CMCE 2004

Donnerstag 2 April 2020, Digicomp Zürich

Registrierungab 8:00
9.00-10.00What’s new in MS Endpoint Manager Config ManagerTen practical tips to secure your corporate data with Microsoft 365

See the leatest and greatest stuff what is out, or what is comming in MEMCM 1910 or later
have some site view on the TP 200x
Employees demanding access to your corporate data and apps on their often own devices so that they can be productive. This can be a challenge for you as the Administrator, IT Manager or security counterpart in your organization.
During this session you will learn, via 10 practical tips, how to allow users to bring their devices in your company and allow access to corporate data securely. You will learn when to use what product or what feature to comply to your own set of security rules.
Expect a demo heavy and fully up to date session based on real life experiences gained while working on many Microsoft 365 related projects! After this session you will be able to implement the tips in your own environment.

Mirko ColembergPeter Daalmans
10.15-11.15Hitchhiker’s guide with 10 practical examples to use CMPivot for the ITPRO to help audit and controlHow to Get Your Cloud Services Secured with Microsoft Endpoint Manager and Azure AD

Description:Configuration Manager has always provided a large centralized store of device data, which customers use for reporting and query purposes. The site typically collects this data on a weekly basis. Starting in version 1806, CMPivot is a new in-console utility that now provides access to real-time state of devices in your environment. It immediately runs a query on all currently connected devices in the target collection and returns the results. By providing real-time data from online clients, you can more quickly answer business questions, troubleshoot issues, and respond to security incidents. We will show you our 10 most used CMPivot Queries and how this will simplify your life as an SCCM administrator.
What you will learn:
How to use CMPivot in practice
– our top 10 most used CMPivot real-world examples , for example, in mitigating speculative execution side channel vulnerabilities.
Replace Software inventory
Conditional Access and Microsoft Endpoint Manager are the basis of protecting your corporate data, join Peter to learn all different ways of configuring Conditional Access and what role Microsoft Endpoint Manager (Intune) play in the whole approach.
Learn what services in the cloud and on-premises you can use to and how they fit in the complete Conditional Access story of Microsoft and how you can use them to allow access to internal and external resources.
Keywords are; Device Health, Device Threat Protection, App based CA, Device based CA, User based CA, for Windows 10, MTD and App WE, iOS & Android and much more….

Kenny Buntinx Peter Daalmans
11.30-12.30How to secure & reduce your attack surface on Intune devices with MDATPRocking Windows 10 kiosk mode

In a modern world you want to protect your devices and corporate information as much as possible. If one of your devices will get compromised we will show you how to cut them off from your modern resources with conditional access, but also on how to resolve them on an automated way and give them their precious access back 🙂
Take Aways:
How to protect you companies cloud resources via Conditional access and MDATP
How to make sure that the endpoint state will get automatically checked and resolved from malware if possible .
Show the value of MDATP across multiple teams in your organisation
Every company has some kiosk or shared devices and the configuration was always painful. How to automate the Autologin or AutoStart of an application. Which GPO’s should we set to really limit what a user can do? In this session we will deep dive into the kiosk mode functionality and the available management possibilities with Intune and Autopilot.
What you will learn:
• Deploy kiosk or shared devices with least administrative effort
• Management of kiosk devices in the field
• Autopilot Self-Enrollment mode

Kenny Buntinx
Thomas Kurth
13.30-14.30 RuckZuck for ConfigMgr/Intune deep dive 5 rules to mitigate Office Macro risks

Automatisches erstellen und aktualisieren von Applications in ConfigMgr und Intune. In every company there is always the fight against macros which are normally a high security risk, but already resigned during implementation also a big business accelerator. This session will demonstrate how you can configure your modern workplace to mitigate risks through the defense in depth concept and how you can monitor usage of Macros on a modern managed workplace including MEMCM, Intune, MDATP and DesktopAnalytics. You will learn how you can improve the overall security in your company without restricting your end-users productivity.
Possible solution
• Configure Macro Security with MEMCM and Intune
• Attack Surface Reduction in Action
• Windows Defender AMSI in Action

Roger Zander
Thomas Kurth
14.45-15.45Desktop Analytics and nowProtect your Identity  – it’s like your wallet (or other secrets)!

 What is DA, how it works and what benefit can I get out if it, see how we can use it and why we don’t need it in IntuneAzure Active Directory (Azure AD) brings you several options to achieve the goal: a secure Identity!
First of all you should enable Azure MFA for all users. But hey: What about enrollment, all the Admin Accounts and what in case of Azure MFA fails. We will show how to enable Azure MFA in a right way and make sure you have a protected identity.
What else: Using Identity Governance and Access reviews you have a tool on board which helps you to review access to your Office platform such as Microsoft Teams. If you have never heard about, join this session to get detailed info’s about.

Mirko ColembergAlain Schneiter


17:00-…. UhrApero
Teams Link: 
%d bloggers like this: