The purpose of this blog post is to inform you how to enforce Multi-Factor Authentication (MFA) via an external device during Windows logon and UAC prompts. A 3rd party tool Duo Security makes this possible.

The purpose of this blog post is to inform you how to enforce a BitLocker startup Pin for standard users. I was inspired by the solution of Oliver Kieselbach, but his solution was user-driven and not enforced so I decided to change some settings, make a proactive remediation script, and create a custom Compliance check to enforce the BitLocker startup pin.

The purpose of this blog post is to inform you how to configure Attack Surface Reduction (ASR) via Intune. There are several options to configure ASR and some blog posts on how to configure ASR. I will explain the custom configuration and why I have chosen not to use the built-in option.