What is the solution for this question?
You need to implement mobile device management (MDM) for personal devices that runWindows 11. The solution must meet the following requirements:• Ensure that you can manage the personal devices by using Microsoft Intune.• Ensure that users can access company data seamlessly from their personal devices.• Ensure that users can only sign in to their personal devices by using their personalaccount.What should you use to add the devices to Azure AD? A. Azure AD registered Most Voted B. hybrid Azure AD join. C. Azure AD joined
Preventing Data Leakage to AI: A Strategic Framework for the Global Enterprise
In an organization with thousands of users, "Shadow AI" isn't just an IT nuisance - it’s a fundamental shift in the risk surface. We’ve all seen it: a well-intentioned employee pastes proprietary code into a public LLM to "clean it up," or a team lead uploads a customer list to a "free" AI formatter. These aren't malicious acts; they are productivity shortcuts that create massive security gaps. To enable innovation without compromising safety, we need a Zero Trust–aligned framework that acts as a guardrail rather than a gate. This requires a layered model centered on Identity, Device Health, and Data Intelligence. The 7-Layer Defense Architecture In a complex tenant, we don't rely on a single gatekeeper. We implement a stack where each layer provides a fail-safe for the one before it. Layer Enterprise Objective Primary Technology 1. Identity Anchor Verified Access & Device Health Microsoft Entra ID + Intune 2. Global Radar Continuous Shadow AI Discovery Purview AI Hub + Defender for Cloud Apps 3. Session Guard Real-time Intervention & Input Filtering Conditional Access App Control (MCAS) 4. Data Core Auto-Labeling & Persistent DLP Microsoft Purview Information Protection 5. Agent Governance Lifecycle & Identity for AI Agents Agent 365 + Entra Agent ID 6. The Human Layer Secure Prompting & AI Skilling Approved Prompt Templates & Training 7. Continuous Ops Monitoring & Regulatory Auditability Microsoft Sentinel + Insider Risk Mgmt 1. Universal Discovery via the Purview AI Hub Visibility is the prerequisite for governance. In a complex environment, you need a "single pane of glass" to monitor AI usage across the tenant. The Insight: Use the Purview AI Hub to identify "high-risk" prompts and see exactly which sensitive data types (PII, IP, Code) are being shared. The Radar: Integration with Defender for Endpoint ensures we capture AI usage even when users are off-network or traveling, leaving no blind spots in the global telemetry. 2. Identity-Driven Access & Tenant Boundaries Access must be tied to the health of the device. If the device isn't managed, the AI shouldn't be reachable. Conditional Access: Enforce policies requiring a "Managed and Compliant" device for any AI service. The "Account Leak" Fix: Deploy Tenant Restrictions v2 (TRv2). This is the only way to effectively stop employees from using corporate assets to sign into personal Microsoft accounts, keeping data strictly within your managed boundary. 3. Real-Time Session Governance & Inbound Protection The biggest leak in the enterprise isn't a hack; it's the copy-paste. However, we must also guard against Prompt Injection. Granular Controls: Use Session Policies to allow an AI tool while blocking specific risky actions - like uploading a document with a "Highly Confidential" label. Inbound Sanitization: Implement filters to detect malicious external data that might attempt to "hijack" a session via Indirect Prompt Injection. Continuous Access Evaluation (CAE): This ensures that if a user’s risk level changes, their access to AI is revoked in near real-time. 4. Hardening the Data (Auto-Classification & DLP) If security is embedded in the data, the location of the data becomes secondary. Intelligent Labeling: Move beyond manual tagging. Use Auto-labeling at the service level to scan and encrypt sensitive data (e.g., credit card numbers or internal project names) before it can be processed by an LLM. Clipboard Guard: Use Endpoint DLP to stop the "Clipboard Leak." This prevents users from moving sensitive text from a protected document into a web-based AI interface. 5. The "Agentic" Era: Agent 365 As we move from chatbots to autonomous agents, governance must manage an ecosystem of AI agents. Agent 365: A centralized control plane to manage the registry and lifecycle of every AI agent (sanctioned or "shadow") active in your tenant. Entra Agent ID: Treat agents like enterprise identities. Assign unique IDs to manage permissions so an agent’s access doesn't outlive its business purpose. 6. The Human Layer: Skilling & Secure Prompting Technical guardrails are the safety net, but user intent is the driver. Context Minimization: Train users to provide AI with only the data it needs. Redacting proprietary names or PII before prompting should be a baseline habit. The "Safe Harbor": Move users away from risky public tools by providing a superior experience in Microsoft 365 Copilot. Security shouldn't be a "No," it should be a "Yes, use this instead." 7. Continuous Ops & Regulatory Compliance Security is not a "set and forget" project. For the global enterprise, this layer provides the Audit Trail required for the EU AI Act and GDPR. Shadow AI Migration: Track the % of users moving from "Shadow" to sanctioned tools. Sentinel Correlation: Correlate AI prompts and DLP alerts in Microsoft Sentinel to allow the SOC to automate responses to misuse. Compliance Reporting: Generate automated reports on data residency and AI interaction logs to satisfy global regulatory requirements. Technical & Licensing Baseline This framework focuses on identity-, data-, and app/session-level controls (e.g., Defender for Cloud Apps/CAAC). It does not include network-level controls such as Cloud Proxy or ZTNA, which can complement these measures. Most capabilities require Microsoft 365 E5 and Entra ID P2. Features like Purview AI Hub, Agent 365, and Entra Agent ID may be in preview or offered as add-ons - verify availability and licensing with your Microsoft account team. Conclusion Securing AI at scale is not about building a wall; it is about engineering a dynamic foundation. In a global enterprise, "No" is a temporary delay, not a sustainable policy. By anchoring our strategy in Identity, Auto-Classification, and Agentic Governance, we transform AI from a fragmented "shadow risk" into a governed, competitive advantage. This framework ensures that as our digital ecosystem evolves, the organization's "crown jewels" remain protected - not by restricting innovation, but by making security the adaptive, automated engine that powers it.Looking for a way to set up mail moderation using Entra dynamic group
Our organization is working on shifting from a hybrid AD-Entra environment to Entra only. We currently use mail-moderated dynamic distribution lists using Extension Attributes to set the rules for mass internal company emails. In conjunction with us migrating to Entra only, we are also planning to use an API integration to manage our Entra account creation and updates. This integration does not have the ability to populate the Extension Attribute fields. Because of these changes we will no longer be able to use the existing dynamic distribution lists we have, and we have not had luck finding a solution for it yet. Has anyone else gone through this or have any experience solving for this same problem?Automating Microsoft 365 with PowerShell Second Edition
The Office 365 for IT Pros team are thrilled to announce the availability of Automating Microsoft 365 with PowerShell (2nd edition). This completely revised 350-page book delivers the most comprehensive coverage of how to use Microsoft Graph APIs and the Microsoft Graph PowerShell SDK with Microsoft 365 workloads (Entra ID, Exchange Online, SharePoint Online, Teams, Planner, and more). Existing subscribers can download the second edition now free of charge. https://office365itpros.com/2025/06/30/automating-microsoft-365-with-powershell2/How to Manage Teams Permissions and Privacy Settings
Managing Teams permissions and privacy settings is not just an IT task—it’s a critical part of maintaining productivity, security, and trust within your organization. In this blog, we’ll explore how Teams permissions work, why privacy settings matter, and practical steps you can take to manage them effectively. https://dellenny.com/how-to-manage-teams-permissions-and-privacy-settings/How To Use Sensitivity Labels in Microsoft Teams (Step-by-Step Guide)
Sensitivity labels help organizations protect data by controlling how information is accessed, shared, and stored. If you’re using Microsoft Teams and want to keep confidential conversations, files, and meetings secure, learning how to use sensitivity labels is essential. In this blog , we’ll walk through what sensitivity labels are, why they matter, and how to use sensitivity labels in Teams step by step, even if you’re not a technical expert. https://dellenny.com/how-to-use-sensitivity-labels-in-microsoft-teams-step-by-step-guide/Integrating Copilot in Microsoft Teams Channels and Projects: A Step-by-Step Guide
In this blog, we’ll explore what Copilot is, why integrating it into Teams channels and projects matters, and most importantly, step-by-step instructions on how to integrate and use Copilot effectively. Whether you manage projects, lead teams, or simply want to boost productivity, this guide will help you unlock Copilot’s full potential. https://dellenny.com/integrating-copilot-in-microsoft-teams-channels-and-projects-a-step-by-step-guide/
Multiple word documents are open simultaneously causing performance issues.
Does anyone know what the optimal size of Word documents should be if you have multiple word documents open simultaneously? I frequently access two Word documents at are about 800KB each. When I have both open, I notice a significant performance degradation when I do searches, add/modify/delete contact, toggle between the documents. This really impacts my productivity. I am wondering I should reduce the size of these files or move them to a different drive or memory stick to improve performance. I don't want to break these documents up yet given that instead of having two Word documents open, I might have four Word documents open simultaneously and still have the performance issues. I have performed online repairs of Microsoft 365 and checked my addins but nothing seems to help.Copilot Studio Agent Developer Blueprint Survey Opportunity
Microsoft is considering a credential for Copilot Studio Agent Developer, and we need your input through our exam blueprinting survey. The blueprint determines how many questions each skill in the exam will be assigned. Please complete the online survey by January 7, 2026. Please also feel free to forward the survey to any colleagues you consider subject matter experts for this certification. If you have any questions, feel free to contact John Sowles at josowles@microsoft.com or Don Tanedo at dtanedo@microsoft.com. Copilot Studio Agent Developer blueprint survey link: https://microsoftlearning.co1.qualtrics.com/jfe/form/SV_0koFUKnBUrHsKRoCopilot Studio Agent Maker Blueprinting Survey Opportunity
Greetings! Microsoft is considering updating a credential for Copilot Studio Agent Maker, and we need your input through our exam blueprinting survey. The blueprint determines how many questions each skill in the exam will be assigned. Please complete the online survey by January 7, 2026. Please also feel free to forward the survey to any colleagues you consider subject matter experts for this certification. If you have any questions, feel free to contact John Sowles at josowles@microsoft.com or Don Tanedo at dtanedo@microsoft.com. Copilot Studio Agent Maker blueprint survey link: https://microsoftlearning.co1.qualtrics.com/jfe/form/SV_6ywl68gw7VmF0IS
