Video

Despite the effects of the cocktail consumed on an empty stomach becoming increasingly apparent as the episode progressed, 🥴 I managed to stay on track and explain why Platform Single Sign-On on macOS with Microsoft Entra and Microsoft Intune is such a big deal. 😀 Don’t miss this episode of AperiTeams! Thanks to Irene and Silvio for the super fun chat and the cocktail (by the way, DELICIOUS). Your IT Specialist,

Last October 9, 2024, the AperiTeams Conference Security Day 2024 took place at the Microsoft House in Milan and was streamed live. If you missed the live stream, no worries! All the event videos organized by Inside Technologies are now available online. As always, it was a great day! I had so much fun with my “partner on the stage” Simone Frigerio, and I hope it will be the first of many sessions together.

After a brief behind-the-scenes look a few days ago, here we are: Defender for Podcast, new season! This year, some new features: new locations and guests! And, speaking of guests, we couldn’t have started better: with us Carlo Mauceli for this first episode! What did we talk about? 🎯 Geopolitics and the use of cyberattacks in war scenarios 🎯 Evolution of attack tactics through Artificial Intelligence 🎯 The black market where anyone can become a hacker

The video of the session that my friend Davide Salsi and I held at Be Connected Day 12 on May 30, 2024, is finally online. In recent years, Microsoft Intune has been the main path towards a “Modern” device management. With the advent of AI and the release of new features, a new era in the device management paradigm is opening.​ In this session, we will see in detail how these latest solutions can contribute to a cloud-native management of endpoints:​

After reaching the first milestone of our lab, it’s time to do a little recap. Below is the complete list of the first videos in the “The Lab” series, from creating the Active Directory forest to the first Windows Entra Joined client and its behavior in an on-premises environment. 📺 The LAB - Episode 0 - Introduction to the Lab 📺 The LAB - Episode 1 - Creating an Active Directory Forest and Setting Up a Domain Controller

Today we see the first concrete result of building our hybrid lab inspired by a modern management of identities and devices: we will test together if a Windows Entra Joined PC can access an on-premises resource in single sign-on, specifically a file server. Will it work? You’ll see in the video :) Video You can find the full video below, or you can continue reading the article. SSO on On-Premises Resources with a Windows Entra Joined PC Introduction IT specialists, hello everyone!

🚨 If, like me, you’ve had intense weeks and missed the latest episode of Defender for Podcast, don’t worry, here’s all the info you need. Spoiler: we talk about passwordless and, above all, Passkey! In particular: Multi-factor authentication is not perfect, what are the risks and issues? Microsoft Authenticator FIDO 2 keys Certificate-based authentication Passkey Lots to discuss, plenty of useful information, and a pinch of fun (don’t miss the “Goat dance”).

Hello IT specialists! We are finally at a turning point in creating our hybrid lab, which until now has been very little hybrid, since we created an AD forest and installed a Certification Authority, all on-prem components. Video Find the full video below, or you can continue reading the article. Installing and Configuring Microsoft Entra Connect Today, we prepare our environment for the installation, configuration, and activation of Entra Connect. Yes, we are finally hybridizing our environment, synchronizing identities with Entra ID.

If you missed the live stream, no worries! Starting today, all the videos from the AperiTeams Conference (Modern Workplace Day) 2024, organized by Inside Technologies, are available online. It was my first participation and I had a great time, as always during such days where training and networking come together. Here’s the complete video of my session, where I discussed how Microsoft Defender XDR represents a significant step forward towards a unified tool for managing the security of our infrastructure, whether it’s in the cloud, hybrid, or multi-cloud.

🚨 New episode of Copilot for Pod… oops… no… sorry, I meant Defender for Podcast! 🤣 With all these Copilots, I’m getting a bit carried away! Caught up in a frenzy of memes and various quotes (absolute gems not to be missed), Marco Moioli (henceforth known as Mar-Copilot) and I couldn’t miss the opportunity to talk about the current star: Copilot for Security! We’ll explore what it is, how it integrates with various Microsoft products, and, most importantly, share our impressions on the significant value this product brings.

Every forest and Active Directory domain should have LDAPS implemented, but in very few cases is it actually implemented. The topic can be intimidating because it involves certificates, but once you understand some basic concepts, it’s easier to tame than it seems. Let’s see how to implement it! Video You can find the entire video below, or you can continue reading the article. Article With all this talk about the cloud, I realized that I have neglected our beloved Active Directory!

Morning at Microsoft Ignite Italy 2024, before heading to the watch party organized by Microsys!

We’re getting used to it! Here we are with the second episode of Defender for Podcast, where we talk about training! We’ll try to organize the multitude of resources available for training in Microsoft Security: Official resources such as the Learn platform SC certifications that allow validating your skills but also the brand new Applied Skills Blogs, YouTube channels, and other useful resources 🚨 If you enjoy this content and want to make sure you don’t miss any updates, we invite you to join our community!

⚠️ 🇮🇹 To my Italian speaking followers! In this first episode of Defender for Podcast, we try to focus on what the term “Microsoft Security” means: what it encompasses, which areas it involves? We will explore all of this from different perspectives: How to navigate in terms of licensing and which areas are covered by consumption and which by license. Within the licensed offering, at a high level, what is the ideal license/suite in relation to the type of company/reality: we will try to map this out.

⚠️ 🇮🇹 To my Italian speaking followers! A few days ago, the winter edition of #POWERCON2023, an online conference organized by the ICTPower.it community, took place. It is certainly correct to say that Microsoft Intune is an MDM, and its main purpose is to manage devices. However, paraphrasing a famous song from the ’80s, “beyond the endpoints, there is more”! Intune is, in fact, the pivotal tool through which to implement and deploy an infinite variety of security settings, in addition to Microsoft Defender for Endpoint configurations.

A few days ago, the #POWERCON2023 was held, an online conference organized by the ICTPower.it community. As always, I was very happy to participate, and this year, I chose to present a session on Windows Hello for Business, discussing an aspect that I believe is underestimated and not well-known to most: Windows Hello for Business is a passwordless and multi-factor authentication! Do you want to know why and how it works?

As anticipated a few days ago, today we begin a series of short video clips, lasting no more than a couple of minutes, where I demonstrate activities and procedures that most people take for granted but, for various reasons, may not be so straightforward. Welcome to “The Lab Series”! Today, we have a quick-and-dirty procedure for installing the Azure AD Application Proxy connector. Useful documentation for further reference: 📄 Tutorial: Add an on-premises application for remote access through Application Proxy in Azure Active Directory

📰 News: Starting this week, I will be experimenting with a new format called “The Lab Series” in addition to the usual videos. ❓ What is “The Lab Series”? It will be a video of no more than a couple of minutes, without me blabbering, just pure content, like a little pill. ❓ What will it be about and who is it aimed at? It will cover practical and straightforward topics that 95% of professionals consider trivial or obvious but may not be so for someone else.

The video of the session Artificial Intelligence in the Service of Cybersecurity: From 0 to Microsoft Security Copilot that I held (together with Michele Sensalari) at Be Connected Day 11 on June 15, 2023, in Bologna, is now available online. For convenience, I have embedded the video to start directly at the beginning of our presentation, but from the same link, you can actually watch the live stream of the entire day.

Since 1994, Microsoft has been involved in device management: first with SMS, which later became SCCM, and then in 2011, with the advent of mobile devices, the Mobile Device Management service called Intune was created, which has grown… and grown… And today, it has become a suite! Let’s clarify the various pieces of technology we can find within this suite with Maura Perra, Technical Specialist in Cloud Endpoint for Microsoft!

I have tried the new Windows LAPS (Local Administrator Password Solution) with direct support for Entra ID. If you have Windows 11 machines (which natively support it), it is really simple and fast to implement. Here are some useful information: 📌 No licensing requirement, available from Entra ID Free and above 📌 Supported operating systems: Windows 11 22H2 - April 11, 2023 Update Windows 11 21H2 - April 11, 2023 Update Windows 10 20H2, 21H2, and 22H2 - April 11, 2023 Update Windows Server 2022 - April 11, 2023 Update Windows Server 2019 - April 11, 2023 Update In the video, besides configuring the Intune profile to re-enable the built-in local Administrator, I also tested a slightly more specific scenario by renaming the Administrator.

On March 22, 2023, the Microsys event “Tech Bits: Modern Endpoint Management” took place, and now the video of the event is available! Together with the legendary Paolo Bodini, we presented the 10 key elements to consider for modern management of corporate and personal devices. Enjoy watching! Riccardo

Why Windows Hello for Business is the Multi-Factor Authentication for Windows login and how to configure it via Intune in Azure AD Kerberos Cloud Trust mode, through the Settings Catalog. Below is the documentation I refer to in the video: 📄 Windows Hello for Business Overview 📄 How Windows Hello for Business works in Windows Devices 📄 Windows Hello for Business and Authentication 📄 Cloud Kerberos trust deployment 📄 Enable passwordless security key sign-in to on-premises resources by using Azure AD Have you implemented Windows Hello for Business?

Here we are with a new episode of “A Coffee with…”! Today’s protagonist is Elisa Pirrone, CSA Security for Microsoft Italy. Together with her, we will talk about disabling legacy protocols, creating conditional access policies, best practices, and why Windows Hello for Business is an MFA! Here are some additional links for further information: Common Conditional Access policy: Block legacy authentication Windows Hello for Business Overview How Windows Hello for Business works in Windows Devices Don’t forget to subscribe to our other channels as well:

A few days ago, I came across a very interesting article from the Intune Customer Success Team. The article discusses how to configure BitLocker through the Intune Settings Catalog. This piqued my curiosity because, considering the Settings Catalog, there are now three different ways to deploy BitLocker from Intune. I wanted to understand the advantages of using the Settings Catalog compared to the already available methods. Here’s my experience! ⚠️ As mentioned in the video: the settings you see were done for purely educational and illustrative purposes.

Today’s episode is a true injection of caffeine and valuable resources: Valeria Sava talks to us about ADFS and how to retire it by migrating applications to Azure AD. Are you interested? Yes? Then after watching the video, don’t miss this workshop in Italian dedicated to this very topic! Valeria and I extensively discussed it while enjoying our coffee. Here are all the details! 🗓️ March 28, 2023 ➡️ Microsoft Workshops: How to successfully migrate away from AD FS to Azure AD

It took me a while to make this video, but finally, here I am: Azure Virtual Desktop Single Sign-On to Azure AD. One of the main “criticisms” always directed at AVD is the double authentication, which many consider a hassle. With Single Sign-On, the process becomes smoother, and the required authentications decrease. Could I have just shown you the simple SSO? Clearly NO, so I even included a FIDO2 security key in it!

On March 8, 2023, a joint event was held between the Microsoft Intune Italian Users Group and the Microsoft Security Italian Users Group: the video of the sessions is now available. Together with the legendary Michele Sensalari, we talked about certificate-based authentication on Azure AD. Marco Moioli and Davide Salsi, on the other hand, delved into how to use the MAM (Mobile Application Management) features of Intune to provide security in BYOD scenarios, and Davide also demonstrated the new Microsoft Tunnel for Mobile.

“How can we leverage a public cloud while maintaining a proper security posture?” Today, we ask this question (while sipping a cup of coffee) to Francesco Molfese (MVP), who has a clear understanding of how to maintain the right level of security both in the cloud and on-premises. Here are some additional links for further reading: Francesco’s blog Defender for Cloud Don’t forget to follow us on our social channels as well:

📺 New video: Today I’ll tell you about Temporary Access Pass in Azure AD and how it can be useful in specific situations. ☑️ Onboarding a user to register a passwordless authentication method ☑️ Recovery of a lost or unusable passwordless access ☑️ Initialization of a Windows Autopilot device ☑️ Joining a device to Azure AD ☑️ Initial setup of Windows Hello for Business All the details in the video!