Patrick Seltmann's Avatar

Patrick Seltmann

@patrickseltmann.bsky.social

15+ yrs in Microsoft identity, access & endpoint mgmt. From AD & SCCM to M365.Opinions are my own, not my employer’s.

11 Followers  |  14 Following  |  18 Posts  |  Joined: 03.03.2025  |  1.8314

Latest posts by patrickseltmann.bsky.social on Bluesky

Preview
Why you should ensure whether your TPM module has not been disabled once - ctrlshiftenter.cloud Hi everyone, in this blog post, I will write about the importance of the trusted platform module (TPM)…

New blog post! Why the Trusted Platform Module (TPM) is critical and why disabling it—even once—can breaks your security chain. Spoiler: There is no "self-healing" process for critical artifacts like the PRT or Windows Hello keys! www.ctrlshiftenter.cloud/n2z1
#Microsoft #Cybersecurity #Endpoint

22.12.2025 16:15 — 👍 0    🔁 1    💬 0    📌 0

🚀 New blog post: Should you exclude "Microsoft Intune Enrollment" from your compliance conditional access policy or not?

Read more in my new blog post: www.ctrlshiftenter.cloud/31fa #conditionalaccess #intune #entra #microsoft #security

12.10.2025 13:58 — 👍 0    🔁 0    💬 0    📌 0
Preview
Mastering App Control for Business | Part 7: Maintaining your policies with Azure DevOps (or PowerShell) - ctrlshiftenter.cloud Hello everyone, in this last post in this series, I will describe how you can maintain your App…

🚀 New: App Control for Business — Part 7. Automate ACfB policy deployment: maintain, sign, and deploy to Intune via Azure DevOps pipelines or with PowerShell 7. Read more about this on my blog: www.ctrlshiftenter.cloud/bn0o
#AppControl #WDAC #Intune #PowerShell #DevOps #Security #Microsoft

27.09.2025 15:45 — 👍 1    🔁 0    💬 0    📌 0

Thanks for your reply. I have already double checked that but the sign-inverification methods are still not there.

03.09.2025 07:50 — 👍 0    🔁 0    💬 0    📌 0
Post image

Does anyone know how to remove these old authentication methods from windows? #windows #authentication

03.09.2025 06:06 — 👍 0    🔁 0    💬 1    📌 0
Preview
Mastering App Control for Business | Part 6: Sign, apply and remove signed policies - ctrlshiftenter.cloud HI folks, in this post, I continue my blog series about Application Control for Business and take a…

🚀 New Blog Post – App Control for Business | Part 6
Learn how to sign, apply, and remove signed policies to protect against tampering.
Now on my blog 👇
👉 www.ctrlshiftenter.cloud/oat7 #WDAC #AppControl #EndpointSecurity #Cybersecurity #Microsoft #Intune #prevention

25.08.2025 16:02 — 👍 1    🔁 0    💬 0    📌 0
Preview
Mastering App Control for Business | Part 5: Create a base policy for fully managed devices - ctrlshiftenter.cloud Hi folks, in this blog post, I will continue my series on Application Control for Business and explain…

🚀 New Blog Post – App Control for Business | Part 5
How to create a custom base policy for fully managed devices — with PowerShell or the App Control Wizard.
Includes real examples with Notepad++
👉 www.ctrlshiftenter.cloud/4qz1
#WDAC #AppControl #Security #Intune

21.06.2025 13:50 — 👍 2    🔁 0    💬 0    📌 0
Preview
Exciting News for Nonprofits: Enhanced Security with Microsoft Enterprise E5 Add-On! | Microsoft Community Hub What Does the E5 Security Add-On Include? The Microsoft Enterprise E5 Security add-on offers advanced security capabilities, including: Microsoft Entra ID...

#Microsoft has announced the availability of E5 Security Add-On licenses for #nonprofits witch already own Business Premium Licenses.
This is a hugh benefit for nonprofit organization which want to take their #cybersecurity to the next level.
techcommunity.microsoft.com/blog/nonprof...

03.06.2025 06:07 — 👍 0    🔁 0    💬 0    📌 0
Preview
Entra Connect Sync - Attack Surface Reductions - ctrlshiftenter.cloud In this blog post, I will write about often ignored security aspects in hybrid Microsoft infrastructures (in my…

🔐 Reduce the attack surface of your Entra Connect Sync setup!
✅ Hard vs. soft match
✅ ImmutableID & mS-DS-ConsistencyGuid
✅ Secure app-based auth w/ CA
✅ Security Best Practises
🔎 Monitor changes via KQL
👉 www.ctrlshiftenter.cloud/q1oc #EntraID #Microsoft #Hybrid #Security

29.05.2025 13:45 — 👍 0    🔁 0    💬 0    📌 0

🎉 Just published an early public version of CAxPorter Utility – to manage #EntraID #ConditionalAccess Policies in bulk!

Import/export CA policies
Rename & delete policies
Generate Markdown docs via #OpenAI
Works with CLI & GUI
Blog: www.ctrlshiftenter.cloud/60zf
GitHub: github.com/PatrickSeltm...

04.05.2025 17:40 — 👍 0    🔁 1    💬 0    📌 0
Post image

Looks like Lifecycle Workflows just added the ability to revoke session tokens 💪

Previously, we had to create our own custom extension (Logic App) to do this, so really nice to see it as a built-in task now :)

learn.microsoft.com/...

19.04.2025 06:02 — 👍 14    🔁 3    💬 1    📌 0
Preview
Entra ID to Disable Service Principal-Less Authentication Microsoft will disable service principal-less authentication in March 2026. This step closes a hole that doesn't exist today but might in the future.

#EntraID will block service prinicipal-less authentication from March 2026. Don't know what this is or if it will affect your #Microsoft365 tenant? It's time to check.... Microsoft will take care of 1P apps. Other vendors need to do the same
office365itpros.com/2025/04/15/s...
@nathanmcnulty.com

15.04.2025 09:41 — 👍 6    🔁 3    💬 1    📌 0

Hello #microsoft, your mslearn page “Conditional Access architecture and personas” from the #Azure Architect Center, which explains the Conditional Access Persona Framework, was deleted 5 days ago. Why?

15.04.2025 07:07 — 👍 0    🔁 0    💬 0    📌 0
Preview
Mastering App Control for Business | Part 4: How to create a "starter base policy" for lightly managed devices - ctrlshiftenter.cloud In the last three blog posts about App Control for Business, I talked a lot of theory and…

🚀 New blog post: Mastering App Control for Business – Part 4 🔐
Learn how to create a “starter base policy” for lightly managed Windows devices.

www.ctrlshiftenter.cloud/qu8h

#WDAC #AppControl #Intune #CyberSecurity #ZeroTrust #Windows #MSIntune #Microsoft #EndpointManagement #Endpoint #Security

13.04.2025 12:59 — 👍 1    🔁 0    💬 0    📌 0
Preview
Session token lifetime: require reauthentication every time - ctrlshiftenter.cloud Every time I talk about Conditional Access I say: “You must think about it as an identity firewall…

I've written a short explanations about the session toke lifetime: require reauthentication that was released by #microsoft with the march 2025 #MicrosoftEntra updates. www.ctrlshiftenter.cloud/hdf7

#ConditionalAccess #ZeroTrust #IdentitySecurity #M365 #CloudSecurity #PrivilegedAccess #PAW

30.03.2025 18:17 — 👍 0    🔁 0    💬 0    📌 0
Preview
Mastering App Control for Business | Part 3: Application ID Tagging Policies & managed Installer - ctrlshiftenter.cloud Hello everyone. In my last blog post Mastering App Control for Business | Part 2: Policy Templates &…

🚀 New Blog Post: Mastering App Control for Business | Part 3 – App Tagging & Managed Installer
How to combine tagging policies with Windows Firewall & explore the pros/cons of Managed Installer.

🔗 www.ctrlshiftenter.cloud/gmva
#WDAC #AppControl #Intune #Securtiy #Microsoft

29.03.2025 13:18 — 👍 1    🔁 0    💬 0    📌 0
Preview
What's new in Microsoft Intune Find out what's new in Microsoft Intune.

New Windows LAPS features just dropped with the March '25 Intune update! Check the docs:
learn.microsoft.com/en-us/mem/in...

#Intune #EndpointManagement #WindowsLAPS #WindowsSecurity

23.03.2025 09:19 — 👍 2    🔁 1    💬 0    📌 0
Preview
Mastering App Control for Business | Part 2: Policy Templates & Rule Options - ctrlshiftenter.cloud In my last blog post Mastering App Control for Business | Part 1: Introduction & Key Concept I…

🚀 New Blog Post: Mastering App Control for Business | Part 2 🔐
Diving into policy templates, rule options & security settings in App Control for Business (ACfB)! 💡
📖 Read more: www.ctrlshiftenter.cloud/vmbo
#CyberSecurity #AppControl #WDAC #ITSecurity #ZeroTrust #EndpointSecurity #Intune

17.03.2025 20:26 — 👍 0    🔁 1    💬 0    📌 0
Preview
Mastering App Control for Business | Part 1: Introduction & Key Concept - ctrlshiftenter.cloud Off-Topic: This is my first blog post in English. Writing in a different language and even more so…

🚀 New Blog Post: Mastering App Control for Business | Part 1 🔐
Trusting all apps is risky! Attackers exploit detection gaps—traditional security is reactive, not proactive.

🔗 Read more: www.ctrlshiftenter.cloud/zhmp
#CyberSecurity #WDAC #ZeroTrust #AppControl4Business #Enterprise #M365 #Intune

09.03.2025 08:37 — 👍 2    🔁 1    💬 0    📌 0
Preview
Mastering App Control for Business | Part 2: Policy Templates & Rule Options - ctrlshiftenter.cloud In my last blog post Mastering App Control for Business | Part 1: Introduction & Key Concept I…

🚀 New Blog Post: Mastering App Control for Business | Part 2 🔐
Diving into policy templates, rule options & security settings in App Control for Business (ACfB)! 💡
📖 Read more: www.ctrlshiftenter.cloud/vmbo
#CyberSecurity #AppControl #WDAC #ITSecurity #ZeroTrust #EndpointSecurity #Intune

17.03.2025 20:26 — 👍 0    🔁 1    💬 0    📌 0

Are there any use cases for #appcontrolforbusiness application tagging policies instead of tagging application to control these in the windows Firewall? #microsoft #endpointprotection #intune

17.03.2025 06:11 — 👍 0    🔁 0    💬 0    📌 0
Preview
Mastering App Control for Business | Part 1: Introduction & Key Concept - ctrlshiftenter.cloud Off-Topic: This is my first blog post in English. Writing in a different language and even more so…

🚀 New Blog Post: Mastering App Control for Business | Part 1 🔐
Trusting all apps is risky! Attackers exploit detection gaps—traditional security is reactive, not proactive.

🔗 Read more: www.ctrlshiftenter.cloud/zhmp
#CyberSecurity #WDAC #ZeroTrust #AppControl4Business #Enterprise #M365 #Intune

09.03.2025 08:37 — 👍 2    🔁 1    💬 0    📌 0

@patrickseltmann is following 14 prominent accounts