The following steps show how to Add the E5 Subscriptions in your 365 Developer Subscription. Follow steps to register for the developer subscription 1st
After the “Welcome to the Microsoft 365 Developer Program.”
Click Set up E5 Subscription
Follow the setup steps below:
Microsoft have a developer subscription option Microsoft 365 Developer Program FAQ | Microsoft Docs
“subscription is good for 90 days and is renewable based on valid developer activity. If you’re using your subscription for development, it will be renewed every 3 months and will last indefinitely.”
Set up a Microsoft 365 developer subscription | Microsoft Docs
Join the Microsoft 365 Developer Program | Microsoft Docs
Steps to setup – “Join the Microsoft 365 Developer Program today!”
Click : https://developer.microsoft.com/en-us/microsoft-365/dev-program
Joining the program and Create a new account (I Created a new email just for this developer work)
We then get presented with a Dashboard – Microsoft developer center and technical documentation
Time to Explore > click Microsoft 365 > Learn more > Join Now
Clicked “Join Now” and got a missing info prompt.
Join the Developer Program
Select an options
Now you are Setup. Continue to steps for adding E5 license
Scenario: Anyone using MCAS, Conditional Access, Window 10 Endpoints and Google Chrome.
Challenge: How do you get Google Chrome to be recognised by Azure Conditional Access policies.
Issue : Azure Sign In’s, by default will not see Google Chrome as Azure AD Joined.
Browser = Chrome & Joined Type = [Blank]
However, by default Microsoft Edge does report as Azure AD Joined
Browser = Edge & Joined Type = Azure AD Joined
Solution : chrome://extensions/
Conditions in Conditional Access policy – Azure Active Directory | Microsoft Docs
“For Chrome support in Windows 10 Creators Update (version 1703) or later, install the Windows 10 Accounts extension. This extension is required when a Conditional Access policy requires device-specific details.
To automatically deploy this extension to Chrome browsers, create the following registry key:”
Type REG_SZ (String)
Or Add manually
Extension now appears for Windows 10 Accounts show below
Then the next Azure/265 Sign in with show Azure AD Joined using Google Chrome
How to remove the download, save as or print option from the MS Teams thick client application on unmanaged device, logged into your corporate tenancy via a conditional access policy.
- Create a group : Block_Teams_Thick_Client_Downloads
- Add users to the group you want to block access to download, save as or print.
Create a new conditional access policy – Example : Block Teams Thick Client Downloads
- Users and Groups add “Block_Teams_Thick_Client_Downloads”
- Cloud Apps or Actions – Select Apps – MS Teams
- Conditions – Select Client Apps> Configure >Yes> Tick : Mobile Apps, Exchange and Other Clients. Untick Browser.
- Device state (Currently in preview) > Set exclude > Tick : Hybrid Azure AD joined and Device marked as compliant
- Grant – Select > Block Access and For Multiple controls > “Require one of the selected controls”
Block Access From Unmanaged Devices To SharePoint
From SharePoint Admin Center > Polices > Access Control
Click Unmanaged Devices
Note “To use this setting, get a subscription to Enterprise Mobility + Security and assign a license to yourself. ” See Microsoft Endpoint Manager | Microsoft 365 for more information
Select Block Access > Save
Block Access From Unmanaged Devices To SharePoint Specific Sites and Limit access using PowerShell.
Examples block download, save and print on unmanaged devices for a specific SharePoint site (SharePoint, OneDrive)
Limit access to a single site: Set-SPOSite -Identity https://<SharePoint online URL>/sites/<name of site or OneDrive account> -ConditionalAccessPolicy AllowLimitedAccess
Block access to a single site: Set-SPOSite -Identity https://<SharePoint online URL>/sites/<name of site or OneDrive account> -ConditionalAccessPolicy BlockAccess
Update multiple sites at once: (Get-SPOSite -IncludePersonalSite
$true -Limit all -Filter
“Url -like ‘-my.sharepoint.com/personal/'”) | Set-SPOTenant -ConditionalAccessPolicy AllowLimitedAccess
Security Defaults in Azure Portal. IMPORTANT, SECURITY DEFAULTS IS NOT ALWAYS ENABLED BY DEFAULT. YOU MUST CHECK YOUR SETTINGS
What does Security Defaults give you? Security Defaults when enabled provide the following preconfigured security settings:
Requiring all users to register for Azure AD Multi-Factor Authentication.
Requiring administrators to perform multi-factor authentication.
Blocking legacy authentication protocols.
Requiring users to perform multi-factor authentication when necessary.
Protecting privileged activities like access to the Azure portal.
Azure Active Directory security defaults | Microsoft Docs
How do you enable? Azure Active Directory > Properties > Manage Security Defaults > Yes > Save
Discovering and blocking legacy auth:
Discovering and blocking legacy authentication in your Azure and Microsoft 365 subscriptions – Jussi Roine
Understanding Modern vs Legacy auth:
Understanding Modern vs. Legacy Authentication in Microsoft 365 – Ru365 (campbell.scot)
A #PowerShell script with a GUI form to Connect to a vCenter Clone a virtual machine Select the datastore Select the host Set the new VM name Create an IP reservation in both the Production and DR DHCP Scopes #PowerCli #Automation #GUI #vSphere #ESXi #Clone
This blog post walks you through how to create a PowerCLI script for deploying a virtual machine with advanced configuration options and GUI.
VMware Social Media Advocacy
Good to see new training paths for anyone interested in security/vulnerability management and VMware Carbon Black #VMware #CarbonBlack #AlwaysBeLearning #CyberSecurity
This month, VMware Learning released 9 courses and 2 exams to help you develop your skills and increase your knowledge. Don’t let the restriction of working from home stop you from learning how to take full advantage of the innovative VMware technologies that will help your organization work […]
VMware Social Media Advocacy
Stephen Hackers – Exam PASSED – Managing Microsoft Teams MS700
#Teams #MSTeams #Exam #AlwaysBeLearning #MS365
VMware Horizon & Zero Clients Enabling Rapid Remote Secure IT Working. Watch the video. #DemoToDeployed #VMware #Horizon #10ZiG #ZeroClient #Secuirty #EUC #InformationSecurity #WorkingFromHome
2020, the year where the country went into lock down. In the UK we were told to work from home. This got me thinking more about options for rapid deployment of remote working without missing end user / device security. […]
VMware Social Media Advocacy