Patrick Seltmann
@patrickseltmann.bsky.social
15+ yrs in Microsoft identity, access & endpoint mgmt. From AD & SCCM to M365.Opinions are my own, not my employer’s.
🚀 New blog post: Should you exclude "Microsoft Intune Enrollment" from your compliance conditional access policy or not?
Read more in my new blog post: www.ctrlshiftenter.cloud/31fa #conditionalaccess #intune #entra #microsoft #security
Read more in my new blog post: www.ctrlshiftenter.cloud/31fa #conditionalaccess #intune #entra #microsoft #security
www.ctrlshiftenter.cloud
October 12, 2025 at 1:58 PM
🚀 New blog post: Should you exclude "Microsoft Intune Enrollment" from your compliance conditional access policy or not?
Read more in my new blog post: www.ctrlshiftenter.cloud/31fa #conditionalaccess #intune #entra #microsoft #security
Read more in my new blog post: www.ctrlshiftenter.cloud/31fa #conditionalaccess #intune #entra #microsoft #security
🚀 New: App Control for Business — Part 7. Automate ACfB policy deployment: maintain, sign, and deploy to Intune via Azure DevOps pipelines or with PowerShell 7. Read more about this on my blog: www.ctrlshiftenter.cloud/bn0o
#AppControl #WDAC #Intune #PowerShell #DevOps #Security #Microsoft
#AppControl #WDAC #Intune #PowerShell #DevOps #Security #Microsoft
Mastering App Control for Business | Part 7: Maintaining your policies with Azure DevOps (or PowerShell) - ctrlshiftenter.cloud
Hello everyone, in this last post in this series, I will describe how you can maintain your App…
www.ctrlshiftenter.cloud
September 27, 2025 at 3:45 PM
🚀 New: App Control for Business — Part 7. Automate ACfB policy deployment: maintain, sign, and deploy to Intune via Azure DevOps pipelines or with PowerShell 7. Read more about this on my blog: www.ctrlshiftenter.cloud/bn0o
#AppControl #WDAC #Intune #PowerShell #DevOps #Security #Microsoft
#AppControl #WDAC #Intune #PowerShell #DevOps #Security #Microsoft
Does anyone know how to remove these old authentication methods from windows? #windows #authentication
September 3, 2025 at 6:06 AM
Does anyone know how to remove these old authentication methods from windows? #windows #authentication
🚀 New Blog Post – App Control for Business | Part 6
Learn how to sign, apply, and remove signed policies to protect against tampering.
Now on my blog 👇
👉 www.ctrlshiftenter.cloud/oat7 #WDAC #AppControl #EndpointSecurity #Cybersecurity #Microsoft #Intune #prevention
Learn how to sign, apply, and remove signed policies to protect against tampering.
Now on my blog 👇
👉 www.ctrlshiftenter.cloud/oat7 #WDAC #AppControl #EndpointSecurity #Cybersecurity #Microsoft #Intune #prevention
Mastering App Control for Business | Part 6: Sign, apply and remove signed policies - ctrlshiftenter.cloud
HI folks, in this post, I continue my blog series about Application Control for Business and take a…
www.ctrlshiftenter.cloud
August 25, 2025 at 4:02 PM
🚀 New Blog Post – App Control for Business | Part 6
Learn how to sign, apply, and remove signed policies to protect against tampering.
Now on my blog 👇
👉 www.ctrlshiftenter.cloud/oat7 #WDAC #AppControl #EndpointSecurity #Cybersecurity #Microsoft #Intune #prevention
Learn how to sign, apply, and remove signed policies to protect against tampering.
Now on my blog 👇
👉 www.ctrlshiftenter.cloud/oat7 #WDAC #AppControl #EndpointSecurity #Cybersecurity #Microsoft #Intune #prevention
🚀 New Blog Post – App Control for Business | Part 5
How to create a custom base policy for fully managed devices — with PowerShell or the App Control Wizard.
Includes real examples with Notepad++
👉 www.ctrlshiftenter.cloud/4qz1
#WDAC #AppControl #Security #Intune
How to create a custom base policy for fully managed devices — with PowerShell or the App Control Wizard.
Includes real examples with Notepad++
👉 www.ctrlshiftenter.cloud/4qz1
#WDAC #AppControl #Security #Intune
Mastering App Control for Business | Part 5: Create a base policy for fully managed devices - ctrlshiftenter.cloud
Hi folks, in this blog post, I will continue my series on Application Control for Business and explain…
www.ctrlshiftenter.cloud
June 21, 2025 at 1:50 PM
🚀 New Blog Post – App Control for Business | Part 5
How to create a custom base policy for fully managed devices — with PowerShell or the App Control Wizard.
Includes real examples with Notepad++
👉 www.ctrlshiftenter.cloud/4qz1
#WDAC #AppControl #Security #Intune
How to create a custom base policy for fully managed devices — with PowerShell or the App Control Wizard.
Includes real examples with Notepad++
👉 www.ctrlshiftenter.cloud/4qz1
#WDAC #AppControl #Security #Intune
#Microsoft has announced the availability of E5 Security Add-On licenses for #nonprofits witch already own Business Premium Licenses.
This is a hugh benefit for nonprofit organization which want to take their #cybersecurity to the next level.
techcommunity.microsoft.com/blog/nonprof...
This is a hugh benefit for nonprofit organization which want to take their #cybersecurity to the next level.
techcommunity.microsoft.com/blog/nonprof...
Exciting News for Nonprofits: Enhanced Security with Microsoft Enterprise E5 Add-On! | Microsoft Community Hub
What Does the E5 Security Add-On Include?
The Microsoft Enterprise E5 Security add-on offers advanced security capabilities, including:
Microsoft Entra ID...
techcommunity.microsoft.com
June 3, 2025 at 6:07 AM
#Microsoft has announced the availability of E5 Security Add-On licenses for #nonprofits witch already own Business Premium Licenses.
This is a hugh benefit for nonprofit organization which want to take their #cybersecurity to the next level.
techcommunity.microsoft.com/blog/nonprof...
This is a hugh benefit for nonprofit organization which want to take their #cybersecurity to the next level.
techcommunity.microsoft.com/blog/nonprof...
🔐 Reduce the attack surface of your Entra Connect Sync setup!
✅ Hard vs. soft match
✅ ImmutableID & mS-DS-ConsistencyGuid
✅ Secure app-based auth w/ CA
✅ Security Best Practises
🔎 Monitor changes via KQL
👉 www.ctrlshiftenter.cloud/q1oc #EntraID #Microsoft #Hybrid #Security
✅ Hard vs. soft match
✅ ImmutableID & mS-DS-ConsistencyGuid
✅ Secure app-based auth w/ CA
✅ Security Best Practises
🔎 Monitor changes via KQL
👉 www.ctrlshiftenter.cloud/q1oc #EntraID #Microsoft #Hybrid #Security
Entra Connect Sync - Attack Surface Reductions - ctrlshiftenter.cloud
In this blog post, I will write about often ignored security aspects in hybrid Microsoft infrastructures (in my…
www.ctrlshiftenter.cloud
May 29, 2025 at 1:45 PM
🔐 Reduce the attack surface of your Entra Connect Sync setup!
✅ Hard vs. soft match
✅ ImmutableID & mS-DS-ConsistencyGuid
✅ Secure app-based auth w/ CA
✅ Security Best Practises
🔎 Monitor changes via KQL
👉 www.ctrlshiftenter.cloud/q1oc #EntraID #Microsoft #Hybrid #Security
✅ Hard vs. soft match
✅ ImmutableID & mS-DS-ConsistencyGuid
✅ Secure app-based auth w/ CA
✅ Security Best Practises
🔎 Monitor changes via KQL
👉 www.ctrlshiftenter.cloud/q1oc #EntraID #Microsoft #Hybrid #Security
🎉 Just published an early public version of CAxPorter Utility – to manage #EntraID #ConditionalAccess Policies in bulk!
Import/export CA policies
Rename & delete policies
Generate Markdown docs via #OpenAI
Works with CLI & GUI
Blog: www.ctrlshiftenter.cloud/60zf
GitHub: github.com/PatrickSeltm...
Import/export CA policies
Rename & delete policies
Generate Markdown docs via #OpenAI
Works with CLI & GUI
Blog: www.ctrlshiftenter.cloud/60zf
GitHub: github.com/PatrickSeltm...
www.ctrlshiftenter.cloud
May 4, 2025 at 5:40 PM
🎉 Just published an early public version of CAxPorter Utility – to manage #EntraID #ConditionalAccess Policies in bulk!
Import/export CA policies
Rename & delete policies
Generate Markdown docs via #OpenAI
Works with CLI & GUI
Blog: www.ctrlshiftenter.cloud/60zf
GitHub: github.com/PatrickSeltm...
Import/export CA policies
Rename & delete policies
Generate Markdown docs via #OpenAI
Works with CLI & GUI
Blog: www.ctrlshiftenter.cloud/60zf
GitHub: github.com/PatrickSeltm...
Reposted by Patrick Seltmann
Looks like Lifecycle Workflows just added the ability to revoke session tokens 💪
Previously, we had to create our own custom extension (Logic App) to do this, so really nice to see it as a built-in task now :)
learn.microsoft.com/...
Previously, we had to create our own custom extension (Logic App) to do this, so really nice to see it as a built-in task now :)
learn.microsoft.com/...
April 19, 2025 at 6:02 AM
Looks like Lifecycle Workflows just added the ability to revoke session tokens 💪
Previously, we had to create our own custom extension (Logic App) to do this, so really nice to see it as a built-in task now :)
learn.microsoft.com/...
Previously, we had to create our own custom extension (Logic App) to do this, so really nice to see it as a built-in task now :)
learn.microsoft.com/...
Reposted by Patrick Seltmann
#EntraID will block service prinicipal-less authentication from March 2026. Don't know what this is or if it will affect your #Microsoft365 tenant? It's time to check.... Microsoft will take care of 1P apps. Other vendors need to do the same
office365itpros.com/2025/04/15/s...
@nathanmcnulty.com
office365itpros.com/2025/04/15/s...
@nathanmcnulty.com
Entra ID to Disable Service Principal-Less Authentication
Microsoft will disable service principal-less authentication in March 2026. This step closes a hole that doesn't exist today but might in the future.
office365itpros.com
April 15, 2025 at 9:41 AM
#EntraID will block service prinicipal-less authentication from March 2026. Don't know what this is or if it will affect your #Microsoft365 tenant? It's time to check.... Microsoft will take care of 1P apps. Other vendors need to do the same
office365itpros.com/2025/04/15/s...
@nathanmcnulty.com
office365itpros.com/2025/04/15/s...
@nathanmcnulty.com
Hello #microsoft, your mslearn page “Conditional Access architecture and personas” from the #Azure Architect Center, which explains the Conditional Access Persona Framework, was deleted 5 days ago. Why?
April 15, 2025 at 7:07 AM
Hello #microsoft, your mslearn page “Conditional Access architecture and personas” from the #Azure Architect Center, which explains the Conditional Access Persona Framework, was deleted 5 days ago. Why?
🚀 New blog post: Mastering App Control for Business – Part 4 🔐
Learn how to create a “starter base policy” for lightly managed Windows devices.
www.ctrlshiftenter.cloud/qu8h
#WDAC #AppControl #Intune #CyberSecurity #ZeroTrust #Windows #MSIntune #Microsoft #EndpointManagement #Endpoint #Security
Learn how to create a “starter base policy” for lightly managed Windows devices.
www.ctrlshiftenter.cloud/qu8h
#WDAC #AppControl #Intune #CyberSecurity #ZeroTrust #Windows #MSIntune #Microsoft #EndpointManagement #Endpoint #Security
Mastering App Control for Business | Part 4: How to create a "starter base policy" for lightly managed devices - ctrlshiftenter.cloud
In the last three blog posts about App Control for Business, I talked a lot of theory and…
www.ctrlshiftenter.cloud
April 13, 2025 at 12:59 PM
🚀 New blog post: Mastering App Control for Business – Part 4 🔐
Learn how to create a “starter base policy” for lightly managed Windows devices.
www.ctrlshiftenter.cloud/qu8h
#WDAC #AppControl #Intune #CyberSecurity #ZeroTrust #Windows #MSIntune #Microsoft #EndpointManagement #Endpoint #Security
Learn how to create a “starter base policy” for lightly managed Windows devices.
www.ctrlshiftenter.cloud/qu8h
#WDAC #AppControl #Intune #CyberSecurity #ZeroTrust #Windows #MSIntune #Microsoft #EndpointManagement #Endpoint #Security
I've written a short explanations about the session toke lifetime: require reauthentication that was released by #microsoft with the march 2025 #MicrosoftEntra updates. www.ctrlshiftenter.cloud/hdf7
#ConditionalAccess #ZeroTrust #IdentitySecurity #M365 #CloudSecurity #PrivilegedAccess #PAW
#ConditionalAccess #ZeroTrust #IdentitySecurity #M365 #CloudSecurity #PrivilegedAccess #PAW
Session token lifetime: require reauthentication every time - ctrlshiftenter.cloud
Every time I talk about Conditional Access I say: “You must think about it as an identity firewall…
www.ctrlshiftenter.cloud
March 30, 2025 at 6:17 PM
I've written a short explanations about the session toke lifetime: require reauthentication that was released by #microsoft with the march 2025 #MicrosoftEntra updates. www.ctrlshiftenter.cloud/hdf7
#ConditionalAccess #ZeroTrust #IdentitySecurity #M365 #CloudSecurity #PrivilegedAccess #PAW
#ConditionalAccess #ZeroTrust #IdentitySecurity #M365 #CloudSecurity #PrivilegedAccess #PAW
🚀 New Blog Post: Mastering App Control for Business | Part 3 – App Tagging & Managed Installer
How to combine tagging policies with Windows Firewall & explore the pros/cons of Managed Installer.
🔗 www.ctrlshiftenter.cloud/gmva
#WDAC #AppControl #Intune #Securtiy #Microsoft
How to combine tagging policies with Windows Firewall & explore the pros/cons of Managed Installer.
🔗 www.ctrlshiftenter.cloud/gmva
#WDAC #AppControl #Intune #Securtiy #Microsoft
Mastering App Control for Business | Part 3: Application ID Tagging Policies & managed Installer - ctrlshiftenter.cloud
Hello everyone. In my last blog post Mastering App Control for Business | Part 2: Policy Templates &…
www.ctrlshiftenter.cloud
March 29, 2025 at 1:18 PM
🚀 New Blog Post: Mastering App Control for Business | Part 3 – App Tagging & Managed Installer
How to combine tagging policies with Windows Firewall & explore the pros/cons of Managed Installer.
🔗 www.ctrlshiftenter.cloud/gmva
#WDAC #AppControl #Intune #Securtiy #Microsoft
How to combine tagging policies with Windows Firewall & explore the pros/cons of Managed Installer.
🔗 www.ctrlshiftenter.cloud/gmva
#WDAC #AppControl #Intune #Securtiy #Microsoft
New Windows LAPS features just dropped with the March '25 Intune update! Check the docs:
learn.microsoft.com/en-us/mem/in...
#Intune #EndpointManagement #WindowsLAPS #WindowsSecurity
learn.microsoft.com/en-us/mem/in...
#Intune #EndpointManagement #WindowsLAPS #WindowsSecurity
What's new in Microsoft Intune
Find out what's new in Microsoft Intune.
learn.microsoft.com
March 23, 2025 at 9:19 AM
New Windows LAPS features just dropped with the March '25 Intune update! Check the docs:
learn.microsoft.com/en-us/mem/in...
#Intune #EndpointManagement #WindowsLAPS #WindowsSecurity
learn.microsoft.com/en-us/mem/in...
#Intune #EndpointManagement #WindowsLAPS #WindowsSecurity
Reposted by Patrick Seltmann
🚀 New Blog Post: Mastering App Control for Business | Part 2 🔐
Diving into policy templates, rule options & security settings in App Control for Business (ACfB)! 💡
📖 Read more: www.ctrlshiftenter.cloud/vmbo
#CyberSecurity #AppControl #WDAC #ITSecurity #ZeroTrust #EndpointSecurity #Intune
Diving into policy templates, rule options & security settings in App Control for Business (ACfB)! 💡
📖 Read more: www.ctrlshiftenter.cloud/vmbo
#CyberSecurity #AppControl #WDAC #ITSecurity #ZeroTrust #EndpointSecurity #Intune
Mastering App Control for Business | Part 2: Policy Templates & Rule Options - ctrlshiftenter.cloud
In my last blog post Mastering App Control for Business | Part 1: Introduction & Key Concept I…
www.ctrlshiftenter.cloud
March 17, 2025 at 8:26 PM
🚀 New Blog Post: Mastering App Control for Business | Part 2 🔐
Diving into policy templates, rule options & security settings in App Control for Business (ACfB)! 💡
📖 Read more: www.ctrlshiftenter.cloud/vmbo
#CyberSecurity #AppControl #WDAC #ITSecurity #ZeroTrust #EndpointSecurity #Intune
Diving into policy templates, rule options & security settings in App Control for Business (ACfB)! 💡
📖 Read more: www.ctrlshiftenter.cloud/vmbo
#CyberSecurity #AppControl #WDAC #ITSecurity #ZeroTrust #EndpointSecurity #Intune
Reposted by Patrick Seltmann
🚀 New Blog Post: Mastering App Control for Business | Part 1 🔐
Trusting all apps is risky! Attackers exploit detection gaps—traditional security is reactive, not proactive.
🔗 Read more: www.ctrlshiftenter.cloud/zhmp
#CyberSecurity #WDAC #ZeroTrust #AppControl4Business #Enterprise #M365 #Intune
Trusting all apps is risky! Attackers exploit detection gaps—traditional security is reactive, not proactive.
🔗 Read more: www.ctrlshiftenter.cloud/zhmp
#CyberSecurity #WDAC #ZeroTrust #AppControl4Business #Enterprise #M365 #Intune
Mastering App Control for Business | Part 1: Introduction & Key Concept - ctrlshiftenter.cloud
Off-Topic: This is my first blog post in English. Writing in a different language and even more so…
www.ctrlshiftenter.cloud
March 9, 2025 at 8:37 AM
🚀 New Blog Post: Mastering App Control for Business | Part 1 🔐
Trusting all apps is risky! Attackers exploit detection gaps—traditional security is reactive, not proactive.
🔗 Read more: www.ctrlshiftenter.cloud/zhmp
#CyberSecurity #WDAC #ZeroTrust #AppControl4Business #Enterprise #M365 #Intune
Trusting all apps is risky! Attackers exploit detection gaps—traditional security is reactive, not proactive.
🔗 Read more: www.ctrlshiftenter.cloud/zhmp
#CyberSecurity #WDAC #ZeroTrust #AppControl4Business #Enterprise #M365 #Intune
🚀 New Blog Post: Mastering App Control for Business | Part 2 🔐
Diving into policy templates, rule options & security settings in App Control for Business (ACfB)! 💡
📖 Read more: www.ctrlshiftenter.cloud/vmbo
#CyberSecurity #AppControl #WDAC #ITSecurity #ZeroTrust #EndpointSecurity #Intune
Diving into policy templates, rule options & security settings in App Control for Business (ACfB)! 💡
📖 Read more: www.ctrlshiftenter.cloud/vmbo
#CyberSecurity #AppControl #WDAC #ITSecurity #ZeroTrust #EndpointSecurity #Intune
Mastering App Control for Business | Part 2: Policy Templates & Rule Options - ctrlshiftenter.cloud
In my last blog post Mastering App Control for Business | Part 1: Introduction & Key Concept I…
www.ctrlshiftenter.cloud
March 17, 2025 at 8:26 PM
🚀 New Blog Post: Mastering App Control for Business | Part 2 🔐
Diving into policy templates, rule options & security settings in App Control for Business (ACfB)! 💡
📖 Read more: www.ctrlshiftenter.cloud/vmbo
#CyberSecurity #AppControl #WDAC #ITSecurity #ZeroTrust #EndpointSecurity #Intune
Diving into policy templates, rule options & security settings in App Control for Business (ACfB)! 💡
📖 Read more: www.ctrlshiftenter.cloud/vmbo
#CyberSecurity #AppControl #WDAC #ITSecurity #ZeroTrust #EndpointSecurity #Intune
Are there any use cases for #appcontrolforbusiness application tagging policies instead of tagging application to control these in the windows Firewall? #microsoft #endpointprotection #intune
March 17, 2025 at 6:11 AM
Are there any use cases for #appcontrolforbusiness application tagging policies instead of tagging application to control these in the windows Firewall? #microsoft #endpointprotection #intune
🚀 New Blog Post: Mastering App Control for Business | Part 1 🔐
Trusting all apps is risky! Attackers exploit detection gaps—traditional security is reactive, not proactive.
🔗 Read more: www.ctrlshiftenter.cloud/zhmp
#CyberSecurity #WDAC #ZeroTrust #AppControl4Business #Enterprise #M365 #Intune
Trusting all apps is risky! Attackers exploit detection gaps—traditional security is reactive, not proactive.
🔗 Read more: www.ctrlshiftenter.cloud/zhmp
#CyberSecurity #WDAC #ZeroTrust #AppControl4Business #Enterprise #M365 #Intune
Mastering App Control for Business | Part 1: Introduction & Key Concept - ctrlshiftenter.cloud
Off-Topic: This is my first blog post in English. Writing in a different language and even more so…
www.ctrlshiftenter.cloud
March 9, 2025 at 8:37 AM
🚀 New Blog Post: Mastering App Control for Business | Part 1 🔐
Trusting all apps is risky! Attackers exploit detection gaps—traditional security is reactive, not proactive.
🔗 Read more: www.ctrlshiftenter.cloud/zhmp
#CyberSecurity #WDAC #ZeroTrust #AppControl4Business #Enterprise #M365 #Intune
Trusting all apps is risky! Attackers exploit detection gaps—traditional security is reactive, not proactive.
🔗 Read more: www.ctrlshiftenter.cloud/zhmp
#CyberSecurity #WDAC #ZeroTrust #AppControl4Business #Enterprise #M365 #Intune