Great Vid. Was wondering if you could do a video on Intune device licenses. There is practically no info out there on this. Specifically enrolling Win10/11 devices using Intune device licenses for shared workstations? What are the best ways to do this? What are the limitations? Lots of businesses use shared workstations for healthcare or factory workers that use the same workstations when on shift as others. We want them in Intune without paying per user license. Thanks!
Does the order matter with these policies? I kind of have a few basic general purpose CA policies and a few I want for special cases. Do I put the special cases first or last or does the order not matter and I have fiddle with exclusions for each policy to stop one of them stomping on the others where it shouldn't?
Also, for licencing purposes, if I set up a 'break-glass' admin account, do I need to have a Business Premium licence attached to it or will one with no licenses be acceptable (providing that is literally its only purpose)? Any technical pros or cons for doing it this way?
Love and appreciate your videos. Regarding MFA, I'm super excited for Device-bound Passkeys in Microsoft Authenticator to come out of Public Preview. This will be a huge step to securing accounts post EvilJynx.
Firstly love the videos thanks so much learnt a bunch.
Set this up as a lab. I had issues launching outlook and any other app. I wasn’t sure how to configure the intube app policy for mobile and desktop. I watched the other vid but it still just kept looping for login credentials.
What is the minimum licensing required to enable conditional access (365 business premium?) ? And what if you have a mixed licensing environment? Do policies apply to basic users if setup ?
Great video, unfortunately Conditional Access is another paid subscription service on top of a Microsoft 365 Business Standard account. You need a Business Premium, another £7.80 per user a month.
At the start of the video you created a conditional access policy requiring MFA for all users. Why is a second policy required MFA for Entra join. Isn't that redundant? Great video, Thanks!
For the whitelisting countries bit, when you filter to compliant devices outside of approved counties, would approved apps (like Outlook or Teams) on unmanaged iPhones still work?
I just wanted to join the group and let you know that your videos are amazing. Straight to the point and very informative. Due to this video, I created a little script in PowerShell using Microsoft Graph that will configure all these conditional access policies and one more that block access to all Azure Admin Portals. I just want to share the script as a little contribution to all the effort and good things that you put on your videos. What is the best way to share it? Thanks again for all your good work
I'm professional thumbnail designer on fiver I really want to design your thumbnails more eye catching
Jonathan you are a God sent!
Thank you so much for these great videos! 🙏🙏🙏
As always very informative!
Though I've some questions about 2FA.
1. What will be the impact for users when disabling SMS from Entra when they've already enabled/using SMS using the Per user MFA?
2. Do you need to disable Per user MFA when 2FA forced using a CA?
3. You've excluded the Admin from any CA. How would you enforce 2FA for this one?
Greetings from overseas, the Netherlands.
Thanks Jonahan, I like your straight forward communication style.
Another great video! Too many organisations rely on Microsoft Baseline or defaults
Great Vid. Was wondering if you could do a video on Intune device licenses. There is practically no info out there on this. Specifically enrolling Win10/11 devices using Intune device licenses for shared workstations? What are the best ways to do this? What are the limitations? Lots of businesses use shared workstations for healthcare or factory workers that use the same workstations when on shift as others. We want them in Intune without paying per user license. Thanks!
beautiful
Great video ! Thanks!
GREAT VIDEO
Does the order matter with these policies? I kind of have a few basic general purpose CA policies and a few I want for special cases. Do I put the special cases first or last or does the order not matter and I have fiddle with exclusions for each policy to stop one of them stomping on the others where it shouldn't?
Also, for licencing purposes, if I set up a 'break-glass' admin account, do I need to have a Business Premium licence attached to it or will one with no licenses be acceptable (providing that is literally its only purpose)? Any technical pros or cons for doing it this way?
Thank you Jonathan, this will help me secure the tenants of my customers.
Love and appreciate your videos. Regarding MFA, I'm super excited for Device-bound Passkeys in Microsoft Authenticator to come out of Public Preview. This will be a huge step to securing accounts post EvilJynx.
Thankt!!! Great video !
And what do I do with the scanner email and the MFA? without using a gmail (I have already seen your other video)
I'd also recommend creating a Continuous Access Policy to require MFA if the network changes. This helps protecting against session token theft
If I have MFA enabled, I cannot setup our software to send emails. It is a housing software that emails our tenants.
Great vid. Speaking of global admin, how about a video talking about how to manage/removing local admin privileges on workstations?
Dude. I love you.
Firstly love the videos thanks so much learnt a bunch.
Set this up as a lab. I had issues launching outlook and any other app. I wasn’t sure how to configure the intube app policy for mobile and desktop. I watched the other vid but it still just kept looping for login credentials.
Thanks, Jonathan – what a great overview! I cannot stress enough the importance of implementing these important controls in your tenant. well done!
very helpful,,thanks a lot sir
What is the minimum licensing required to enable conditional access (365 business premium?) ? And what if you have a mixed licensing environment? Do policies apply to basic users if setup ?
Great video, unfortunately Conditional Access is another paid subscription service on top of a Microsoft 365 Business Standard account. You need a Business Premium, another £7.80 per user a month.
If I am using Business Standard this doesn't apply to me and I'm not secured, correct?
Well done Jonathan, loves all your videos. thanks
At the start of the video you created a conditional access policy requiring MFA for all users. Why is a second policy required MFA for Entra join. Isn't that redundant? Great video, Thanks!
I work supporting 365 and i love your videos. Thanks!
For the whitelisting countries bit, when you filter to compliant devices outside of approved counties, would approved apps (like Outlook or Teams) on unmanaged iPhones still work?
thank you so much the content is excellent and helps a lot
I just wanted to join the group and let you know that your videos are amazing. Straight to the point and very informative. Due to this video, I created a little script in PowerShell using Microsoft Graph that will configure all these conditional access policies and one more that block access to all Azure Admin Portals. I just want to share the script as a little contribution to all the effort and good things that you put on your videos. What is the best way to share it? Thanks again for all your good work
PERFECT VIDEO !
Thanks Jonathan, this insight was really helpful. May I know what license type is required to create new policies?
Thanks for the video
Only can say… brilliant
Great video, already had some of these set up but others were missing. It was a very easy video to follow, cheers!