1.Check your Microsoft 365 subscription

Before setting up Intune, ensure that your Office 365 subscription includes Intune. Intune is available in the following subscriptions:

• Microsoft 365 Business Premium
• Microsoft 365 Enterprise E3 and E5
• Enterprise Mobility + Security (EMS) E3 and E5
• Microsoft Intune standalone subscription

You can check and add Intune licenses through the Microsoft 365 Admin Center.

2. Assign Intune licenses to users

Each user needs a Microsoft Intune license. You can assign them via the Microsoft 365 Admin Center:

• Go to the Microsoft 365 Admin Center at https://admin.microsoft.com.
• On the left sidebar, click Users > Active Users.
• Select a user, then click Licenses and Apps.
• Under Licenses, toggle the switch for Microsoft Intune and click Save changes.

Repeat this process for every user that you want to manage with Intune.

3. Sign into Microsoft Endpoint Manager admin center

The Endpoint Manager admin center is where you manage Intune:

• Go to the Microsoft Endpoint Manager Admin Center at https://endpoint.microsoft.com.
• Sign in using your admin credentials.

4. Set up MDM (Mobile Device Management) Authority

To manage mobile devices via Intune, you need to configure your MDM authority. For most organizations, Intune is used as the MDM authority.

• In the Endpoint Manager admin center, click Devices > Enroll devices.
• Under MDM authority, select Microsoft Intune.

If you’re using a combination of Intune and other MDM solutions, you might configure a co-management option.

5. Configure device enrollment options

Next, configure how devices will be enrolled in Intune:

• In the Endpoint Manager admin center, go to Devices > Enroll devices.
• Under Windows Enrollment, configure Automatic Enrollment for Windows 10/11 devices.
• You can also configure other enrollment types like Apple Enrollment for iOS/macOS and Android Enrollment.

6. Create and assign policies

After configuring enrollment, you’ll want to create policies to manage devices and ensure security.

• Compliance policies: Set up rules to ensure devices comply with your organization’s standards. For example, you can ensure devices have a passcode or that they are encrypted.
  • In the Endpoint Manager admin center, go to Devices > Compliance policies and click Create policy.
  • Choose the platform (e.g., Windows, iOS) and configure your compliance settings.
• Configuration profiles: These profiles allow you to manage settings like Wi-Fi, VPN, and email configurations.
  • Go to Devices > Configuration profiles and click Create profile.
  • Select the platform and the type of profile, then configure the necessary settings.
• App protection policies: These protect company data within apps. You can control how users access and share information.
  • Go to Apps > App protection policies and create policies for different platforms.

7. Enroll devices into Intune

Users can enroll their devices manually or automatically, depending on your configuration.

• Windows devices:
  1. On a Windows 10/11 device, go to Settings > Accounts > Access work or school.
  2. Click Connect and follow the prompts to sign in with your Office 365 account. This enrolls the device into Intune.
• iOS/Android devices:
  1. Install the Company Portal app from the App Store or Google Play Store.
  2. Sign in using your Office 365 account and follow the instructions to enroll the device.

8. Monitor and manage devices

Once devices are enrolled, you can monitor and manage them from the Endpoint Manager admin center:

• Go to Devices to view enrolled devices, check compliance status, and take actions like wiping data or resetting passwords.

Pentru a utiliza Mail Merge în Outlook în siguranță, iată câteva recomandări:

1. Pregătește o bază de date bine organizată:
   • Asigură-te că lista de destinatari este corect formatată. Cel mai comun format este un fișier Excel, unde fiecare rând reprezintă un destinatar, iar fiecare coloană conține informații relevante (cum ar fi numele, adresa de email, alte detalii personalizate).
   • Verifică corectitudinea adreselor de email, pentru a evita erori de livrare (bounce).
2. Folosește funcția Mail Merge din Microsoft Word:
   • Deși trimiterile se fac prin Outlook, Mail Merge este configurat în principal din Microsoft Word. Iată pașii esențiali:
     1. Deschide Microsoft Word.
     2. Mergi la tabul Mailings (Corespondență).
     3. Selectează Start Mail Merge -> Email Messages.
     4. Selectează Select Recipients -> Use an Existing List (folosește un fișier Excel, de exemplu).
     5. După ce ai adăugat câmpurile personalizate, scrie mesajul în Word.
     6. Apasă Finish & Merge -> Send Email Messages. Vei fi întrebat unde dorești să trimiți emailurile și care este subiectul.
3. Testare înainte de trimitere:
   • Trimite un email de test către tine sau un coleg, pentru a te asigura că formatul și personalizările sunt corecte.
   • Verifică dacă toate câmpurile personalizate se afișează corect (nume, adresare, etc.).
4. Nu trimite la un număr foarte mare de destinatari deodată:
   • Dacă ai o listă mare de destinatari (de exemplu, peste 500), ia în calcul împărțirea trimiterilor în grupuri mai mici pentru a evita să fii marcat ca spam sau să atingi limita de trimitere de emailuri zilnice a serverului tău.
   • De asemenea, serverul de email poate limita numărul de mesaje trimise într-o perioadă scurtă. În caz de astfel de limitări, emailurile pot eșua sau pot fi întârziate.
5. Ai grijă la politica GDPR și la confidențialitate:
   • Asigură-te că ai acordul destinatariilor pentru a le trimite emailuri, în conformitate cu regulamentul GDPR (în special în UE).
   • E important să ai grijă să nu expui date personale, chiar și neintenționat, în mesajele trimise.
6. Backup:
   • Păstrează o copie a mesajelor trimise și a bazei de date de destinatari pentru referințe viitoare.
   • Poți, de asemenea, să setezi o adresă de email CC/BCC (doar pentru tine) pentru a primi o copie a fiecărui mesaj trimis, ca măsură suplimentară de control.

Prin respectarea acestor pași și verificarea atentă a datelor, poți utiliza funcția de Mail Merge din Outlook fără riscuri majore.

1: Set up the environment

The first step is to set up Microsoft Intune for your organization. ‍This includes creating an account with a valid domain name, setting up a tenant for managing the corporate devices, and enabling the required services for device management in Intune.

2: Configure mobile device policies

Once the environment is set up, it’s time to configure policies for managing mobile devices.

‍This means setting up restrictions on device features such as internet access or camera usage, configuring security settings such as passcode complexity or remote wipe capabilities, and setting up other policies such as app installation or data encryption requirements.

3: Enroll your company devices

After configuring policies for managing different mobile devices with Microsoft Intune, it’s time to enroll them into the system.

‍There are multiple ways to do this – users can be given an enrollment link which they can use to enroll their own devices into Intune. ‍They can also use a QR code which they can scan using their device’s camera. ‍Finally, IT administrators can manually enroll devices into Intune using bulk enrollment methods such as Apple Configurator 2 or Windows Autopilot Deployment Program (WADP).

4: Start managing individual applications

Once devices are enrolled in Microsoft Intune, IT administrators can manage applications on them remotely.

‍This may involve:

• deploying apps from public stores like Google Play Store or Apple App Store
• deploying custom line-of-business apps
• pushing out updates and patches
• removing unwanted apps, and more.

5: Monitor device usage

In addition to managing applications on enrolled devices remotely with Microsoft Intune, IT administrators can also monitor the usage of these managed devices. ‍This includes tracking user activity like which apps are being used most often; when users log into their accounts; what websites they visit regularly; etc.

6: Generate device reports

Finally, IT administrators can generate comprehensive reports on various aspects of managed mobile devices. ‍The types of reports you can generate include reports on application installations, updates, and removals; user activity logs; compliance status of organizational policies; and more. All of this helps keep track of activities related to managed devices within an organization’s network.

It’s important to understand what an AD Password Expiration Policy is to set up proper security measures in your organization. This policy sets out a defined timeline on when a user’s information and passwords are changed in order to ensure security and privacy remain at the forefront for everyone. Here are some key points to help you find out what it is:

• Types of Password Policies – There are different types of password policies that can be used dependent on your company or organization’s needs. Examples include a set number of days for when a user’s password should expire or a set number of days in which the user is required to change their password.
• Requirements – In addition to managing and knowing the timeline in which passwords expire, there may also be specific and unique requirements that the User must adhere to. This can be anything from special characters or numbers to length requirements.
• Account Lockouts and Messages – When a user miss a password expiration policy, the account will become locked out and the user will likely receive an expiration message when they attempt to log in. This is usually implemented to give the User enough warning to update their password before their account is completely disabled.

The AD password expiration policy is an important security feature for any organization as it helps to protect the integrity and privacy of data shared through the network. Following the expiration policy requires having a thorough understanding of the timeline, requirements, and messages associated with it. By implementing the AD password expiration policy, an organization ensures that its data remains safe and secure for everyone.

Setting Password Expiry Date is important for organizational security. With Active Directory (AD) users are able to easily and quickly configure expiration dates on all password within the domain. By incorporating regular password expiration cycles, organizations can strengthen security for their systems and protect user accounts.

Follow these steps to set a password expiration date with AD:

• Open Active Directory Users and Computers.
• Right-click on the OU that contains the user accounts that need to be configured.
• Select Properties from the menu.
• Click on the Group Policy tab.
• Create a new GPO, or edit an existing one, and then navigate to User Configuration > Policies > Windows Settings > Security Settings > Account Policies > Password Policy.
• In the Maximum Password Age section specify the desired expiration date.
• Save the GPO.
• Link the GPO to the appropriate OU(s).

With these steps, admins can easily configure password expiration dates within their Active Directory environments. Administrators should ensure that expiration dates are regularly changed to boost security and avoid potential risks.

Navigating a new video editing software can be a daunting task, but Clipchamp makes this experience as smooth as possible. Here’s a step-by-step guide to help you get started with ease:

Downloading the Software

1. Windows Users: For those using Windows 10 or Windows 11, downloading Clipchamp is straightforward. Visit the Microsoft Store and search for Clipchamp. Then, click on the ‘Get’ button to install.

2. Apple iOS Users: If you’re on an iPhone or iPad, go to the App Store and search for Clipchamp. Download and install the application just as you would with any other iOS app.

Creating an account

1. Microsoft and OneDrive Integration: One of the benefits of using Clipchamp is the ease with which you can integrate your existing Microsoft or OneDrive accounts. This makes for a streamlined experience, allowing you to save your projects directly to the cloud.

2. Other Options: If you don’t have a Microsoft account, you can still sign up using your email address. Clipchamp offers various sign-up options to cater to a wide range of users.

Familiarizing yourself with the user interface

1. Dashboard: When you open Clipchamp, you’ll be greeted with a dashboard that presents all your current projects and options to start a new one.

2. Brand Kit: On the left sidebar, you’ll see an option for your Brand Kit. Here, you can set your default styles—this includes fonts, overlays, and transitions—so that all your videos maintain a consistent look and feel.

3. Media Library: Another crucial feature is the media library, where you can import video files, stock videos, and even sound effects to use in your projects.

Templates and starting a new project

1. Using Templates: For those who want a quick start, Clipchamp offers a wide range of templates tailored to different social media platforms and content types. Simply pick a template that aligns with your vision and start editing.

2. Starting from Scratch: If you prefer a more hands-on approach, you can start a new project from scratch. Clipchamp allows you to choose the aspect ratio and other initial settings, offering you full control from the get-go.

Settings and preferences

1. General Settings: Familiarize yourself with the general settings, where you can customize the tool to suit your workflow. Here, you can set your preferences for shortcuts, default export options, and more.

2. Accessibility: Clipchamp also has accessibility features, including text-to-speech options, to make the software more user-friendly for all.

By following these steps, you’ll be well on your way to becoming a Clipchamp pro. Its user-friendly interface coupled with powerful functionality ensures that whether you are a beginner or a seasoned video editor, getting started with Clipchamp is a breeze.

Importing video files

Drag and drop your video files into the workspace. The software supports various aspect ratios, so whether you’re editing TikTok videos or YouTube videos, you’re covered.

Cutting and trimming

The basic workflow includes cutting unwanted parts. Use the shortcuts to make this process quicker.

Adding transitions

From fades to more intricate transitions, Clipchamp offers a plethora. You can also preview them in real-time before applying.

Text and fonts

Customize your captions using various fonts. You can add text-to-speech functionality as well if needed.

Picture-in-picture and green screen

These editing features are vital for tutorials or if you want to overlay additional content on your video. To brand your videos, you can use overlays and even add a watermark. This is particularly useful for social media where video theft is common.

Stock video, sound effects, and even GIFs can be integrated into your video. This is excellent for those who might not have all the required resources for their content.

For tutorials or Zoom meetings, the screen recording and webcam features are very useful. This makes Clipchamp a comprehensive video creation and video editing tool.

While Clipchamp is not as robust as Adobe when it comes to sound editing, it offers sufficient sound effects and even allows for basic sound level adjustments.

Once your editing is complete, you can export the video in various formats. Clipchamp offers a built-in functionality to upload your videos directly to social media platforms or save them to OneDrive.

Classic Outlook

Show reminders over other programs or apps. You can set up Outlook to display your reminder window on top of other programs you’re working in.

1. Select File > Options > Advanced.
2. In the Reminders section, check the box marked Show reminders on top of other windows.
   
3. Click OK.

Add or remove reminders for meetings. Set reminders for all new meetings

1. Click File > Options > Calendar
2. Under Calendar options, select or clear Default reminders
3. Set the default amount of time at which you want to receive reminders before new calendar items (for example, 15 minutes, 30 minutes, etc.)
   • 

Set a reminder for an existing meeting

1. At the bottom of the screen, click Calendar.
   • 
2. Open the meeting. If the Open Recurring Item dialog box appears, do one of the following:
   • To set the reminder for just one appointment or meeting in a series, select Just this one.
   • To set the reminder for all the appointments or meetings in a series, select The entire series.
3. On the Meeting tab (for a recurring meeting it’s the Meeting Series tab, click the Reminder dropdown and select how long before the appointment or meeting you want to get a reminder. To turn a reminder off, select None.
   • 

Automatically dismiss reminders for past events

If you don’t want to see reminders for events in the past, you can tell Outlook to automatically dismiss reminders for past events. For example, if you’re out of the office for three days, you might not want to come back and see reminders for the meetings that took place while you were gone.

1. Select File > Options > Advanced.
2. In the Reminders section, select Automatically dismiss reminders for past events.

Set reminders for email messages

1. At the bottom of the screen click Mail.
   • 
2. Select an email message.
3. Click Home > Follow Up > Add Reminder.
   • 
4. In the Custom dialog box, check or uncheck Reminder.

Set reminders for tasks

1. At the bottom of the screen, click Tasks.
   • 
2. To view the tasks, click Home > To-Do List.
   • 
3. Click a task in the list.
4. Do one of the following:
   • To add a task reminder to your Tasks list, select the task and then in the Follow-up group, choose a time frame to meet your deadline.
   • To remove a task reminder from your Tasks list/To-Do list, in the Manage Task group, click Remove from List.

New Outlook

With the new reminders window, you can select to snooze calendar events and tasks, join a Teams meeting, or dismiss events and tasks in a separate window.

Turn on the reminders window

You can set up Outlook to display your calendar and To Do (or Task) reminders in a separate window that opens on top of other programs you’re working in.

1. Go to Settings > General > Notifications.
2. Expand the Calendar section, ensure Event Reminders is turned on, and the Reminder notification style is selected.To dismiss reminders for past events (for example, you’ve been away and you don’t want to come back to reminders for events that took place while you were gone), select the Automatically dismiss reminders for past events toggle.

Add or remove reminders for calendar events

Set a default reminder for all calendar events

1. Go to Settings > Calendar > Events and invitations.
2. Under Events you create, select the Default reminder dropdown and then select the default amount of time that you want to be reminded of upcoming events. Select Save if prompted.

Set a reminder for a single meeting or series

You can override the default reminder setting for a single meeting or a meeting series.

1. From the navigation icons on the Outlook Window, select Calendar.
2. From the Calendar window, open the meeting you want to change.
3. If you’re changing a meeting series, first select View series. If you’re changing a single event (or an event series if you selected View series), go to the ribbon, select the Reminder dropdown, and then select an amount for the new reminder time. If you don’t want a reminder for the event or series, select Don’t remind me.

Add or remove reminders for tasks

1. From the navigation icons on the Outlook Window, select the To Do icon.
2. Select a task you want to add a reminder to, and from the task pane that opens, select Remind me. To remove the reminder, select the task and then hover over the reminder until it’s highlighted and the cancel icon appears. Select it to remove the reminder.
   • 

Only the administrator account or other IT staff should have full control of files and folders. I can’t think of a good reason a regular user needs full control. By giving regular users full control they are granted the ability to change settings and permissions, which is a bad idea.

Try and limit settings NTFS permissions to no more than two or three levels deep. There will always be exceptions to this rule, but if you set no rules for this these permissions, things will get out of control. Your users will request for every file or folder to have special permissions which will cause problems.

Here is an example.

The accounting department has a folder that has a level 1 folder and two subfolders (level 2 and level 3). It is no problem to set explicit permissions on level 1 and level 2 but I would not go any level deeper (level 3) as this becomes difficult to manage, and the same goes for files.

I would also try to limit setting explicit permissions to folders only. Users will call and will want to set specific permissions on individual files, this will become a pain to manage so try to avoid this.

Avoid Breaking Inheritance

By default, the permissions set at the root folder will be inherited by all subfolders. If you break inheritance it can make it difficult to read and manage NTFS permissions.

Let’s look at an example.

In the above screenshot, accounting, sales, and purchasing are what I consider the root folder. These folders have NTFS permissions set and all the subfolders will inherit their permissions.

For example, I set permissions on the accounting folder, and therefore all its subfolders inherit its permissions. If I broke the inheritance I would have to set the NTFS permissions on the folder.There will be times when you need to break inheritance such as limiting access to a specific folder but this should be kept to a minimum. You can easily check for folder inheritance with the AD Pro Toolkit.

What is the Everyone group

All interactive, network, dial-up, and authenticated users are members of the Everyone group. This special identity group gives wide access to system resources. When a user logs on to the network, the user is automatically added to the Everyone group. Membership is controlled by the operating system.

https://learn.microsoft.com/en-us/windows-server/identity/ad-ds/manage/understand-special-identities-groups

The Everyone group also includes the Guest account. This is just bad news for security so I highly recommend never using the Everyone group for anything.

Unfortunately, there are some poorly designed programs and tech support that do not understand this. Has a vendor tech support ever told you, “you need to add the everyone group and give them it permissions”? This is horrible advice and if followed you have significantly weakened security in your network.

Some admins will argue that it is not an issue to use everyone on shared permissions and then lock it down using NTFS permissions. This would still allow hackers to scan and detect shared folders in the network so why allow it? Instead, use the least principle model and only allow those that need access to it.

You can quickly find where the Everyone account is in use by using a reporting tool and filter for the account.In the example below, I scanned my file server and found 4 folders that are using the Everyone account and have full control, and this is not good.

The principle of least privilege means a user should only have access to the data, resources, and applications needed to complete a required task.

Preventing unnecessary permissions prevents mishandling of company data and helps to mitigate security threats. Just because a user is part of a department doesn’t mean they need full access to all department folders and files. Consider using read-only and read/write groups to set granular permissions on files and folders.