Backup Entra IDwith Veeam
Add Entra ID Tenant From the Veeam console, open Inventory tab and extend Virtual Infrastructure. Click on Microsoft Hyper-V then click on Add Server.
Veeam Software Appliance Part 2
Manage the server After installation, the various URLs are displayed. Two consoles are available in web mode. The Host Management console allows you to manage the host in web mode (activation of ssh, etc.). The Veeam Backup & Replication web UI console is the portal for managing backup jobs, repositories, etc. It should be noted that at the time of writing, the features available in the console are still limited. Let’s start by discussing server configuration in console mode. From…
Veeam Software Appliance Part 1
Prerequisites With version 13 of VBR, the Linux operating system is used for the Veeam Backup & Replication server. Veeam Backup & Replication is designed for use in virtual environments of varying sizes and complexity. The architecture supports data protection both on-site and off-site. Operations at remote and geographically dispersed sites are therefore also supported. Various deployment scenarios can be implemented to meet these needs.
Veeam for Azure Part 2
Create Backup Job From the Veeam for Azure Portal, click on Create your first policy for create backup job.
Veeam for Azure Part 1
Veeam for Azure Veeam for Azure it’s a backup solution used for data protection and disaster recovery operations. It’s possible to protect Azure VMs with the creation of image-level backups and cloud-native snapshots. It’s also possible to create and manage backup for Azure SQL databases. The files on Azure Files share is cloud-nativealso supported and snapshots can be created.
Veeam M365 v8 part 2
Add Backup Proxy In my previous article we looked at what’s new in Veeam Backup for Office 365 v8. We will now look at configuring a proxy backup under Linux. We can then add a second repository and then the backup job. It is important to consider the following points : It’s possible to use physical or virtual server. All server must be reachable to each other by their DNS name Operating system can be Microsoft or Linux The server…
Veeam M365 v8 part 1
New feature on version 8 The version 8 of Veeam Backup & Replication add a lot of new feature in VBO (Veeam Backup for Microsoft 365. But before we start talking about what’s new, it’s important to remember why you should save Microsoft 365. Many people think that Microsoft supports data backup in the cloud. But the reality is very different. MS provides the platform and ensures its availability. The data remains the responsibility of the customer. These days, Teams…
Entra Private Access
Entra Private link Entra Private Link for the Remote workers a remote person to access a company resource without needing to connect via VPN. Access will be via the lobal Secure Access Client. Configuration can be carried out in Quick Access mode or Global Secure Access app. Quick Access it’s the primary group of FQDNs and IP addresses that we want to secure. Before the configuration of the Global Secure Access deployment, it’s important to review the list of private…
Veeam ONE Part2
Monitor Veeam Backup server Adding a Veeam Backup & Replication server to Veeam ONE enables you to collect data from your backup infrastructure. This means you can monitor your Veeam Backup & Replication servers, as well as Veeam Backup for Microsoft 365. For Veeam Backup & Replication, two types of server can be added: Veeam Backup & Replication for monitoring stand-alone backup servers Veeam Backup Enterprise Manager for supervision of all servers added to Veeam Backup Enterprise Manager.
Veeam One Part1
Veeam One is the monitoring solution provided by Veeeam. It enables management of both virtual environments and backup infrastructure. With Veeam One 12.1, it is possible to support your Veeam for M365 environment. Veeam One also offers monitoring and reporting capabilities.
Full VM Recovery
In a previous post, we looked at instant VM Recovery. Now we’ll take a look at Full VM Recovery. How restoration works Veeam Backup & Replication lets you restore a virtual machine using a backup file. During the restore step, you can select the last restore point to obtain the latest state of the VM (last saved state). It is of course possible to select an earlier restore point.
Instant VM Recovery
Veeam offers a number of different recovery modes. Here we’ll take a look at vm recovery.Other catering options will be covered in a separate post in the near future.
Different backup methods
Backup with Veeam It is very important to test a backup. Untested backups are unreliable. This also applies to disaster recovery plans. All this, of course, to avoid stress in the event of the loss of an important resource. The various tests must be carried out at regular intervals.
VBO – Backup a lot of object
Backup a lot of object Veeam for M365 can backup Mailbox, OneDrive, Sharepoint and Teams on your Tenant. All these solutions can contain a large amount of data, which will lengthen backup times. In some cases, Error 429 too many requests may appear. This error is due to the fact that the backup job takes a long time to connect to the Microsoft 365 tenant. This error can be seen in the backup job log. As a reminder, the backup…
RPO and RTO
The RPO and RTO RPO and RTO are part of the disaster recovery policy. It’s very important to understand the difference between RPO (Relative Point Objective) and RTO (Recovery Time Objective). The RPO is the maximum time we allow ourselves to lose. This time can be expressed in minutes, hours or, in the worst case, days. This is the time between the incident and the last backup. In the case of a very short RPO, several daily backups will be…
Send Organizational messages
This features permit to send important messages to employees. They need have a Windows 11 PC managed by Intune. It’s an interesting features for remote and hybrid work scenarios. The message is send to Azure AD users and the delivery status can be tracked.
Manage Tape drive
The 3-2-1-1-0 rule The availability of the IT system and the integrity of the data is an important point not to be neglected. The tape drive is therefore an essential part of the backup system.The 3-2-1-1-0 rule is a good practice that should be followed. This involves 3 : Keep three copies of the data. One copy concerns the “primary” data, the other two are two backups. This prevents data loss in the event of a location malfunction or data…
Migrate MFA & SSPR
Why migrate MFA and SSPR Microsoft has announced the depreciation of historical portals. All DSIs have until January 2024 to proceed with the migration. We will see in this post how to operate this migration step by step. The migration can be done respecting its own schedule with a deadline of January 2024. Please note that the process is fully reversible. The tenant-wide MFA & SSPR policies can continue to be used during the migration. A user group is used…
Windows LAPS with Intune
Overwiew of Microsoft LAPS Windows LAPS or Local Administrator Password Solution is a Microsoft tools used by the DSI team for manage local password. The password of the local administrator password can be modify and stored in Active Directory and Azure Active Directory. It’s a fantastic tools for on-premise or Hybrid AD Join computer. The computer can be configured by Microsoft intune. With Microsoft Intune, the Windows LAPS CSP (Configuration Service Provider) must be used. If you save the password…
Veeam for M365 v7
New features implemented Veeam for M365 v7 gives you the possibility to manage your data in M365. You can backup and recovery Exchange, Sharepoint, OneDrive for Business and Microsoft Teams. This version of Veeam for Microsoft 365 offers a number of new features Integration with Veeam ONE v12 A new integration with Veeam ONE v12 is inmplemented in this version. It’s now possible to have visibility and control of the Veeam for M365 in veeam ONE. More than 10 alarms…
Endpoint Privilege Management
Intune Endpoint Privilege Management is an interesting feature, he permit to a standard user (so without administrator rights) the possibility to elevate privileges if needed. The policy of least privilege is respected. Prerequisites Endpoint Privilege Management require Intune suite or standalone licence.
Group Policy analytics
The GPO analytics tools The Group Policy anlytics tools is a very interesting tools if you want migrate to the modern management and configure computer with Intune. He offer few scenarios Analyzes on-premise GPOs Validate if the parameter configured by Active Directory GPO is supported by Intune (configured through Intune) Verify if any setings in the GPO is deprecated or not available Export a GPO From the Group Policy Management console, expand domain name and click on Group Policy Objects.
Upgrade to veeam v12
Backup configuration Veeam v12 is now officaliy available. We can see on this post the upgrade of the version of Veeam v11 to v12) and the upgrade of the database (SQL to PostGreSQL). The upgrade has performed on the same server. If you have installed Veeam Backup Enterprise Manager, you need to upgrade it before.
Administrative units in Azure AD
Administrative units is an Azure AD features. She contains only users, groups or devices and permit to restrict permissions in a role. One user can be members of multiple administrative units(by division and country for example.
Veeam 12 – New Features 3
Add Tape Server on Linux server You can with Veeam Backup & Replication v12, install Tape Server on Linux server. From the Veeam Backup & Replication console, open Tape Infrastructure, click on Tape Infrastructure then on Add Tape Server.
Use Wasabi with Veeam
Wasabi is a cloud storage service. It can be used as primary storage with Veeam for backup OnPrem or Cloud workloads. It can also be used as secondary storage (backup, archiving, etc.). This solution offers a system availability of 99.99%. Architecture of Wasabi Wasabi is composed of a scalable and distributed architecture with no single point of failure. The Wasabi service is composed by servers, hard drives and network device. For reasons of compliance with certain constraints, it may be…
Veeam 12 – New Features 2
What new in Veeam v12 Hardened Repository is now an important security for the backup chain. Cryptolocker try frequently to encrypt the backup file. A lot of new features is present in the Veeam v12. Compatibility with Hardened Repository Before the v12, you can use Hardened Repository for :
Manage Ubuntu Linux with Microsoft Intune
It is now possible to register in Microsoft Intune Linux workstations. To date, the equipment must run the Ubuntu distribution Ubuntu Desktop 22.04 or 20.04 LTS. When installing the Linux distribution, it is recommended to activate encryption. This may be required by Microsoft Intune.
Veeam 12 – New Features 1
Backup directly to cloud storage Since Veeam v12, it is possible to backup resources and then store the backup chain in a cloud storage. From the Veeam console, click on Backup Infrastructure then on Add repositories.
Veeam Backup & Replication 12 – Install Server
Install Veeam v12 A lot of new feature is available with Veeam Backup & Replication. We will see in future posts these different features. Let’s see today how to install Veeam v12 using a PostGre SQL database and enable Double-factor authentification. Launch Veeam Backup & Replication 12 install wizard then click on Veeam Backup & Replication Install.
Hardened Repository
The Hardened backup repository is a backup repository who contain an option for immutability. This feature permit to protect data against data loss due to malware. Indeed, deletion of data is temporarily prohibiting. Note that only Linux backup repository provices the immutability option. Job type supported The immutability option can be enable only for this job :
Configure Autopatch
What is Autopatch Windows Autopatch is a cloud services that permit to automate windows update, M365 apps Microsoft Edge and Microsoft Teams. Updates are provided to devices registered in Microsoft Intune. Following this registration the following services are offered : Windows quality updates : Windows Autopatch keeps at least 95% of eligible devices on the latest quality Windows update. Windows feature updates : Windows Autopatch aims to keep at least 99% of eligible devices on a supported version of Windows….
Azure AD – Group writeback
Group writeback permit to write Azure Group on Active Directory OnPrem. For this operation, Azure AD Connect Sync is used. Limitation The following limitation must be taken into account when Group writeback is implemented.
NeoWave Fido2 Key
I received my FIDO2 NeoWave key a few weeks ago. Different models are available at NeoWave.
Physical Linux computer
Linux Agent You can use Linux agent for backup and protect linux physical server. After that deployed Veeam Linux agent, the Following components are deployed :
Restore physical Windows computer
Create recovery image For restore completely your computer you need create recovery image (CD/DVD/removable device). On the Veeam console, click on Inventory tab. Select the server group that contains the server to be restored. Select de server and click on Recovery Media on the rubban.
Backup physical Windows computer with agent
Solution architecture Veeam Agent for Windows permit to backup Windows physical server or computer. You can install agent on :
Backup M365 with Veeam and restore portal
Install Veeam Backup for Microsoft 365 The latest version of Veeam for Microsoft 365 contains many new features. In this post we will discuss the self-service restore via the restore portal.
Restore Domain Controller
Unfortunately, it can happen that you have to restore one or more Active Directory domain controllers. In this case, we will see the different possibilities.
Manage user account
Account protection allows you to protect user identities and accounts. It is also possible to manage group membership built into the device. With Account Protection, you can configure Account protection or Local user group membership
Use Remote Help
Remote help is a tool included in Microsoft Intune, he permit to get assistance at user connected on Windows 10 computer enrolled in Microsoft Intune. Microsoft Intune subscription is required. The workstation must perform Windows 10 or Windows 11. Very important ! Remote help app must be installed on the workstation. Network Prerequisites The tool Remote help use port 443 for communicates and connects to the Remote Assistance Service at https://remoteassistance.support.services.microsoft.com. Note that traffic is encrypted with TLS 1.2. All…
Configure Microsoft Sentinel
Microsoft Sentinel is a SIEM (Security Information and Event Management) and SOAR (Security Orchestrated Automated Response) solution of Microsoft. She permit alert detection, threat visibility, proactive hunting, and threat response.
Protect Azure AD Connect
Today, it is important to respect the policy of least privilege. We had the ability to configure the Active Directory connector for Azure AD Connect with user account. User account without admin right. However, the Azure AD connector still needed an Azure AD account with the Global Admin role.
Cloud Connect for Enterprise
cloud connect for enterprise allows companies to have an off-site backup and delivery solution. This allows you to have all backups from different sites to a single location (a private or public datacenter).
Backup Copy
The Backup Copy feature allows you to create multiple instances of the same backup file. This file is then copied to a second location (fairly regularly off-site). Since the file on the secondary location has the same format as the primary backup, it is possible to restore from the secondary site directly. This solution is very useful in the event of a disaster at the primary site. The Following types of backup has supported
Azure AD SSO Key
Azure AD Seamless SSO permit to enable SSO (Single Sign On) with Azure AD/Office 365 portal. When users try to connect to portal, their computer computer is be able to carry out Kerberos authentification to pass credential via the web browser. The password is not requested from the user.
Restore backup to Azure
Veeam PN for Azure This solution is a free solution at Veeam. I use Veeam PN for more security but it is not mandatory to restore VMs in Azure.It brings new features to the Veeam solution by allowing restoration in Azure or creation of a VPN connection. It can be used for the following purposes : Create site-to-site VPN betweeen company office and Microsoft Azure to connect VM restored in Azure Create point-to-site VPN between remote computers and Microsoft Azure…
Defender for Identity
Microsoft Defender for Identity permit to monitor Azure Active Directory and Active Directory infrastructure. You can easily analyses the data of potential attacks. A Defender for Identity sensor is installed on domain controllers or AD FS servers to access the event logs of these servers. The logs and network traffic will be analyzed by the sensor and then the information needed by Microsoft Defender for Identity will be sent to the Defender for Identity cloud service.
Azure AD Password Protection
Azure AD Password Protection it’s an interested feature. He permit to secure your authentification by deny simple password. Microsoft update frequently a list of simple password. When you enable this feature, this list is used for deny user password if it’s on this list. This verification is performed when the password is modified by user or resetted by IT Admins
Configure Microsoft Launcher
IT Admins can customize home screens of managed devices. we can configure wallpaper, applications and icon positions. The appearance of Android devices is thus standardized.
Autopilot with VPN
With Autopilot on Hybrid AD Join, Active Directory must be join by computer. With this scenario, the computer can be enrolled on Microsoft Autopilot without being connected to the local network Requirements A latest version of Windows 10 is supported. You must use the following version of Windows 10 :
Implement MFA
UserLock offers many solutions. In this post, we will see how to manage two-factor authentication using UserLock. You can now protect your Active Directory session.
Cumulative patch KB4078
Before installing this Cumulative Patch, you need to confirm that you use Veeam backup for Office 365 build 5.0.0.1061 or 5.0.0.1063. From the Veeam console, click on Help and Support then on about.
Veeam O365 v5
Announced at Veeam ON 2020, Veeam Backup for Office 365 Version 5 is now available. It offers the advantage of eliminating the risk of losing access and control of Office 365 data. Exchange Online, SharePoint Online, OneDrive for Business and Microsoft Teams are now protected. With this new version, it is easier to restore documents and files present in Teams. Indeed Veeam has implemented a new explorer for Teams.
Backup Nas
Veeam solutions offer a wide range of services to ensure high availability on virtual or physical infrastructures. With version 10, Veeam now enables NAS backup. Add file share to Veeam From the Veeam console, click on Inventory tab and select File Share. Click on Add File Share.
Backup Teams
Backup Teams Teams is a great tool for exchanging documents, Tchat, collaborating on the same project, … It is therefore important to save all these exchanges (tchat, file, …). Veeam Backup for Office 365 permit to backup and restore Office 365 object (Exchange, Sharepoint, Onedrive).
On-Demand Sandbox
In production, ha can be interesting to test patch management, migration of the server, etc. You can use Veeam Backup & Replication for create isolated virtual environment. This environment is created with backup of Veeam, VM replicas or VMs from storage snapshot.
Backup SQL
How you can Backup SQL with Veeam Veeam Backup permit to backup SQL Server. It’s possible to configure backup job for create image-level VM backups. This backup also permits copy database transaction logs. VM State captured. It’s possible to recover SQL Server with restore point and transaction logs. When backup job is configured, you must specify Advanced settings :
Veeam and Azure
Restore to Microsoft Azure Veeam Backup & Réplication permit to restore backup directly on Microsoft Azure. With Veeam you can :
Manage external users
With Office 365 project, it is common to have external user access (b2b collaboration). This users may need access to a resource (sharepoint, etc.). These users usually have an Office 365 account and are therefore guest users. Nevertheless, security being an extremely important point nowadays, it is important to set up security rules.
Replication with Veeam
Veeam Backup & Replication permit to backup and restore virtual infrastructure and physical Linux or Windows Server. Nevertheless, Veeam has a wide range of features in addition to backup and restore. When replicating a VM, vSphere creates a snapshot. This snapshot is considered a copy of the VM at a given point in time, she will then be used for replication.
Microsoft tunnel
What is Microsoft tunnel ? Microsoft Tunnel is a VPN gateway. This solution is used by microsoft Intune and allow access to on-premise solution at IOS/iPadOS or Android devices. Microsoft Tunnel install a Docker container. He is run on Linux server, he can be a virtual or physical server. After that installed Microsoft tunnel, you can deploy on your device a VPN profile. If you hosted the server on Azure, you need deploy an express route or a VPN between…
vSphere and Veeam ONE
Connecting VMware vSphere Servers You can collect data of VMware vSphere infrastructure with Veeam ONE. Vcenter is not mandatory, you can connect Standalone ESi host.
Secure data on O365
Conditional access is a very interesting feature. It provides an additional level of security. Indeed, access to applications (sharepoint, exchange, etc.) as well as to data can only take place if the user complies with certain conditions. It is common to see conditional access activated to ensure that the MFA is activated or that compliance rules are respected. We will see a new example. I want to make sure that access to Exchange Online or Sharepoint Online from an IP…
Azure NFS and Veeam
Support for Azure NFS 4.1 is provided by Azure Backup & Replication. Since version 10, it is possible to perform NFS share backup in Azure. To do this, Veeam uses the login credentials of the Azure storage account to access NFS shares.
Configure FSLogix
FSLogix is a solution that permit to enable and simplify the non-persistent Windows enrvironments. It’s a very good solution for the virtual environments (on private or public cloud). He includes the following features :
Enterprise State Roaming
Windows 10 allows Azure Active Directory users to synchronize their security settings and application parameter data directly in the cloud. This reduces the time required for reconfiguration when using a new device.
Altaro O365 : The Do’s and Don’ts
Office 365 Mailbox Backup: The Do’s and Don’ts Office 365 is a PAAS (Platform As A Service) platform. Microsoft therefore provides its customers with a platform. The maintenance of this platform as well as the update is the responsibility of the publisher. Contrary to what many customers think, Microsoft is not responsible for the data. In case of data loss, voluntary removal of an employee, file encryption, etc. Microsoft will not be able to be asked to return to the…
The Backup Bible
As the old adage goes: fail to prepare, prepare to fail. It’s the perfect description for backup yet to this day so many companies don’t have an adequate backup & disaster strategy in place for when the worst-case scenario happens. Just how well are you protecting your vital data?
Self-Service File Restore Portal
Restore file or folder Veeam Backup permit to backup Virtual machine or sysical machine. You can restore folder or file with Veeam Self-Service File Restore Portal. Limitations Self-Service File Restore Portal is supported only in the Veeam Backup & Replication Enterprise Plus Edition. This functionnality is available only for Windows machines. The restoration from storage snapshots is not supported by Veeam Backup Enterprise Manager. You need use an account member of local administrator on the local machine.
Enterprise Manager 10
What is Enterprise Manager 10 Veeam Backup & Replication is a component that enables reporting and management of Veeam Backup & Replication. With Enterprise Manager you can manage a multiple Veeam Backup & Replication from one platform :
Cumulative patch 2 for Veeam
Install the Cumulative Patch 2 Before install Cumulative Patch 2 on the Veeam Backup server, you need download the hotfixe. You can use this link
Backup Office 365 with Altaro
Altaro O365 Backup permit to backup and restore the Office 365 mailboxes and files present on Onedrive or Sharepoint. The license is of subscription type (annual or multi-year). With Altaro, you can manage and monitor the backup centrally. The storage for the backup is unlimited. Backups are automated and will be taken daily up to 4 times a-day. Afterwards, the registration in the Azure infrastructure of Altaro is carried out.
Veeam for Azure
With Veeam backup for Microsoft Azure you will be able to protect the Microsoft Azure Environments. You can backup your virtual machine and store this backup in Microsoft Azure Storage Account. After saving your resources you will be able to Restore the Azure Virtual Machine Restore the virtual disk of the virtual machine Restore guest OS file and folders of the Azure Virtual Machine
Autopilot and Hybrid AD Join
Configuring Autopilot and Hybrid AD Join can be useful if you want to be able to apply group policies on the workstation joined to Autopilot.The workstations can be configured using Microsoft Intune or/and through Active Directory group policies. Prerequisites Prerequisites for Autopilot The following URL must be accessed with the system context. You can use Test Device Registration Connectivity script.
Access Review PIM
The addition of users in privileged groups changes more or less regularly. It is therefore important to regularly check the privileged rights given to certain users. Azure PIM can be used to review these accesses. This operation can be done manually or automatically.
Autoscale on Azure
Autosclae permit to have the right of ressource for the application. It’s possible to add resources in case of a more important use and to remove resources in case of a decrease of activity. It is necessary to specify a minimum/maximum number of instances to execute. Adding/deleting is done automatically using different rules.
Identity Score
Azure AD Identity permit to secure your Azure Active Directory. The Identity score is a number between 1 and 223. He permit give an Indicator for how aligned you are with the Microsoft Best Pratice. This Best Practice is a recommandation for the security of your Azure AD, users, … The Identity score feature can be used by Global admin, security admin ou security readers. The secure score contains five categories :
Azure Arc
Azure arc allows the management of Windows and linux servers present in the local network or a cloud operator. This management is identical to the management of native virtual machines. When connecting a hybrid machine to Azure, it is considered as an Azure resource. It is assigned a resource ID. In addition, it is part of a resource group within an Azure subscription. This allows it to be assigned tags.
Change primary user
When registering a Windows 10 workstation in Intune, the user account is used. It is then referenced as Primary user for the workstation.
Implement AutoPilot
Autopilot permit permit to install and preconfigure new Windows 10 devices. You can also use this platform for reset device. With Windows AutoPilot, the lifecycle of the workstation is managed. The installation, application deployment and end-of-life of the workstation can be managed from the cloud services.
Cloud Provisionning
Azure AD Connect cloud provisionning meet the needs for hybrid management. The following advantages are offered by this functionality.
Use FIDO2 key with AAD
It is strongly recommended that you use the MFA solution to secure authentication in Azure AD. However, this requires the use of a password and a second factor (phone, mobile phone, mobile application). Microsoft recommends to stop using password.
Azure Migrate
Azure Migrate offer Tools for migrate on-premises infrastructure, applications or data to Microsoft Azure. The Following features are present on Azure Migrate :
Azure PIM
Azure PIM PIM (Privileged Identity Management) is a service used for manage and monitor access of the privilegied ressource. This ressource can be Azure AD ressource, Azure ressource or other (Office 365 or Microsoft Intune). It is important to limit the number of people with privileged access. This reduces the attack area of a malicious actor. With this feature, organizations can give users just-in-time (JIT) privileged access to Azure resources and Azure AD. PIM offer this functionnality :
Azure Identity Protection
Azure Active Directory Identity Protection permit to automate the detection and the remediation of identity-based risks. He permit to investigate risks using data and export risk detection data to third-party utilities.
Azure AD Passwordless
Authentification without password The mutli-factor authentification or MFA permit to secure the access to the company’s cloud resources. With the functionnality of passwordless in Azure AD, the password is removed, the user can access to the cloud ressources without password. However, they must authenticate themselves from their phone (Microsoft Authenticator app) or Windows 10 computer (FIDO2 security keys).
Security baselines
What is Security baselines Security Baseline permit to secure and protect users and device present on Intune. It can be deploy to the group of user or Windows 10 device. With this settings, you can enable few parameter (automatically enables BitLocker, automatically disables basic authentication, etc.).
Deploy Azure Firewall
What is Azure Firewall ? Azure FIrewall is a sertice to secure your network on Azure. The ressources has now been protected by one firewall. This service permit high availability and unlimited scalability on the cloud platform. With this functionnality, you centralize application and network connectivity policies. Azure Firewall use static public address.
Deploy Company Portal
Why deploy Company portal ? Company portal is the Microsoft Intune Application. You can deploy it for install available application. On this application user can delete a lost device or force synchronization. This application is not installing when you install your computer. You must install by the windows store. You can deploy automatically this application with Windows Store for Business and Microsoft Intune.
Windows 10 Auto-enrollment
Requirements for Autoenrollment Since Windows 10 1709, it is possible to automatically enroll the computer on Azure Active Directory (AD). You can use group policy parameter for auto-enrollment.
Configure Pass-through Authentication
The Pass-through Authentication This authentification allows you to use the same password for the on-premise and Cloud-based applications. However, it’s important to note that user authentication is done through the Active Directory on-premise and not through Azure Active Directory. It’s a good alternative to Azure AD Password Hash Synchronization. However, it makes it easier to apply a security policy to passwords.
Renew IOS Certificate
The registration of an IOS device in Microsoft Intune requires to use a certificate. This certificate must be requested on the apple site. It’s valid for 1 year and must be renewed before it’s expiry. In case of deletion or expiry of the certificate, it’s necessary to re-register all the device. It’s very important to use the same Apple ID. From the Azure portal, it’s possible to view the expiration date.
Android enterprise kiosk devices
Prerequisites With this feature, administrators have the ability to lock the use of a device ( authorized applications,…). Thus the user cannot install his applications (social networks, games,…). It’s important to note that registration is done without a user account. The equipment is therefore not associated with any end user.
Deploy Email profile
Deploy Email profile Intune allows to deploy an email profile on registered devices. It is thus possible to automate the configuration of an email profile on one or more devices. It is interesting to note that the built-in mail client is supported for most platforms. Email profile can be deployed on this platforms.
Deploy certificate
Deploy certificate with Microsoft Intune? Some company resources are accessible through a digital certificate. It’s therefore necessary for users to have a certificate to access VPN, Wifi,… These certificates prevent the use a user name and password. Intune allows you to assign and manage these certificates. Two types of certificates can be used:
Intune Compliance Policy
Intune Compliance Policy The compliance policy in Intune is an important point because it makes it possible to verify that mobile device complies with security constraints. Several parameters can be configured in the compliance policy.
Configure Device Writeback feature
We have had the possibility for many years to join a machine to an Active Directory domain. With cloud services (Office 365, Azure AD, …) identity management has become a very important point. Microsoft implemented in Windows 10, the functionality Azure AD Join (previously Workplace Join) allowing the junction of the machine in Azure AD Join.
Azure File Sync
Azure File Sync Files are an important resource in a company. For workstations rarely connected to the local network, these files are stored locally.It is therefore important to ensure that these files are synchronized on an enterprise server or in the cloud. All protocols offered by Windows Server (SMB, NFS et FTPS) are available in Azure File Sync.
Co-management SCCM
Co-management for Windows 10 devices Co-management can meet several requirements: If you have a Microsoft 365 subscription and want to use the included Windows 10 licenses.
Install configure Microsoft ATA
Advanced Threat Analytics Advanced Threat Analytics also known as ATA is the only solution on premise of the EMS suite. This platform, which is present in a local network, protects the information system of a company against cyber attacks (targeted attacks, sophisticated attacks, internal threats, etc.). To locate these attacks, the elements present in the local network allow users to learn their behavior. This is for one purpose only: to define a behavioural profile and thus define abnormal behaviours.
Reset MDM Authority
What is the MDM Authority Before any Microsoft Intune implementation project, a choice should be made between setting up a Microsoft Intune platform in standalone or hybrid mode (with System Center Configuration Manager). It is necessary to know the two solutions, but also the advantages and disadvantages of these solutions. Switching from one mode to another has been simplified from System Center Configuration Manager 1610. It is no longer necessary to contact Microsoft support for this. This is discussed in…
Manage Licence on Azure Portal
Licensing is an important part of a cloud service. It allows a user to access and use the service concerned (Office 365, Azure AD, …). This action was operating through the Office 365 console, so Microsoft now enables licenses to be enabled from the new Azure console (Ibiza).
Cloud APP Discovery
It is unfortunately common to see in a company of cloud applications (dropbox,…) used in services unless the IT team is aware. This can cause data loss and security problems. Cloud App Discovery is a feature present with the Premium of Azure AD version, it allows to perform application detection cloud used by the company.
Backup Nas Synology on Azure
Backup Nas Synology on Azure If you have a Synology NAS, it may be interesting to enable backup of this NAS in the cloud. So even in the event of loss of a drive (and if the RAID has not been enabled), it is possible to recover the data easily. It is possible to backup in several cloud, this article is about the backup in Azure.
Active Android for Work
Android for work allows a more complete management of Android mobile. It allows to expand the possible configurations in an MDM as Microsoft Intune.Several benefits are provided by this solution which:
Records for Auto-discovery
Cname records for Auto-discovery If you want add Windows Device (Windows Phone 8.1/10 or Windows PC 8.1/10) on the intune platform, you need add cname records on your Public DNS Server. This operation is needed to operate the auto-discovery with the Windows devices only. There is no problem with IOS and Android Device.
MAM Without Enrollment
MAM Without Enrollment Microsoft has implemented a MAM (Mobile Application Management) solution in Intune. However, this solution requires enroll the device in the MDM (Mobile Device Management). For people not wishing to add their equipment in a type MDM platform, it is possible to proceed with the creation of rules MAM without enrollment.
Azure AD Connect
Azure Ad Connect is a tool provided by Microsoft that allows to extend the scope of AD accounts for cloud services. Indeed the AD user accounts can be used only in an AD domain. To allow a user to use the login and password in a cloud service (Azure, EMS, Office 365,…) it is necessary to proceed with the synchronization of accounts. Several solutions are possible, using ADFS server, the password synchronization or Azure AD pass-through). The tool can be…
Enrolling Device on Intune
Enroll Device into Intune After you configure the platform Microsoft Intune, it is important to add mobile devices (IOS, Windows Phone or Android). This operation must be performed directly from the equipment. So, this article presents the steps to add an equipment.
Enroll Windows 10 device
Enroll Windows 10 Computer The enrollment of a computer Windows 10 can be done through the Microsoft Intune agent or through the Workplace Join functionality. This feature allows a Windows 10 equipment of enroller in Microsoft Intune. Unlike the agent who allows to add equipment such as a computer, Workplace Join allows the addition of the computer as a mobile. So some functionality may not be used (anti-virus, firewall management, Microsoft patch management). Join workplace join is native to Windows…
Network Security Groups
Network Security Groups on Azure Network Security Groups to perform segmentation in a virtual network (VNet). The feature also lets you control who enter and leaves a virtual machine connected to the VNet. This feature also allows the production of scenarios DMZ (demilitarized Zone). It is common to have in a local network of the front-end servers (iis,…) positioned in DMZ and the database or other servers in the local network. This allows for example to secure the data of…
Azure AD Groups
Groups on Azure AD The group management has been implemented in Azure AD, this feature allows easier administration of access to resources. These may be local (resources present in the Azure Active Directory) or external (SharePoint site, SAAS application,…). Access to a resource can be done in several ways:
Intune conditionnal access
Office 365 conditionnal access If you have a subscription intune and office 365, it is possible to configure the conditional access. This feature allows to control access to the boxes mail Office 365. Only devices enrolles in Microsoft Intune and respecting security defined constraints will have access to their mailbox Microsoft Office 365.
Hybrid Diagnostic tool
The different mode of intune Microsoft Intune can be used with two distinct modes. In stand-alone mode, the platform is present in the Microsoft cloud. No interaction with your information system. The facilities administration and management of the platform. This action takes place from the web portal. The second mode is more “complex” because it contains an intermediary more.
Azure Web Site
Azure Web Site The Azure platform allows host many resources and provide a lot of functionality. We’ll see today hosting a web site and a MySQL database in Azure. As for one host classical, Azure allows hosting site wordpres,… . The PHP functionality is available is allows execution of script.
Disaster Recovery Plan
Disaster Recovery Plan The PRA (disaster recovery Plan) is an important point in an information system. In fact it allows to quickly restart the infrastructure in the event of major crash. Several solutions offered to us, replication of virtual machines in a second center, in a datacenter, in Azure,… So let’s see here the reseating of a PRA with Azure Site Recovery.
Configure Azure VPN
You can use VPN Gateway to connect an Azure network and your network On premise. So you can have your ressources on azure and on local Network. How to configure VPN Gateway Before configure VPN Gateway, access to the Azure Portal (https://portal.azure.com/) and click Create ressource / Networking / Virtual Network.
Configure Azure CDN
Configure Azure CDN What is Azure CDN ? What is the usefulness of this feature ? How can implement you it ? These are all questions that may be asked before setting up Azure cdn for the first time. Azure CDN enables caching of web page, thus it helps ensure maximum throughput. These benefits are therefore made :
Backup File Azure
Why Backup File to Azure ? The backup is an important point that it is necessary to not to neglect. Backup outsourcing is a viable solution for a large number of business. Indeed, this allows to avoid material costs (server, tape drive, disk,…) but also the costs of training of backup as well as licensed software. More outsourcing to limit administration tasks. It is possible to undertake the externalize of backup in Microsoft Azure.
Device Group Mapping
With System Center Configuration Manager, it is very easy to implement dynamic collections to categorize internal and mobile devices from Intune. Thus the deployment of an application or a strategy is largely simplified. Indeed, on the basis of a criterion (OS, type network adapter,…) the different device are grouped in a collection. These work through inventory returned by mobile devices or not. In intune in SAAS mode, it is very difficult to have dynamic groups. The choice and much smaller…
Azure AD Connect Health
Azure AD Connect Health is a tool that allows the administrator to monitor infrastructure AD On Premise. Until now several tools was provides the administrator (Scom – System Center Operation Manager-, event log,…) It is now possible to conduct surveillance through Azure AD Connect Health. This can very quickly see performance alerts or sync error… You can also monitor your infrastructure ADFS (Active Directory Federation Service) 2.0 and 3.0.
Deploy Office 365
The Deployment of Office 365 (Office Click to run Office 2016) can be done in different ways. This article details the different steps for a deployment of this software with Microsoft Intune on a Windows 10 workstation managed as a mobile device.
Protect Enterprise Data
Enterprise mobility is widely used nowadays. Many employees now has a smartphone, tablet or both. It is common to find on these devices to enterprise data but also of personal data. The risk of disclosure of professional data is more important. Windows 10 offers an interesting feature EDP (Enterprise Data Protection). You can use EDP for this scenarios : Encryption of the data on personal and professional device. Remote wipe of business data on managed computers (personal data are not…
Help for enrollment process
You have choosen to install the Microsoft Intune Platform. After performing user synchronisation and configure Platform, it’s necessary to enroll the devices. This step is mandatory to apply rules or install application. so make sure the protection of corporate Data and manage device.Users cant access to the company portal if the device is not enroll into Microsoft Intune Platform.
Manage application
Managed Application in Intune Since few years, Microsoft had add into Intune plateforme the functionnality managed application. Microsoft Skype for Business (MAM with MDM) available now for iOS and Android Microsoft Dynamics CRM (MAM with MDM) available now for iOS and Android Adobe Reader (MAM with MDM) available now for iOS