Michael Mardahl

Michael Mardahl

Cloud Architect @APENTO | Microsoft MVP | Swiss Army Brain

Ballerup, Denmark

Michael is a dual Microsoft MVP in the "Enterprise Mobility" and "Security" categories.
He holds a plethora of Microsoft certifications and the title of Cloud Architect with the Microsoft Elite Partner APENTO, in Denmark.
He specialises in customer journeys from classic Infrastructure to Cloud consumption with a strong focus on security and identity. He has been a Microsoft IT Pro for more than 25 years, where he started as a Network Administrator in the logistics industry after getting his degree.
His career has led him to work within industries that requires a heavy focus on legal and regulatory compliance worldwide.
Michael was very early to adopt the Microsoft cloud technologies and blogs passionately about them on MSEndpointMgr.com


Area of Expertise

  • Information & Communications Technology


  • Enterprise Mobility and Security
  • Identity and Access Management
  • Microsoft 365 Security
  • Cloud Security
  • Azure Security
  • IT Security
  • Information Security

Teams Architecture - Deep Dive

In this session, we will go deep-dive into the architecture of Microsoft Teams and how Microsoft is using existing Azure and Office 365 technology to make Microsoft Teams a scalable platform, that can perform and is easy to manage.
This session will cover the logical architecture of Teams, where are conversations, images, files, voicemails, and recordings are stored.

SSO to domain resources from Azure AD Joined Devices

In this session we will cover the basic concepts of Kerberos Authentication from Azure AD Joined Devices. An overview of the synced attributes that are required with the PRT to enable Kerberos and NTLM will help you understand if your environment is setup for SSO. We will also deep-dive in the logs, show some tools you can use to troubleshoot Kerberos and also demonstrate the requirement for SSO with Kerberos when using Windows Hello for Business. At the end of the session, viewers should have a good understanding of the mechanics of SSO to domain resources from Azure AD Joined Devices.

Secure your hybrid workforce with Intune and Windows 11

Windows 11 delivers the most secure experience for all Windows Devices, hybrid, virtual or Cloud, but only if they are managed correctly!!
In this session we're going deep on how you should use the new security features like Advanced Phishing Protection, Device Control, Windows Autopatch but also know features like Application Guard, Application Control and more as they are heavily underutilized.
In this session you will see lots of demos of how to use these feature with Windows 11, Windows 365 and Microsoft Intune.

Mastering a Tenant-To-Tenant Migration

How to approach a tenant to tenant migration. What is possible during migration and how to plan, test, and migrate data in a tenant to tenant project.

Deep Dive: Defender for Office & Authenticated E-Mail

Getting complaints about too much spam, missing e-mails, denied delivery and whitelist creep?

Join Peter and Michael for a deeper real-world understanding of how; Authenticated e-mail and Microsoft Defender for Office can be your ultimate tools for ensuring e-mail deliverability both inbound and outbound from your organization in the cloud.

You will learn why this is a technology that you absolutely must master as an e-mail admin. Because of changing EU legislation and the risk of costly lawsuits due to technical negligence, there are no excuses!

ChatGPT: The Secret Weapon for IT Pros Who Hate Repetitive Tasks

As an IT professional, you know firsthand how tedious and time-consuming some tasks can be. That's where ChatGPT comes in. This state-of-the-art language model can help you automate and streamline your work with Microsoft Endpoint Management. In this session, we'll show you how to use ChatGPT to free up your time for more important things (like, you know, actually enjoying your job). So come join us and discover the power of ChatGPT - just don't be surprised if we throw in a little bit of wit and humor along the way and pull you into the fire.

What you will learn:
- Skynet is NOT here (YET)
- GPT models can help with tedious typing and initial build of scripts
- ChatGPT is SUPER fun if understood and used correctly
- You are not going to be out of a job!

Cloud Kerberos Trust: The Ultimate SSO Solution for On-Prem Resources

Are you tired of juggling multiple login credentials for your on-premises resources? Well, we've got some good news for you! Microsoft MVPs Michael Mardahl and Ben Withmore are here to introduce you to the world of Cloud Kerberos Trust - the ultimate single sign-on (SSO) solution for your on-premises resources. With Cloud Kerberos Trust, you can use your Azure AD credentials and Windows Hello for Business to seamlessly access your on-premises resources. No more complicated Enterprise PKI systems, Azure AD takes care of the heavy lifting and converts your Windows Hello for Business sign-in into a Kerberos ticket. So join us for a fun-filled journey as we dive into the world of Cloud Kerberos Trust and explore its endless possibilities!

What you will learn:

- The evolution of Windows Hello for Business and how Cloud Kerberos Trust fits into the picture

- How to enable Cloud Kerberos Trust, with live labs and demos

- The ins and outs of Kerberos and how tickets play a crucial role

- Tips and tricks for troubleshooting broken Cloud Kerberos Trust configurations

This session will be developed by us, one we get confirmed for the event.
We promise to put on a good show!

Hybrid Out - Modern In | SSO to Active Directory from Cloud PCs

In this session we will bust the myth that your Cloud PCs need to be hybrid joined in order to authenticate to Active Directory and access on-premise resources. We will show you how synced user attributes are used to receive a TGT from the KDC so you can partake in normal Kerberos authentication to get service tickets to your file servers, print servers and more. Breaking the myth even further we will show you how Windows Hello for Business is also able to authenticate. Hybrid join is not needed - most of the time, let us show you why and how!

BitLocker Cloud Management & CloudBAM

BitLocker quickly became the preferred encryption solutions for many organisations, and of course this makes sense. But what about those migrating from on-premises, storage of recovery keys, which MDM policy to opt for, and how to replace MBAM.

In this session we will take you through moving your key recovery out to Azure AD, review native and extend to custom encryption reporting with log analytics, look at all the MDM configuration options, and finally unveil a community developed MBAM alterative / replacement we are calling CloudBAM.

Unlocking the Power of Azure AD with Enterprise App Single Sign-On and App Proxy

Maximize security, compliance and user experience by leveraging Azure AD Enterprise Apps.
In this demo-packed session, you'll learn how to use Azure App Proxy and Single Sign-On to securely manage and grant access to web apps that don't support Modern SSO. Say goodbye to manual login headaches and hello to a more streamlined, secure access solution. Discover the full potential of Azure AD Enterprise Apps beyond the gallery apps and consider replacing your VPN solution.

Some orgs. think they know these features. but countless meetings tell me they don't. and they always end up saying WOW. and Now we don't need VPN for everyone any more!
I will give real good examples that are useable in almost all companies right now.

From on-prem to cloud in a day (the clickbait session)

How is it that it is 2022, and companies with a cloud strategy are only 50% done with their migration after years of work?

Size? Complexity? Knowledge gaps? Funding?

Excuses are many, and validity of those excuses vary.

In this session, Ben and Michael will talk through some of the most common roadblocks and misunderstandings - and they will even throw in their real world experiences for free, so you can take action on issues, once you return home from this informative and fun session.

We plan to talk widely about services in Azure and basic network and authentication stuff that is often missed by people who have a busy day at work and no time to dig in and investigate on their own.

Modernising Authentication Methods like a Boss

In this session, we will explore the process of modernizing authentication methods in Azure AD, focusing on strategies and best practices for migrating away from the classic MFA and SSPR portals.

We will discuss the benefits of the new centralized management approach, such as improved security and simplified management, and how it can help organizations meet the changing needs of today's workforce.

Attendees will learn about key considerations for planning and executing a migration to the new Azure AD portal, including how to assess and prepare for the impact on users and IT staff.

We will also cover best practices for troubleshooting common issues and maintaining compliance during the transition.

This session will provide a detailed-level overview of the new centralized management approach and will be a demonstration and talk about authentication strategies.

This will be almost like a free consulting session, with tons of knowledge sharing and reassurances of how all the gears turn.

Microsoft Ignite 2022 Afterparty Upcoming

Identity Governance new features - lifecycle workflows etc.

November 2023 Copenhagen, Denmark

WorkPlace Ninja Summit 2022

September 2022 Luzern, Switzerland

NIC X Edition

June 2022 Oslo, Norway

NIC 2020

Troubleshooting Intune
Autopilot, dot let perfect be the enemy of better

January 2020 Oslo, Norway

Michael Mardahl

Cloud Architect @APENTO | Microsoft MVP | Swiss Army Brain

Ballerup, Denmark