The purpose of this blog post is to inform you how to configure Attack Surface Reduction (ASR) via Endpoint Security Profiles with Microsoft Intune

The purpose of this blog post is to inform you how to configure RBAC for Intune in a secure way via Role-assignable groups. So, the RBAC groups can only be populated by a Global administrator or Privileged role administrator.

The purpose of this blog post is to inform you how to configure Microsoft defender for Endpoint so that Microsoft Defender SmartScreen can be used.

The purpose of this blog post is to inform you how to whitelist a URL/Domain in Microsoft Defender SmartScreen for a device that is managed by Microsoft Intune and devices that are onboarded to Defender for Endpoint.

The purpose of this blog post is to inform you how to configure Microsoft Defender SmartScreen in Windows, Edge, and Google Chrome via Microsoft Intune.

The purpose of this blog post is to inform you how to assign scope tags on a device via the assigned user his location, which can be used for configuring RBAC

The purpose of this blog post is to inform you how to get notified via Adaptive Cards in Microsoft Teams on a Conditional Access Policy change.

The purpose of this blog post is to inform you how to enforce Multi-Factor Authentication (MFA) via an external device during Windows logon and UAC prompts. A 3rd party tool Duo Security makes this possible.

The purpose of this blog post is to inform you how to configure Attack Surface Reduction (ASR) via Intune. There are several options to configure ASR and some blog posts on how to configure ASR. I will explain the custom configuration and why I have chosen not to use the built-in option.