Getting started with Microsoft Tunnel for Mobile Application Management for Android

by

This week is a follow-up on the post of last week. While last week the focus was on iOS/iPadOS devices, this week the focus is on Android devices. Some parts might overlap with that post of last week, but those parts are definitely needed for the completeness of the story and the configuration. So, in general, the focus is still on Microsoft Tunnel for Mobile Application Management (Tunnel for MAM). As mentioned last week, Tunnel for MAM is one of the features that was released at the beginning of March as part of the Intune Suite add-ons. Tunnel for MAM itself, is available as part of the new Microsoft Intune Plan 2 license. The great thing about Tunnel for MAM is that it makes it …

Read more

Getting started with Microsoft Tunnel for Mobile Application Management for iOS/iPadOS

by

This week is all about one of the new Intune Suite add-on capabilities. The capability of focus is Microsoft Tunnel for Mobile Application Management (Tunnel for MAM) for iOS/iPadOS devices. The Intune Suite add-ons were released at the beginning of March, including a new licensing model, and including Tunnel for MAM. That capability on itself, is available as part of the new Microsoft Intune Plan 2 license. Tunnel for MAM makes it possible to provide access to on-premises resources, on unmanaged devices. Often unmanaged devices are equal to personal-owned devices. So, that provides IT with the flexibility to make that app, with on-premises interaction, available on personal-owned devices. Without requiring the user to enroll that specific device, but still enforcing secure access and guaranteeing full …

Read more

Easily managing Microsoft Defender Antivirus updates channels

by

This week is all about managing the updates channels for the different Microsoft Defender Antivirus update types. On one hand to create some awareness for the different update types, and on the other hand to show the latest configurations options for managing the updates channels for those different update types. Microsoft Defender Antivirus contains three different update types and up to six updates channel configuration options. That provides IT administrators with quite some configuration options for the devices within the environment. And starting with the latest service release of Microsoft Intune (2302), the update channel configurations becomes easily configurable via a specific configuration profile. That enables IT administrators to also use different update channels throughout the environment to gradually rollout the different updates of Microsoft …

Read more

Deploying Microsoft Defender Application Guard for Office

by

This week is all about Microsoft Defender Application Guard (Application Guard) for Office. It’s a follow up on this post of almost 2 years ago. That time the focus was simply on getting started with Application Guard and it slightly missed out on Application Guard for Office. This time Application Guard for Office will be the main focus. Application Guard for Office uses hardware isolation to isolate untrusted Office files, by running the Office application in an isolated Hyper-V container. That isolation makes sure that anything potentially harmful in those untrusted Office files, happens within that isolated Hyper-V container and is isolated from the host operating system. That isolation provides a nice, but resource intensive, additional security layer. This post will start with a quick …

Read more

Configuring search on Windows 11 taskbar

by

This week a short blog post about a small new setting that became available within Windows 11. That setting is the ability to configure search on the taskbar. With the latest version of Windows 11, Microsoft added a search box to the taskbar that enables users to easily find almost anything. It searches across Windows, OneDrive, SharePoint, and more. And it can find apps, files, settings, help, people ,and more. That makes it a very versatile search option for daily Windows users. Very powerful. The new setting enables users to configure the availability of search on the Windows 11 taskbar. From hidden till icon and label. That new setting can also be configured by the administrator, to enforce specific behavior. It could, for example, be …

Read more

Using Smart App Control as starting point for Windows Defender Application Control

by

This week is all about Smart App Control and Windows Defender Application Control (WDAC). Starting with Windows 11, version 22H2, Microsoft introduced Smart App Control for additional protection for consumers against threats by blocking apps that are malicious, untrusted, or potentially unwanted. Smart App Control is based on WDAC and works in a similar way. It provides basic protection rules that can also be reused within an enterprise environment. Smart App Control on itself is only available on a fresh installation of Windows 11, version 22H2, and not after an upgrade. On enterprise managed devices, Smart App Control is automatically turned off. That doesn’t mean, however, that Smart App Control doesn’t provide any useful standard configurations. Smart App Control can be an excellent starting point, …

Read more

Informing users of newly enrolled devices

by

This week is all about a nice small new feature that became general available with the latest service release of Microsoft Intune (2301). That feature is enrollment notification. Enrollment notifications provide organizations with an easy method to notify users when a new device is enrolled. That provides organizations with more grip on the devices that are enrolled within the environment, as users will be informed when a new device was enrolled using their credentials. Besides that, it also provides organizations with an alternative method to welcome employees. In other words, a great way to trigger users. Enrollment notifications can be used for Windows, Android, iOS/iPadOS, and MacOS devices that are enrolled by using the user-driven enrollment methods. The notifications can be email notifications and push …

Read more

Managing privacy controls for Office products

by

This week is all about managing privacy controls for Office products. That includes Office on Android devices, Office on iOS devices, Office for Mac devices, Office for the web, and Microsoft 365 apps for enterprise on Windows devices. Most organizations often already have a good look at the required configurations options for the privacy controls on Windows devices. Office for other platforms, however, are often forgotten. Just like Office for the web. Good thing, though, is that there are nowadays multiple privacy controls available that can be configured for Office on all platforms. For some platforms there are even multiple configurations options. Best part of those configuration options is that there is also an option to configure the privacy controls cross platforms. This post will …

Read more

Getting started with multiple administrative approvals

by

This week is all about a nice new feature of Microsoft Intune. That new feature is multiple administrative approval (MAA). MAA enables organizations to require a second administrative user to approve a change before the change is actually applied. That limits the chance of accidental mistakes and even helps with the protection against compromised administrative accounts. With MAA, the most breaking and impactful changes can be protected. At this moment that includes specific resources, like apps and scripts. Changes to those resources can protected with MAA. That protection can be created by using Access policies. Access policies can be configured to protect specific resources with MAA. This post will go through the steps to configure those policies, followed with the behavior that those policies introduce. …

Read more

Windows Insider MVP 2023!

by

Yes! Another year! Last night I received that great email stating that I’m re-awarded as Windows Insider MVP! Even though it’s not exactly at the beginning of the year anymore, it’s still a great feeling and still an awesome way to start the new year! I feel really proud, honored and privileged to be awarded with my fifth Windows Insider MVP award and to already been holding the Microsoft MVP (Enterprise Mobility) award for eight years! Just awesome! No other words. Of course none of this would be possible without the support of my great family! I love them and couldn’t do this without their support! With their support, I’m ready for another awesome year!