Kenneth van Surksum
Microsoft MVP Microsoft Intune & Identity and Access | Secure At Work
Amersfoort, The Netherlands
Actions
As a Microsoft 365 Modern Workplace consultant I help customers implement modern workplace solutions based on top of their Microsoft 365 licensing, leveraging products like Microsoft Intune, Microsoft Entra, Microsoft Defender, Exchange Online, Microsoft Teams, Microsoft SharePoint and Microsoft Purview. I constantly build solutions which span these products, taking into account Security, Usability and Manageability as main pillars.
Currently I'm also responsible for the delivery of Secure At Work, a product which can automatically provision Microsoft 365 tenants with best practices configuration and once onboarded keeps customers up to date by using regular releases. Each release adds or updates functionality in Microsoft 365 environments based on best practices and lessons learned from implementation feedback. The Secure At Work solution is already running om more than 10K endpoints, making it proven solution and able to cover 80% of business requirements.
With more than 25 years of experience in IT, I managed to get myself Microsoft certified in 1998, eventually becoming a Microsoft Certified Trainer (MCT), en ultimately receiving my first Microsoft MVP award in 2010. Currently I am a proud dual Microsoft MVP for Microsoft Intune and Identity and Access.
In the past I have worked with many products in the Microsoft infrastructure space, like SMS/System Center Configuration Manager, Active Directory, Virtualization (both VMware as Hyper-V), System Center products like SCOM, SCSM, SCVMM, SCDPM among others.
Kenneth regularly shares his knowledge by blogging at https://www.vansurksum.com and by speaking on national and international events.
Links
Awards
Area of Expertise
Topics
Microsoft Entra Conditional Access demystified - 2025 edition
In July 2016 Microsoft made Conditional Access generally available.
Since that time I had a love and hate relationship with this functionality of Microsoft Entra Id (formerly Azure AD). Mainly because it's difficult to test scenario's and some changes can have a really high impact. I even experienced being locked out of accessing the Azure portal during one of my tests.
In this session I will share my experiences about implementing Conditional Access at several customers. I will cover how to design, implement, test and troubleshoot Conditional Access policies.
Conditional Access, from basic to advanced: Part 1, basic scenarios
This session, which is part 1 of a 2 part workshop, Kenneth van Surksum will take your Microsoft Entra Conditional Access knowledge from basic to advanced. In part 1, we will go through the basics of designing and implementing Conditional Access. Kenneth will explain what Conditional Access is, how to create your own Conditional Access policies and will share his best practices based on years of experience implementing Conditional Acces at many customers. Kenneth will share his basic set of Conditional Access policies, to give you a head start for your own Conditional Access implementation.
Conditional Access, from basic to advanced: Part 2, advanced scenarios
This session, which is part 1 of a 2 part workshop, Kenneth van Surksum will take your Microsoft Entra Conditional Access knowledge from basic to advanced. In part 2, we will go through the advanced scenarios you can implement with Conditional Access allowing you to take your Conditional Access policies one step further. Kenneth will talk about integrating Conditional Access with Microsoft Defender for Cloud Apps and Microsoft Purview, but will also explain how to leverage Authentication Context, Authentication Strength, Authentication Flow, Filters and more.
Designing and configuring your Microsoft Intune Compliance Policies
In this session, Kenneth will explain best practices on designing and implementing Microsoft Intune compliance policies. Kenneth will go into details on whether to use just one, or many compliance policies. How they eventually end up on the endpoint, how to troubleshoot when things go wrong and how Compliance Policies interact with Conditional Access.
Entra Id Conditional Access policies: "the" security glue for your Microsoft 365 environment.
In this session, Kenneth van Surksum, Microsoft MVP Security & Enterprise Mobility will explain why Entra Id Conditional Access is "the" security glue for your Microsoft 365 environment. Kenneth will explain how Conditional Access interacts with other products, like Microsoft Intune, Purview, PIM, Entra Id Enterprise Applications, Defender and more.
Join this session to better understand the interaction between the different products, and how configuring these products combined can improve your security posture.
Implementing Conditional Access is easy, what could possibly go wrong?
Even though the basics of a Conditional Access (CA) policies are quite simple, implementing a set of CA policies in your environment can become complex, quite fast. As with every product, there are also some caveats which you should be aware of when designing and building your CA policies.
In this session, Kenneth van Surksum, Microsoft Security MVP will share his experiences with implementing CA policies in many different organizations, Kenneth will provide some tips on what NOT to do and share some specific scenario's which must be taken into account for your CA policies. Join this session for some practical tips, which will make your own CA policies better.
Configuring even better Windows Update for Business settings for your managed Modern Workplace
Patching your Windows devices has come a long way, eventually resulting in monthly quality updates, but sporadically also emergency patches. Making sure that the chances of these updates being installed in time and successfully will help to improve your security posture.
In this session, Kenneth van Surksum, Microsoft Security MVP will explain what settings you can implement on your Modern Workplace in order to build a solid Windows Update for Business patching solution, which includes deployment rings, power settings, modifications in your security baselines and delivery optimization. Join this session if you want to improve your own Windows update patching strategy.
Protecting your email environment using Exchange Online Protection & Microsoft Defender for Office
While Exchange Online Protection offers protection against SPAM, phishing and malware, you can add an extra layer of security by implementing Microsoft Defender for Office which adds additional phishing protection, safe links and safe attachment functionality. Just buying the products isn't sufficient though for a good protection of your incoming and outgoing email.
In this session, Kenneth van Surksum, Microsoft MVP will explain how to configure your EOP and MDO environment using Microsoft best practices to build an environment capable of protecting your end users from the most common threats in your Exchange Online environment.
Building shared and kiosk Windows devices using Microsoft Intune
While in Microsoft 365 environment we enroll devices which are directly bound to the user working on it, we also have other use cases that we can enroll using Microsoft Intune and Windows Autopilot. Besides 1:1 devices we also have the option to deploy shared devices, allowing multiple users to use the same device. We can also enroll kiosk devices, which are special purpose devices only allowing the execution of one, or a handful of applications.
In this session, Kenneth van Surksum, Microsoft MVP Enterprise Mobility will explain the use cases for building shared and kiosk devices. Kenneth will explain how to configure Microsoft Intune for these scenario's and share his lessons learned while building Shared Device and Kiosk scenario's at multiple customers.
Protecting your company data stored in Microsoft 365 and other SaaS apps
When companies migrate to SaaS based applications, their company data is available from anywhere. Company data stored in SaaS applications like Microsoft 365 can also easily be shared with other users so that people can cooperate on documents which reside in your tenant. While these capabilities will boost the productivity of your end users, not properly protecting the company data can introduce many risks for the company.
In this session, Kenneth van Surksum, Microsoft MVP Enterprise Mobility + Security will explain how to configure your Microsoft 365 and SaaS apps in such a way that you stay In-Control on how data can be shared with the outside world, and how to protect the data itself.
Implementing and building advanced Microsoft Entra Id Conditional Access scenarios - 2025 Edition
So, you have built your Conditional Access rules and everything is working stable and as expected. Now it's time to implement some more advanced scenario's which you can achieve by using Conditional Access in combination with other Microsoft 365 products. By using these more advanced scenario's we can meet more complex requirements when it comes to protecting the identity of the user, or protecting the company data stored in SaaS based applications like SharePoint.
In this session, Kenneth van Surksum, Microsoft MVP Enterprise Mobility + Security will go into more detail about filters for Apps and Workloads, Authentication Strength, Granular control for external users, Authentication context, integration with Microsoft Defender for Cloud Apps, Sensitivity labels and more.
Kenneth van Surksum
Microsoft MVP Microsoft Intune & Identity and Access | Secure At Work
Amersfoort, The Netherlands
Links
Actions
Please note that Sessionize is not responsible for the accuracy or validity of the data provided by speakers. If you suspect this profile to be fake or spam, please let us know.
Jump to top