Top 5 No-Brainers Security Features in Microsoft Intune

Nicolas PilonApp Protection Policies, Azure, Cloud, Conditional Access, EMS, Intune2 Comments

By 2019, when you plan to deploy modern device management solutions in your company, the security must be a priority. The cloud is accessible from anywhere on the planet and mobility allows users to connect from anywhere. Also, our society is changing and our lifestyle habits as well. Users that have access to corporate data without being forced to connect to the corporate network, is much more convenient. Before you start registering devices in Microsoft Intune, it’s important to set up the Intune portal safely. Moreover, the different operating system platforms, and the types of devices that connect to your network or cloud applications is important as well. Microsoft Intune is a leader in MDM solution and it contains strong security capabilities that you can’t miss like role-based administrative control (RBAC), enrollment restrictions, compliance policy and a couple more. On several occasions, we have noticed that companies do not use … Read More

Create SCCM Report Administrator Role

Benoit LecoursSCCM3 Comments

Role based administration is used to secure the access that is needed to administer SCCM. You also secure access to the objects that you manage, like collections, deployments, and sites but lacks a couple of roles to be complete. For example, there’s no built-in role for report administration or report viewer. We already covered the report viewer role in a previous post. This role give access to your users to consult and run SCCM Reports on the SSRS website. But what if you want to give access to an administrator to create, modify and upload reports without giving them access to the SCCM console ? This post will describe how to create SCCM Report Administrator Role which will fulfill this need. How to Create SCCM Report Administrator Role The first step is to create a Report Users role Once created, go to Administration \ Security \ Security Roles Right-click Report … Read More

How to Start Securing ConfigMgr in the Enterprise

Nicolas PilonAdaptiva, SCCMLeave a Comment

  As an IT professional, you already know that a security breach can be devastating. It can also be expensive, $4 million on average according to a 2015 survey sponsored by IBM. Microsoft System Center Configuration Manager (ConfigMgr) can play a huge part in preventing attacks and implementing an enterprise-wide security solution. ConfigMgr helps companies make sure all endpoints are current with the latest security fixes, configured correctly, behaving normally, and only running authorized applications. However, like almost everything else in IT these days, ConfigMgr itself is a target for hackers who can use it to distribute malware, take control of computers with access to private data, and engage in all manner of nefarious activity. According to a recent Adaptiva survey of more than 150 IT professionals, 70 percent expressed concern about potential security vulnerabilities in their Microsoft ConfigMgr environments. Securing the perimeter of your company’s network is usually the … Read More

Deploy the SCCM 2012 Console using the Application Model

Nicolas PilonConsole, SCCM3 Comments

The installation of SCCM 2012 console can be either manually or automatically. Manual installation remains a good choice if you have a small team. Using role-based access control in SCCM 2012, you can delegate administrative tasks to your team and allow more users with different level of access to the SCCM 2012 console. At this point, you would rather go the automatic way. This post will explain you how to save time by using the Application Model in SCCM 2012 to automatically deploy the console to all your devices. We won’t cover the pre-requisites needed to install the SCCM 2012 console on a device. Make sure your devices are compliant. Step 1 | Create a Collection To regroup all the devices of users that will be using the console, there’s two possible types of collection to trigger the installation, either user or device collection. Users Create a user collection if your goal … Read More

SCCM 2012 Resultant Client Settings

Nicolas PilonSCCMLeave a Comment

There’s a new feature that come with the release is SCCM 2012 Resultant Client Settings. If you are familiar with GPO, it does exactly the same thing as GPResult except for the client settings configuration. Very useful when it’s time to troubleshoot client settings or you want to double check one of your change before releasing in production. It is really simple to use, in your console, right click on a device, user or user group in the Asset and Compliance section. Click on Client Settings and Resultant Client Settings. As a side dish, this tool need a minimum requirement in RBAC to use it. Don’t be surprised. Make sure you have enough access.

SCCM 2012 Role-Based Administration Viewer

Benoit LecoursSCCM1 Comment

SCCM 2012 R2 comes with 15 built-in roles. For most of you, this is plenty to fulfill your needs. However if you have custom needs, it’s possible to create your own. When creating your first role, you may be lost in all those security rights. Instead of doing your role directly in the console, I suggest to use the Role-based Administration Modelling and Auditing Tool which is available in the SCCM 2012 toolkit. This tool helps administrators to model and audit RBA configurations. It’s graphical, you can compare your custom based role with the built-in ones. You can see right away the impact visually in the console. Here’s an example. Let’s say I have someone in the company that need read access on the Application and packages only. Sure you can use the Read-Only Analyst role but this would let the user “see” much more than you want. Let’s open … Read More