Microsoft Ignite 2019 – The end for now – The Overview.

Microsoft Ignite 2019 taking its last breath and its time to list some of the things that I found interesting. Multi factor authentication (MFA) is now a part of the free Azure AD subscription. Microsoft Intune and SCCM comes together at the New Microsoft Endpoint…

Read more »

Day four – Microsoft Ignite 2019 – Whats new and whats going on in the Microsoft Tech world.

These blog post are a ongoing thing the next 1 day. So I will continue to add new blog post content everyday. So stay tuned. Microsoft Ignite is now slowly getting towards the end – what an amazing event this has been. The fourth day:…

Read more »

Day three – Microsoft Ignite 2019 – Whats new and whats going on in the Microsoft Tech world.

These blog post are a ongoing thing the next 2 days. So I will continue to add new blog post content everyday. So stay tuned. Just another day at the office… Not quite. Microsoft Ignite is full of surprises. Today’s sessions was no exception. The…

Read more »

Day two – Microsoft Ignite 2019 – Whats new and whats going on in the Microsoft Tech world.

These blog post are a ongoing thing the next 3 days. So I will continue to add new blog post content everyday. So stay tuned. Lets be honest on a big event like Microsoft Ignite there´s a ton of sessions regarding many different areas within…

Read more »

Day one – Microsoft Ignite 2019 – Whats new and whats going on in the Microsoft Tech world.

These blog post are a ongoing thing the next 4 days. So I will continue to add new blog post content everyday. So stay tuned. Now let me start by saying, WOW what a set of great new announcements this year and features for the…

Read more »

News: Intune portal – Endpoint security tab.

Just tonight for the first time I saw this great tab called endpoint security. Just like the other update the other day, Microsoft has once more made it more simple and user friendly with this small bundle update. Long live Microsoft and this great EMM…

Read more »

News: Minor Intune portal ajustments.

I have noticed that there has been som updates made to the Microsoft Intune portal since my last login. whats that all about see the video below.

Read more »

Intune – Uninstalling Microsoft Office Pro Plus from portal.

If there is a need for uninstalling the Microsoft Office 365 Pro Plus suite from an enrolled Windows 10 device. This is possible with Microsoft Intune and the use of XML. My Environment: Windows 10 1909 (20H1) “insider” Microsoft Office 365 Pro Plus installed. Oracle…

Read more »

Microsoft Intune – Add Company portal to Windows 10 devices and make apps required or available for users.

I really enjoy using the company portal as platform for handling apps, massages etc. that can be delivered to the end users. By using the company portal we can control if the app is required for installation or just available for the user to install…

Read more »

Windows AutoPilot – Self-deploying (Preview)

If the Windows 10 devices just needs to be enrolled and ready for extradition, Windows AutoPilot self-deploying mode is here. Self-deploying mode is designed to deploy Windows 10 as a kiosk, digital signage device, or a shared device. This is what we can call real…

Read more »

Microsoft Intune – Control Policy Conflicts within a Hybrid environment. MDM Wins Over Group Policys.

Starting with Windows 10 1803 a policy configuration service provider (CSP) called “ControlPolicyConflict/MDMWinsOverGP” was born by to handle policy conflicts when a Windows 10 device was hybrid Azure AD Joined. As default starting from Windows 10 1803 local group policies would be applied to a…

Read more »

Micosoft Intune – “Azure AD” rename Windows 10 devices directly from Intune portal.

It should be easy and simple to rename a Windows 10 device, right? Well with Microsoft Intune it is – You can rename a device in seconds directly from the Intune portal with tokens that can be used to add device-specific values to the name…

Read more »

Windows 10 will let you reinstall the OS from the cloud.

At last this feature is coming! – The “download before install” Windows 10 cloud feature is a old idea that already was leaked 3-5 years ago. We all know that Apple (MacOS) can use install from a cloud feature and they have done this for…

Read more »

Microsoft Intune – Prevent the First Run webpage from opening on Microsoft Edge with custom OMA-URI setting.

Some settings are not available or listed in Intune though Administrative template setting or device configuration polices for selection. In those cases Open Mobile Alliance Uniform Resource Identifier (OMA-URI) comes into play, OMA-URI are designed to add device settings and features that aren’t built in…

Read more »

Microsoft Intune – Deploy Windows 10 device in kiosk mode with only Kiosk browser enabled. Single app mode.

In many ways kiosk devices makes sense, take for instance the school library – multiple students needs access to a specific app or to the schools intranet to get relevant information and nothing else. Its here the Windows 10 kiosk mode comes into play. The…

Read more »

Microsoft Intune – Configure Microsoft Edge 77+ settings using administrative templates for Windows 10.

Once again the amazing Intune comes into play. This time I will configure Microsoft Edge 77+ settings using the administrative templates that are available for Windows 10. Administrative template are a feature of Group Policy, a Microsoft technology for centralized management of machines and users…

Read more »

Windows Autopilot: What it is and how it works

This is a really good video that explains what Windows AutoPilot is and how its used. Unpack your Windows 10 device and be the first employed to smell the fresh plastic and first to hit the start buttom of your device. What’s not to love…

Read more »

Windows AutoPilot – Add a user column to the device CSV upload process.

Back in mid August Microsoft added a new setting to Intune regarding the CSV file that Windows AutoPilot used to identifying a Windows 10 device belongs to certain company and a automated enrollment can be processed. Windows Autopilot basically lets you customize the out-of-box experience…

Read more »

How to manage Apple devices. Set up the MDM push certificate to begin the party.

Its a modern world we live in today and with many different mobile devices like Iphone, Ipad, Android, tables and Windows devices etc. If companies chooses to go with one specified device or even go for a mixed environment it’s no problem, we got our…

Read more »

Deploy this alternativ BGInfo to Windows 10 devices through a PowerShell script from Intune.

In this scenario I will download a PowerShell Script created by a guy called Pontus Wendt and do some ajustments/addings to the PowerShell Script. It can be downloaded from this site -> https://pontuswendt.blog/2019/05/31/a-modern-bginfo-solution-just-a-simple-powershellscript/ – Great script btw! After downloading the script I will modify the…

Read more »

Send Custom notifications to Android devices with Microsoft Intune – Delivered by a custom group of users based on Role based Access control (RBAC).

Let your users stay informed with custom notifications to their Android or IOS devices. Notifications can be a very useful tool for general communication purposes. These notifications messages shows as standard push notifications from the Company Portal app on the users Android or IOS device….

Read more »

Custom Azure domain name can´t be deleted (moved) because of local AD Users or Groups that remains in AAD from a broken or deleted local AD environment (sync).

Now and then servers, services, apps connectors breaks down and sometimes the easiest way to fix or work around a problem is using a powershell command. In this scenario I have Azure Tenant with a Custom domain name is applied and also have a Hybrid…

Read more »

How to automatically join Windows AutoPilot devices to On-Premises AD (Hybrid Azure AD Join)

This long awaited feature was introduced by Microsoft in okt. 2018 on Ignite. Now we can deploy a Windows 10 1809 or later via AutoPilot and automalically let that Windows 10 device make a on-prem domain join and then it transforms into a hybrid Azure…

Read more »

Enforce compliance policy for Microsoft Defender ATP with Conditional Access in Intune to Windows 10 devices within a Hybrid environment.

In this scenario we make an compliance policy for our Windows 10 devices, with a Conditional Access policy. The output should be if the Windows 10 Azure AD Hybrid Joined devices not are compliant to the level of risk the compliance policy allows – then…

Read more »

Deploy custom start-menu and taskbar to a Windows 10 device through Intune device configuration policy.

Well lets be honest start-menu layouts is not a thing that many IT tech people considering to be a big talking point or something that have highest priority when planning a deployment rollout. But the customers almost always wants a start-menu and/or taskbar, in some…

Read more »

Intune – Adding Client apps and configure App protection policy.

When companies wants to make some mobile apps available to their workforce, they need to add the application to Intune and then Intune can deliver the application to the company portal for users to get a hold on. The device can be iOS, Android and…

Read more »

Configure Windows AutoPilot to deploy cloud only Windows 10 devices.

In a fast moving world for many businesses we now can benefit from the newest IT technology on the digital workplace journey many are aiming for. One of those technologies we can use for deploying applications and clients with a out of the box experience…

Read more »

Conditional access – block users from a specific corporate office location for accessing cloud apps.

Sometimes we need to set some conditions for which users that most gain access to certain areas of our IT services or cloud apps. In this test lab we will make a conditional access (CA) rule though Intune that provending a little group of users…

Read more »

Intune – Deploy and use Microsoft Defender ATP Baseline Policy.

Many companies talks security every day and how to get the best protected and flexible enviroment possible, but still have their users working without facing to many IT related obstacles within a normal workday. In real life to many restrictions for productive users will often…

Read more »

Microsoft Cloud APP security (MCAS). How to use and monitoring activities in your cloud environment.

Note: In this scenario we only makes a small configuration regarding adding a cloud APP and making a policy just to get a understanding of what MCAS is and can be used for. This cloud framework is really cool, when moving services to the cloud…

Read more »

Hybrid Azure Active Directory join for managed domains towords a classic Active directory setup.

Many companies have all kinds of dependencies towards there on prem environment but also wants to take a step closer to the cloud to get all of the possibilities the cloud has to offer. Microsoft makes this possible through Azure Active Directory connector, this tool…

Read more »

Import Microsoft Security baseline policy within a on prem environment.

In these modern workplace days many companies are in a transition from classic on prem envirioment to cloud services or aiming for a hybrid setup. But sometimes we still need to have the good old classic Active Directory and Group Policy Management in use, to…

Read more »

Intune – Windows update for business. Great overview, easy to manage and always have your devices updated.

For a long time I’ll been totally fascinated by Intune and that extra “layer” called EMS. These technologies gives us the features to make the modern workplace a reality. One on those features that im really excited about is Windows update for business (WUfB). Now…

Read more »

New Intune cloud-based BitLocker Management features on the door step.

Wuhu, this gonna be great..! Lots of new features coming 2019 to the Cloud-based Enterprise BitLocker Management. A migrating feature from on prem MBAM to Cloud Management is on the door step. Also Microsoft BitLocker Administration and Monitoring (MBAM) capabilities you are familiar with over…

Read more »

Windows 10 features on demand – How to deploy within a SCCM/WSUS restricted environment.

Many companies have some kind of lagacy deployment environment like SCCM, CAPA etc. with a backend WSUS server to deliver windows updates, features and drivers to their clients and access to Windows update  is restricted totally through group policy. But when we talk about the…

Read more »

Microsoft Intune – Office 365 ProPlus App deployment for Windows 10 Devices.

Office 365 ProPlus deployment via Intune feature client apps may not be working with the selection of Semi-Annual update channel and option “Remove other version of Office (MSI) from user devices” the option is simply grayed out. Semi-Annual update channel is the default channel when…

Read more »

Powershell – Remove built in apps in Windows 10.

We all know those Windows 10 built in applications that not belonging in a reference image for most enterprises, because most of those applications are used by consumers and do not belong in a enterprise image that’s my opinion! and also because “theoretically” install.WIM will…

Read more »

Intune Import Windows 10 Device error – Tenant to Tenant via CSV file.

As I was trying to import a Windows 10 device from one tenant to another tenant via Microsoft Intune “Windows autopilot device enrollment” without resetting the Windows 10 device I got this error: The Windows 10 device was deleted from the old Tenant “Azure AD…

Read more »

Server 2016 upgrade your evaluation version to the full version.

When your evaluation version is coming to an end, and the 180 days trial slowly getting closer to Zero, then you need to upgrade or “stop” using the server. If you want to upgrade the server, then get a hold on a MAK key for…

Read more »

Azure Active directory – Is Login Hours possible? (cloud only)

The answer is “no”. If we talk cloud only there is no option available for enabling login hours as we knew it from the on-prem Active directory. Therefor corporations that have a cloud only wish and needs login hours restriction for their users or a…

Read more »

WinRM (Windows Remote Management) – Service starts and immediately stops with Event error code 14.

Normally its an easy task to configure Windows Remote Mangement (WinRM) on a Windows 10 client. It can be done manually or with Group Policy settings, I’ll always prefer to use GPO if possible. Working with a big enterprise customer I experience that a simpel…

Read more »

Microsoft Intune Conditional access and Compliance policies, fails on some TPM 1.2 devices trying to enable secure boot or BitLocker.

Conditional access (CA) and compliance policy (CP) seems to be failing when enabling secure boot on an older hardware thats runs Windows 10 1607 or later with Embedded Security Trusted Module (TPM 1.2) Security Chip. The device in this test is enrolled with AutoPilot and…

Read more »