilot with VPN

With Autopilot on Hybrid AD Join, Active Directory must be join by computer. With this scenario, the computer can be enrolled on Microsoft Autopilot without being connected to the local network Requirements A latest version of Windows 10 is supported. You must use the following version of Windows 10 :

Implement MFA

Implement MFA

UserLock offers many solutions. In this post, we will see how to manage two-factor authentication using UserLock. You can now protect your Active Directory session.

Cumulative patch KB4078

Cumulative patch KB4078

Before installing this Cumulative Patch, you need to confirm that you use Veeam backup for Office 365 build 5.0.0.1061 or 5.0.0.1063. From the Veeam console, click on Help and Support then on about.

Veeam O365 v5

Veeam O365 v5

Announced at Veeam ON 2020, Veeam Backup for Office 365 Version 5 is now available. It offers the advantage of eliminating the risk of losing access and control of Office 365 data. Exchange Online, SharePoint Online, OneDrive for Business and Microsoft Teams are now protected. With this new version, it is easier to restore documents and files present in Teams. Indeed Veeam has implemented a new explorer for Teams.

Backup Nas

Backup Nas

Veeam solutions offer a wide range of services to ensure high availability on virtual or physical infrastructures. With version 10, Veeam now enables NAS backup. Add file share to Veeam From the Veeam console, click on Inventory tab and select File Share. Click on Add File Share.

Backup Teams

Backup Teams

Backup Teams Teams is a great tool for exchanging documents, Tchat, collaborating on the same project, … It is therefore important to save all these exchanges (tchat, file, …). Veeam Backup for Office 365 permit to backup and restore Office 365 object (Exchange, Sharepoint, Onedrive).

On-Demand Sandbox

On-Demand Sandbox

In production, ha can be interesting to test patch management, migration of the server, etc. You can use Veeam Backup & Replication for create isolated virtual environment. This environment is created with backup of Veeam, VM replicas or VMs from storage snapshot.

Backup SQL

Backup SQL

How you can Backup SQL with Veeam Veeam Backup permit to backup SQL Server. It’s possible to configure backup job for create image-level VM backups. This backup also permits copy database transaction logs. VM State captured. It’s possible to recover SQL Server with restore point and transaction logs. When backup job is configured, you must specify Advanced settings :

Manage external users

Manage external users

With Office 365 project, it is common to have external user access (b2b collaboration). This users may need access to a resource (sharepoint, etc.). These users usually have an Office 365 account and are therefore guest users. Nevertheless, security being an extremely important point nowadays, it is important to set up security rules.

Replication with Veeam

Replication with Veeam

Veeam Backup & Replication permit to backup and restore virtual infrastructure and physical Linux or Windows Server. Nevertheless, Veeam has a wide range of features in addition to backup and restore. When replicating a VM, vSphere creates a snapshot. This snapshot is considered a copy of the VM at a given point in time, she will then be used for replication.

Microsoft tunnel

Microsoft tunnel

What is Microsoft tunnel ? Microsoft Tunnel is a VPN gateway. This solution is used by microsoft Intune and allow access to on-premise solution at IOS/iPadOS or Android devices. Microsoft Tunnel install a Docker container. He is run on Linux server, he can be a virtual or physical server. After that installed Microsoft tunnel, you can deploy on your device a VPN profile. If you hosted the server on Azure, you need deploy an express route or a VPN between…

Read More Read More

Secure data on O365

Secure data on O365

Conditional access is a very interesting feature. It provides an additional level of security. Indeed, access to applications (sharepoint, exchange, etc.) as well as to data can only take place if the user complies with certain conditions. It is common to see conditional access activated to ensure that the MFA is activated or that compliance rules are respected. We will see a new example. I want to make sure that access to Exchange Online or Sharepoint Online from an IP…

Read More Read More

Azure NFS and Veeam

Azure NFS and Veeam

Support for Azure NFS 4.1 is provided by Azure Backup & Replication. Since version 10, it is possible to perform NFS share backup in Azure. To do this, Veeam uses the login credentials of the Azure storage account to access NFS shares.

Configure FSLogix

Configure FSLogix

FSLogix is a solution that permit to enable and simplify the non-persistent Windows enrvironments. It’s a very good solution for the virtual environments (on private or public cloud). He includes the following features :

Enterprise State Roaming

Enterprise State Roaming

Windows 10 allows Azure Active Directory users to synchronize their security settings and application parameter data directly in the cloud. This reduces the time required for reconfiguration when using a new device.

Altaro O365 : The Do’s and Don’ts

Altaro O365 : The Do’s and Don’ts

Office 365 Mailbox Backup: The Do’s and Don’ts Office 365 is a PAAS (Platform As A Service) platform. Microsoft therefore provides its customers with a platform. The maintenance of this platform as well as the update is the responsibility of the publisher. Contrary to what many customers think, Microsoft is not responsible for the data. In case of data loss, voluntary removal of an employee, file encryption, etc. Microsoft will not be able to be asked to return to the…

Read More Read More

The Backup Bible

The Backup Bible

As the old adage goes: fail to prepare, prepare to fail. It’s the perfect description for backup yet to this day so many companies don’t have an adequate backup & disaster strategy in place for when the worst-case scenario happens. Just how well are you protecting your vital data?

Self-Service File Restore Portal

Self-Service File Restore Portal

Restore file or folder Veeam Backup permit to backup Virtual machine or sysical machine. You can restore folder or file with Veeam Self-Service File Restore Portal. Limitations Self-Service File Restore Portal is supported only in the Veeam Backup & Replication Enterprise Plus Edition. This functionnality is available only for Windows machines. The restoration from storage snapshots is not supported by Veeam Backup Enterprise Manager. You need use an account member of local administrator on the local machine.

Enterprise Manager 10

Enterprise Manager 10

What is Enterprise Manager 10 Veeam Backup & Replication is a component that enables reporting and management of Veeam Backup & Replication. With Enterprise Manager you can manage a multiple Veeam Backup & Replication from one platform :

Backup Office 365 with Altaro

Backup Office 365 with Altaro

Altaro O365 Backup permit to backup and restore the Office 365 mailboxes and files present on Onedrive or Sharepoint. The license is of subscription type (annual or multi-year). With Altaro, you can manage and monitor the backup centrally. The storage for the backup is unlimited. Backups are automated and will be taken daily up to 4 times a-day. Afterwards, the registration in the Azure infrastructure of Altaro is carried out.

Veeam for Azure

Veeam for Azure

With Veeam backup for Microsoft Azure you will be able to protect the Microsoft Azure Environments. You can backup your virtual machine and store this backup in Microsoft Azure Storage Account. After saving your resources you will be able to Restore the Azure Virtual Machine Restore the virtual disk of the virtual machine Restore guest OS file and folders of the Azure Virtual Machine

Autopilot and Hybrid AD Join

Autopilot and Hybrid AD Join

Configuring Autopilot and Hybrid AD Join can be useful if you want to be able to apply group policies on the workstation joined to Autopilot.The workstations can be configured using Microsoft Intune or/and through Active Directory group policies. Prerequisites Prerequisites for Autopilot The following URL must be accessed with the system context. You can use Test Device Registration Connectivity script.

Access Review PIM

Access Review PIM

The addition of users in privileged groups changes more or less regularly. It is therefore important to regularly check the privileged rights given to certain users. Azure PIM can be used to review these accesses. This operation can be done manually or automatically.

Autoscale on Azure

Autoscale on Azure

Autosclae permit to have the right of ressource for the application. It’s possible to add resources in case of a more important use and to remove resources in case of a decrease of activity. It is necessary to specify a minimum/maximum number of instances to execute. Adding/deleting is done automatically using different rules.

Identity Score

Identity Score

Azure AD Identity permit to secure your Azure Active Directory. The Identity score is a number between 1 and 223. He permit give an Indicator for how aligned you are with the Microsoft Best Pratice. This Best Practice is a recommandation for the security of your Azure AD, users, … The Identity score feature can be used by Global admin, security admin ou security readers. The secure score contains five categories :

Azure Arc

Azure Arc

Azure arc allows the management of Windows and linux servers present in the local network or a cloud operator. This management is identical to the management of native virtual machines. When connecting a hybrid machine to Azure, it is considered as an Azure resource. It is assigned a resource ID. In addition, it is part of a resource group within an Azure subscription. This allows it to be assigned tags.

Implement AutoPilot

Implement AutoPilot

Autopilot permit permit to install and preconfigure new Windows 10 devices. You can also use this platform for reset device. With Windows AutoPilot, the lifecycle of the workstation is managed. The installation, application deployment and end-of-life of the workstation can be managed from the cloud services.

Use FIDO2 key with AAD

Use FIDO2 key with AAD

It is strongly recommended that you use the MFA solution to secure authentication in Azure AD. However, this requires the use of a password and a second factor (phone, mobile phone, mobile application). Microsoft recommends to stop using password.

Azure Migrate

Azure Migrate

Azure Migrate offer Tools for migrate on-premises infrastructure, applications or data to Microsoft Azure. The Following features are present on Azure Migrate :

Azure PIM

Azure PIM

Azure PIM PIM (Privileged Identity Management) is a service used for manage and monitor access of the privilegied ressource. This ressource can be Azure AD ressource, Azure ressource or other (Office 365 or Microsoft Intune). It is important to limit the number of people with privileged access. This reduces the attack area of a malicious actor. With this feature, organizations can give users just-in-time (JIT) privileged access to Azure resources and Azure AD. PIM offer this functionnality :

Azure Identity Protection

Azure Identity Protection

Azure Active Directory Identity Protection permit to automate the detection and the remediation of identity-based risks. He permit to investigate risks using data and export risk detection data to third-party utilities.

Azure AD Passwordless

Azure AD Passwordless

Authentification without password The mutli-factor authentification or MFA permit to secure the access to the company’s cloud resources. With the functionnality of passwordless in Azure AD, the password is removed, the user can access to the cloud ressources without password. However, they must authenticate themselves from their phone (Microsoft Authenticator app) or Windows 10 computer (FIDO2 security keys).

Security baselines

Security baselines

What is Security baselines Security Baseline permit to secure and protect users and device present on Intune. It can be deploy to the group of user or Windows 10 device. With this settings, you can enable few parameter (automatically enables BitLocker, automatically disables basic authentication, etc.).

Deploy Azure Firewall

Deploy Azure Firewall

What is Azure Firewall ? Azure FIrewall is a sertice to secure your network on Azure. The ressources has now been protected by one firewall. This service permit high availability and unlimited scalability on the cloud platform. With this functionnality, you centralize application and network connectivity policies. Azure Firewall use static public address.

Deploy Company Portal

Deploy Company Portal

Why deploy Company portal ? Company portal is the Microsoft Intune Application. You can deploy it for install available application. On this application user can delete a lost device or force synchronization. This application is not installing when you install your computer. You must install by the windows store. You can deploy automatically this application with Windows Store for Business and Microsoft Intune.

Windows 10 Auto-enrollment

Windows 10 Auto-enrollment

Requirements for Autoenrollment Since Windows 10 1709, it is possible to automatically enroll the computer on Azure Active Directory (AD). You can use group policy parameter for auto-enrollment.

Configure Pass-through Authentication

Configure Pass-through Authentication

The Pass-through Authentication This authentification allows you to use the same password for the on-premise and Cloud-based applications. However, it’s important to note that user authentication is done through the Active Directory on-premise and not through Azure Active Directory. It’s a good alternative to Azure AD Password Hash Synchronization. However, it makes it easier to apply a security policy to passwords.

Renew IOS Certificate

Renew IOS Certificate

The registration of an IOS device in Microsoft Intune requires to use a certificate. This certificate must be requested on the apple site. It’s valid for 1 year and must be renewed before it’s expiry. In case of deletion or expiry of the certificate, it’s necessary to re-register all the device. It’s very important to use the same Apple ID. From the Azure portal, it’s possible to view the expiration date.

Android enterprise kiosk devices

Android enterprise kiosk devices

Prerequisites With this feature, administrators have the ability to lock the use of a device ( authorized applications,…). Thus the user cannot install his applications (social networks, games,…). It’s important to note that registration is done without a user account. The equipment is therefore not associated with any end user.

Deploy Email profile

Deploy Email profile

Deploy Email profile Intune allows to deploy an email profile on registered devices. It is thus possible to automate the configuration of an email profile on one or more devices. It is interesting to note that the built-in mail client is supported for most platforms. Email profile can be deployed on this platforms.

Deploy certificate

Deploy certificate

Deploy certificate with Microsoft Intune? Some company resources are accessible through a digital certificate. It’s therefore necessary for users to have a certificate to access VPN, Wifi,… These certificates prevent the use a user name and password. Intune allows you to assign and manage these certificates. Two types of certificates can be used:

Intune Compliance Policy

Intune Compliance Policy

Intune Compliance Policy The compliance policy in Intune is an important point because it makes it possible to verify that mobile device complies with security constraints. Several parameters can be configured in the compliance policy.

Configure Device Writeback feature

Configure Device Writeback feature

We have had the possibility for many years to join a machine to an Active Directory domain. With cloud services (Office 365, Azure AD, …) identity management has become a very important point. Microsoft implemented in Windows 10, the functionality Azure AD Join (previously Workplace Join) allowing the junction of the machine in Azure AD Join.

Azure File Sync

Azure File Sync

Azure File Sync Files are an important resource in a company. For workstations rarely connected to the local network, these files are stored locally.It is therefore important to ensure that these files are synchronized on an enterprise server or in the cloud. All protocols offered by Windows Server (SMB, NFS et FTPS) are available in Azure File Sync.

Co-management SCCM

Co-management SCCM

Co-management for Windows 10 devices Co-management can meet several requirements: If you have a Microsoft 365 subscription and want to use the included Windows 10 licenses.

Install configure Microsoft ATA

Install configure Microsoft ATA

Advanced Threat Analytics Advanced Threat Analytics also known as ATA is the only solution on premise of the EMS suite. This platform, which is present in a local network, protects the information system of a company against cyber attacks (targeted attacks, sophisticated attacks, internal threats, etc.). To locate these attacks, the elements present in the local network allow users to learn their behavior. This is for one purpose only: to define a behavioural profile and thus define abnormal behaviours.

Reset MDM Authority

Reset MDM Authority

What is the MDM Authority Before any Microsoft Intune implementation project, a choice should be made between setting up a Microsoft Intune platform in standalone or hybrid mode (with System Center Configuration Manager). It is necessary to know the two solutions, but also the advantages and disadvantages of these solutions. Switching from one mode to another has been simplified from System Center Configuration Manager 1610. It is no longer necessary to contact Microsoft support for this. This is discussed in…

Read More Read More

Manage Licence on Azure Portal

Manage Licence on Azure Portal

Licensing is an important part of a cloud service. It allows a user to access and use the service concerned (Office 365, Azure AD, …). This action was operating through the Office 365 console, so Microsoft now enables licenses to be enabled from the new Azure console (Ibiza).

Cloud APP Discovery

Cloud APP Discovery

It is unfortunately common to see in a company of cloud applications (dropbox,…) used in services unless the IT team is aware. This can cause data loss and security problems. Cloud App Discovery is a feature present with the Premium of Azure AD version, it allows to perform application detection cloud used by the company.

Backup Nas Synology on Azure

Backup Nas Synology on Azure

Backup Nas Synology on Azure If you have a Synology NAS, it may be interesting to enable backup of this NAS in the cloud. So even in the event of loss of a drive (and if the RAID has not been enabled), it is possible to recover the data easily. It is possible to backup in several cloud, this article is about the backup in Azure.

Active Android for Work

Active Android for Work

Android for work allows a more complete management of Android mobile. It allows to expand the possible configurations in an MDM as Microsoft Intune.Several benefits are provided by this solution which:

Records for Auto-discovery

Records for Auto-discovery

Cname records for Auto-discovery If you want add Windows Device (Windows Phone 8.1/10 or Windows PC 8.1/10) on the intune platform, you need add cname records on your Public DNS Server. This operation is needed to operate the auto-discovery with the Windows devices only. There is no problem with IOS and Android Device.

MAM Without Enrollment

MAM Without Enrollment

MAM Without Enrollment Microsoft has implemented a MAM (Mobile Application Management) solution in Intune. However, this solution requires enroll the device in the MDM (Mobile Device Management). For people not wishing to add their equipment in a type MDM platform, it is possible to proceed with the creation of rules MAM without enrollment.

Azure AD Connect

Azure AD Connect

Azure Ad Connect is a tool provided by Microsoft that allows to extend the scope of AD accounts for cloud services. Indeed the AD user accounts can be used only in an AD domain. To allow a user to use the login and password in a cloud service (Azure, EMS, Office 365,…) it is necessary to proceed with the synchronization of accounts. Several solutions are possible, using ADFS server, the password synchronization or Azure AD pass-through). The tool can be…

Read More Read More

Enrolling Device on Intune

Enrolling Device on Intune

Enroll Device into Intune After you configure the platform Microsoft Intune, it is important to add mobile devices (IOS, Windows Phone or Android). This operation must be performed directly from the equipment. So, this article presents the steps to add an equipment.

Enroll Windows 10 device

Enroll Windows 10 device

Enroll Windows 10 Computer The enrollment of a computer Windows 10 can be done through the Microsoft Intune agent or through the Workplace Join functionality. This feature allows a Windows 10 equipment of enroller in Microsoft Intune. Unlike the agent who allows to add equipment such as a computer, Workplace Join allows the addition of the computer as a mobile. So some functionality may not be used (anti-virus, firewall management, Microsoft patch management). Join workplace join is native to Windows…

Read More Read More

Network Security Groups

Network Security Groups

Network Security Groups on Azure Network Security Groups to perform segmentation in a virtual network (VNet). The feature also lets you control who enter and leaves a virtual machine connected to the VNet. This feature also allows the production of scenarios DMZ (demilitarized Zone). It is common to have in a local network of the front-end servers (iis,…) positioned in DMZ and the database or other servers in the local network. This allows for example to secure the data of…

Read More Read More

Azure AD Groups

Azure AD Groups

Groups on Azure AD The group management has been implemented in Azure AD, this feature allows easier administration of access to resources. These may be local (resources present in the Azure Active Directory) or external (SharePoint site, SAAS application,…). Access to a resource can be done in several ways:

Intune conditionnal access

Intune conditionnal access

Office 365 conditionnal access If you have a subscription intune and office 365, it is possible to configure the conditional access. This feature allows to control access to the boxes mail Office 365. Only devices enrolles in Microsoft Intune and respecting security defined constraints will have access to their mailbox Microsoft Office 365.

Hybrid Diagnostic tool

Hybrid Diagnostic tool

The different mode of intune Microsoft Intune can be used with two distinct modes. In stand-alone mode, the platform is present in the Microsoft cloud. No interaction with your information system. The facilities administration and management of the platform. This action takes place from the web portal. The second mode is more “complex” because it contains an intermediary more.

Azure Web Site

Azure Web Site

Azure Web Site The Azure platform allows host many resources and provide a lot of functionality. We’ll see today hosting a web site and a MySQL database in Azure. As for one host classical, Azure allows hosting site wordpres,… . The PHP functionality is available is allows execution of script.

Disaster Recovery Plan

Disaster Recovery Plan

Disaster Recovery Plan The PRA (disaster recovery Plan) is an important point in an information system. In fact it allows to quickly restart the infrastructure in the event of major crash. Several solutions offered to us, replication of virtual machines in a second center, in a datacenter, in Azure,… So let’s see here the reseating of a PRA with Azure Site Recovery.

Configure Azure VPN

Configure Azure VPN

You can use VPN Gateway to connect an Azure network and your network On premise. So you can have your ressources on azure and on local Network. How to configure VPN Gateway Before configure VPN Gateway, access to the Azure Portal (https://portal.azure.com/) and click Create ressource / Networking / Virtual Network.

Configure Azure CDN

Configure Azure CDN

Configure Azure CDN What is Azure CDN ? What is the usefulness of this feature ? How can implement you it ? These are all questions that may be asked before setting up Azure cdn for the first time. Azure CDN enables caching of web page, thus it helps ensure maximum throughput. These benefits are therefore made :

Backup File Azure

Backup File Azure

Why Backup File to Azure ? The backup is an important point that it is necessary to not to neglect. Backup outsourcing is a viable solution for a large number of business. Indeed, this allows to avoid material costs (server, tape drive, disk,…) but also the costs of training of backup as well as licensed software. More outsourcing to limit administration tasks. It is possible to undertake the externalize of backup in Microsoft Azure.

Device Group Mapping

Device Group Mapping

With System Center Configuration Manager, it is very easy to implement dynamic collections to categorize internal and mobile devices from Intune. Thus the deployment of an application or a strategy is largely simplified. Indeed, on the basis of a criterion (OS, type network adapter,…) the different device are grouped in a collection. These work through inventory returned by mobile devices or not. In intune in SAAS mode, it is very difficult to have dynamic groups. The choice and much smaller…

Read More Read More

Azure AD Connect Health

Azure AD Connect Health

Azure AD Connect Health is a tool that allows the administrator to monitor infrastructure AD On Premise. Until now several tools was provides the administrator (Scom – System Center Operation Manager-, event log,…) It is now possible to conduct surveillance through Azure AD Connect Health. This can very quickly see performance alerts or sync error… You can also monitor your infrastructure ADFS (Active Directory Federation Service) 2.0 and 3.0.

Deploy Office 365

Deploy Office 365

The Deployment of Office 365 (Office Click to run Office 2016) can be done in different ways. This article details the different steps for a deployment of this software with Microsoft Intune on a Windows 10 workstation managed as a mobile device.

Protect Enterprise Data

Protect Enterprise Data

Enterprise mobility is widely used nowadays. Many employees now has a smartphone, tablet or both. It is common to find on these devices to enterprise data but also of personal data. The risk of disclosure of professional data is more important. Windows 10 offers an interesting feature EDP (Enterprise Data Protection). You can use EDP for this scenarios : Encryption of the data on personal and professional device. Remote wipe of business data on managed computers (personal data are not…

Read More Read More

Help for enrollment process

Help for enrollment process

You have choosen to install the Microsoft Intune Platform. After performing user synchronisation and configure Platform, it’s necessary to enroll the devices. This step is mandatory to apply rules or install application. so make sure the protection of corporate Data and manage device.Users cant access to the company portal if the device is not enroll into Microsoft Intune Platform.

Manage application

Manage application

Managed Application in Intune Since few years, Microsoft had add into Intune plateforme the functionnality managed application. Microsoft Skype for Business (MAM with MDM) available now for iOS and Android Microsoft Dynamics CRM (MAM with MDM) available now for iOS and Android Adobe Reader (MAM with MDM) available now for iOS