Microsoft Ignite 2019 taking its last breath and its time to list some of the things that I found interesting. Multi factor authentication (MFA) is now a part of the free Azure AD subscription. Microsoft Intune and SCCM comes together at the New Microsoft Endpoint…Read more »
These blog post are a ongoing thing the next 1 day. So I will continue to add new blog post content everyday. So stay tuned. Microsoft Ignite is now slowly getting towards the end – what an amazing event this has been. The fourth day:…Read more »
These blog post are a ongoing thing the next 2 days. So I will continue to add new blog post content everyday. So stay tuned. Just another day at the office… Not quite. Microsoft Ignite is full of surprises. Today’s sessions was no exception. The…Read more »
These blog post are a ongoing thing the next 3 days. So I will continue to add new blog post content everyday. So stay tuned. Lets be honest on a big event like Microsoft Ignite there´s a ton of sessions regarding many different areas within…Read more »
These blog post are a ongoing thing the next 4 days. So I will continue to add new blog post content everyday. So stay tuned. Now let me start by saying, WOW what a set of great new announcements this year and features for the…Read more »
Just tonight for the first time I saw this great tab called endpoint security. Just like the other update the other day, Microsoft has once more made it more simple and user friendly with this small bundle update. Long live Microsoft and this great EMM…Read more »
If there is a need for uninstalling the Microsoft Office 365 Pro Plus suite from an enrolled Windows 10 device. This is possible with Microsoft Intune and the use of XML. My Environment: Windows 10 1909 (20H1) “insider” Microsoft Office 365 Pro Plus installed. Oracle…Read more »
Microsoft Intune – Add Company portal to Windows 10 devices and make apps required or available for users.
I really enjoy using the company portal as platform for handling apps, massages etc. that can be delivered to the end users. By using the company portal we can control if the app is required for installation or just available for the user to install…Read more »
If the Windows 10 devices just needs to be enrolled and ready for extradition, Windows AutoPilot self-deploying mode is here. Self-deploying mode is designed to deploy Windows 10 as a kiosk, digital signage device, or a shared device. This is what we can call real…Read more »
Microsoft Intune – Control Policy Conflicts within a Hybrid environment. MDM Wins Over Group Policys.
Starting with Windows 10 1803 a policy configuration service provider (CSP) called “ControlPolicyConflict/MDMWinsOverGP” was born by to handle policy conflicts when a Windows 10 device was hybrid Azure AD Joined. As default starting from Windows 10 1803 local group policies would be applied to a…Read more »
It should be easy and simple to rename a Windows 10 device, right? Well with Microsoft Intune it is – You can rename a device in seconds directly from the Intune portal with tokens that can be used to add device-specific values to the name…Read more »
At last this feature is coming! – The “download before install” Windows 10 cloud feature is a old idea that already was leaked 3-5 years ago. We all know that Apple (MacOS) can use install from a cloud feature and they have done this for…Read more »
Microsoft Intune – Prevent the First Run webpage from opening on Microsoft Edge with custom OMA-URI setting.
Some settings are not available or listed in Intune though Administrative template setting or device configuration polices for selection. In those cases Open Mobile Alliance Uniform Resource Identifier (OMA-URI) comes into play, OMA-URI are designed to add device settings and features that aren’t built in…Read more »
Microsoft Intune – Deploy Windows 10 device in kiosk mode with only Kiosk browser enabled. Single app mode.
In many ways kiosk devices makes sense, take for instance the school library – multiple students needs access to a specific app or to the schools intranet to get relevant information and nothing else. Its here the Windows 10 kiosk mode comes into play. The…Read more »
Microsoft Intune – Configure Microsoft Edge 77+ settings using administrative templates for Windows 10.
Once again the amazing Intune comes into play. This time I will configure Microsoft Edge 77+ settings using the administrative templates that are available for Windows 10. Administrative template are a feature of Group Policy, a Microsoft technology for centralized management of machines and users…Read more »
Back in mid August Microsoft added a new setting to Intune regarding the CSV file that Windows AutoPilot used to identifying a Windows 10 device belongs to certain company and a automated enrollment can be processed. Windows Autopilot basically lets you customize the out-of-box experience…Read more »
Its a modern world we live in today and with many different mobile devices like Iphone, Ipad, Android, tables and Windows devices etc. If companies chooses to go with one specified device or even go for a mixed environment it’s no problem, we got our…Read more »
In this scenario I will download a PowerShell Script created by a guy called Pontus Wendt and do some ajustments/addings to the PowerShell Script. It can be downloaded from this site -> https://pontuswendt.blog/2019/05/31/a-modern-bginfo-solution-just-a-simple-powershellscript/ – Great script btw! After downloading the script I will modify the…Read more »
Send Custom notifications to Android devices with Microsoft Intune – Delivered by a custom group of users based on Role based Access control (RBAC).
Let your users stay informed with custom notifications to their Android or IOS devices. Notifications can be a very useful tool for general communication purposes. These notifications messages shows as standard push notifications from the Company Portal app on the users Android or IOS device….Read more »
This long awaited feature was introduced by Microsoft in okt. 2018 on Ignite. Now we can deploy a Windows 10 1809 or later via AutoPilot and automalically let that Windows 10 device make a on-prem domain join and then it transforms into a hybrid Azure…Read more »
Enforce compliance policy for Microsoft Defender ATP with Conditional Access in Intune to Windows 10 devices within a Hybrid environment.
In this scenario we make an compliance policy for our Windows 10 devices, with a Conditional Access policy. The output should be if the Windows 10 Azure AD Hybrid Joined devices not are compliant to the level of risk the compliance policy allows – then…Read more »
When companies wants to make some mobile apps available to their workforce, they need to add the application to Intune and then Intune can deliver the application to the company portal for users to get a hold on. The device can be iOS, Android and…Read more »
In a fast moving world for many businesses we now can benefit from the newest IT technology on the digital workplace journey many are aiming for. One of those technologies we can use for deploying applications and clients with a out of the box experience…Read more »
Conditional access – block users from a specific corporate office location for accessing cloud apps.
Sometimes we need to set some conditions for which users that most gain access to certain areas of our IT services or cloud apps. In this test lab we will make a conditional access (CA) rule though Intune that provending a little group of users…Read more »
Many companies talks security every day and how to get the best protected and flexible enviroment possible, but still have their users working without facing to many IT related obstacles within a normal workday. In real life to many restrictions for productive users will often…Read more »
Microsoft Cloud APP security (MCAS). How to use and monitoring activities in your cloud environment.
Note: In this scenario we only makes a small configuration regarding adding a cloud APP and making a policy just to get a understanding of what MCAS is and can be used for. This cloud framework is really cool, when moving services to the cloud…Read more »
In these modern workplace days many companies are in a transition from classic on prem envirioment to cloud services or aiming for a hybrid setup. But sometimes we still need to have the good old classic Active Directory and Group Policy Management in use, to…Read more »
Intune – Windows update for business. Great overview, easy to manage and always have your devices updated.
For a long time I’ll been totally fascinated by Intune and that extra “layer” called EMS. These technologies gives us the features to make the modern workplace a reality. One on those features that im really excited about is Windows update for business (WUfB). Now…Read more »
Wuhu, this gonna be great..! Lots of new features coming 2019 to the Cloud-based Enterprise BitLocker Management. A migrating feature from on prem MBAM to Cloud Management is on the door step. Also Microsoft BitLocker Administration and Monitoring (MBAM) capabilities you are familiar with over…Read more »
Many companies have some kind of lagacy deployment environment like SCCM, CAPA etc. with a backend WSUS server to deliver windows updates, features and drivers to their clients and access to Windows update is restricted totally through group policy. But when we talk about the…Read more »
Office 365 ProPlus deployment via Intune feature client apps may not be working with the selection of Semi-Annual update channel and option “Remove other version of Office (MSI) from user devices” the option is simply grayed out. Semi-Annual update channel is the default channel when…Read more »
We all know those Windows 10 built in applications that not belonging in a reference image for most enterprises, because most of those applications are used by consumers and do not belong in a enterprise image that’s my opinion! and also because “theoretically” install.WIM will…Read more »
As I was trying to import a Windows 10 device from one tenant to another tenant via Microsoft Intune “Windows autopilot device enrollment” without resetting the Windows 10 device I got this error: The Windows 10 device was deleted from the old Tenant “Azure AD…Read more »
When your evaluation version is coming to an end, and the 180 days trial slowly getting closer to Zero, then you need to upgrade or “stop” using the server. If you want to upgrade the server, then get a hold on a MAK key for…Read more »
The answer is “no”. If we talk cloud only there is no option available for enabling login hours as we knew it from the on-prem Active directory. Therefor corporations that have a cloud only wish and needs login hours restriction for their users or a…Read more »
Normally its an easy task to configure Windows Remote Mangement (WinRM) on a Windows 10 client. It can be done manually or with Group Policy settings, I’ll always prefer to use GPO if possible. Working with a big enterprise customer I experience that a simpel…Read more »
Microsoft Intune Conditional access and Compliance policies, fails on some TPM 1.2 devices trying to enable secure boot or BitLocker.
Conditional access (CA) and compliance policy (CP) seems to be failing when enabling secure boot on an older hardware thats runs Windows 10 1607 or later with Embedded Security Trusted Module (TPM 1.2) Security Chip. The device in this test is enrolled with AutoPilot and…Read more »