Returning to work after a vacation 🌴

Jonas Bøgvad
Jonas Bøgvad

Table of Contents

When you get back to your seat, here are the three most important things to check. When users return from vacation, IT pros are usually behind, but why not use the tools we have to get Infront? 💡🚲

Are we at risk? 🏓

When devices start to check in, Threat Vulnerability Management will get the latest information about security holes and start making reports that are easy to understand.

This is one of the best things to remember as an expert in device management who needs a quick overview of their asset. One thing I want to point out is the following:

  • Top exposed devices
  • Top security recommendations
  • Expiring certificates
TVM dashboard

TVM will help you out with:

  • Find out quickly what you need to know at a high level about how security is going in your organization.
  • Find and deal with areas that need more research or action to make things better.
  • Talk to your coworkers and management about how your security efforts are going.

Sign-up for the Defender Vulnerability Management Standalone trial if you don't already have Defender for Endpoint Plan 2.

Getting along with Intune 🥷

If you're using Conditional Access with compliance policies, you should look into this silent killer as soon as possible. If you have one big compliance policy with a short grace period or none at all.

Ask your self;

  • How many are noncompliant
  • How many devices is in grace period
  • Should we raise our grace period

Remember

  • In-grace period: The device is targeted with one or more device compliance policy settings. But, the user hasn't applied the policies yet. This status means the device is not-compliant, but it's in the grace period defined by the admin.
  • Not-compliant: The device is the target of one or more device compliance policy settings. But the user hasn't started using the policies yet. This status means the device isn't compliant, but it's still within the admin-defined grace period.

Get ready for lots of updates 📈

Updates, upgrades, and programs for Windows can come in packages with many large files.

If you have time, turn on some of the office laptops and set them up for delivery optimization. Just watch out for any virtual private networks that have been set up so you don't crash the network. You can also tell people to turn on their laptops before they come into the office.

  • When devices get updates, downloading and sending them out can use up a lot of network resources.
  • Use Delivery Optimization to divide the work of downloading these packages among the devices in your deployment. This will reduce how much bandwidth you need.

The table below shows which Windows clients are compatible with Delivery optimization.

If you want a more in-depth post about DO, then I suggest:

Delivery Optimization Configuration & Monitoring - MSEndpointMgr
With more and more organisations making the move to obtain applications and Windows updates through Intune and Windows Update for Business (WUfB), one thing that often goes overlooked is how to optimise data throughput for this downloaded content. Even for those that have configured policies to set…