Ignite recap – Online session 1

Ignite 2018 has just been kickoff with a keynote by Satya Nadella focusing on Microsofts vision for a digital transformation across industries.

I have a feeling where Ignite 2018 is going, and Wednesday morning 6 o’clock, I will do a shot Skype session (around 1 hour) with a short recap on Microsoft 365 announcements for the next two days.

Join the Danish session on Wednesday September 26 at 6:00 to 7:00
Join the Ignite Recap Session on Skype

Password-less Azure AD sign-in

You can now use the Microsoft Authenticator app on your mobile phone, to sign in to any Azure AD account without entering a password. If you enable this feature in your tenant, persons who has enabled phone sign-in in the Microsoft Authenticator app will now see a message telling them to tap a number in their app when they are logging into Azure AD.

You might already know this feature from Windows Hello for Business, where the Microsoft Authenticator uses key-based authentication to enable a user credential that is tied to a device and uses a biometric or PIN.


  • Azure Active Directory
  • End users enabled for Azure Multi-Factor Authentication
  • Users can register their devices

How to enable it:

  • Install the public preview release of the Azure Active Directory V2 PowerShell Module
    • Install-Module -Name AzureADPreview -RequiredVersion
  • In PowerShell, run two commands:
    • Connect-AzureAD
    • New-AzureADPolicy -Type AuthenticatorAppSignInPolicy -Definition ‘{“AuthenticatorAppSignInPolicy”:{“Enabled”:true}}’ -isOrganizationDefault $true -DisplayName AuthenticatorAppSignIn

Run the command Get-AzureADPolicy to see if it is active in your tenant

password-less login

Webinar: Data Loss Prevention

Next month I will host a webinar about Data Loss Prevention in Microsoft 365, as it seems to be quite a hot topic.

I will talk about how you identify sensitive information across Exchange Online, SharePoint Online, and OneDrive for Business, how you can monitor and protect your sensitive information from being accidentally shared.

Join my webinar October 10 at 19:00 to 20:30

Join the Data Loss Prevention Webinar on Skype

Intune: Enrollment restrictions for Windows 10 devices

Yeah, finally it’s here!

Many companies has requested this for a long time, and now it’s possible to restrict enrollment for Windows corporate owned device only in Intune. I know for sure that this has been a blocker in many organization, which has made the shift to modern management for Windows 10 impossible, with this new feature the show can go on 🙂

How to

First you need to sign-in to the Microsoft 365 Device Management portal and then Device enrollment

Now go to Enrollment restrictions -> Default (or Create restriction if you want to test it for a small group of users)

Go to Properties -> Configure

Change ‘Windows (MDM)’ to Block to prevent your users from enrolling a personal owned Windows devices into Intune.


When your users is trying to enroll a personal owned Windows device, they will see the following message, and the device will not be enrolled.