Introduction Modern collaboration tools such as OneDrive and SharePoint depend on efficient browser communication to deliver both online and offline functionality. When specific content delivery endpoints are blocked by browser policies, users may experience reduced performance or complete loss of offline file access. Configuring the correct browser policies ensures seamless integration between the browser and... The post Configure Browser Policy to Preserve OneDrive and SharePoint Web Perfor...| Modern Workplace Blog
Introduction Password managers have become a default convenience in modern browsers, including Microsoft Edge. Microsoft now recommends enabling the built-in password manager as part of the Edge Security Baseline, allowing credentials to roam securely across devices. However, in enterprise environments, this roaming capability may become a security concern, especially when users sign into Edge from... The post Balancing Control and Convenience: Preventing Edge Password Sync on Unmanaged Devic...| Modern Workplace Blog
Over the past years, I’ve been maintaining a Conditional Access baseline that organizations can use as a starting point when implementing or reviewing their own Conditional Access policies in Microsoft Entra ID. The latest version v2025-10 (October 2025) is now available on GitHub:👉 https://github.com/kennethvs/cabaseline202510 This baseline contains a collection of policies that together form a... The post Conditional Access Baseline October 2025 (v2025-10) Available on GitHub appeared ...| Modern Workplace Blog
Introduction Configuring Conditional Access (CA) for guest users can be challenging when you want to strictly limit access to Office 365 and a few essential Microsoft services. Many Entra administrators have encountered scenarios where applying a “block all resources” policy breaks necessary functionality such as managing authentication methods, accepting invitations, or accessing user profile pages.... The post Configuring Conditional Access for Guest Users: Allowing Only Office 365 and ...| Modern Workplace Blog
With the increasing reliance on mobile devices in the workplace, organizations must choose the right strategy to manage and secure corporate data. Microsoft offers two primary options: Mobile Application Management (MAM) and Mobile Device Management (MDM). Understanding the differences between these approaches is essential for balancing security, user experience, and administrative effort. This article provides... The post MAM vs. MDM: Choosing the Right Mobile Management Approach appeared fi...| Modern Workplace Blog
Organizations face increasing challenges in securing internet traffic and enforcing web access policies in today’s hybrid work environment. Two key tools from Microsoft, Microsoft Entra Internet Access (Global Secure Access) and Microsoft Defender for Endpoint (MDE), offer robust capabilities for managing security and productivity on the endpoint. This article provides an in-depth comparison between the... The post Comparing Web Filtering and Security: Microsoft Entra Internet Access (Globa...| Modern Workplace Blog
With the introduction of a converged policy combining settings from the legacy MFA portal and SSPR configuration, separating the use of SMS for password resets from its use as an MFA method has become challenging. This guide explains how to configure authentication policies effectively using authentication strengths in Microsoft Entra to address this issue. Table... The post Navigating New Authentication Methods: SMS for Password Reset, Not for MFA appeared first on Modern Workplace Blog.| Modern Workplace Blog
Enhancing the security of your organization’s communication channels is more critical than ever. Building on foundational protocols like SPF, DKIM, and DMARC, you can implement advanced technologies such as IPv6, DNSSEC, STARTTLS, DANE, and RPKI to secure Microsoft 365 email environments, specifically focusing on Exchange Online functionality. These protocols work in tandem to mitigate risks,... The post From SPF to DANE: Securing Microsoft 365 Email Communications appeared first on Modern ...| Modern Workplace Blog
As Microsoft continues to enhance security across its platforms, Multi-Factor Authentication (MFA) is becoming mandatory for an increasing number of administrative portals. This shift means that relying solely on a username and complex password for break glass accounts is no longer viable and should be revisited (if not already done). This initiative aligns with Microsoft’s... The post Protecting your Break Glass accounts in Entra now that MFA gets enforced on more and more Admin portals ap...| Modern Workplace Blog
In a modern managed workplace environment, ensuring that devices meet minimum operating system (OS) requirements is a critical aspect of security and compliance. By governing the OS versions allowed within your Microsoft Intune environment, you can prevent unsupported or outdated systems from accessing corporate resources. Additionally, having well-configured Windows Update for Business (WUfB) settings can... The post Governing OS Versions in Microsoft Intune: Best Practices and Configuration...| Modern Workplace Blog