Read the first two sentences until they are seared into your brains. This is also why Compliance != Security and attackers leverage it every day. I used to leverage it too. For example: you will not find any compliance framework that will tell to implement a CAP to block

Applying some visuals on that CA Simulator #ConditionalAccess #EntraID

❄️Windows Hello for Business: Multi-factor unlock adds a second factor to protect against situations where the PIN has been shared or shoulder surfed. In this blog post I show how to it, and the user experience. rockenroll.tech/2026/02/06/win…

The endpoint management newsletter is out! Highlights include: Secure Boot (2026 cert refresh) + Autopilot v2 (25 apps in OOBE). Read: danielengberg.com/newsletter-jan… Subscribe: danielengberg.us20.list-manage.com/subscribe?id=c… #intune #msintune #configmgr #powershell #windows11 #copilot

Look.. it's a Conditional Access policy simulator built by an infra architect guy who got tired of squinting at What If results 🫠 Shiny graphs yay! 🔗ca.haakonwibe.com No sign-in needed, click Sample Data and play around. Or connect to your own data - all's in browser.

#Microsoft Intune no longer issues certificates using PKCS or SCEP due to an expired certificate on the #msintune Certificate Connector server. Here's how to fix it. #MDM #MEM #mobility #security #aovpn rmhci.co/40Tas0t

I played a bit with the new #Microsoft Teams #MDO Advanced Hunting tables in #DefenderXDR. Came with a couple of detection ideas that might be interesting. You can find them at: github.com/HybridBrothers… #KQL #Kusto

NTLM authentication is now deprecated, and Windows is moving toward a more secure, Kerberos-based model—a major step toward a passwordless, phishing-resistant future. Read the long-term roadmap to reduce, restrict, and ultimately remove NTLM from Windows: msft.it/6015QultP

Don't have PKI but want to use TLS inspection in Global Secure Access? This script sets up Azure Key Vault Premium (HSM backed keys, $5/month), creates the CA certificate in Key Vault, gets the CSR from GSA, signs it with Key Vault, and adds it to GSA 🔥 github.com/nathanmcnulty/…

There are many applications in Entra that you should prevent access to by default Unfortunately, most of those don't expose an option to require assignment... must use Graph API :-/ I highly recommend locking these down, list of apps and directions here: github.com/PatriotConsult…

🎆 All done with the January (2601) Microsoft Intune UI extensions for all regions! 🎆 🆕 What's new docs: aka.ms/IntuneWN ▶️ What's new blog: aka.ms/IntuneWN2601 #MSIntune #AlwaysIntune #IntuneInspired

Microsoft sunsetting the "Approved client app" Conditional Access grant in March. Was one of the popular ones when there werent' a lot of controls - decent protection for MAM, and sometimes an extra layer on MDM. Now that App Protection Policies are better (not perfect), you

CA Simulator v0.3.3 is live 🚀 Now supports: → Custom authentication strengths → Token protection policies → Insider risk conditions → User actions & auth context targeting → Session controls in the verdict summary → 19 sample policies (6 new) ca.haakonwibe.com

I can't find these 8 preset base policies for App Control? 🤔 The Intune docs seem very outdated as well, referencing controls that aren't there anymore (probably a good thing given that disabling trust of Windows components can lead to issues)

Active Directory is dead. Finished. I vibe coded an AI powered AD hardening engine in 6 minutes. It auto generated 147 new GPOs. Rewrote delegation across 38 OUs. Disabled NTLM. Enforced smart card only logon. Tiered the environment… spiritually. Now no one can RDP. The ERP

We often assume that configuring a 'Never persistent' browser session in Microsoft Entra ID means users cannot stay signed in on unmanaged devices. Well… it turns out reality is more nuanced. More in my recent blog post 👇 #Security #EntraID inthecloud247.com/never-persiste…

None shall pass(key)! Wait, it's auto-enabled? 🤔alttabtowork.com/2026/02/17/pas… #passkeys #entraid #Microsoft365 #Intune

Super impressed by our squad at the Winter Olympics in Milano Cortina this year. A record win for Norway with 40 medals and 18 golds on top. Average Norwegian reaction: "Det gikk greit, ja" (Translation: Not too shabby) 🇳🇴🥇⛷️