Modern security and wifi standards say we have to move to certificates but that’s a tall order for many, particularly if we need to replicate the user-level identification of a humble password.
Updating the old ghost computer account sync script to get NPS working with Azure AD / Entra-joined devices again, but it’s a last gasp.
Presenting some ideas about how we can enforce more secure authentication methods without locking out users that don’t have them yet. Featured in Entra News!
Resurrecting a bit of troubleshooting technique from the golden age of email.
A maddening bug in Exchange that will probably never be fixed, but at least I’ll show a workaround.
A lack of mobile support for FIDO2 auth and Passkeys from Microsoft is hampering widespread adoption but some limited use cases can bring immediate benefit to securing high-risk activities.
We’re not doing well enough at communicating the need for better authentication or providing simple means for its widespread adoption.
I’ve put this post together as an update for a number of schools who have asked me how we’re going on our Private Preview of MCC and will try to keep it generally updated on our progress. I’ll start with a bit of background though, for anyone new to this. You had me at DOINC The best product acronym Microsoft ever devised was DOINC, for the Delivery Optimisation In-Network Cache. This was a service that would store local copies of Windows and Office apps and updates so that client devices could access a fast, consistently-connected local copy rather than downloading from peers or over the Internet....
I’ve been tacking in the direction of cybersecurity in recent years and specifically within the Microsoft 365 suite. I took the Security Administrator track on my Enterprise Admin certification and didn’t find that too difficult as it was grounded in my day-to-day. This one was pushing the boat out as it’s more Azure-based and honestly I wasn’t expecting to pass first time, but it fairly soaked up these dull days between Christmas and New Year!...
Schools can hardly be the only organisations with legacy applications in regular use for vital ’line-of-business’ functions. Hopefully for the most part these are visible to IT, securely contained and have an end-of-life date with a succession plan rather than being adopted through choice into a modern desktop environment. A while ago I encountered a nasty and unavoidable case of the latter and had to figure out a solution. The application I was tasked to deploy was for processing sensitive financial data on our most heavily-secured devices and relied on Internet Explorer and Java....