Your Data Has a Back Door. GSA and Purview Are the Deadbolt — Blog GSA and Purview team up to block data leaks

Sensitive files are sneaking out through desktop apps and APIs while your DLP watches the browser like a hawk.

Wrote up how GSA and Purview lock that down at the network layer. Full walkthrough included.

zerototrust.tech/your-data-ha...

#MicrosoftSecurity #ZeroTrust #Purview #DLP

I used Claude for this one. I will say it did still take some time. The first version was good, but I made constant tweaks along the way. I like being able to ask "why" it's doing it that way. It helped me a lot in learning processes.

Stay Tunedin: Why I Built My Own Intune Assignment Dashboard — Blog 6,000 groups, zero visibility. So I built a fix.

I got tired of opening 17 browser tabs just to track down Intune group assignments, so I built a tool that does it in one click.

Full write-up here: zerototrust.tech/stay-tunedin...

#Intune #Entra #MicrosoSecurity

#E7 has a lot of AI buzz around it, but Entra Suite deserves attention too. For anyone building Zero Trust, strong identity and access controls are a huge part of the story. The robots still need Conditional Access. #Entra #ZeroTrust #Microsoft365

Happy Little Edge. Securing Windows BYOD with Edge for Business — Blog Secure Windows BYOD access with Edge for Business.

New blog post. Windows BYOD with Edge for Business.

A practical look at securing Microsoft 365 access on personal Windows devices using App Protection, Conditional Access, and Edge policy controls.

zerototrust.tech/happy-little...

#MicrosoftIntune #BYOD #MicrosoftSecurity

Windows 365 Cloud Apps. Give them the biscuit, not the kitchen — Blog My wife and I recently took a trip to Savannah, Georgia, and let me tell you, that city knows how to do food. We stumbled into this little restaurant, and…

Stop handing out the whole kitchen when users only need a biscuit.
Windows 365 Cloud Apps lets you publish individual apps from a Cloud PC. No full desktop required.

zerototrust.tech/windows-365-...

#Windows365 #Intune #CloudPC #MicrosoftSecurity #WindowsApp

Prompt Injection is the New Phishing.... Here's how GSA Can Help — Blog If your org is starting to rely on tools like ChatGPT, Copilot, Claude, or Gemini, you are probably already thinking about data leakage. However, there is another problem that shows…

Prompt injection is social engineering for GenAI.

It’s not malware. It’s wording. “Ignore all previous instructions” style prompts can push models outside guardrails and create real risk for the enterprise.

New blog: zerototrust.tech/prompt-injec...

#Microsecurity #Entra #GSA #Intune

Kiosk Chaos to Calm. Building Multi-App Assigned Access with Intune — Blog Lock down kiosks. Troubleshoot blocks fast.

Happy New Year!
New blog is live: I break down Intune multi-app kiosks (Assigned Access). Schemas, AllowedApps, StartPins, plus how to find what got blocked in AppLocker logs.

zerototrust.tech/kiosk-chaos-...

#Intune #EndpointManagement #MicrosoftSecurity

AI Agents Are Swarming Your Tenant. How Conditional Access for Agent ID Keeps Them in Check — Blog Taming AI agents with Entra Conditional Access guardrails

Hopefully you are out of your turkey coma. 🦃

AI agents are swarming your tenant, but who is securing them?

New blog. “Who Let the Agents Out? Conditional Access for Agent ID to the Rescue”

Read here - zerototrust.tech/ai-agents-ar...

#MicrosoftSecurity #SecurityCopilot #Entra #Intune

Global Secure Access and Sentinel Integration.... and brisket? — Blog Connect GSA to Sentinel: see more, guess less.

Good pairings elevate everything: Global Secure Access + Microsoft Sentinel.

Unified context. Sharper detection. Faster action (SIEM + SOAR).

I break it down here: zerototrust.tech/global-secur...
#MicrosoftSentinel #EntraID #MicrosoftSecurity #SIEM #SOAR #MVPBuzz

Guardrails for the Internet Lane: Rolling Out GSA Threat Intelligence — Blog Block risky clicks: enable Entra GSA Threat Intelligence.

I've been MIA. My son shipped to Marine boot camp and my weekends = nonstop soccer ⚽️
New blog: how to set up Entra Global Secure Access Threat Intelligence. Block risky clicks without slowing users down.

zerototrust.tech/guardrails-f...

#MicrosoftEntra #MicrosoftSecurity #GlobalSecureAccess

Come Fly the Friendly Skies - Edge Password Protection — Blog Edge password protection setup

Tired of reused passwords and forgotten logins?
Edge has your back if you know where to flip the switches.
- Stronger passwords
- Reuse warnings
- Fewer lockouts

zerototrust.tech/come-fly-the...

#MicrosoftEdge #Intune #MicrosoftSecurity

Private Access for Domain Controllers is finally here and it’s awesome!

Say goodbye to lateral movement and hello to Conditional Access checks at the Kerberos level.

Blog: zerototrust.tech/finally-priv...

#EntraID #MicrosoftSecurity #MVPBuzz #GSA

Microsoft Connected Cache is now generally available - Windows IT Pro Blog Microsoft Connected Cache for Enterprise and Education helps organizations save bandwidth during Windows 11 upgrades, Autopilot provisioning, Intune app...

Exciting news! Microsoft Connected Cache is now Generally Available!

Boost your bandwidth, speed up Windows updates, and reduce internet traffic.

Announcement:
bit.ly/4f366Lj

My setup guides: Part 1: zerototrust.tech/boost-your-b...
Part 2: zerototrust.tech/intune-deliv...
#Intune

My #MVP award arrived this week! I still can't believe it. I never thought this would happen!
Life's wild right now (thanks, ⚽️ season), but I've got some exciting blogs almost ready to share.
Big thanks to everyone who supported me along the way.

#mvpbuzz #microsoftsecurity

Flipping Intune Switches - The Secret Sauce to Smarter Endpoint Security — Blog Simply device compliance with MDE.

Ever felt a little nervous flipping Intune switches? Relax it's easier (and smarter) than you think! Discover how two simple toggles boost your endpoint security and keep compliance stress-free. #MicrosoftIntune #EndpointSecurity

zerototrust.tech/flipping-int...

Congratulations to @dugullett.bsky.social on becoming a Microsoft MVP! 🥳

I learned about his IT journey, which began with mowing lawns—You know what they say, when life gives you lemon 🍋!

New episode of Diary of a SysAdmin drops Monday, July 7th! 📅

You don't want to miss this one!

Deny, Deny, Deny! A Look at EPM’s Newest Superpower - Blog Intune EPM deny rules

🚫 Elevate This! EPM Now Has Deny Rules
Microsoft recently added Deny Rules to EPM giving us the power to block specific apps (by hash, version, or publisher) from being elevated.

Full breakdown here 👇
zerototrust.tech/deny-deny-de...

#MicrosoftIntune #EPM #Intune

Your Files Called... They want Personal Data Encryption - Blog Setting up Personal Data Encryption.

Your files just got a personal bodyguard - Windows Hello.
With Personal Data Encryption in Windows 11 24H2, even admins can’t snoop.
Learn how to lock it down with #Intune

zerototrust.tech/your-files-c...

#EndpointSecurity #ZeroTrust #MicrosoftSecurity

Block Party: Taking Down Risky Apps with Zero Effort - Blog Automatic risky app blocking

Part 2 is live! Learn how to auto-block risky (score 1-5) cloud apps in Defender for Cloud Apps, keep VIPs working via scoped exceptions, and trigger instant alerts on new Shadow IT.

zerototrust.tech/block-party-...

#MicrosoftSecurity #MCAS #MDE

Bringing Defender for Cloud Apps + Defender for Endpoint Together - Blog Integrate MDCA and MDE to automatically block risky cloud apps.

Shadow IT giving you grief?
Pair Defender for Endpoint with Defender for Cloud Apps and block risky cloud apps at the device level automatically.
- Fewer surprises.
- More visibility.

Blog: zerototrust.tech/bringing-def...
#CyberSecurity #MicrosoftDefender #ShadowIT #CloudSecurity

Intune Delivery Optimization & Connected Cache – Part 2 - Blog Delivery Optimization slashes bandwidth and eases troubleshooting.

One taco run feeds the office why not updates?
Delivery Optimization + Connected Cache = LAN-speed installs, WAN chill time.

Dig into Part 2 for traffic flow, bandwidth wins & spicy troubleshooting zerototrust.tech/intune-deliv...

#Intune #DeliveryOptimization #ConnectedCache

Boost Your Bandwidth: A Friendly Guide to Delivery Optimization and Connected Cache - Blog Optimize updates with Delivery Optimization and Connected Cache in Intune.

Tired of Windows updates crushing your bandwidth?
Learn how to set up Delivery Optimization + Connected Cache in Intune like a pro.
Less strain, faster updates, happy endpoints.

zerototrust.tech/boost-your-b...

#Intune #Windows #MicrosoftConnectedCache
#DeliveryOptimization

Tired of Proxy Problems? Meet Edge for Business Protection - Blog Edge + Defender = Faster, smarter cloud app session protection.

Tired of slow, glitchy cloud app sessions?
Edge for Business + Defender = seamless, in-browser protection. No proxy. No fuss.

Dive into the setup here: zerototrust.tech/tired-of-pro...

#MicrosoftSecurity #DefenderForCloudApps #EdgeForBusiness #EndpointManagement

@joeloveless.com I need to get my CM environment back up and running. I've been slacking. 😀

Intune Primary User Mix Up - Blog Script fixes primary‑user chaos in Intune

Tired of one tech “owning” every Intune device? Use my quick PowerShell cleanup script and put the right users back in charge fast!

zerototrust.tech/intune-prima...
#Intune #SysAdmin #PowerShell #EndpointManagement #MicrosoftGraph

Need-to-Know Entra Device Group Info? This Script Has Your Back - Blog Identify device users fast with this Intune-friendly PowerShell script.

Tired of mystery devices in your Entra groups?
This PowerShell script helps you quickly identify users tied to each device. Perfect for pilot rollouts.

#MicrosoftIntune #MicrosoftGraph #Intune

zerototrust.tech/need-to-know...

Saving the World from AI Action Figure Mayhem (With a Little Help from Entra Internet Access) - Blog Web filtering made fun and simple.

You won’t believe what your team is creating online...

Learn how to control the madness (and still spark innovation) with Entra Internet Access!

zerototrust.tech/saving-the-w...

#CyberSecurity #MicrosoftEntra #ZeroTrust

Save the Meatloaf! Why Protected Actions Matter in Entra - Blog Protected Actions save more than meatloaf.

Conditional Access meltdown.
Smoked meatloaf on the line.
Protected Actions to the rescue?
Turns out Entra can save more than just your tenant. New blog up now!

zerototrust.tech/save-the-mea...

#EntraID #ZeroTrust #MicrosoftSecurity

This Is Not Just Another LAPS Post…Promise! - Blog LAPS gets a cleanup upgrade

Not another LAPS post… no, seriously.

Learn how a sneaky new Intune setting shuts down lingering PowerShell sessions run with LAPS creds without scripts or hacks.

Fewer attack paths. Less duct tape. More peace of mind.

zerototrust.tech/this-is-not-...

#Intune #LAPS #MicrosoftSecurity