Are all your machines encrypted? If a laptop was lost is the data protected or you’ll need to declare. Microsoft Defender for EndPoint (aka ATP) stores Bitlocker status information. Use the following KQL query in the Advanced Hunting portal.

Like many I’ve been working from home for a while. I use a standing desk and a recent and best accessory purchase is, believe it or not, footware.

Using AD security groups to delegate access to Azure AD roles is not supported at the moment (March 2021). This post offers two workarounds. Permissions to manage Azure AD and Office365 are often assigned via Azure AD Roles. If you have strong access management processes and tooling for on prem Active Directory (access request &approval workflow, joiners & leavers, access reviews & reporting, auditing and alerts) you’ll likely want to reuse these to manage access to Azure AD and Office365.

This post has some PowerShell to make Git client work on Windows in corporate environment. Short version Use the Microsoft Credential Manager for Git. Don’t expose passwords in plaintext in Git config or environment variable. The Microsoft Credential Manager will store creds for proxy amd git repo in Windows Credential Manager Git client doesn’t accept domain name in Git config, when you enter creds in Credential Manager change ID to <userID> format Automatically configurge Git client to authenticate with corporate proxy Git client doesn’t support Web Proxy Auto Discovery (WPAD).

Very niche post today. Few will need to delve into Office 365 Compliance Boundaries unless they need to unblock some regulatory compliance requirement. If your in that situation hopefully this will help you. The scenario is this: you have multiple eDiscovery teams in your organisation. Each eDiscovery team should only see content belonging to users in their own sphere of responsibility. Example requirement: eDiscovery team ACME should only be able to see content for company ACME

I wanted to share this idea of using versioned code and unit tests to manage Office365 tenant configuration between environments. So I did a talk about it at the annual WinOps conference in London. Slides so-i-devsecopsed-office-365

A big part of my work lately has been describing, tracking and managing the risk involed with moving data from the traditional datacentre with it’s firewalled perimiter to public cloud. The NIST Cyber Security Framework was useful as a way of grouping and classifying risks. https://www.slideshare.net/AlexMagnay/risk-management-for-public-cloud-projects

Amazon invited me to record a segment in the AWS Architecture series. This was a fun afternoon in their studio.

Hi Meraki devices have status pages. These can be accessed by internal clients. See https://documentation.meraki.com/zGeneral_Administration/Tools_and_Troubleshooting/Using_the_Cisco_Meraki_Device_Local_Status_Page Wireless Access points MR - http://ap.meraki.com Switches MS - http://switch.meraki.com Routers MX and Z1 - http://wired.meraki.com Any - http://setup.meraki.com This URL will work for any Cisco Meraki device, but will only access the first device in its path. For example, if you’re on a PC connected to a Meraki switch you can connect to http://switch.meraki.com/ which gives you a status page about your connection.

I gave a talk on using public cloud to host grid computing/HPC workloads. The elastic and on demand nature of public cloud is a great fit for spikey workloads like grid computing. I’d had some fun building an autoscaling MATLAB HPC cluster (scale out and scale back) and talked about it at a breakfast briefing with our consultancy Hentsu. https://www.slideshare.net/hentsu/infinitely-scalable-clusters-grid-computing-on-public-cloud