Kenneth van Surksum
Microsoft MVP Microsoft Intune & Identity and Access | Secure At Work
Amersfoort, The Netherlands
Actions
As a Microsoft 365 Modern Workplace consultant I help customers implement modern workplace solutions based on top of their Microsoft 365 licensing, leveraging products like Microsoft Intune, Microsoft Entra, Microsoft Defender, Exchange Online, Microsoft Teams, Microsoft SharePoint and Microsoft Purview. I constantly build solutions which span these products, taking into account Security, Usability and Manageability as main pillars.
Currently I'm also responsible for the delivery of Secure At Work, a product which can automatically provision Microsoft 365 tenants with best practices configuration and once onboarded keeps customers up to date by using regular releases. Each release adds or updates functionality in Microsoft 365 environments based on best practices and lessons learned from implementation feedback. The Secure At Work solution is already running om more than 10K endpoints, making it proven solution and able to cover 80% of business requirements.
With more than 25 years of experience in IT, I managed to get myself Microsoft certified in 1998, eventually becoming a Microsoft Certified Trainer (MCT), en ultimately receiving my first Microsoft MVP award in 2010. Currently I am a proud dual Microsoft MVP for Microsoft Intune and Identity and Access.
In the past I have worked with many products in the Microsoft infrastructure space, like SMS/System Center Configuration Manager, Active Directory, Virtualization (both VMware as Hyper-V), System Center products like SCOM, SCSM, SCVMM, SCDPM among others.
Kenneth regularly shares his knowledge by blogging at https://www.vansurksum.com and by speaking on national and international events.
Links
Badges
Area of Expertise
Topics
What's next after you mitigated AITM ??
From a historical perspective in the scope of compromising Identitoes. we have a few waves of innovations the last 10 years. We moved from username / password to MFA. Last two years, with the adversary in the middle attacks, we need to move to more secure MFA, phishing resistant MFA. But what's next ? Think about stealing tokens from your device and reuse that on other systems.
Microsoft Entra Conditional Access demystified - 2025 edition
In July 2016 Microsoft made Conditional Access generally available.
Since that time I had a love and hate relationship with this functionality of Microsoft Entra Id (formerly Azure AD). Mainly because it's difficult to test scenario's and some changes can have a really high impact. I even experienced being locked out of accessing the Azure portal during one of my tests.
In this session I will share my experiences about implementing Conditional Access at several customers. I will cover how to design, implement, test and troubleshoot Conditional Access policies.
Designing and configuring your Microsoft Intune Compliance Policies
In this session, Kenneth will explain best practices on designing and implementing Microsoft Intune compliance policies. Kenneth will go into details on whether to use just one, or many compliance policies. How they eventually end up on the endpoint, how to troubleshoot when things go wrong and how Compliance Policies interact with Conditional Access.
Lessons learned from many Conditional Access implementations
Implementing Conditional Access isn't easy. Especially if you need to do it in an already existing and operational environment. In this sessions Kenneth will share, lessons learned and mistakes made. Kenneth will also give some practical tips on how to operationalize an Conditional Access environment, since Conditional Access functionality constantly changes.
Protecting your email environment using Exchange Online Protection & Microsoft Defender for Office
While Exchange Online Protection offers protection against SPAM, phishing and malware, you can add an extra layer of security by implementing Microsoft Defender for Office which adds additional phishing protection, safe links and safe attachment functionality. Just buying the products isn't sufficient though for a good protection of your incoming and outgoing email.
In this session, Kenneth van Surksum, Microsoft MVP will explain how to configure your EOP and MDO environment using Microsoft best practices to build an environment capable of protecting your end users from the most common threats in your Exchange Online environment.
Building shared and kiosk Windows devices using Microsoft Intune
While in Microsoft 365 environment we enroll devices which are directly bound to the user working on it, we also have other use cases that we can enroll using Microsoft Intune and Windows Autopilot. Besides 1:1 devices we also have the option to deploy shared devices, allowing multiple users to use the same device. We can also enroll kiosk devices, which are special purpose devices only allowing the execution of one, or a handful of applications.
In this session, Kenneth van Surksum, Microsoft MVP Enterprise Mobility will explain the use cases for building shared and kiosk devices. Kenneth will explain how to configure Microsoft Intune for these scenario's and share his lessons learned while building Shared Device and Kiosk scenario's at multiple customers.
Protecting your company data stored in Microsoft 365 and other SaaS apps
When companies migrate to SaaS based applications, their company data is available from anywhere. Company data stored in SaaS applications like Microsoft 365 can also easily be shared with other users so that people can cooperate on documents which reside in your tenant. While these capabilities will boost the productivity of your end users, not properly protecting the company data can introduce many risks for the company.
In this session, Kenneth van Surksum, Microsoft MVP Enterprise Mobility + Security will explain how to configure your Microsoft 365 and SaaS apps in such a way that you stay In-Control on how data can be shared with the outside world, and how to protect the data itself.
Implementing and building advanced Microsoft Entra Id Conditional Access scenarios - 2025 Edition
So, you have built your Conditional Access rules and everything is working stable and as expected. Now it's time to implement some more advanced scenario's which you can achieve by using Conditional Access in combination with other Microsoft 365 products. By using these more advanced scenario's we can meet more complex requirements when it comes to protecting the identity of the user, or protecting the company data stored in SaaS based applications like SharePoint.
In this session, Kenneth van Surksum, Microsoft MVP Enterprise Mobility + Security will go into more detail about filters for Apps and Workloads, Authentication Strength, Granular control for external users, Authentication context, integration with Microsoft Defender for Cloud Apps, Sensitivity labels and more.
Kenneth van Surksum
Microsoft MVP Microsoft Intune & Identity and Access | Secure At Work
Amersfoort, The Netherlands
Links
Actions
Please note that Sessionize is not responsible for the accuracy or validity of the data provided by speakers. If you suspect this profile to be fake or spam, please let us know.
Jump to top