Adding company branding to Microsoft Edge for Business

This week is all about Microsoft Edge for Business and the new ability to add company branding. Microsoft Edge for Business is the new dedicated Microsoft Edge experience that is created for work accounts. It provides IT administrators with the capabilities to provide users with a productive and secure browsing experience across managed and unmanaged devices. That includes the ability to add company branding to the work account in Microsoft Edge for Business. Adding company branding can be especially useful for differentiating between multiple profiles in the browser. The company branding includes organization details like the company name in the profile pill, and the company color and logo in the profile flyout. Besides that, it’s even possible to add a logo to overlay the Microsoft …

Read more

Remotely locating corporate-owned Android Enterprise devices

This week is all about remotely locating corporate-owned Android Enterprise devices. More specifically, about the configurations that are related to remotely locating those devices. With one of the latest service updates of Microsoft Intune (2401) a new configuration was introduced to specifically block the location on corporate-owned Android Enterprise devices. That configuration, however, has a direct impact on the ability to locate those devices. Besides that, the availability of remotely locating the device depends on the Android Enterprise deployment method. So, multiple reasons why the ability of remotely locating devices could be unavailable. This post will focus on the available settings related to the location of Android Enterprise devices, followed with the steps to configure those settings. This post will end with the user experience. …

Read more

Getting started with Device query

This week is basically a follow-up on an earlier post about Advanced Analytics. At that time, it was all still in preview and still listening to the name of Advanced Endpoint Analytics. Advanced Analytics is also one of the latest additions to the Microsoft Intune Suite and it builds on top of those earlier previewed functionalities. On top of those features from the preview, Microsoft now also added Battery Health and Device query to the mix of features of Advanced Analytics. Even more insights and more options to actual query devices for information. Battery Health is a report that provides insights into the health of the batteries of the devices within the environment and how it influences the user experience. An interesting report, for even …

Read more

Getting started with Enterprise App Management

This week is sort of a follow-up on the earlier post about new Microsoft Intune Suite add-on capabilities. That time it was around the early capabilities, like Endpoint Privilege Management, the first glimpses of Advanced Analytics, and Microsoft Tunnel for MAM. This time it’s about Enterprise App Management. Enterprise App Management provides organizations with an applications catalog that contains apps that are prepared by Microsoft. Those apps are all Win32 apps that are wrapped and hosted by Microsoft. That can further simplify management and makes sure that the lifecycle of apps is getting better under control. That means more structural updates of apps, which makes sure that the environment gets more secure. This post will start with a further introduction about Enterprise App Management, followed …

Read more

Getting familiar with the Intune Management Extension log files

This week is another post about the Intune Management Extension (IME). This week the focus is on the log files of the IME. Probably not the most interesting subject, but definitely an important subject. Especially as an IT administrator, it’s important to be familiar with the available log files of the IME and to understand the usage of those log files. Besides that, it can also be interesting to be familiar with the configuration options for those log files. Together that will help with a better understanding of the logging capabilities of the IME and the log files that should be used to find the information related to a specific problem. This post will have a closer look at the IME log files and the …

Read more

Understanding the Intune Management Extension client health check

This week is sort of a follow-up on the posts of the last couple of weeks about Win32 apps. This week, however, the focus is more on the process that is in place to make sure that everything around the Intune Management Extension (IME) keeps functioning. The IME contains many important components for installing Win32 apps, for running PowerShell scripts, for running inventories, and more. That makes it important that the IME is running successfully. To make sure that the IME is running successfully, the Intune Management Extension Health Evaluation was introduced. That evaluation is focused on performing checks on the service of the IME. This post will have a closer look at the IME client health check and the actions that it performs. Starting …

Read more

Understanding Win32 app inventory

This week is another week about apps on Windows devices. The major difference with last week is that this week is all about the discovered apps on Windows devices. In other words, the app inventory on Windows devices. Within Microsoft Intune that inventory always used to be a huge challenge. It was often not complete and simply missing pieces. Nowadays, it’s getting more and more mature. It contains nearly all application types, is structurally inventoried, and is displayed in a (basic) report. Within Microsoft Intune that report is the Discovered apps report. That report contains a aggregated list of the discovered apps on the devices within the tenant. So, it acts as the software inventory within the tenant. This post will look at the process …

Read more

Working with the restart grace period of Win32 apps

This week is sort of a follow-up on a post of years ago about working with the restart behavior of Win32 apps. That post was focussed on the behavior of Win32 apps, based on the return codes and the configured restart behavior. This post will add the restart grace period in that mix. The restart grace period can be used to determine after which time the device will actually require a restart, when required by the successful installation of a Win32 app. The configuration for the restart grace period has already been available for some time, but since recently it’s now also possible for non-administrator users to snooze that restart. This post will have a closer look at the configuration options for the restart grace …

Read more

Getting started with the Global Secure Access client for Windows

This first week is all about the Global Secure Access client for Windows. Global Secure Access is the Security Service Edge (SSE) solution of Microsoft. Gartner defines SSE as a solution that secures access to the web, cloud services and private applications regardless of the location of the user or the device they are using or where that application is hosted. Within Global Secure Access, Microsoft introduced the (Microsoft Entra) Internet Access and (Microsoft Entra) Private Access products to provide that functionality. Of these products Internet Access is focused on secured access to Microsoft 365, SaaS, and public apps, while Private Access is focused on secured access to private or internal resources. The Global Secure Access client can be used to connect to the Global …

Read more