Turning risk into peace of mind.
No filler.
Hands-on takes on attacks, backups, M365, Apple, pricing, people. No sponsored articles. Written by Roman, Kuba & team.
App auto patch — automating macOS app updates
A few weeks back I stumbled across a GitHub repo called App-Auto-Patch on LinkedIn. After reading the docs I was hooked — here's why it's the macOS app-updater I've been looking for.
ABM in practice: the Volume Purchasing Program
Picking up where we left off, today we'll walk through VPP (Volume Purchasing Program) — how to use it to push apps to macOS and iPhone devices on first sign-in.
Apple device management 101
This is one of the less-explored areas for anyone who isn't an Apple specialist. Why did I (and our company) end up caring about it? Because we use Macs and iPhones — and you might too.
Tenant setup 19 — Defender for Endpoint AV configuration, part 2
A week's pause but we're back. Walking through the rest of the Defender AV settings — exclusions, PUA protection, scan schedule, signature updates, Threat Severity actions, and the network/protocol parsing controls.
Tenant setup 18 — Defender for Endpoint configuration
Last time we connected devices to Defender for Endpoint. Today we'll tune the AV — get the most out of it without it nagging your users out of their minds. There's a lot to set; we'll split it across two posts.
Defender for Endpoint enrollment
Don't let the title scare you — if you've already wired the Intune↔Defender connector, this is a 5-minute job. Step by step.
Tenant setup 16 — Automatic OneDrive
A small setting that's a lifesaver if you use OneDrive — and arguably even if you don't. Auto-login + Known Folder Move. So when an employee saves a file to Desktop and the disk dies, you have it on OneDrive, not in the bin.
Tenant setup 14 — Automatic BitLocker
Settings keep coming. Today: BitLocker — Microsoft's well-built disk encryption tool. We'll roll it out via Intune so disk theft and clone attacks become non-issues.
Intune intro
Slowly but surely we're trudging through the swamp of Microsoft inventions I love to complain about — but Intune deserves credit. It's powerful and the impact is felt directly.
Tenant setup 10 — Mobile app protection
Last time we set up auto-install of M365 apps on Windows. Today we secure the mobile O365 apps and the data inside them — without enrolling personal phones into MDM.
Tenant setup 09 — Intune intro
After the long fight with Conditional Access we move to Intune. It's even more complex, and it brings us into device administration. Today we'll cover the basics and push Microsoft 365 apps as required.
Tenant setup 08 — Conditional Access Policies, the finale
The last three baseline policies: MFA for Azure management, MFA for guests, and forcing Microsoft apps for access to corporate data. Then ship it — but stay in Report Only until you've verified nothing breaks.
Free online IT & security audit. No meeting needed.
Run your own security check in 5 minutes. Your IT person doesn't have to know. If you find issues, you can hand them the report. Your call.
- Genuinely free. No paywall.
- No meeting needed. Online anytime, anywhere.
- Run it yourself. Self-service.
- Your data stays yours.