π New blog post: Should you exclude "Microsoft Intune Enrollment" from your compliance conditional access policy or not?
Read more in my new blog post: www.ctrlshiftenter.cloud/31fa #conditionalaccess #intune #entra #microsoft #security
12.10.2025 13:58 β π 0 π 0 π¬ 0 π 0
Mastering App Control for Business | Part 7: Maintaining your policies with Azure DevOps (or PowerShell) - ctrlshiftenter.cloud
Hello everyone, in this last post in this series, I will describe how you can maintain your Appβ¦
π New: App Control for Business β Part 7. Automate ACfB policy deployment: maintain, sign, and deploy to Intune via Azure DevOps pipelines or with PowerShell 7. Read more about this on my blog: www.ctrlshiftenter.cloud/bn0o
#AppControl #WDAC #Intune #PowerShell #DevOps #Security #Microsoft
27.09.2025 15:45 β π 1 π 0 π¬ 0 π 0
Thanks for your reply. I have already double checked that but the sign-inverification methods are still not there.
03.09.2025 07:50 β π 0 π 0 π¬ 0 π 0
Does anyone know how to remove these old authentication methods from windows? #windows #authentication
03.09.2025 06:06 β π 0 π 0 π¬ 1 π 0
Mastering App Control for Business | Part 6: Sign, apply and remove signed policies - ctrlshiftenter.cloud
HI folks, in this post, I continue my blog series about Application Control for Business and take aβ¦
π New Blog Post β App Control for Business | Part 6
Learn how to sign, apply, and remove signed policies to protect against tampering.
Now on my blog π
π www.ctrlshiftenter.cloud/oat7 #WDAC #AppControl #EndpointSecurity #Cybersecurity #Microsoft #Intune #prevention
25.08.2025 16:02 β π 1 π 0 π¬ 0 π 0
Mastering App Control for Business | Part 5: Create a base policy for fully managed devices - ctrlshiftenter.cloud
Hi folks, in this blog post, I will continue my series on Application Control for Business and explainβ¦
π New Blog Post β App Control for Business | Part 5
How to create a custom base policy for fully managed devices β with PowerShell or the App Control Wizard.
Includes real examples with Notepad++
π www.ctrlshiftenter.cloud/4qz1
#WDAC #AppControl #Security #Intune
21.06.2025 13:50 β π 2 π 0 π¬ 0 π 0
Entra Connect Sync - Attack Surface Reductions - ctrlshiftenter.cloud
In this blog post, I will write about often ignored security aspects in hybrid Microsoft infrastructures (in myβ¦
π Reduce the attack surface of your Entra Connect Sync setup!
β
Hard vs. soft match
β
ImmutableID & mS-DS-ConsistencyGuid
β
Secure app-based auth w/ CA
β
Security Best Practises
π Monitor changes via KQL
π www.ctrlshiftenter.cloud/q1oc #EntraID #Microsoft #Hybrid #Security
29.05.2025 13:45 β π 0 π 0 π¬ 0 π 0
π Just published an early public version of CAxPorter Utility β to manage #EntraID #ConditionalAccess Policies in bulk!
Import/export CA policies
Rename & delete policies
Generate Markdown docs via #OpenAI
Works with CLI & GUI
Blog: www.ctrlshiftenter.cloud/60zf
GitHub: github.com/PatrickSeltm...
04.05.2025 17:40 β π 0 π 1 π¬ 0 π 0
Looks like Lifecycle Workflows just added the ability to revoke session tokens πͺ
Previously, we had to create our own custom extension (Logic App) to do this, so really nice to see it as a built-in task now :)
learn.microsoft.com/...
19.04.2025 06:02 β π 14 π 3 π¬ 1 π 0
Entra ID to Disable Service Principal-Less Authentication
Microsoft will disable service principal-less authentication in March 2026. This step closes a hole that doesn't exist today but might in the future.
#EntraID will block service prinicipal-less authentication from March 2026. Don't know what this is or if it will affect your #Microsoft365 tenant? It's time to check.... Microsoft will take care of 1P apps. Other vendors need to do the same
office365itpros.com/2025/04/15/s...
@nathanmcnulty.com
15.04.2025 09:41 β π 6 π 3 π¬ 1 π 0
Hello #microsoft, your mslearn page βConditional Access architecture and personasβ from the #Azure Architect Center, which explains the Conditional Access Persona Framework, was deleted 5 days ago. Why?
15.04.2025 07:07 β π 0 π 0 π¬ 0 π 0
Mastering App Control for Business | Part 4: How to create a "starter base policy" for lightly managed devices - ctrlshiftenter.cloud
In the last three blog posts about App Control for Business, I talked a lot of theory andβ¦
π New blog post: Mastering App Control for Business β Part 4 π
Learn how to create a βstarter base policyβ for lightly managed Windows devices.
www.ctrlshiftenter.cloud/qu8h
#WDAC #AppControl #Intune #CyberSecurity #ZeroTrust #Windows #MSIntune #Microsoft #EndpointManagement #Endpoint #Security
13.04.2025 12:59 β π 1 π 0 π¬ 0 π 0
Session token lifetime: require reauthentication every time - ctrlshiftenter.cloud
Every time I talk about Conditional Access I say: βYou must think about it as an identity firewallβ¦
I've written a short explanations about the session toke lifetime: require reauthentication that was released by #microsoft with the march 2025 #MicrosoftEntra updates. www.ctrlshiftenter.cloud/hdf7
#ConditionalAccess #ZeroTrust #IdentitySecurity #M365 #CloudSecurity #PrivilegedAccess #PAW
30.03.2025 18:17 β π 0 π 0 π¬ 0 π 0
Mastering App Control for Business | Part 3: Application ID Tagging Policies & managed Installer - ctrlshiftenter.cloud
Hello everyone. In my last blog post Mastering App Control for Business | Part 2: Policy Templates &β¦
π New Blog Post: Mastering App Control for Business | Part 3 β App Tagging & Managed Installer
How to combine tagging policies with Windows Firewall & explore the pros/cons of Managed Installer.
π www.ctrlshiftenter.cloud/gmva
#WDAC #AppControl #Intune #Securtiy #Microsoft
29.03.2025 13:18 β π 1 π 0 π¬ 0 π 0
What's new in Microsoft Intune
Find out what's new in Microsoft Intune.
New Windows LAPS features just dropped with the March '25 Intune update! Check the docs:
learn.microsoft.com/en-us/mem/in...
#Intune #EndpointManagement #WindowsLAPS #WindowsSecurity
23.03.2025 09:19 β π 2 π 1 π¬ 0 π 0
Mastering App Control for Business | Part 2: Policy Templates & Rule Options - ctrlshiftenter.cloud
In my last blog post Mastering App Control for Business | Part 1: Introduction & Key Concept Iβ¦
π New Blog Post: Mastering App Control for Business | Part 2 π
Diving into policy templates, rule options & security settings in App Control for Business (ACfB)! π‘
π Read more: www.ctrlshiftenter.cloud/vmbo
#CyberSecurity #AppControl #WDAC #ITSecurity #ZeroTrust #EndpointSecurity #Intune
17.03.2025 20:26 β π 0 π 1 π¬ 0 π 0
Mastering App Control for Business | Part 1: Introduction & Key Concept - ctrlshiftenter.cloud
Off-Topic: This is my first blog post in English. Writing in a different language and even more soβ¦
π New Blog Post: Mastering App Control for Business | Part 1 π
Trusting all apps is risky! Attackers exploit detection gapsβtraditional security is reactive, not proactive.
π Read more: www.ctrlshiftenter.cloud/zhmp
#CyberSecurity #WDAC #ZeroTrust #AppControl4Business #Enterprise #M365 #Intune
09.03.2025 08:37 β π 2 π 1 π¬ 0 π 0
Mastering App Control for Business | Part 2: Policy Templates & Rule Options - ctrlshiftenter.cloud
In my last blog post Mastering App Control for Business | Part 1: Introduction & Key Concept Iβ¦
π New Blog Post: Mastering App Control for Business | Part 2 π
Diving into policy templates, rule options & security settings in App Control for Business (ACfB)! π‘
π Read more: www.ctrlshiftenter.cloud/vmbo
#CyberSecurity #AppControl #WDAC #ITSecurity #ZeroTrust #EndpointSecurity #Intune
17.03.2025 20:26 β π 0 π 1 π¬ 0 π 0
Are there any use cases for #appcontrolforbusiness application tagging policies instead of tagging application to control these in the windows Firewall? #microsoft #endpointprotection #intune
17.03.2025 06:11 β π 0 π 0 π¬ 0 π 0
Mastering App Control for Business | Part 1: Introduction & Key Concept - ctrlshiftenter.cloud
Off-Topic: This is my first blog post in English. Writing in a different language and even more soβ¦
π New Blog Post: Mastering App Control for Business | Part 1 π
Trusting all apps is risky! Attackers exploit detection gapsβtraditional security is reactive, not proactive.
π Read more: www.ctrlshiftenter.cloud/zhmp
#CyberSecurity #WDAC #ZeroTrust #AppControl4Business #Enterprise #M365 #Intune
09.03.2025 08:37 β π 2 π 1 π¬ 0 π 0
Lead Customer Engineer (Intune/ConfigMgr)
Endpoint Management Enthusiast
Admin: WinAdmins Community (@winadmins.io)
About Me: https://ajf.one/me
Blog: https://ajf.one/blog
All views are my own.
Find out about newly awarded MVPs
Created by https://bsky.app/profile/schenardie.bsky.social
We are Microsoft's global network of security experts. Follow for security research and threat intelligence. https://aka.ms/threatintelblog
#MVP #Intune, plus #ITSec #EMS #Azure and #ConfigMgr - Managing your endpoints with Microsoft since 2012. Posts are my own and do not represent my employer.
Blog: https://manima.de
#Microsoft MVP | #CloudSecurity Architect βοΈ | #Entra #AzureAD π + #AzureSecurity π‘οΈ | #CommunityRocks | #Schaengel
Loves Jesus, loves others | Husband, father of 4, security solutions architect, love to learn and teach | Microsoft MVP | @TribeOfHackers | πinfosec.exchange@nathanmcnulty
Product Manager @microsoft | Creator of bluesky.ms β’ cmd.ms β’ idPowerToys.merill.net β’ Graph X-Ray β’ π¦πΊ β’ π±π° β’ Posts my own
http://youtube.com/@merillx
Sign up to my newsletter https://entra.news
Principal TAM @ Nerdio | Microsoft MVP | AVD | Windows 365 | DaaS | EUC | Azure | Co-founder of @wvdcommunity | EUC Forum Steering Group
Bluesky handle for the Microsoft Intune Customer Success Blog and the Intune CxE team in @MSIntune Engineering. #MSIntune
#IntuneInspired Blog: https://aka.ms/IntuneCustomerSuccess
X: https://aka.ms/IntuneSuppTeam
Home of the Microsoft Tech Community and its friends. Posts about events, content from great creators and experts, inside and outside of Microsoft about our products.
official Bluesky account (check usernameπ)
Bugs, feature requests, feedback: support@bsky.app
