Security baselines

Deploy Company Portal

What is Security baselines

Security Baseline permit to secure and protect users and device present on Intune. It can be deploy to the group of user or Windows 10 device. With this settings, you can enable few parameter (automatically enables BitLocker, automatically disables basic authentication, etc.). Continue reading

Deploy Azure Firewall

Azure Firewall

What is Azure Firewall ?

Azure FIrewall is a sertice to secure your network on Azure. The ressources has now been protected by one firewall. This service permit high availability and unlimited scalability on the cloud platform. With this functionnality, you centralize application and network connectivity policies. Azure Firewall use static public address. Continue reading

Deploy Company Portal

Deploy Company Portal

Why deploy Company portal ?

Company portal is the Microsoft Intune Application. You can deploy it for install available application. On this application user can delete a lost device or force synchronization. This application is not installing when you install your computer. You must install by the windows store. You can deploy automatically this application with Windows Store for Business and Microsoft Intune. Continue reading

Windows 10 Auto-enrollment

AutoEnrollment

Since Windows 10 1709, it is possible to automatically enroll the computer on Azure Active Directory (AD). For this you can use using a group policy parameter.

Requirments for Autoenrollment

Autoenrollment requires meeting some prerequisites : Continue reading

Configure Pass-through Authentication

Configure Pass-through Authentication

The Pass-through Authentication

This authentification allows you to use the same password for the on-premise and Cloud-based applications. However, it’s important to note that user authentication is done through the Active Directory on-premise and not through Azure Active Directory. It’s a good alternative to Azure AD Password Hash Synchronization. However, it makes it easier to apply a security policy to passwords.

Benefits of the solution

This solution offers the following benefits :

  • The same password for cloud-based applications and on-premise applications
  • When user change password, the modification for cloud-based application is instantaneous
  • Easy to deploy: only one agent to install
  • Passwords are never stored in the cloud
  • Agents can be installed on multiple on-premises servers to provide high availability

Continue reading

Renew IOS Certificate

Renew IOS Certificate

The registration of an IOS device in Microsoft Intune requires to use a certificate. This certificate must be requested on the apple site. It’s valid for 1 year and must be renewed before it’s expiry. In case of deletion or expiry of the certificate, it’s necessary to re-register all the device. It’s very important to use the same Apple ID.
From the Azure portal, it’s possible to view the expiration date. Continue reading

Android enterprise kiosk devices

Android enterprise kiosk devices

With this feature, administrators have the ability to lock the use of a device ( authorized applications,…). Thus the user cannot install his applications (social networks, games,…). It’s important to note that registration is done without a user account. The equipment is therefore not associated with any end user. Continue reading

Deploy Email profile

Deploy Email profile

Deploy Email profile

Intune allows to deploy an email profile on registered devices. It is thus possible to automate the configuration of an email profile on one or more devices. It is interesting to note that the built-in mail client is supported for most platforms. Email profile can be deployed on this platforms. Continue reading

Deploy certificate

Deploy certificate with Microsoft Intune

How you need deploy certificate with Microsoft Intune?

Some company resources are accessible through a digital certificate. It’s therefore necessary for users to have a certificate to access VPN, Wifi,… These certificates prevent the use a user name and password. Intune allows you to assign and manage these certificates. Two types of certificates can be used:

  • Simple Certificate Enrollment Protocol (SCEP)
  • PKCS#12 (or PFX)

Continue reading

Intune Compliance Policy

Reset MDM Authority

Intune Compliance Policy

The compliance policy in Intune is an important point because it makes it possible to verify that mobile device complies with security constraints. Several parameters can be configured in the compliance policy.

  • Using a password to access devices
  • Encryption of the device
  • Prohibit jailbroken or root device
  • Minimum operating system version required
  • Maximum allowed version of the operating system
  • Require the device to be at or below the level of defense against mobile threats

Continue reading