Understanding Windows Autopatch groups

This week something completely different, but maybe even more intriguing at some level. That something is Windows Autopach groups. Windows Autopatch groups are logical containers, or units, that can group several Azure AD groups and different software update policies, within Windows Autopatch. That’s a really nice addition to Windows Autopatch that is available starting with the latest service update of May 2023. Windows Autopatch groups enable organizations to create different selections of devices with as many as 15 unique deployment rings, custom cadences and content. And a tenant can contain up to 50 Windows Autopatch groups. That enables IT administrator to create nearly any structure for patching their devices within Windows Autopatch. This post will start with some more details for understanding Windows Autopatch groups, …

Read more

Working with Windows Autopilot deployment events

This week is a short post about the Windows Autopilot deployment events that are registered in Microsoft Intune. In a way, a follow up post on this post of about a year ago. While that post was mainly focused on informing IT administrators about the status of Windows Autopilot deployments, this post will be more focused on awareness. Awareness for the deviceManagementAutopilotEvent resource type in Microsoft Graph that contains all the information about Windows Autopilot deployment events. It’s still an often forgotten resource type that does provide a lot of useful information about Windows Autopilot deployments and is also the basis for Windows Autopilot deployment report. This post will provide some more details of the properties that are available within that resource type, the content …

Read more

Using the Microsoft Defender for Endpoint app for connecting to Microsoft Tunnel Gateway

This week is something completely different, compared to the last couple of weeks. This week is back to Microsoft Tunnel. Microsoft Tunnel is the VPN gateway solution for Microsoft Intune that fully integrates with Azure AD (and Conditional Access) for providing access to on-premises resources on iOS and Android devices. In the early stages of Microsoft Tunnel, there used to be a separate Microsoft Tunnel app for iOS and Android devices. One of the challenges with those devices is that there can only be one active VPN at the same time. That’s especially challenging when using it in combination with Microsoft Defender for Endpoint. That makes the combination of both products into a single app, a logic move. That’s been the case for Android already …

Read more

Windows Insider MVP 2022!

Not at the beginning of the year anymore, but that doesn’t make it any less special and that still makes an awesome start of the year! I just received that great email stating that I’m re-awarded as a Windows Insider MVP! Still a great feeling! I feel really proud, honored and privileged to be awarded with my fourth Windows Insider MVP award and to already been holding the Microsoft MVP (Enterprise Mobility) award for seven years! Just awesome! No other words. Of course none of this would be possible without the support of my great family! I love them and couldn’t do this without their support! With their support, I’m ready for another awesome year! 

App protection policies and managed iOS devices

This week is all about app protection policies for managed iOS devices. More specifically, about some default behavior that might be a little bit confusing when not known. When creating app protection policies, those policies can be configured for managed devices or managed apps. That sounds simple. By default, however, when creating and assigning separate policies for managed devices and managed apps, every iOS device will apply app protection policies that are assigned to managed apps. That behavior is caused by the fact that the device will only be identified as a managed device when a specific configuration is in place. That configuration is the user UPN setting. Even better, the user UPN setting opens even more use cases for managed devices. This post will …

Read more

Android Enterprise and Microsoft Intune: And Android Device Policy

I’ve mentioned Android Device Policy before, earlier this year, in my post about Android Enterprise and Microsoft Intune. In that post, however, I’ve only briefly mentioned that app, while that app is an important piece of the Microsoft management solution for corporate-owned devices. That’s why I thought it would be good to devote a blog post to that app. To simply show it’s importance. Android Device Policy is really important for configuring managed devices and also provides some nice capabilities. The importance should be familiar with any IT administrator, responsible for managing Android devices, and those capabilities are sometimes slightly hidden, but provide a good starting point for troubleshooting. Especially when verifying whether settings are already applied or not. In this post I’ll start with …

Read more

Migrated my blog from BlogEngine.NET to WordPress

It took a lot more effort then I hoped/ expected, but as you all can see my blog has changed. The most important part is that it went from BlogEngine.NET to WordPress. This means that the lay-out has changed and everything is just a little bit different, but as always you will get used to it! The downside of this move is that WordPress sets the links to the posts on a different way then BlogEngine.NET did. This means that if you had a direct link to an article it probably won’t work anymore… There are two possibilities to still go to the correct post: Remove the .aspx from the end of the link to the post Go to Archive as all the posts can …

Read more