Being careful with the ability to configure the preferred Entra tenant domain name

by

This week will be a relatively short blog post about a relatively often seen challenge with the configuration to set the preferred Entra tenant domain name. More specifically, this post will be about the PreferredAadTenantDomainName policy setting. That setting can be used by an IT administrator to basically preconfigure the tenant domain name for the user. Practically that would mean that when the organization uses the @petervanderwoude.nl tenant domain name, this policy setting would be configured with petervanderwoude.nl and would make sure that the user only has to specify their username without the tenant domain name to actually sign in to the device. That can provide a much easier experience. It does, however, come with some drawbacks that should be taken into consideration. The main …

Read more

Getting started with the PowerShell script installer for Win32 apps

by

This week is all about the recently introduced functionality to use PowerShell scripts for installing and uninstalling Win32 apps. That functionality enables IT administrators to use a PowerShell script as the installer type for Win32 apps. To make that a little bit more concrete; it enables the IT administrator to select a PowerShell script that should be used for installing a Win32 app. Before it was already possible to use a PowerShell script within the command line for the installation of a Win32 app, but that always had to be a script that existed within the Win32 app content. The major challenge with that approach was that every adjustment to that PowerShell script would require building a new Win32 app. That was far from ideal, …

Read more

Getting started with secure password deployment in Microsoft Edge

by

This week is still about Microsoft Edge. More specifically, this week is all about the secure password deployment feature of Microsoft Edge. Secure password deployment enables IT administrators to securely deploy encrypted shared passwords to users. That can be useful with shared credentials for specific user accounts and applications. For example for easily getting access to a specific dashboard, or to specific social media accounts. There are many possible use cases. With secure password deployment, users will receive the deployed passwords in their work profile in Microsoft Edge on their managed device. That will help with reducing the risk of (over)sharing passwords with the wrong audience, and with that it helps with enhancing the overall security posture of the organization. This post will look closer …

Read more

Allowing users to request the installation of browser extensions for Microsoft Edge

by

This week is also about Microsoft Edge. More specifically, about managing browser extensions for Microsoft Edge. That has been a subject before, but in that case it was focused on fully managing Microsoft Edge browser extensions on Windows devices. In that case, it was a pretty strict configuration focussed on creating an allow list for Microsoft Edge browser extensions. There are, however, easier methods for allowing users to request the installation of extensions for Microsoft Edge. Within the Microsoft Edge management service there is ability to block the installation of extensions by default, while allowing user to request the installation of any blocked extension. Once the installation is requested, the IT administrator has to approve the installation by allowing the requested extension. With that, IT …

Read more

Reinforcing data protection with watermark protection in Microsoft Edge

by

This week is all about watermark protection in Microsoft Edge. Watermark protection is focused on visibly reinforcing data protection in Microsoft Edge, and that reinforcement is achieved by overlaying a watermark on sensitive data when viewed in the browser. Watermark protection in Microsoft Edge is – like in any other Microsoft solution – designed to discourage sharing screenshots, support compliance requirements, and increase the awareness of users when handling sensitive data. With that, watermark protection does not technically prevent users from sharing sensitive data, but it does make the user aware of the sensitivity of the data. And on top of that, it will become a lot easier to understand the source of a potential data leakage. This post will provide a closer look on …

Read more

Starting with admin tasks in Microsoft Intune

by

This week is all about the recently newly introduced admin tasks node in the Microsoft Intune admin center. That node provides a centralized view for many different types of administrative tasks. The idea behind that node is to provide a unified experience that helps IT administrators with focusing on the tasks that really matter without navigating through all different nodes within Microsoft Intune admin center. The admin tasks node now provides an overview of all the different security tasks, user elevation requests, and admin approvals request. That further simplifies the life of an IT administrator, when using Microsoft Intune. And the best part of it: it only shows the administrative tasks that the IT administrator is allowed to see based on the original source node. …

Read more

Configuring Windows Spotlight

by

This week is all about configuring Windows Spotlight. Windows Spotlight is definitely not something new, as it already exists since the beginning of Windows 10, but it is good to be familiar with the capabilities and configuration options. This week will be a refresher. Windows Spotlight is a Windows feature that can be used to display different wallpapers on the background of the desktop and the lock screen, and offers suggestions, fun facts, tips or organizational messages. In that case, when using Windows Spotlight for displaying different wallpapers, a new image is displayed every day on the lock screen or the desktop. On top of that, when using Windows Spotlight for displaying suggestions, fun facts, tips, recommendations are displayed on how to enhance productivity in …

Read more

Understanding Windows 365 Reserve

by

This week is a little less technical, as it is more theoretical about the concept of Windows 365 Reserve. A concept that justifies some additional context, information and awareness. Windows 365 Reserve is a version of Windows 365 that is focused on providing organizations with a flexible solution to keep users productive during unexpected disruptions on their physical devices. The main idea behind that concept is to add business continuity by enabling direct access to a Cloud PC when there are issues with physical devices. From a user perspective, the concept of Windows 365 Reserve is just another Cloud PC. From a licensing perspective, it is also just another Cloud PC, but just temporarily and with a limited feature set. This post will go into …

Read more

Getting started with Windows 365 Cloud Apps

by

This week is all about getting started with Windows 365 Cloud Apps. Not something really new, but definitely a simple IT administrator experience that is worth highlighting. Cloud Apps provides IT administrators with the ability to easily provide users with secure access to specific apps only, that are hosted on a Cloud PC. And that access is without the need for a dedicated Cloud PC for those users. That functionality relies on Windows 365 Frontline in shared mode. So, that also means that this functionality requires Windows 365 Frontline licenses. Keep in mind that, even though the name might imply something different, this license is not directly related to any Microsoft 365 F1 or F3 license. The best part of it is, that it has …

Read more

Applying a customizable Taskbar layout

by

This week is all about customizing the Taskbar layout on Windows 11. More specific, customizing the pinned applications on the Taskbar. That on itself is nothing new, as, just like customizing the Start menu layout, customizing the Taskbar layout has been possible since the early days of Windows 11. The main configurations related to customizing the Taskbar layout are described in this post. That also means that the ideas around customizing the Taskbar layout have not changed. Customizing the Taskbar layout enables organizations to provide users with a standard set of options and pinned applications in the Taskbar. To create a standardized layout for Windows 11, the IT administrator should use a XML-file that contains the configuration of the pinned applications in the Taskbar. What makes …

Read more