All about Microsoft Intune

Fixing self-service when restricting the local log on

September 25, 2023 by Peter van der Woude

This week is a quick follow-up on the post of last week. That post was focussed on restricting the local log on to Windows devices. Part of that post was also the broken self-service password reset and self-service PIN reset functionalities. When using the most restrictive option of a whitelist, for configuring the users that are allowed to log on locally, that will break those functionalities. This week will be all about a follow-up on that behavior. When it’s required to restrict the local log on Windows devices, and users should still be able to use the different self-service functionalities, this post will provide a solid starting point. Of course, that’s not applicable to every scenario. Only scenarios in which there are actual users logging …

Restricting the local log on to specific users

September 18, 2023 by Peter van der Woude

This week is about restricting the local logon on Windows devices to specific users. Not because it is something particularly new, but simply because it is been an ask every now and then. Think about further locking down a kiosk device, for example. Restricting the local logon can be achieved by either only allowing specific users to log on, or by denying specific users to log on. In other words, whitelisting versus blacklisting. The allow-option is basically a whitelist and the deny-option is basically a blacklist. When looking at restricting the local logon, a whitelist is the easiest method to get quickly really restrictive, as only the users on the list are allowed to log on locally. Luckily, nowadays there is easy method for configuring …

Easily removing access to the Microsoft Store

September 18, 2023September 11, 2023 by Peter van der Woude

This week is all about access to the Microsoft Store. And more specifically, about a single policy setting to potentially turn of access to the Microsoft Store. Many organizations struggle with the Microsoft Store on Windows devices, because the Microsoft Store enables users to install apps in their profile that aren’t necessarily work related. That brings organization on a crossroad. When an organization decides to block access to the Microsoft Store, there were already different options available. So far, the most effective methods were to either configure Windows to show the private store only, or to use AppLocker. None of those methods, however, would be complete and simple. Often it was still possible to use winget to still install apps, or the configuration would get …

Getting started with Remote Help for Android

September 4, 2023 by Peter van der Woude

This week is back to the Android platform. More specifically, Remote Help for Android. Remote Help on itself is nothing new, as it was already introduced a while ago for Windows devices, but it is new for Android devices. Starting with the latest service release of Microsoft Intune (service release 2308), Microsoft introduced support for Remote Help on Android devices. More specifically, support for Remote Help on Android Enterprise dedicated devices. And even more specifically, only Samsung and Zebra devices. That enables IT administrators to provide remote support to users on Android Enterprise dedicated devices, by simply starting a screen sharing session or asking for full control. This post will start with a short introduction, followed with the steps to get Remote Help working for …

Getting started with Windows 365 Switch

August 28, 2023 by Peter van der Woude

This week is a follow-up on a blog post of a couple of months ago about a new feature for Windows 365 Enterprise. That post was focused on Windows 365 Boot and that post mentioned that last year Microsoft announced many nice upcoming features with Windows 365 App, Windows 365 Boot, Windows 365 Offline and Windows 365 Switch and more recently even a great licensing enhancement with Windows 365 Frontline. This time it’s about Windows 365 Switch, which is another new feature that was announced and recently released in public preview. Windows 365 Switch provides users with the ability to easily switch between the local desktop and a Windows 365 Cloud PC. That provides a seamless experience via the Task View feature on Windows 11. …

Quick tip: App inventory for corporate-owned Android Enterprise devices

August 24, 2023 by Peter van der Woude

This week another short post. Not just because I missed blogging during my vacation, but mainly to create awareness for a very interesting and often requested feature. That feature is the app inventory for corporate-owned Android Enterprise devices. Until recently the app inventory was not available for corporate-owned Android Enterprise devices, but that has changed. With the recent Microsoft Intune service release (2307), Microsoft has now made some changes to app management and app inventory. Those changes are actually triggered by Google, as Google has started deprecating features and methods of the Google Play EMM API. And even though there are alternatives within that API available, the general advise is to move to the modern Android Management API. That’s exactly what Microsoft is doing and …

Quick tip: Adding custom support information to corporate-owned Android Enterprise devices

August 21, 2023 by Peter van der Woude

This first post after my vacation is a quick tip about adding custom support information to corporate-owned Android Enterprise devices. Custom support information enables IT administrators, to customize the short message that is shown when users try to change a setting that is managed by the organziation, to customize the long message that is shown when looking at more information about the short message, and to show information on the device lock screen. Especially the latter customization can be useful for showing some specific information to the user about the device. Think about easily providing the user access the (management) name of the device, or the serial number of the device. This post will walk through the configuration options, followed with the user experience. Configuring …

Getting started with Mobile Application Management for Windows

July 24, 2023 by Peter van der Woude

This week is all about Mobile Application Management (MAM) for Windows. A long awaited feature that will be a big help with addressing unmanaged Windows devices. MAM for Windows enables organizations to manage the app in a similar way as already possible on mobile platforms. So, making sure that there is a separation between personal and work data, and making sure that the chances of accidental data leakages getting slimmer. In some areas, especially when looking at browser access, it might feel similar to what could already be achieved by using app enforced restrictions in Conditional Access, or by using Microsoft Defender for Cloud Apps in combination with Conditional Access. Big difference, however, is that MAM for Windows also includes the ability to use app …

Getting started with Windows driver update management

July 17, 2023 by Peter van der Woude

This week is about a very recent introduced feature around updating Windows devices and that feature is driver updates. Driver update management on itself is not that new, as that was introduced a few months ago as a part of the Windows Update for Business deployment service. However, being able to use Microsoft Intune to manage driver updates via that deployment service is definitely something new. That makes it a lot easier to use the driver management functionality. Microsoft Intune introduced a new Driver updates for Windows 10 and later profile that does all the heavy lifting for managing driver updates on Windows devices. This post will start with an introduction about Windows driver update management, followed with the steps for creating and assigning the profiles. …

Creating supplemental Application Control policies for the base Application Control policies created with the built-in controls

July 10, 2023 by Peter van der Woude

This week is a follow-up on the post of last week about easily configuring the Intune Management Extension as managed installer for Windows Defender Application Control. That post already had a note regarding supplemental Application Control policies. This week, the focus will be on adding supplemental Application Control policies on top of the base Application Control policies that are created when using the built-in controls in the creation of an Application Control policy. The great thing is that those base Application Control policies all have standard configurations and can easily be reused. This post will focus on those base Application Control policies and using those with supplemental Application Control policies. This post will finish with the distribution of such supplemental Application Control policies and the …

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this: