Tags

Despite the effects of the cocktail consumed on an empty stomach becoming increasingly apparent as the episode progressed, 🥴 I managed to stay on track and explain why Platform Single Sign-On on macOS with Microsoft Entra and Microsoft Intune is such a big deal. 😀 Don’t miss this episode of AperiTeams! Thanks to Irene and Silvio for the super fun chat and the cocktail (by the way, DELICIOUS). Your IT Specialist,

Last October 9, 2024, the AperiTeams Conference Security Day 2024 took place at the Microsoft House in Milan and was streamed live. If you missed the live stream, no worries! All the event videos organized by Inside Technologies are now available online. As always, it was a great day! I had so much fun with my “partner on the stage” Simone Frigerio, and I hope it will be the first of many sessions together.

What a great day as always at the AperiTeams Conference Security Day! I had so much fun with Simone Frigerio and I hope this is the first of many sessions together. Special thanks to Silvio Di Benedetto and Irene Bugatti for giving me this amazing opportunity, and finally, thank you to everyone who followed us, both remotely and in-person. It’s always a pleasure to chat with those who attend in person after the sessions.

If you missed the live stream, no worries! Starting today, all the videos from the AperiTeams Conference (Modern Workplace Day) 2024, organized by Inside Technologies, are available online. It was my first participation and I had a great time, as always during such days where training and networking come together. Here’s the complete video of my session, where I discussed how Microsoft Defender XDR represents a significant step forward towards a unified tool for managing the security of our infrastructure, whether it’s in the cloud, hybrid, or multi-cloud.

Folks, I’m excited: I can finally announce that I will also be participating in the AperiTeams event on April 3rd, in the beautiful setting of the Microsoft House in Milan! When Silvio Di Benedetto invited me, I accepted with great joy! Here are all the details to participate. 👇🏻 📆 Wednesday, April 3 ⌚ 4:00 PM 🎟️ Registration: https://www.aperiteams.it In the session, I will talk about how Microsoft Defender XDR is a huge step towards a single control panel to oversee all aspects of security in our environment.

Despite the effects of the cocktail consumed on an empty stomach becoming increasingly apparent as the episode progressed, 🥴 I managed to stay on track and explain why Platform Single Sign-On on macOS with Microsoft Entra and Microsoft Intune is such a big deal. 😀 Don’t miss this episode of AperiTeams! Thanks to Irene and Silvio for the super fun chat and the cocktail (by the way, DELICIOUS). Your IT Specialist,

My personal holiday calendar says that after Halloween but before Christmas, there’s at least one more: WPC! 😀 WPC (November 26-27-28), the most important annual event in the Italian ICT landscape, is just around the corner! This year, I’ll be there again as a speaker, with a session that has a bit of a “crossover” flavor: Microsoft Intune and Apple macOS. Microsoft and Apple—a dualism that used to stir passions but, in my view, no longer has any reason to exist in terms of “opposition.

Last October 9, 2024, the AperiTeams Conference Security Day 2024 took place at the Microsoft House in Milan and was streamed live. If you missed the live stream, no worries! All the event videos organized by Inside Technologies are now available online. As always, it was a great day! I had so much fun with my “partner on the stage” Simone Frigerio, and I hope it will be the first of many sessions together.

What a great day as always at the AperiTeams Conference Security Day! I had so much fun with Simone Frigerio and I hope this is the first of many sessions together. Special thanks to Silvio Di Benedetto and Irene Bugatti for giving me this amazing opportunity, and finally, thank you to everyone who followed us, both remotely and in-person. It’s always a pleasure to chat with those who attend in person after the sessions.

The video of the session that my friend Davide Salsi and I held at Be Connected Day 12 on May 30, 2024, is finally online. In recent years, Microsoft Intune has been the main path towards a “Modern” device management. With the advent of AI and the release of new features, a new era in the device management paradigm is opening.​ In this session, we will see in detail how these latest solutions can contribute to a cloud-native management of endpoints:​

The video of the session I held at #POWERCON2024, where I talked about Microsoft Entra Conditional Access and why it is still a very important tool in 2024, is already online. Thanks to Nicola Ferrini and the ICTPower.it community for inviting me! If you want to watch all the videos from this wonderful day of training, here is the link to the playlist: #POWERCON2024 - All sessions of the day See you soon with some news!

It was a memorable BeConnected Day + CollabDays: so many people, a new and incredible location, everything vibrated with amazing energy that involved everyone, including the audience and speakers. Beautiful. We needed it. Thanks to my partner in crime on stage, Davide Salsi: yesterday, after the speech, someone literally told me “you guys make a great couple on stage.” 😅🤣 Thanks to Lodestar S.p.A., present in full force at the event, for choosing me to represent them along with Fabio Luinetti and Riccardo Fona.

The Global Azure in Turin always leaves me with great feelings: shaking hands, putting faces to the community members, laughing at the curses hurled at stuck slide changers, 🤣 sharing knowledge. A wonderful day, the kind that should never be missing, from time to time. Thank you to everyone who attended our session. Thanks to my “partner in crime on the stage” 😃 Pietro Visentin who did an extraordinary job in creating the content.

If you missed the live stream, no worries! Starting today, all the videos from the AperiTeams Conference (Modern Workplace Day) 2024, organized by Inside Technologies, are available online. It was my first participation and I had a great time, as always during such days where training and networking come together. Here’s the complete video of my session, where I discussed how Microsoft Defender XDR represents a significant step forward towards a unified tool for managing the security of our infrastructure, whether it’s in the cloud, hybrid, or multi-cloud.

Spring event season is in full swing! I’ll be among the speakers at the Global Azure event in Turin, alongside Pietro Visentin. We’ll be discussing Conditional Access: the latest updates, best practices, and why it’s becoming an increasingly vital tool in Zero Trust Security strategies. 🗓️ Saturday, April 20 📍 Turin - Fondazione ITS ICT - Via Jacopo Durandi, 13 🎟️ Info and registration I have a special connection to the Global Azure event in Turin, and I can’t wait to be there!

Morning at Microsoft Ignite Italy 2024, before heading to the watch party organized by Microsys!

Folks, I’m excited: I can finally announce that I will also be participating in the AperiTeams event on April 3rd, in the beautiful setting of the Microsoft House in Milan! When Silvio Di Benedetto invited me, I accepted with great joy! Here are all the details to participate. 👇🏻 📆 Wednesday, April 3 ⌚ 4:00 PM 🎟️ Registration: https://www.aperiteams.it In the session, I will talk about how Microsoft Defender XDR is a huge step towards a single control panel to oversee all aspects of security in our environment.

⚠️ 🇮🇹 To my Italian speaking followers! A few days ago, the winter edition of #POWERCON2023, an online conference organized by the ICTPower.it community, took place. It is certainly correct to say that Microsoft Intune is an MDM, and its main purpose is to manage devices. However, paraphrasing a famous song from the ’80s, “beyond the endpoints, there is more”! Intune is, in fact, the pivotal tool through which to implement and deploy an infinite variety of security settings, in addition to Microsoft Defender for Endpoint configurations.

⚠️ 🇮🇹 To my Italian speaking followers! Just finished one event, and here I am jumping into another, one that I hold dear to my heart: thrilled to announce that I will be among the speakers at #POWERCON2023 organized by the folks at ICT Power! 📌 When? 🗓️ 6 december 2023 from 9.00 AM till 5.30 PM 🙋🏻‍♂️ My session will be at 11:00 AM 📌 Where? 💻 Online, all the details here 👇🏻

As always, WPC is a mix of emotions, meetings, and learning: experiencing all of this is always incredible. I can’t wait for WPC 2024! 😃 Without too many words, here are some snapshots from this super intense 3-day event. View this post on Instagram A post shared by Riccardo Corna (@itspecialistcloud) Your IT Specialist, Riccardo

A few days ago, the #POWERCON2023 was held, an online conference organized by the ICTPower.it community. As always, I was very happy to participate, and this year, I chose to present a session on Windows Hello for Business, discussing an aspect that I believe is underestimated and not well-known to most: Windows Hello for Business is a passwordless and multi-factor authentication! Do you want to know why and how it works?

🗓️ #SaveTheDate July 14, 2023: one last exciting event before going on vacation, the #POWERCON2023! A whole day with many sessions together with industry experts, talking about security, Microsoft Entra, Intune, Virtual Desktop and Windows 365, Defender for Endpoint, and much more. In short, I would probably run out of characters in a LinkedIn post if I wanted to list everything. 🗓️ When? 14 Luglio 2023 🌍 Where? Online, all the information to register can be found at these links:

The video of the session Artificial Intelligence in the Service of Cybersecurity: From 0 to Microsoft Security Copilot that I held (together with Michele Sensalari) at Be Connected Day 11 on June 15, 2023, in Bologna, is now available online. For convenience, I have embedded the video to start directly at the beginning of our presentation, but from the same link, you can actually watch the live stream of the entire day.

What a beautiful day I had yesterday! So many inspiring contents, lots of friends to greet, many new people to meet, and plenty of ideas to develop for the community. As always, it was a fantastic #BeConnectedDay. Thanks to BeConnected and Microsys for giving me the opportunity to participate, to Michele Sensalari, with whom I had the honor of sharing the stage, to all my colleagues in the SEC track, and lastly, to all the people from the communities I met—it’s fantastic to see each other in person!

Here we go! Tomorrow is #BeConnectedDay with Michele Sensalari and many other friends. Don’t miss our session at 15:25 in Main Room Sirio P27 for those attending in person or via streaming for those following from home! 📌 There is still time to register for the streaming! 📌 Want to learn more about our session? 📌 Complete event agenda See you tomorrow! Riccardo

On March 8, 2023, a joint event was held between the Microsoft Intune Italian Users Group and the Microsoft Security Italian Users Group: the video of the sessions is now available. Together with the legendary Michele Sensalari, we talked about certificate-based authentication on Azure AD. Marco Moioli and Davide Salsi, on the other hand, delved into how to use the MAM (Mobile Application Management) features of Intune to provide security in BYOD scenarios, and Davide also demonstrated the new Microsoft Tunnel for Mobile.

Despite the effects of the cocktail consumed on an empty stomach becoming increasingly apparent as the episode progressed, 🥴 I managed to stay on track and explain why Platform Single Sign-On on macOS with Microsoft Entra and Microsoft Intune is such a big deal. 😀 Don’t miss this episode of AperiTeams! Thanks to Irene and Silvio for the super fun chat and the cocktail (by the way, DELICIOUS). Your IT Specialist,

Here’s the news we love on Mondays! 😍 Introducing the Microsoft Mac Admins Community, a new online community for IT professionals passionate about using Microsoft products on Apple Mac devices within enterprises! Here’s a direct quote: “This community is a place where Mac administrators working with Microsoft 365 or Intune management for Mac can connect with other users, share experiences and best practices, learn from experts and colleagues, get help with common issues, and draw inspiration from the latest innovations.

About 2 years ago (June 2021), I had fun experimenting with a new feature that was in preview: macOS Single Sign-On (SSO) for Azure AD on Microsoft 365 applications and services. ⚠️ Update as of June 1, 2023 The “Microsoft Azure AD” plug-in is finally in General Availability and is ready to use in production environments! You might be wondering, “What on earth is it for?” This feature allows you to authenticate yourself and your fantastic Mac more easily to Microsoft 365 services and applications without repeated credential prompts, making the user experience even smoother and seamless.

This news was from the end of January, but amidst the chaos of activities and news, I can finally share it now: native management of macOS updates in Intune! Prior to this functionality, managing updates for Macs enrolled in Intune was not very straightforward: scripts, third-party solutions, or user self-service management were required. With this new set of features, it will be possible to natively manage the following types of updates from the Intune interface:

Despite the effects of the cocktail consumed on an empty stomach becoming increasingly apparent as the episode progressed, 🥴 I managed to stay on track and explain why Platform Single Sign-On on macOS with Microsoft Entra and Microsoft Intune is such a big deal. 😀 Don’t miss this episode of AperiTeams! Thanks to Irene and Silvio for the super fun chat and the cocktail (by the way, DELICIOUS). Your IT Specialist,

After reaching the first milestone of our lab, it’s time to do a little recap. Below is the complete list of the first videos in the “The Lab” series, from creating the Active Directory forest to the first Windows Entra Joined client and its behavior in an on-premises environment. 📺 The LAB - Episode 0 - Introduction to the Lab 📺 The LAB - Episode 1 - Creating an Active Directory Forest and Setting Up a Domain Controller

Today we see the first concrete result of building our hybrid lab inspired by a modern management of identities and devices: we will test together if a Windows Entra Joined PC can access an on-premises resource in single sign-on, specifically a file server. Will it work? You’ll see in the video :) Video You can find the full video below, or you can continue reading the article. SSO on On-Premises Resources with a Windows Entra Joined PC Introduction IT specialists, hello everyone!

🚨 If, like me, you’ve had intense weeks and missed the latest episode of Defender for Podcast, don’t worry, here’s all the info you need. Spoiler: we talk about passwordless and, above all, Passkey! In particular: Multi-factor authentication is not perfect, what are the risks and issues? Microsoft Authenticator FIDO 2 keys Certificate-based authentication Passkey Lots to discuss, plenty of useful information, and a pinch of fun (don’t miss the “Goat dance”).

⚠️ Warning for English-speaking followers: this podcast is in Italian language ⚠️ Fun chat, lightning-fast editing: the episode of Azure Italy Podcast that I was a guest on is already available online! 🎙️ You can find it here: ➡️ Azure Italia Podcast - Puntata 11 - Da Azure AD a Entra ID con Riccardo Corna And on all the other major podcast platforms: Apple, Amazon, etc. 😉 Beyond this episode, I recommend subscribing to the podcast so you don’t miss any: it’s rare to find content like this in the Italian language, and Carlo Sacchi is doing an excellent job!

Despite the effects of the cocktail consumed on an empty stomach becoming increasingly apparent as the episode progressed, 🥴 I managed to stay on track and explain why Platform Single Sign-On on macOS with Microsoft Entra and Microsoft Intune is such a big deal. 😀 Don’t miss this episode of AperiTeams! Thanks to Irene and Silvio for the super fun chat and the cocktail (by the way, DELICIOUS). Your IT Specialist,

After reaching the first milestone of our lab, it’s time to do a little recap. Below is the complete list of the first videos in the “The Lab” series, from creating the Active Directory forest to the first Windows Entra Joined client and its behavior in an on-premises environment. 📺 The LAB - Episode 0 - Introduction to the Lab 📺 The LAB - Episode 1 - Creating an Active Directory Forest and Setting Up a Domain Controller

Waiting for “good news” at the beginning of 2024, let’s review the latest updates from Intune (release 2312), especially those that catch our attention from a security perspective: Edge Security baselines updated to v117 Support for new variables {{username}} {{devicename}} in non-compliance communication emails New visualization in the reporting of the Defender for Endpoint connector New settings in Antivirus policies (RandomizeScheduledTaskTimes and SchedulerRandomizationTime) New status metric for Microsoft Tunnel (TLS certificate revocation) Of course, these are just some of the updates.

Despite the effects of the cocktail consumed on an empty stomach becoming increasingly apparent as the episode progressed, 🥴 I managed to stay on track and explain why Platform Single Sign-On on macOS with Microsoft Entra and Microsoft Intune is such a big deal. 😀 Don’t miss this episode of AperiTeams! Thanks to Irene and Silvio for the super fun chat and the cocktail (by the way, DELICIOUS). Your IT Specialist,

Last October 9, 2024, the AperiTeams Conference Security Day 2024 took place at the Microsoft House in Milan and was streamed live. If you missed the live stream, no worries! All the event videos organized by Inside Technologies are now available online. As always, it was a great day! I had so much fun with my “partner on the stage” Simone Frigerio, and I hope it will be the first of many sessions together.

After a brief behind-the-scenes look a few days ago, here we are: Defender for Podcast, new season! This year, some new features: new locations and guests! And, speaking of guests, we couldn’t have started better: with us Carlo Mauceli for this first episode! What did we talk about? 🎯 Geopolitics and the use of cyberattacks in war scenarios 🎯 Evolution of attack tactics through Artificial Intelligence 🎯 The black market where anyone can become a hacker

The video of the session that my friend Davide Salsi and I held at Be Connected Day 12 on May 30, 2024, is finally online. In recent years, Microsoft Intune has been the main path towards a “Modern” device management. With the advent of AI and the release of new features, a new era in the device management paradigm is opening.​ In this session, we will see in detail how these latest solutions can contribute to a cloud-native management of endpoints:​

After reaching the first milestone of our lab, it’s time to do a little recap. Below is the complete list of the first videos in the “The Lab” series, from creating the Active Directory forest to the first Windows Entra Joined client and its behavior in an on-premises environment. 📺 The LAB - Episode 0 - Introduction to the Lab 📺 The LAB - Episode 1 - Creating an Active Directory Forest and Setting Up a Domain Controller

Today we see the first concrete result of building our hybrid lab inspired by a modern management of identities and devices: we will test together if a Windows Entra Joined PC can access an on-premises resource in single sign-on, specifically a file server. Will it work? You’ll see in the video :) Video You can find the full video below, or you can continue reading the article. SSO on On-Premises Resources with a Windows Entra Joined PC Introduction IT specialists, hello everyone!

🚨 If, like me, you’ve had intense weeks and missed the latest episode of Defender for Podcast, don’t worry, here’s all the info you need. Spoiler: we talk about passwordless and, above all, Passkey! In particular: Multi-factor authentication is not perfect, what are the risks and issues? Microsoft Authenticator FIDO 2 keys Certificate-based authentication Passkey Lots to discuss, plenty of useful information, and a pinch of fun (don’t miss the “Goat dance”).

Hello IT specialists! We are finally at a turning point in creating our hybrid lab, which until now has been very little hybrid, since we created an AD forest and installed a Certification Authority, all on-prem components. Video Find the full video below, or you can continue reading the article. Installing and Configuring Microsoft Entra Connect Today, we prepare our environment for the installation, configuration, and activation of Entra Connect. Yes, we are finally hybridizing our environment, synchronizing identities with Entra ID.

If you missed the live stream, no worries! Starting today, all the videos from the AperiTeams Conference (Modern Workplace Day) 2024, organized by Inside Technologies, are available online. It was my first participation and I had a great time, as always during such days where training and networking come together. Here’s the complete video of my session, where I discussed how Microsoft Defender XDR represents a significant step forward towards a unified tool for managing the security of our infrastructure, whether it’s in the cloud, hybrid, or multi-cloud.

🚨 New episode of Copilot for Pod… oops… no… sorry, I meant Defender for Podcast! 🤣 With all these Copilots, I’m getting a bit carried away! Caught up in a frenzy of memes and various quotes (absolute gems not to be missed), Marco Moioli (henceforth known as Mar-Copilot) and I couldn’t miss the opportunity to talk about the current star: Copilot for Security! We’ll explore what it is, how it integrates with various Microsoft products, and, most importantly, share our impressions on the significant value this product brings.

Every forest and Active Directory domain should have LDAPS implemented, but in very few cases is it actually implemented. The topic can be intimidating because it involves certificates, but once you understand some basic concepts, it’s easier to tame than it seems. Let’s see how to implement it! Video You can find the entire video below, or you can continue reading the article. Article With all this talk about the cloud, I realized that I have neglected our beloved Active Directory!

Morning at Microsoft Ignite Italy 2024, before heading to the watch party organized by Microsys!

We’re getting used to it! Here we are with the second episode of Defender for Podcast, where we talk about training! We’ll try to organize the multitude of resources available for training in Microsoft Security: Official resources such as the Learn platform SC certifications that allow validating your skills but also the brand new Applied Skills Blogs, YouTube channels, and other useful resources 🚨 If you enjoy this content and want to make sure you don’t miss any updates, we invite you to join our community!

⚠️ 🇮🇹 To my Italian speaking followers! In this first episode of Defender for Podcast, we try to focus on what the term “Microsoft Security” means: what it encompasses, which areas it involves? We will explore all of this from different perspectives: How to navigate in terms of licensing and which areas are covered by consumption and which by license. Within the licensed offering, at a high level, what is the ideal license/suite in relation to the type of company/reality: we will try to map this out.

⚠️ 🇮🇹 To my Italian speaking followers! A few days ago, the winter edition of #POWERCON2023, an online conference organized by the ICTPower.it community, took place. It is certainly correct to say that Microsoft Intune is an MDM, and its main purpose is to manage devices. However, paraphrasing a famous song from the ’80s, “beyond the endpoints, there is more”! Intune is, in fact, the pivotal tool through which to implement and deploy an infinite variety of security settings, in addition to Microsoft Defender for Endpoint configurations.

A few days ago, the #POWERCON2023 was held, an online conference organized by the ICTPower.it community. As always, I was very happy to participate, and this year, I chose to present a session on Windows Hello for Business, discussing an aspect that I believe is underestimated and not well-known to most: Windows Hello for Business is a passwordless and multi-factor authentication! Do you want to know why and how it works?

As anticipated a few days ago, today we begin a series of short video clips, lasting no more than a couple of minutes, where I demonstrate activities and procedures that most people take for granted but, for various reasons, may not be so straightforward. Welcome to “The Lab Series”! Today, we have a quick-and-dirty procedure for installing the Azure AD Application Proxy connector. Useful documentation for further reference: 📄 Tutorial: Add an on-premises application for remote access through Application Proxy in Azure Active Directory

📰 News: Starting this week, I will be experimenting with a new format called “The Lab Series” in addition to the usual videos. ❓ What is “The Lab Series”? It will be a video of no more than a couple of minutes, without me blabbering, just pure content, like a little pill. ❓ What will it be about and who is it aimed at? It will cover practical and straightforward topics that 95% of professionals consider trivial or obvious but may not be so for someone else.

The video of the session Artificial Intelligence in the Service of Cybersecurity: From 0 to Microsoft Security Copilot that I held (together with Michele Sensalari) at Be Connected Day 11 on June 15, 2023, in Bologna, is now available online. For convenience, I have embedded the video to start directly at the beginning of our presentation, but from the same link, you can actually watch the live stream of the entire day.

Since 1994, Microsoft has been involved in device management: first with SMS, which later became SCCM, and then in 2011, with the advent of mobile devices, the Mobile Device Management service called Intune was created, which has grown… and grown… And today, it has become a suite! Let’s clarify the various pieces of technology we can find within this suite with Maura Perra, Technical Specialist in Cloud Endpoint for Microsoft!

I have tried the new Windows LAPS (Local Administrator Password Solution) with direct support for Entra ID. If you have Windows 11 machines (which natively support it), it is really simple and fast to implement. Here are some useful information: 📌 No licensing requirement, available from Entra ID Free and above 📌 Supported operating systems: Windows 11 22H2 - April 11, 2023 Update Windows 11 21H2 - April 11, 2023 Update Windows 10 20H2, 21H2, and 22H2 - April 11, 2023 Update Windows Server 2022 - April 11, 2023 Update Windows Server 2019 - April 11, 2023 Update In the video, besides configuring the Intune profile to re-enable the built-in local Administrator, I also tested a slightly more specific scenario by renaming the Administrator.

On March 22, 2023, the Microsys event “Tech Bits: Modern Endpoint Management” took place, and now the video of the event is available! Together with the legendary Paolo Bodini, we presented the 10 key elements to consider for modern management of corporate and personal devices. Enjoy watching! Riccardo

Why Windows Hello for Business is the Multi-Factor Authentication for Windows login and how to configure it via Intune in Azure AD Kerberos Cloud Trust mode, through the Settings Catalog. Below is the documentation I refer to in the video: 📄 Windows Hello for Business Overview 📄 How Windows Hello for Business works in Windows Devices 📄 Windows Hello for Business and Authentication 📄 Cloud Kerberos trust deployment 📄 Enable passwordless security key sign-in to on-premises resources by using Azure AD Have you implemented Windows Hello for Business?

Here we are with a new episode of “A Coffee with…”! Today’s protagonist is Elisa Pirrone, CSA Security for Microsoft Italy. Together with her, we will talk about disabling legacy protocols, creating conditional access policies, best practices, and why Windows Hello for Business is an MFA! Here are some additional links for further information: Common Conditional Access policy: Block legacy authentication Windows Hello for Business Overview How Windows Hello for Business works in Windows Devices Don’t forget to subscribe to our other channels as well:

A few days ago, I came across a very interesting article from the Intune Customer Success Team. The article discusses how to configure BitLocker through the Intune Settings Catalog. This piqued my curiosity because, considering the Settings Catalog, there are now three different ways to deploy BitLocker from Intune. I wanted to understand the advantages of using the Settings Catalog compared to the already available methods. Here’s my experience! ⚠️ As mentioned in the video: the settings you see were done for purely educational and illustrative purposes.

Today’s episode is a true injection of caffeine and valuable resources: Valeria Sava talks to us about ADFS and how to retire it by migrating applications to Azure AD. Are you interested? Yes? Then after watching the video, don’t miss this workshop in Italian dedicated to this very topic! Valeria and I extensively discussed it while enjoying our coffee. Here are all the details! 🗓️ March 28, 2023 ➡️ Microsoft Workshops: How to successfully migrate away from AD FS to Azure AD

It took me a while to make this video, but finally, here I am: Azure Virtual Desktop Single Sign-On to Azure AD. One of the main “criticisms” always directed at AVD is the double authentication, which many consider a hassle. With Single Sign-On, the process becomes smoother, and the required authentications decrease. Could I have just shown you the simple SSO? Clearly NO, so I even included a FIDO2 security key in it!

On March 8, 2023, a joint event was held between the Microsoft Intune Italian Users Group and the Microsoft Security Italian Users Group: the video of the sessions is now available. Together with the legendary Michele Sensalari, we talked about certificate-based authentication on Azure AD. Marco Moioli and Davide Salsi, on the other hand, delved into how to use the MAM (Mobile Application Management) features of Intune to provide security in BYOD scenarios, and Davide also demonstrated the new Microsoft Tunnel for Mobile.

“How can we leverage a public cloud while maintaining a proper security posture?” Today, we ask this question (while sipping a cup of coffee) to Francesco Molfese (MVP), who has a clear understanding of how to maintain the right level of security both in the cloud and on-premises. Here are some additional links for further reading: Francesco’s blog Defender for Cloud Don’t forget to follow us on our social channels as well:

📺 New video: Today I’ll tell you about Temporary Access Pass in Azure AD and how it can be useful in specific situations. ☑️ Onboarding a user to register a passwordless authentication method ☑️ Recovery of a lost or unusable passwordless access ☑️ Initialization of a Windows Autopilot device ☑️ Joining a device to Azure AD ☑️ Initial setup of Windows Hello for Business All the details in the video!

My personal holiday calendar says that after Halloween but before Christmas, there’s at least one more: WPC! 😀 WPC (November 26-27-28), the most important annual event in the Italian ICT landscape, is just around the corner! This year, I’ll be there again as a speaker, with a session that has a bit of a “crossover” flavor: Microsoft Intune and Apple macOS. Microsoft and Apple—a dualism that used to stir passions but, in my view, no longer has any reason to exist in terms of “opposition.

Last October 9, 2024, the AperiTeams Conference Security Day 2024 took place at the Microsoft House in Milan and was streamed live. If you missed the live stream, no worries! All the event videos organized by Inside Technologies are now available online. As always, it was a great day! I had so much fun with my “partner on the stage” Simone Frigerio, and I hope it will be the first of many sessions together.

After a brief behind-the-scenes look a few days ago, here we are: Defender for Podcast, new season! This year, some new features: new locations and guests! And, speaking of guests, we couldn’t have started better: with us Carlo Mauceli for this first episode! What did we talk about? 🎯 Geopolitics and the use of cyberattacks in war scenarios 🎯 Evolution of attack tactics through Artificial Intelligence 🎯 The black market where anyone can become a hacker

🚨 New episode of Copilot for Pod… oops… no… sorry, I meant Defender for Podcast! 🤣 With all these Copilots, I’m getting a bit carried away! Caught up in a frenzy of memes and various quotes (absolute gems not to be missed), Marco Moioli (henceforth known as Mar-Copilot) and I couldn’t miss the opportunity to talk about the current star: Copilot for Security! We’ll explore what it is, how it integrates with various Microsoft products, and, most importantly, share our impressions on the significant value this product brings.

After a brief behind-the-scenes look a few days ago, here we are: Defender for Podcast, new season! This year, some new features: new locations and guests! And, speaking of guests, we couldn’t have started better: with us Carlo Mauceli for this first episode! What did we talk about? 🎯 Geopolitics and the use of cyberattacks in war scenarios 🎯 Evolution of attack tactics through Artificial Intelligence 🎯 The black market where anyone can become a hacker

After a brief behind-the-scenes look a few days ago, here we are: Defender for Podcast, new season! This year, some new features: new locations and guests! And, speaking of guests, we couldn’t have started better: with us Carlo Mauceli for this first episode! What did we talk about? 🎯 Geopolitics and the use of cyberattacks in war scenarios 🎯 Evolution of attack tactics through Artificial Intelligence 🎯 The black market where anyone can become a hacker

🚨 If, like me, you’ve had intense weeks and missed the latest episode of Defender for Podcast, don’t worry, here’s all the info you need. Spoiler: we talk about passwordless and, above all, Passkey! In particular: Multi-factor authentication is not perfect, what are the risks and issues? Microsoft Authenticator FIDO 2 keys Certificate-based authentication Passkey Lots to discuss, plenty of useful information, and a pinch of fun (don’t miss the “Goat dance”).

🚨 New episode of Copilot for Pod… oops… no… sorry, I meant Defender for Podcast! 🤣 With all these Copilots, I’m getting a bit carried away! Caught up in a frenzy of memes and various quotes (absolute gems not to be missed), Marco Moioli (henceforth known as Mar-Copilot) and I couldn’t miss the opportunity to talk about the current star: Copilot for Security! We’ll explore what it is, how it integrates with various Microsoft products, and, most importantly, share our impressions on the significant value this product brings.

We’re getting used to it! Here we are with the second episode of Defender for Podcast, where we talk about training! We’ll try to organize the multitude of resources available for training in Microsoft Security: Official resources such as the Learn platform SC certifications that allow validating your skills but also the brand new Applied Skills Blogs, YouTube channels, and other useful resources 🚨 If you enjoy this content and want to make sure you don’t miss any updates, we invite you to join our community!

⚠️ 🇮🇹 To my Italian speaking followers! In this first episode of Defender for Podcast, we try to focus on what the term “Microsoft Security” means: what it encompasses, which areas it involves? We will explore all of this from different perspectives: How to navigate in terms of licensing and which areas are covered by consumption and which by license. Within the licensed offering, at a high level, what is the ideal license/suite in relation to the type of company/reality: we will try to map this out.

After a brief behind-the-scenes look a few days ago, here we are: Defender for Podcast, new season! This year, some new features: new locations and guests! And, speaking of guests, we couldn’t have started better: with us Carlo Mauceli for this first episode! What did we talk about? 🎯 Geopolitics and the use of cyberattacks in war scenarios 🎯 Evolution of attack tactics through Artificial Intelligence 🎯 The black market where anyone can become a hacker

⚠️ 🇮🇹 To my Italian speaking followers! A few days ago, the winter edition of #POWERCON2023, an online conference organized by the ICTPower.it community, took place. It is certainly correct to say that Microsoft Intune is an MDM, and its main purpose is to manage devices. However, paraphrasing a famous song from the ’80s, “beyond the endpoints, there is more”! Intune is, in fact, the pivotal tool through which to implement and deploy an infinite variety of security settings, in addition to Microsoft Defender for Endpoint configurations.

Hi everyone! 🌟 During the summer of 2024 and even now, as most of us have settled back into our usual routines, I haven’t posted much: some people have started asking me, “Where are you? Is everything okay? You haven’t posted anything lately!” 😃 Here’s an update! Actually, nothing particular has happened. Firstly, my new work experience is absorbing me, which is normal, especially in these early stages. Moreover, in this new position, I am now focusing on Modern Work and no longer vertically on Security!

The video of the session that my friend Davide Salsi and I held at Be Connected Day 12 on May 30, 2024, is finally online. In recent years, Microsoft Intune has been the main path towards a “Modern” device management. With the advent of AI and the release of new features, a new era in the device management paradigm is opening.​ In this session, we will see in detail how these latest solutions can contribute to a cloud-native management of endpoints:​

The video of the session that my friend Davide Salsi and I held at Be Connected Day 12 on May 30, 2024, is finally online. In recent years, Microsoft Intune has been the main path towards a “Modern” device management. With the advent of AI and the release of new features, a new era in the device management paradigm is opening.​ In this session, we will see in detail how these latest solutions can contribute to a cloud-native management of endpoints:​

The video of the session that my friend Davide Salsi and I held at Be Connected Day 12 on May 30, 2024, is finally online. In recent years, Microsoft Intune has been the main path towards a “Modern” device management. With the advent of AI and the release of new features, a new era in the device management paradigm is opening.​ In this session, we will see in detail how these latest solutions can contribute to a cloud-native management of endpoints:​

⚠️ 🇮🇹 To my Italian speaking followers! A few days ago, the winter edition of #POWERCON2023, an online conference organized by the ICTPower.it community, took place. It is certainly correct to say that Microsoft Intune is an MDM, and its main purpose is to manage devices. However, paraphrasing a famous song from the ’80s, “beyond the endpoints, there is more”! Intune is, in fact, the pivotal tool through which to implement and deploy an infinite variety of security settings, in addition to Microsoft Defender for Endpoint configurations.

Intune Organizational Messages are coming to Intune (GA as of 31/5)! Organizing a communication campaign towards users for urgent updates or the release of new configurations that impact the user experience will now be easier. Here are the key licensing and requirements details. 📌 Licenses Microsoft 365 E3 Microsoft 365 E5 Windows 10/11 Enterprise E3 with Microsoft Intune Plan 1 Windows 10/11 Enterprise E5 with Microsoft Intune Plan 1 📌 Operating Systems

IT specialists, hello everyone! In this video, we will see the tools that Azure AD and Intune provide us with to manage local group membership. Video You can find the entire video below, or you can continue reading the article. Article After playing with the new Windows LAPS in my previous video, I was reviewing the list of local administrators on my lab machine, and since the machine is registered in Azure AD Join, the Azure AD user who joined it has become an administrator.

On March 22, 2023, the Microsys event “Tech Bits: Modern Endpoint Management” took place, and now the video of the event is available! Together with the legendary Paolo Bodini, we presented the 10 key elements to consider for modern management of corporate and personal devices. Enjoy watching! Riccardo

A few days ago, I came across a very interesting article from the Intune Customer Success Team. The article discusses how to configure BitLocker through the Intune Settings Catalog. This piqued my curiosity because, considering the Settings Catalog, there are now three different ways to deploy BitLocker from Intune. I wanted to understand the advantages of using the Settings Catalog compared to the already available methods. Here’s my experience! ⚠️ As mentioned in the video: the settings you see were done for purely educational and illustrative purposes.

This news was from the end of January, but amidst the chaos of activities and news, I can finally share it now: native management of macOS updates in Intune! Prior to this functionality, managing updates for Macs enrolled in Intune was not very straightforward: scripts, third-party solutions, or user self-service management were required. With this new set of features, it will be possible to natively manage the following types of updates from the Intune interface:

On March 8, 2023, a joint event was held between the Microsoft Intune Italian Users Group and the Microsoft Security Italian Users Group: the video of the sessions is now available. Together with the legendary Michele Sensalari, we talked about certificate-based authentication on Azure AD. Marco Moioli and Davide Salsi, on the other hand, delved into how to use the MAM (Mobile Application Management) features of Intune to provide security in BYOD scenarios, and Davide also demonstrated the new Microsoft Tunnel for Mobile.

The video of the session that my friend Davide Salsi and I held at Be Connected Day 12 on May 30, 2024, is finally online. In recent years, Microsoft Intune has been the main path towards a “Modern” device management. With the advent of AI and the release of new features, a new era in the device management paradigm is opening.​ In this session, we will see in detail how these latest solutions can contribute to a cloud-native management of endpoints:​

As a follow-up to the CrowdStrike Falcon agent issue impacting Windows clients and servers, Microsoft released a USB tool to help IT Admins expedite the repair process. The signed Microsoft Recovery Tool can be found in the Microsoft Download Center: ➡️ New Recovery Tool to help with CrowdStrike issue impacting Windows endpoints The steps to use the tool are detailed in the article linked above. Your IT Specialist, Riccardo

As a follow-up to the CrowdStrike Falcon agent issue impacting Windows clients and servers, Microsoft released a USB tool to help IT Admins expedite the repair process. The signed Microsoft Recovery Tool can be found in the Microsoft Download Center: ➡️ New Recovery Tool to help with CrowdStrike issue impacting Windows endpoints The steps to use the tool are detailed in the article linked above. Your IT Specialist, Riccardo

And here I am, on my “first day of school””" at Microsoft, starting a “new-old” adventure. Old because I’ve been working with these products daily for 17 years and because I will meet many people I already know. New because, in my new role as a Cloud Solution Architect, the perspective from which I will see them is definitely different and exciting. Let’s get started! 🤩 View this post on Instagram A post shared by Riccardo Corna (@itspecialistcloud)

Here’s the news we love on Mondays! 😍 Introducing the Microsoft Mac Admins Community, a new online community for IT professionals passionate about using Microsoft products on Apple Mac devices within enterprises! Here’s a direct quote: “This community is a place where Mac administrators working with Microsoft 365 or Intune management for Mac can connect with other users, share experiences and best practices, learn from experts and colleagues, get help with common issues, and draw inspiration from the latest innovations.

And here I am, on my “first day of school””" at Microsoft, starting a “new-old” adventure. Old because I’ve been working with these products daily for 17 years and because I will meet many people I already know. New because, in my new role as a Cloud Solution Architect, the perspective from which I will see them is definitely different and exciting. Let’s get started! 🤩 View this post on Instagram A post shared by Riccardo Corna (@itspecialistcloud)

After reaching the first milestone of our lab, it’s time to do a little recap. Below is the complete list of the first videos in the “The Lab” series, from creating the Active Directory forest to the first Windows Entra Joined client and its behavior in an on-premises environment. 📺 The LAB - Episode 0 - Introduction to the Lab 📺 The LAB - Episode 1 - Creating an Active Directory Forest and Setting Up a Domain Controller

Today we see the first concrete result of building our hybrid lab inspired by a modern management of identities and devices: we will test together if a Windows Entra Joined PC can access an on-premises resource in single sign-on, specifically a file server. Will it work? You’ll see in the video :) Video You can find the full video below, or you can continue reading the article. SSO on On-Premises Resources with a Windows Entra Joined PC Introduction IT specialists, hello everyone!

Hello IT specialists! We are finally at a turning point in creating our hybrid lab, which until now has been very little hybrid, since we created an AD forest and installed a Certification Authority, all on-prem components. Video Find the full video below, or you can continue reading the article. Installing and Configuring Microsoft Entra Connect Today, we prepare our environment for the installation, configuration, and activation of Entra Connect. Yes, we are finally hybridizing our environment, synchronizing identities with Entra ID.

Every forest and Active Directory domain should have LDAPS implemented, but in very few cases is it actually implemented. The topic can be intimidating because it involves certificates, but once you understand some basic concepts, it’s easier to tame than it seems. Let’s see how to implement it! Video You can find the entire video below, or you can continue reading the article. Article With all this talk about the cloud, I realized that I have neglected our beloved Active Directory!

IT Specialists, hello everyone! Today a very fast but fundamental video: we add the second piece of the lab, putting a Certification Authority on track. Video Find the entire video below, or you can continue reading the article. Why is a Certification Authority useful in the lab? Here’s why a Certification Authority can be useful in the lab: Because a CA is always useful, regardless. 😊 Because I want to implement LDAPS on Active Directory right away (and the next video will talk about this).

IT Specialists, hello everyone! Finally, we are truly getting our hands dirty in this lab: today, we create the on-premises Active Directory forest (and domain) needed for our hybrid environment. Video Find the entire video below, or you can continue reading the article. Before We Begin Just a couple of observations. First observation: as mentioned in the previous video, what I will show you in building the lab will be seen more from the perspective of identity (users and devices) and their security.

IT Specialists, hello everyone! It’s been a while since we last met on video, but despite that, during these months of absence, I’ve been scheming in the shadows, advancing other projects and initiatives, the results of which you will see on my channels and the Microsoft Security Italian Users Group community. 😉 But enough chit-chat, this is neither the video nor the right occasion to tell you the why, the how, etc.

The video of the session I held at #POWERCON2024, where I talked about Microsoft Entra Conditional Access and why it is still a very important tool in 2024, is already online. Thanks to Nicola Ferrini and the ICTPower.it community for inviting me! If you want to watch all the videos from this wonderful day of training, here is the link to the playlist: #POWERCON2024 - All sessions of the day See you soon with some news!

I look forward to seeing you on Friday, June 14 at the next #POWERCON2024 with a session on Conditional Access: new features, advanced usage ideas, and the reasons why, in 2024, it is increasingly a fundamental security tool. For information, registration, and all agenda details: ➡️ #POWERCON2024 – Digital Revolution in Action – Free Online Event

I look forward to seeing you on Friday, June 14 at the next #POWERCON2024 with a session on Conditional Access: new features, advanced usage ideas, and the reasons why, in 2024, it is increasingly a fundamental security tool. For information, registration, and all agenda details: ➡️ #POWERCON2024 – Digital Revolution in Action – Free Online Event

Today we see the first concrete result of building our hybrid lab inspired by a modern management of identities and devices: we will test together if a Windows Entra Joined PC can access an on-premises resource in single sign-on, specifically a file server. Will it work? You’ll see in the video :) Video You can find the full video below, or you can continue reading the article. SSO on On-Premises Resources with a Windows Entra Joined PC Introduction IT specialists, hello everyone!

Hello IT specialists! We are finally at a turning point in creating our hybrid lab, which until now has been very little hybrid, since we created an AD forest and installed a Certification Authority, all on-prem components. Video Find the full video below, or you can continue reading the article. Installing and Configuring Microsoft Entra Connect Today, we prepare our environment for the installation, configuration, and activation of Entra Connect. Yes, we are finally hybridizing our environment, synchronizing identities with Entra ID.

Every forest and Active Directory domain should have LDAPS implemented, but in very few cases is it actually implemented. The topic can be intimidating because it involves certificates, but once you understand some basic concepts, it’s easier to tame than it seems. Let’s see how to implement it! Video You can find the entire video below, or you can continue reading the article. Article With all this talk about the cloud, I realized that I have neglected our beloved Active Directory!

IT Specialists, hello everyone! Finally, we are truly getting our hands dirty in this lab: today, we create the on-premises Active Directory forest (and domain) needed for our hybrid environment. Video Find the entire video below, or you can continue reading the article. Before We Begin Just a couple of observations. First observation: as mentioned in the previous video, what I will show you in building the lab will be seen more from the perspective of identity (users and devices) and their security.

Today we see the first concrete result of building our hybrid lab inspired by a modern management of identities and devices: we will test together if a Windows Entra Joined PC can access an on-premises resource in single sign-on, specifically a file server. Will it work? You’ll see in the video :) Video You can find the full video below, or you can continue reading the article. SSO on On-Premises Resources with a Windows Entra Joined PC Introduction IT specialists, hello everyone!

Today we see the first concrete result of building our hybrid lab inspired by a modern management of identities and devices: we will test together if a Windows Entra Joined PC can access an on-premises resource in single sign-on, specifically a file server. Will it work? You’ll see in the video :) Video You can find the full video below, or you can continue reading the article. SSO on On-Premises Resources with a Windows Entra Joined PC Introduction IT specialists, hello everyone!

About 2 years ago (June 2021), I had fun experimenting with a new feature that was in preview: macOS Single Sign-On (SSO) for Azure AD on Microsoft 365 applications and services. ⚠️ Update as of June 1, 2023 The “Microsoft Azure AD” plug-in is finally in General Availability and is ready to use in production environments! You might be wondering, “What on earth is it for?” This feature allows you to authenticate yourself and your fantastic Mac more easily to Microsoft 365 services and applications without repeated credential prompts, making the user experience even smoother and seamless.

Today we see the first concrete result of building our hybrid lab inspired by a modern management of identities and devices: we will test together if a Windows Entra Joined PC can access an on-premises resource in single sign-on, specifically a file server. Will it work? You’ll see in the video :) Video You can find the full video below, or you can continue reading the article. SSO on On-Premises Resources with a Windows Entra Joined PC Introduction IT specialists, hello everyone!

Intune Organizational Messages are coming to Intune (GA as of 31/5)! Organizing a communication campaign towards users for urgent updates or the release of new configurations that impact the user experience will now be easier. Here are the key licensing and requirements details. 📌 Licenses Microsoft 365 E3 Microsoft 365 E5 Windows 10/11 Enterprise E3 with Microsoft Intune Plan 1 Windows 10/11 Enterprise E5 with Microsoft Intune Plan 1 📌 Operating Systems

I have tried the new Windows LAPS (Local Administrator Password Solution) with direct support for Entra ID. If you have Windows 11 machines (which natively support it), it is really simple and fast to implement. Here are some useful information: 📌 No licensing requirement, available from Entra ID Free and above 📌 Supported operating systems: Windows 11 22H2 - April 11, 2023 Update Windows 11 21H2 - April 11, 2023 Update Windows 10 20H2, 21H2, and 22H2 - April 11, 2023 Update Windows Server 2022 - April 11, 2023 Update Windows Server 2019 - April 11, 2023 Update In the video, besides configuring the Intune profile to re-enable the built-in local Administrator, I also tested a slightly more specific scenario by renaming the Administrator.

It was a memorable BeConnected Day + CollabDays: so many people, a new and incredible location, everything vibrated with amazing energy that involved everyone, including the audience and speakers. Beautiful. We needed it. Thanks to my partner in crime on stage, Davide Salsi: yesterday, after the speech, someone literally told me “you guys make a great couple on stage.” 😅🤣 Thanks to Lodestar S.p.A., present in full force at the event, for choosing me to represent them along with Fabio Luinetti and Riccardo Fona.

The video of the session Artificial Intelligence in the Service of Cybersecurity: From 0 to Microsoft Security Copilot that I held (together with Michele Sensalari) at Be Connected Day 11 on June 15, 2023, in Bologna, is now available online. For convenience, I have embedded the video to start directly at the beginning of our presentation, but from the same link, you can actually watch the live stream of the entire day.

What a beautiful day I had yesterday! So many inspiring contents, lots of friends to greet, many new people to meet, and plenty of ideas to develop for the community. As always, it was a fantastic #BeConnectedDay. Thanks to BeConnected and Microsys for giving me the opportunity to participate, to Michele Sensalari, with whom I had the honor of sharing the stage, to all my colleagues in the SEC track, and lastly, to all the people from the communities I met—it’s fantastic to see each other in person!

Here we go! Tomorrow is #BeConnectedDay with Michele Sensalari and many other friends. Don’t miss our session at 15:25 in Main Room Sirio P27 for those attending in person or via streaming for those following from home! 📌 There is still time to register for the streaming! 📌 Want to learn more about our session? 📌 Complete event agenda See you tomorrow! Riccardo

It was a memorable BeConnected Day + CollabDays: so many people, a new and incredible location, everything vibrated with amazing energy that involved everyone, including the audience and speakers. Beautiful. We needed it. Thanks to my partner in crime on stage, Davide Salsi: yesterday, after the speech, someone literally told me “you guys make a great couple on stage.” 😅🤣 Thanks to Lodestar S.p.A., present in full force at the event, for choosing me to represent them along with Fabio Luinetti and Riccardo Fona.

🚨 If, like me, you’ve had intense weeks and missed the latest episode of Defender for Podcast, don’t worry, here’s all the info you need. Spoiler: we talk about passwordless and, above all, Passkey! In particular: Multi-factor authentication is not perfect, what are the risks and issues? Microsoft Authenticator FIDO 2 keys Certificate-based authentication Passkey Lots to discuss, plenty of useful information, and a pinch of fun (don’t miss the “Goat dance”).

🚨 If, like me, you’ve had intense weeks and missed the latest episode of Defender for Podcast, don’t worry, here’s all the info you need. Spoiler: we talk about passwordless and, above all, Passkey! In particular: Multi-factor authentication is not perfect, what are the risks and issues? Microsoft Authenticator FIDO 2 keys Certificate-based authentication Passkey Lots to discuss, plenty of useful information, and a pinch of fun (don’t miss the “Goat dance”).

A few days ago, the #POWERCON2023 was held, an online conference organized by the ICTPower.it community. As always, I was very happy to participate, and this year, I chose to present a session on Windows Hello for Business, discussing an aspect that I believe is underestimated and not well-known to most: Windows Hello for Business is a passwordless and multi-factor authentication! Do you want to know why and how it works?

📺 New video: Today I’ll tell you about Temporary Access Pass in Azure AD and how it can be useful in specific situations. ☑️ Onboarding a user to register a passwordless authentication method ☑️ Recovery of a lost or unusable passwordless access ☑️ Initialization of a Windows Autopilot device ☑️ Joining a device to Azure AD ☑️ Initial setup of Windows Hello for Business All the details in the video!

The Global Azure in Turin always leaves me with great feelings: shaking hands, putting faces to the community members, laughing at the curses hurled at stuck slide changers, 🤣 sharing knowledge. A wonderful day, the kind that should never be missing, from time to time. Thank you to everyone who attended our session. Thanks to my “partner in crime on the stage” 😃 Pietro Visentin who did an extraordinary job in creating the content.

The Global Azure in Turin always leaves me with great feelings: shaking hands, putting faces to the community members, laughing at the curses hurled at stuck slide changers, 🤣 sharing knowledge. A wonderful day, the kind that should never be missing, from time to time. Thank you to everyone who attended our session. Thanks to my “partner in crime on the stage” 😃 Pietro Visentin who did an extraordinary job in creating the content.

Hello IT specialists! We are finally at a turning point in creating our hybrid lab, which until now has been very little hybrid, since we created an AD forest and installed a Certification Authority, all on-prem components. Video Find the full video below, or you can continue reading the article. Installing and Configuring Microsoft Entra Connect Today, we prepare our environment for the installation, configuration, and activation of Entra Connect. Yes, we are finally hybridizing our environment, synchronizing identities with Entra ID.

If you missed the live stream, no worries! Starting today, all the videos from the AperiTeams Conference (Modern Workplace Day) 2024, organized by Inside Technologies, are available online. It was my first participation and I had a great time, as always during such days where training and networking come together. Here’s the complete video of my session, where I discussed how Microsoft Defender XDR represents a significant step forward towards a unified tool for managing the security of our infrastructure, whether it’s in the cloud, hybrid, or multi-cloud.

🚨 New episode of Copilot for Pod… oops… no… sorry, I meant Defender for Podcast! 🤣 With all these Copilots, I’m getting a bit carried away! Caught up in a frenzy of memes and various quotes (absolute gems not to be missed), Marco Moioli (henceforth known as Mar-Copilot) and I couldn’t miss the opportunity to talk about the current star: Copilot for Security! We’ll explore what it is, how it integrates with various Microsoft products, and, most importantly, share our impressions on the significant value this product brings.

🚨 New episode of Copilot for Pod… oops… no… sorry, I meant Defender for Podcast! 🤣 With all these Copilots, I’m getting a bit carried away! Caught up in a frenzy of memes and various quotes (absolute gems not to be missed), Marco Moioli (henceforth known as Mar-Copilot) and I couldn’t miss the opportunity to talk about the current star: Copilot for Security! We’ll explore what it is, how it integrates with various Microsoft products, and, most importantly, share our impressions on the significant value this product brings.

Spring event season is in full swing! I’ll be among the speakers at the Global Azure event in Turin, alongside Pietro Visentin. We’ll be discussing Conditional Access: the latest updates, best practices, and why it’s becoming an increasingly vital tool in Zero Trust Security strategies. 🗓️ Saturday, April 20 📍 Turin - Fondazione ITS ICT - Via Jacopo Durandi, 13 🎟️ Info and registration I have a special connection to the Global Azure event in Turin, and I can’t wait to be there!

Spring means Global Azure, and I am delighted to announce that I will be a speaker at Global Azure 2023 in Turin, taking place on Saturday, May 13, 2023! However, I won’t be alone on stage: joining me will be Pietro Visentin, Head of Security at Moresi! By the way, I recommend checking out his blog Azvise, which is full of useful and interesting content. For all the details about the agenda, it will take a few more days, so staytuned and don’t miss the event updates that you can find here:

Spring event season is in full swing! I’ll be among the speakers at the Global Azure event in Turin, alongside Pietro Visentin. We’ll be discussing Conditional Access: the latest updates, best practices, and why it’s becoming an increasingly vital tool in Zero Trust Security strategies. 🗓️ Saturday, April 20 📍 Turin - Fondazione ITS ICT - Via Jacopo Durandi, 13 🎟️ Info and registration I have a special connection to the Global Azure event in Turin, and I can’t wait to be there!

Every forest and Active Directory domain should have LDAPS implemented, but in very few cases is it actually implemented. The topic can be intimidating because it involves certificates, but once you understand some basic concepts, it’s easier to tame than it seems. Let’s see how to implement it! Video You can find the entire video below, or you can continue reading the article. Article With all this talk about the cloud, I realized that I have neglected our beloved Active Directory!

Morning at Microsoft Ignite Italy 2024, before heading to the watch party organized by Microsys!

Folks, I’m excited: I can finally announce that I will also be participating in the AperiTeams event on April 3rd, in the beautiful setting of the Microsoft House in Milan! When Silvio Di Benedetto invited me, I accepted with great joy! Here are all the details to participate. 👇🏻 📆 Wednesday, April 3 ⌚ 4:00 PM 🎟️ Registration: https://www.aperiteams.it In the session, I will talk about how Microsoft Defender XDR is a huge step towards a single control panel to oversee all aspects of security in our environment.

IT Specialists, hello everyone! Today a very fast but fundamental video: we add the second piece of the lab, putting a Certification Authority on track. Video Find the entire video below, or you can continue reading the article. Why is a Certification Authority useful in the lab? Here’s why a Certification Authority can be useful in the lab: Because a CA is always useful, regardless. 😊 Because I want to implement LDAPS on Active Directory right away (and the next video will talk about this).

IT Specialists, hello everyone! Today a very fast but fundamental video: we add the second piece of the lab, putting a Certification Authority on track. Video Find the entire video below, or you can continue reading the article. Why is a Certification Authority useful in the lab? Here’s why a Certification Authority can be useful in the lab: Because a CA is always useful, regardless. 😊 Because I want to implement LDAPS on Active Directory right away (and the next video will talk about this).

We’re getting used to it! Here we are with the second episode of Defender for Podcast, where we talk about training! We’ll try to organize the multitude of resources available for training in Microsoft Security: Official resources such as the Learn platform SC certifications that allow validating your skills but also the brand new Applied Skills Blogs, YouTube channels, and other useful resources 🚨 If you enjoy this content and want to make sure you don’t miss any updates, we invite you to join our community!

⚠️ 🇮🇹 To my Italian speaking followers! In this first episode of Defender for Podcast, we try to focus on what the term “Microsoft Security” means: what it encompasses, which areas it involves? We will explore all of this from different perspectives: How to navigate in terms of licensing and which areas are covered by consumption and which by license. Within the licensed offering, at a high level, what is the ideal license/suite in relation to the type of company/reality: we will try to map this out.

Since 1994, Microsoft has been involved in device management: first with SMS, which later became SCCM, and then in 2011, with the advent of mobile devices, the Mobile Device Management service called Intune was created, which has grown… and grown… And today, it has become a suite! Let’s clarify the various pieces of technology we can find within this suite with Maura Perra, Technical Specialist in Cloud Endpoint for Microsoft!

Here we are with a new episode of “A Coffee with…”! Today’s protagonist is Elisa Pirrone, CSA Security for Microsoft Italy. Together with her, we will talk about disabling legacy protocols, creating conditional access policies, best practices, and why Windows Hello for Business is an MFA! Here are some additional links for further information: Common Conditional Access policy: Block legacy authentication Windows Hello for Business Overview How Windows Hello for Business works in Windows Devices Don’t forget to subscribe to our other channels as well:

“How can we leverage a public cloud while maintaining a proper security posture?” Today, we ask this question (while sipping a cup of coffee) to Francesco Molfese (MVP), who has a clear understanding of how to maintain the right level of security both in the cloud and on-premises. Here are some additional links for further reading: Francesco’s blog Defender for Cloud Don’t forget to follow us on our social channels as well:

We’re getting used to it! Here we are with the second episode of Defender for Podcast, where we talk about training! We’ll try to organize the multitude of resources available for training in Microsoft Security: Official resources such as the Learn platform SC certifications that allow validating your skills but also the brand new Applied Skills Blogs, YouTube channels, and other useful resources 🚨 If you enjoy this content and want to make sure you don’t miss any updates, we invite you to join our community!

⚠️ 🇮🇹 To my Italian speaking followers! In this first episode of Defender for Podcast, we try to focus on what the term “Microsoft Security” means: what it encompasses, which areas it involves? We will explore all of this from different perspectives: How to navigate in terms of licensing and which areas are covered by consumption and which by license. Within the licensed offering, at a high level, what is the ideal license/suite in relation to the type of company/reality: we will try to map this out.

⚠️ 🇮🇹 To my Italian speaking followers! WPC 2023 is also about coming together in person and quickly organizing new community activities! That’s exactly what happened with Carlo Sacchi, the host of Azure Italia Podcast, whom I finally had the chance to meet in person. After exchanging greetings, in less than 10 minutes, we had already organized a post-WPC 2023 chat, along with friends Pietro Visentin, Stefano Nieri, and Andrea Palumbo.

⚠️ Warning for English-speaking followers: this podcast is in Italian language ⚠️ Fun chat, lightning-fast editing: the episode of Azure Italy Podcast that I was a guest on is already available online! 🎙️ You can find it here: ➡️ Azure Italia Podcast - Puntata 11 - Da Azure AD a Entra ID con Riccardo Corna And on all the other major podcast platforms: Apple, Amazon, etc. 😉 Beyond this episode, I recommend subscribing to the podcast so you don’t miss any: it’s rare to find content like this in the Italian language, and Carlo Sacchi is doing an excellent job!

IT Specialists, hello everyone! Finally, we are truly getting our hands dirty in this lab: today, we create the on-premises Active Directory forest (and domain) needed for our hybrid environment. Video Find the entire video below, or you can continue reading the article. Before We Begin Just a couple of observations. First observation: as mentioned in the previous video, what I will show you in building the lab will be seen more from the perspective of identity (users and devices) and their security.

IT Specialists, hello everyone! Finally, we are truly getting our hands dirty in this lab: today, we create the on-premises Active Directory forest (and domain) needed for our hybrid environment. Video Find the entire video below, or you can continue reading the article. Before We Begin Just a couple of observations. First observation: as mentioned in the previous video, what I will show you in building the lab will be seen more from the perspective of identity (users and devices) and their security.

IT Specialists, hello everyone! It’s been a while since we last met on video, but despite that, during these months of absence, I’ve been scheming in the shadows, advancing other projects and initiatives, the results of which you will see on my channels and the Microsoft Security Italian Users Group community. 😉 But enough chit-chat, this is neither the video nor the right occasion to tell you the why, the how, etc.

IT Specialists, hello everyone! It’s been a while since we last met on video, but despite that, during these months of absence, I’ve been scheming in the shadows, advancing other projects and initiatives, the results of which you will see on my channels and the Microsoft Security Italian Users Group community. 😉 But enough chit-chat, this is neither the video nor the right occasion to tell you the why, the how, etc.

Waiting for “good news” at the beginning of 2024, let’s review the latest updates from Intune (release 2312), especially those that catch our attention from a security perspective: Edge Security baselines updated to v117 Support for new variables {{username}} {{devicename}} in non-compliance communication emails New visualization in the reporting of the Defender for Endpoint connector New settings in Antivirus policies (RandomizeScheduledTaskTimes and SchedulerRandomizationTime) New status metric for Microsoft Tunnel (TLS certificate revocation) Of course, these are just some of the updates.

📰 News: Starting this week, I will be experimenting with a new format called “The Lab Series” in addition to the usual videos. ❓ What is “The Lab Series”? It will be a video of no more than a couple of minutes, without me blabbering, just pure content, like a little pill. ❓ What will it be about and who is it aimed at? It will cover practical and straightforward topics that 95% of professionals consider trivial or obvious but may not be so for someone else.

Here’s the news we love on Mondays! 😍 Introducing the Microsoft Mac Admins Community, a new online community for IT professionals passionate about using Microsoft products on Apple Mac devices within enterprises! Here’s a direct quote: “This community is a place where Mac administrators working with Microsoft 365 or Intune management for Mac can connect with other users, share experiences and best practices, learn from experts and colleagues, get help with common issues, and draw inspiration from the latest innovations.

Intune Organizational Messages are coming to Intune (GA as of 31/5)! Organizing a communication campaign towards users for urgent updates or the release of new configurations that impact the user experience will now be easier. Here are the key licensing and requirements details. 📌 Licenses Microsoft 365 E3 Microsoft 365 E5 Windows 10/11 Enterprise E3 with Microsoft Intune Plan 1 Windows 10/11 Enterprise E5 with Microsoft Intune Plan 1 📌 Operating Systems

This news was from the end of January, but amidst the chaos of activities and news, I can finally share it now: native management of macOS updates in Intune! Prior to this functionality, managing updates for Macs enrolled in Intune was not very straightforward: scripts, third-party solutions, or user self-service management were required. With this new set of features, it will be possible to natively manage the following types of updates from the Intune interface:

Waiting for “good news” at the beginning of 2024, let’s review the latest updates from Intune (release 2312), especially those that catch our attention from a security perspective: Edge Security baselines updated to v117 Support for new variables {{username}} {{devicename}} in non-compliance communication emails New visualization in the reporting of the Defender for Endpoint connector New settings in Antivirus policies (RandomizeScheduledTaskTimes and SchedulerRandomizationTime) New status metric for Microsoft Tunnel (TLS certificate revocation) Of course, these are just some of the updates.

It’s true, I neglected “Resource Friday” for a while: why? The spirit of the column was to find for you a, precisely, free “resource” to download or use in the realm of our beloved Microsoft technologies. In recent years, however, the ways in which content is consumed have changed a lot, decisively shifting towards other platforms and formats (video, social media, etc). Moreover, the speed at which product updates and new features arrive, in some cases, quickly renders an eBook obsolete.

It’s true, I neglected “Resource Friday” for a while: why? The spirit of the column was to find for you a, precisely, free “resource” to download or use in the realm of our beloved Microsoft technologies. In recent years, however, the ways in which content is consumed have changed a lot, decisively shifting towards other platforms and formats (video, social media, etc). Moreover, the speed at which product updates and new features arrive, in some cases, quickly renders an eBook obsolete.

📢 Free-resource-friday! Azure Defenses for Ransomware Attacks. Today, I’ve gathered for you a highly informative (and free) eBook that discusses the tools available in Azure to counter a Ransomware attack. Almost mandatory reading in these times! 📌 Bonus tip: Don’t miss the plethora of links to documents and resources in the “Additional Resources” slide! 📖 Here’s where you can download it: ➡️ Azure Defenses for Ransomware Attacks Your IT Specialist, Riccardo

It’s true, I neglected “Resource Friday” for a while: why? The spirit of the column was to find for you a, precisely, free “resource” to download or use in the realm of our beloved Microsoft technologies. In recent years, however, the ways in which content is consumed have changed a lot, decisively shifting towards other platforms and formats (video, social media, etc). Moreover, the speed at which product updates and new features arrive, in some cases, quickly renders an eBook obsolete.

It’s true, I neglected “Resource Friday” for a while: why? The spirit of the column was to find for you a, precisely, free “resource” to download or use in the realm of our beloved Microsoft technologies. In recent years, however, the ways in which content is consumed have changed a lot, decisively shifting towards other platforms and formats (video, social media, etc). Moreover, the speed at which product updates and new features arrive, in some cases, quickly renders an eBook obsolete.

📢 Free-resource-friday! Azure Defenses for Ransomware Attacks. Today, I’ve gathered for you a highly informative (and free) eBook that discusses the tools available in Azure to counter a Ransomware attack. Almost mandatory reading in these times! 📌 Bonus tip: Don’t miss the plethora of links to documents and resources in the “Additional Resources” slide! 📖 Here’s where you can download it: ➡️ Azure Defenses for Ransomware Attacks Your IT Specialist, Riccardo

⚠️ 🇮🇹 To my Italian speaking followers! WPC 2023 is also about coming together in person and quickly organizing new community activities! That’s exactly what happened with Carlo Sacchi, the host of Azure Italia Podcast, whom I finally had the chance to meet in person. After exchanging greetings, in less than 10 minutes, we had already organized a post-WPC 2023 chat, along with friends Pietro Visentin, Stefano Nieri, and Andrea Palumbo.

⚠️ 🇮🇹 To my Italian speaking followers! WPC 2023 is also about coming together in person and quickly organizing new community activities! That’s exactly what happened with Carlo Sacchi, the host of Azure Italia Podcast, whom I finally had the chance to meet in person. After exchanging greetings, in less than 10 minutes, we had already organized a post-WPC 2023 chat, along with friends Pietro Visentin, Stefano Nieri, and Andrea Palumbo.

As always, WPC is a mix of emotions, meetings, and learning: experiencing all of this is always incredible. I can’t wait for WPC 2024! 😃 Without too many words, here are some snapshots from this super intense 3-day event. View this post on Instagram A post shared by Riccardo Corna (@itspecialistcloud) Your IT Specialist, Riccardo

⚠️ 🇮🇹 To my Italian speaking followers! Just finished one event, and here I am jumping into another, one that I hold dear to my heart: thrilled to announce that I will be among the speakers at #POWERCON2023 organized by the folks at ICT Power! 📌 When? 🗓️ 6 december 2023 from 9.00 AM till 5.30 PM 🙋🏻‍♂️ My session will be at 11:00 AM 📌 Where? 💻 Online, all the details here 👇🏻

⚠️ 🇮🇹 To my Italian speaking followers! Just finished one event, and here I am jumping into another, one that I hold dear to my heart: thrilled to announce that I will be among the speakers at #POWERCON2023 organized by the folks at ICT Power! 📌 When? 🗓️ 6 december 2023 from 9.00 AM till 5.30 PM 🙋🏻‍♂️ My session will be at 11:00 AM 📌 Where? 💻 Online, all the details here 👇🏻

⚠️ Warning for English-speaking followers: this podcast is in Italian language ⚠️ Fun chat, lightning-fast editing: the episode of Azure Italy Podcast that I was a guest on is already available online! 🎙️ You can find it here: ➡️ Azure Italia Podcast - Puntata 11 - Da Azure AD a Entra ID con Riccardo Corna And on all the other major podcast platforms: Apple, Amazon, etc. 😉 Beyond this episode, I recommend subscribing to the podcast so you don’t miss any: it’s rare to find content like this in the Italian language, and Carlo Sacchi is doing an excellent job!

⚠️ Warning for English-speaking followers: this podcast is in Italian language ⚠️ Fun chat, lightning-fast editing: the episode of Azure Italy Podcast that I was a guest on is already available online! 🎙️ You can find it here: ➡️ Azure Italia Podcast - Puntata 11 - Da Azure AD a Entra ID con Riccardo Corna And on all the other major podcast platforms: Apple, Amazon, etc. 😉 Beyond this episode, I recommend subscribing to the podcast so you don’t miss any: it’s rare to find content like this in the Italian language, and Carlo Sacchi is doing an excellent job!

Today, I take a moment for a little reflection. Just a couple of months ago, I had started reading this book by Vittorio Bertocci because I felt the need to review some important concepts in the field of authentication protocols. After reading some passages from the book, I found myself exclaiming in my head several times, “Okay… now I get it! Couldn’t they explain it like this in the official documentation?

Today, I take a moment for a little reflection. Just a couple of months ago, I had started reading this book by Vittorio Bertocci because I felt the need to review some important concepts in the field of authentication protocols. After reading some passages from the book, I found myself exclaiming in my head several times, “Okay… now I get it! Couldn’t they explain it like this in the official documentation?

📢 Free-resource-friday! Azure Defenses for Ransomware Attacks. Today, I’ve gathered for you a highly informative (and free) eBook that discusses the tools available in Azure to counter a Ransomware attack. Almost mandatory reading in these times! 📌 Bonus tip: Don’t miss the plethora of links to documents and resources in the “Additional Resources” slide! 📖 Here’s where you can download it: ➡️ Azure Defenses for Ransomware Attacks Your IT Specialist, Riccardo

Shrinking the disk size of a VM in Azure to save on storage costs? With a little bit of tinkering and some PowerShell magic, it can be done. Today, I’m stepping a bit outside the usual topics I cover. 😉 A few days ago, I was looking at the consumption of my lab subscription and noticed that the disk costs were eating up a good chunk of my (limited) monthly budget.

In a Zero Trust Security approach, where identity is a fundamental element, the security of authentications can be measured to some extent based on the so-called “signals.” Analyzing these signals provides a level of “risk” for a particular user when authenticating to Microsoft 365 services. Today, I’ll tell you about Mirosoft Entra Identity Protection and what the concept of “risk” means. As always, before diving headfirst into this “risky” journey (pun intended 🤣), we need to introduce another concept: you need to understand what signals are.

Fresh news in the Microsoft Entra ID realm: templates and a brand new overview are now publicly available. Let’s start with the templates. Template Conditional Access policies are a powerful tool that offers a high degree of customization and granularity. That’s why it can sometimes be less intuitive to know where to begin when it comes to implementing a particular policy for a specific situation. The availability of templates helps in this regard by providing ready-to-use tools for specific situations, making it easier to implement a conditional access criterion.

In a Zero Trust Security approach, where identity is a fundamental element, the security of authentications can be measured to some extent based on the so-called “signals.” Analyzing these signals provides a level of “risk” for a particular user when authenticating to Microsoft 365 services. Today, I’ll tell you about Mirosoft Entra Identity Protection and what the concept of “risk” means. As always, before diving headfirst into this “risky” journey (pun intended 🤣), we need to introduce another concept: you need to understand what signals are.

📢 Free-resource-friday! Azure Defenses for Ransomware Attacks. Today, I’ve gathered for you a highly informative (and free) eBook that discusses the tools available in Azure to counter a Ransomware attack. Almost mandatory reading in these times! 📌 Bonus tip: Don’t miss the plethora of links to documents and resources in the “Additional Resources” slide! 📖 Here’s where you can download it: ➡️ Azure Defenses for Ransomware Attacks Your IT Specialist, Riccardo

Fresh news in the Microsoft Entra ID realm: templates and a brand new overview are now publicly available. Let’s start with the templates. Template Conditional Access policies are a powerful tool that offers a high degree of customization and granularity. That’s why it can sometimes be less intuitive to know where to begin when it comes to implementing a particular policy for a specific situation. The availability of templates helps in this regard by providing ready-to-use tools for specific situations, making it easier to implement a conditional access criterion.

I haven’t sat in front of a computer for almost a month. Usually, when I sit at my home workstation, it feels like an extension of my body, given the amount of time I spend there daily for most of the year. However, this morning, after nearly a month, I sat down to export the photos from my trip. I wasn’t accustomed to it anymore; being at the computer felt almost unnatural and uncomfortable.

Revamp of the workstation: before and after! I haven’t finished completely yet, but I’m already thrilled. View this post on Instagram A post shared by Riccardo Corna (@itspecialistcloud) From the photo, they seem very similar, but I assure you it was a lot of work spread over two weekends of wiring and cable ties, in the cable tray under the desk. Finally, the ring light is in front along with the camera, and using the same support, I can also hold the microphone, all clamped to the desk without heavy and bulky stands.

I haven’t sat in front of a computer for almost a month. Usually, when I sit at my home workstation, it feels like an extension of my body, given the amount of time I spend there daily for most of the year. However, this morning, after nearly a month, I sat down to export the photos from my trip. I wasn’t accustomed to it anymore; being at the computer felt almost unnatural and uncomfortable.

Revamp of the workstation: before and after! I haven’t finished completely yet, but I’m already thrilled. View this post on Instagram A post shared by Riccardo Corna (@itspecialistcloud) From the photo, they seem very similar, but I assure you it was a lot of work spread over two weekends of wiring and cable ties, in the cable tray under the desk. Finally, the ring light is in front along with the camera, and using the same support, I can also hold the microphone, all clamped to the desk without heavy and bulky stands.

A few days ago, the #POWERCON2023 was held, an online conference organized by the ICTPower.it community. As always, I was very happy to participate, and this year, I chose to present a session on Windows Hello for Business, discussing an aspect that I believe is underestimated and not well-known to most: Windows Hello for Business is a passwordless and multi-factor authentication! Do you want to know why and how it works?

🗓️ #SaveTheDate July 14, 2023: one last exciting event before going on vacation, the #POWERCON2023! A whole day with many sessions together with industry experts, talking about security, Microsoft Entra, Intune, Virtual Desktop and Windows 365, Defender for Endpoint, and much more. In short, I would probably run out of characters in a LinkedIn post if I wanted to list everything. 🗓️ When? 14 Luglio 2023 🌍 Where? Online, all the information to register can be found at these links:

Why Windows Hello for Business is the Multi-Factor Authentication for Windows login and how to configure it via Intune in Azure AD Kerberos Cloud Trust mode, through the Settings Catalog. Below is the documentation I refer to in the video: 📄 Windows Hello for Business Overview 📄 How Windows Hello for Business works in Windows Devices 📄 Windows Hello for Business and Authentication 📄 Cloud Kerberos trust deployment 📄 Enable passwordless security key sign-in to on-premises resources by using Azure AD Have you implemented Windows Hello for Business?

🗓️ #SaveTheDate July 14, 2023: one last exciting event before going on vacation, the #POWERCON2023! A whole day with many sessions together with industry experts, talking about security, Microsoft Entra, Intune, Virtual Desktop and Windows 365, Defender for Endpoint, and much more. In short, I would probably run out of characters in a LinkedIn post if I wanted to list everything. 🗓️ When? 14 Luglio 2023 🌍 Where? Online, all the information to register can be found at these links:

As anticipated a few days ago, today we begin a series of short video clips, lasting no more than a couple of minutes, where I demonstrate activities and procedures that most people take for granted but, for various reasons, may not be so straightforward. Welcome to “The Lab Series”! Today, we have a quick-and-dirty procedure for installing the Azure AD Application Proxy connector. Useful documentation for further reference: 📄 Tutorial: Add an on-premises application for remote access through Application Proxy in Azure Active Directory

As anticipated a few days ago, today we begin a series of short video clips, lasting no more than a couple of minutes, where I demonstrate activities and procedures that most people take for granted but, for various reasons, may not be so straightforward. Welcome to “The Lab Series”! Today, we have a quick-and-dirty procedure for installing the Azure AD Application Proxy connector. Useful documentation for further reference: 📄 Tutorial: Add an on-premises application for remote access through Application Proxy in Azure Active Directory

📰 News: Starting this week, I will be experimenting with a new format called “The Lab Series” in addition to the usual videos. ❓ What is “The Lab Series”? It will be a video of no more than a couple of minutes, without me blabbering, just pure content, like a little pill. ❓ What will it be about and who is it aimed at? It will cover practical and straightforward topics that 95% of professionals consider trivial or obvious but may not be so for someone else.

🎥💊 Video Pill News: FIDO2 key support on Safari iOS! The key used in this video is a FEITIAN, iePass K44 model, with dual interfaces: USB-C and Lightning. I hope that FIDO2 key support arrives soon for Microsoft apps on iOS! Riccardo

Here’s the news we love on Mondays! 😍 Introducing the Microsoft Mac Admins Community, a new online community for IT professionals passionate about using Microsoft products on Apple Mac devices within enterprises! Here’s a direct quote: “This community is a place where Mac administrators working with Microsoft 365 or Intune management for Mac can connect with other users, share experiences and best practices, learn from experts and colleagues, get help with common issues, and draw inspiration from the latest innovations.

🎥💊 Video Pill News: FIDO2 key support on Safari iOS! The key used in this video is a FEITIAN, iePass K44 model, with dual interfaces: USB-C and Lightning. I hope that FIDO2 key support arrives soon for Microsoft apps on iOS! Riccardo

🎥💊 Video Pill News: FIDO2 key support on Safari iOS! The key used in this video is a FEITIAN, iePass K44 model, with dual interfaces: USB-C and Lightning. I hope that FIDO2 key support arrives soon for Microsoft apps on iOS! Riccardo

🎥💊 Video Pill News: FIDO2 key support on Safari iOS! The key used in this video is a FEITIAN, iePass K44 model, with dual interfaces: USB-C and Lightning. I hope that FIDO2 key support arrives soon for Microsoft apps on iOS! Riccardo

On March 22, 2023, the Microsys event “Tech Bits: Modern Endpoint Management” took place, and now the video of the event is available! Together with the legendary Paolo Bodini, we presented the 10 key elements to consider for modern management of corporate and personal devices. Enjoy watching! Riccardo

How many times have you been asked to record a meeting because “you never know” or because “I want to review it later”? 🙋🏻‍♂️ Well, 99% of the recordings in Microsoft Teams are never viewed within 60 days after the meeting. It’s a waste of space and, potentially, a security issue if the recording contains sensitive information that is consciously or inadvertently shared. Finally, the ability to set an expiration date for recorded videos has been introduced!

🎥💊 Video Pill News: FIDO2 key support on Safari iOS! The key used in this video is a FEITIAN, iePass K44 model, with dual interfaces: USB-C and Lightning. I hope that FIDO2 key support arrives soon for Microsoft apps on iOS! Riccardo

About 2 years ago (June 2021), I had fun experimenting with a new feature that was in preview: macOS Single Sign-On (SSO) for Azure AD on Microsoft 365 applications and services. ⚠️ Update as of June 1, 2023 The “Microsoft Azure AD” plug-in is finally in General Availability and is ready to use in production environments! You might be wondering, “What on earth is it for?” This feature allows you to authenticate yourself and your fantastic Mac more easily to Microsoft 365 services and applications without repeated credential prompts, making the user experience even smoother and seamless.

Friday resource! If you’re tinkering with Local Groups Membership policies in Intune and (like me) have cursed a bit while converting group/role ObjectIDs to SIDs and vice versa, here’s a website that does it online instantly and conveniently. 🔹 ObjectId ➡️ SID 🔹 SID ➡️ ObjectId I’d love to tag the author of this wonderful utility (Erik Engberg) here, but from what I’ve seen, they’re not on LinkedIn. If I’m mistaken and someone knows their exact profile, please let me know so I can give them proper thanks.

Today’s episode is a true injection of caffeine and valuable resources: Valeria Sava talks to us about ADFS and how to retire it by migrating applications to Azure AD. Are you interested? Yes? Then after watching the video, don’t miss this workshop in Italian dedicated to this very topic! Valeria and I extensively discussed it while enjoying our coffee. Here are all the details! 🗓️ March 28, 2023 ➡️ Microsoft Workshops: How to successfully migrate away from AD FS to Azure AD

It took me a while to make this video, but finally, here I am: Azure Virtual Desktop Single Sign-On to Azure AD. One of the main “criticisms” always directed at AVD is the double authentication, which many consider a hassle. With Single Sign-On, the process becomes smoother, and the required authentications decrease. Could I have just shown you the simple SSO? Clearly NO, so I even included a FIDO2 security key in it!

On March 8, 2023, a joint event was held between the Microsoft Intune Italian Users Group and the Microsoft Security Italian Users Group: the video of the sessions is now available. Together with the legendary Michele Sensalari, we talked about certificate-based authentication on Azure AD. Marco Moioli and Davide Salsi, on the other hand, delved into how to use the MAM (Mobile Application Management) features of Intune to provide security in BYOD scenarios, and Davide also demonstrated the new Microsoft Tunnel for Mobile.

📺 New video: Today I’ll tell you about Temporary Access Pass in Azure AD and how it can be useful in specific situations. ☑️ Onboarding a user to register a passwordless authentication method ☑️ Recovery of a lost or unusable passwordless access ☑️ Initialization of a Windows Autopilot device ☑️ Joining a device to Azure AD ☑️ Initial setup of Windows Hello for Business All the details in the video!

Since 1994, Microsoft has been involved in device management: first with SMS, which later became SCCM, and then in 2011, with the advent of mobile devices, the Mobile Device Management service called Intune was created, which has grown… and grown… And today, it has become a suite! Let’s clarify the various pieces of technology we can find within this suite with Maura Perra, Technical Specialist in Cloud Endpoint for Microsoft!

Here we are with a new episode of “A Coffee with…”! Today’s protagonist is Elisa Pirrone, CSA Security for Microsoft Italy. Together with her, we will talk about disabling legacy protocols, creating conditional access policies, best practices, and why Windows Hello for Business is an MFA! Here are some additional links for further information: Common Conditional Access policy: Block legacy authentication Windows Hello for Business Overview How Windows Hello for Business works in Windows Devices Don’t forget to subscribe to our other channels as well:

Today’s episode is a true injection of caffeine and valuable resources: Valeria Sava talks to us about ADFS and how to retire it by migrating applications to Azure AD. Are you interested? Yes? Then after watching the video, don’t miss this workshop in Italian dedicated to this very topic! Valeria and I extensively discussed it while enjoying our coffee. Here are all the details! 🗓️ March 28, 2023 ➡️ Microsoft Workshops: How to successfully migrate away from AD FS to Azure AD

“How can we leverage a public cloud while maintaining a proper security posture?” Today, we ask this question (while sipping a cup of coffee) to Francesco Molfese (MVP), who has a clear understanding of how to maintain the right level of security both in the cloud and on-premises. Here are some additional links for further reading: Francesco’s blog Defender for Cloud Don’t forget to follow us on our social channels as well:

Intune Organizational Messages are coming to Intune (GA as of 31/5)! Organizing a communication campaign towards users for urgent updates or the release of new configurations that impact the user experience will now be easier. Here are the key licensing and requirements details. 📌 Licenses Microsoft 365 E3 Microsoft 365 E5 Windows 10/11 Enterprise E3 with Microsoft Intune Plan 1 Windows 10/11 Enterprise E5 with Microsoft Intune Plan 1 📌 Operating Systems

IT specialists, hello everyone! In this video, we will see the tools that Azure AD and Intune provide us with to manage local group membership. Video You can find the entire video below, or you can continue reading the article. Article After playing with the new Windows LAPS in my previous video, I was reviewing the list of local administrators on my lab machine, and since the machine is registered in Azure AD Join, the Azure AD user who joined it has become an administrator.

IT specialists, hello everyone! In this video, we will see the tools that Azure AD and Intune provide us with to manage local group membership. Video You can find the entire video below, or you can continue reading the article. Article After playing with the new Windows LAPS in my previous video, I was reviewing the list of local administrators on my lab machine, and since the machine is registered in Azure AD Join, the Azure AD user who joined it has become an administrator.

If you’re interested, I’m starting from scratch on Twitter with a brand new profile. There, I’ll be primarily writing in English. Why? Several reasons: To get used to using English more frequently: I read a lot of content in this language every day, but I go through (too) long periods without writing or speaking it. Because in the Microsoft sphere on Twitter, there are truly unmissable profiles and content, and the MVP community there is very active.

If you’re interested, I’m starting from scratch on Twitter with a brand new profile. There, I’ll be primarily writing in English. Why? Several reasons: To get used to using English more frequently: I read a lot of content in this language every day, but I go through (too) long periods without writing or speaking it. Because in the Microsoft sphere on Twitter, there are truly unmissable profiles and content, and the MVP community there is very active.

I have tried the new Windows LAPS (Local Administrator Password Solution) with direct support for Entra ID. If you have Windows 11 machines (which natively support it), it is really simple and fast to implement. Here are some useful information: 📌 No licensing requirement, available from Entra ID Free and above 📌 Supported operating systems: Windows 11 22H2 - April 11, 2023 Update Windows 11 21H2 - April 11, 2023 Update Windows 10 20H2, 21H2, and 22H2 - April 11, 2023 Update Windows Server 2022 - April 11, 2023 Update Windows Server 2019 - April 11, 2023 Update In the video, besides configuring the Intune profile to re-enable the built-in local Administrator, I also tested a slightly more specific scenario by renaming the Administrator.

I have tried the new Windows LAPS (Local Administrator Password Solution) with direct support for Entra ID. If you have Windows 11 machines (which natively support it), it is really simple and fast to implement. Here are some useful information: 📌 No licensing requirement, available from Entra ID Free and above 📌 Supported operating systems: Windows 11 22H2 - April 11, 2023 Update Windows 11 21H2 - April 11, 2023 Update Windows 10 20H2, 21H2, and 22H2 - April 11, 2023 Update Windows Server 2022 - April 11, 2023 Update Windows Server 2019 - April 11, 2023 Update In the video, besides configuring the Intune profile to re-enable the built-in local Administrator, I also tested a slightly more specific scenario by renaming the Administrator.

On March 22, 2023, the Microsys event “Tech Bits: Modern Endpoint Management” took place, and now the video of the event is available! Together with the legendary Paolo Bodini, we presented the 10 key elements to consider for modern management of corporate and personal devices. Enjoy watching! Riccardo

Spring means Global Azure, and I am delighted to announce that I will be a speaker at Global Azure 2023 in Turin, taking place on Saturday, May 13, 2023! However, I won’t be alone on stage: joining me will be Pietro Visentin, Head of Security at Moresi! By the way, I recommend checking out his blog Azvise, which is full of useful and interesting content. For all the details about the agenda, it will take a few more days, so staytuned and don’t miss the event updates that you can find here:

Spring means Global Azure, and I am delighted to announce that I will be a speaker at Global Azure 2023 in Turin, taking place on Saturday, May 13, 2023! However, I won’t be alone on stage: joining me will be Pietro Visentin, Head of Security at Moresi! By the way, I recommend checking out his blog Azvise, which is full of useful and interesting content. For all the details about the agenda, it will take a few more days, so staytuned and don’t miss the event updates that you can find here:

I have plans to introduce a different type of video, in addition to the usual tutorials, in the future. Yesterday, I tested the “vlog setup” for the first time. First impressions: excellent image quality (I had no doubts with this Sony camera), the grip is great and doubles as a remote control, and the Falcam quick release is very convenient. Things to assess: audio quality, as I’m using the built-in microphone, and stabilization.

A few days ago, I came across a very interesting article from the Intune Customer Success Team. The article discusses how to configure BitLocker through the Intune Settings Catalog. This piqued my curiosity because, considering the Settings Catalog, there are now three different ways to deploy BitLocker from Intune. I wanted to understand the advantages of using the Settings Catalog compared to the already available methods. Here’s my experience! ⚠️ As mentioned in the video: the settings you see were done for purely educational and illustrative purposes.

Today’s episode is a true injection of caffeine and valuable resources: Valeria Sava talks to us about ADFS and how to retire it by migrating applications to Azure AD. Are you interested? Yes? Then after watching the video, don’t miss this workshop in Italian dedicated to this very topic! Valeria and I extensively discussed it while enjoying our coffee. Here are all the details! 🗓️ March 28, 2023 ➡️ Microsoft Workshops: How to successfully migrate away from AD FS to Azure AD

It took me a while to make this video, but finally, here I am: Azure Virtual Desktop Single Sign-On to Azure AD. One of the main “criticisms” always directed at AVD is the double authentication, which many consider a hassle. With Single Sign-On, the process becomes smoother, and the required authentications decrease. Could I have just shown you the simple SSO? Clearly NO, so I even included a FIDO2 security key in it!

Shrinking the disk size of a VM in Azure to save on storage costs? With a little bit of tinkering and some PowerShell magic, it can be done. Today, I’m stepping a bit outside the usual topics I cover. 😉 A few days ago, I was looking at the consumption of my lab subscription and noticed that the disk costs were eating up a good chunk of my (limited) monthly budget.

Shrinking the disk size of a VM in Azure to save on storage costs? With a little bit of tinkering and some PowerShell magic, it can be done. Today, I’m stepping a bit outside the usual topics I cover. 😉 A few days ago, I was looking at the consumption of my lab subscription and noticed that the disk costs were eating up a good chunk of my (limited) monthly budget.

How many times have you been asked to record a meeting because “you never know” or because “I want to review it later”? 🙋🏻‍♂️ Well, 99% of the recordings in Microsoft Teams are never viewed within 60 days after the meeting. It’s a waste of space and, potentially, a security issue if the recording contains sensitive information that is consciously or inadvertently shared. Finally, the ability to set an expiration date for recorded videos has been introduced!