Software Center is getting close to awesome!

by

It’s almost been too long ago since I’ve done my latest post about Software Center. Luckily there are enough reasons introduced with Configuration Manager, version 1806,  to devote another blog post to Software Center, as Software Center is getting close to awesome. Yes, I deliberately say close to awesome, as we always need to leave options open for improvement. In this post I’ll focus on three great new additions to Software Center: 1) infrastructure improvements, 2) a custom tab and 3) maintenance windows. No more application catalog website point and web service point required Let’s start with the first and, in my opinion, best improvement related to Software Center. Starting with Configuration Manager, version 1806, available user-targeted apps can be made available in Software Center …

Read more

Single full-screen Kiosk Browser app in kiosk mode

by

This week is all about configuring a single full-screen app in kiosk mode and more specifically, configuring the Kiosk Browser app as a single full-screen app in kiosk mode. A couple of years ago, I also did a post about setting up kiosk mode on Windows 10. This time it’s not about using OMA-URI’s, this time is all about using the available options within the portal. Spoiler alert, it became a whole lot easier! Deployment scenarios that this adds on to are, for example, AutoPilot self-deploying mode and enrollment via a device enrollment manager. In this post I’ll go through a few prerequisites for the configuration, followed by the actual configuration of the Kiosk Browser app in kiosk mode. I’ll end this post by looking …

Read more

Prevent users from ending tasks via Windows 10 MDM

by

This blog post uses the TaskManager node of the Policy CSP, to prevent the end task functionality on Windows 10 devices. This node is added in Windows 10, version 1809, which is currently still in preview. This week a short blog post about a newly introduced setting in Windows 10, version 1809, which is currently still in preview. That’s the setting to prevent non-administrator users from ending tasks via Task Manager. That can be a useful addition to a Windows AutoPilot deployed device on which the users are configured as standard users. Simply preventing users from performing activities that an administrator might not like them to do. In this post I’ll show the available settings, followed by the configuration and the end-user experience. Settings Let’s …

Read more

Block app access for unapproved device manufacturers or device models

by

This week is all about app protection. More specifically, this week is all about the just introduced capability to block app access for Android devices with unapproved device manufactures , or for iOS devices with unapproved device models. That capability actually has two separate actions to choose from, 1) block app access and 2) selective wipe of corporate data within the app. This capability will help with preventing access from untrusted devices to corporate data. Really useful, as we all can think of some low-end devices (loaded with malware, almost for free) that should not be used for accessing corporate data. In this post I’ll show the available configuration options, followed by the end-user experience. Configuration Now let’s start by having a look at the …

Read more

Factory reset, Fresh start, AutoPilot reset, so many options?!

by

This week something completely different. This time no technical configurations, this time I’ll try to provide some guidance about different Windows 10 features to remotely reset a Windows 10 device by using Microsoft Intune. With the introduction of the remote AutoPilot reset their are now 3 similar features to remotely reset a Windows 10 device: Factory reset , Fresh start and AutoPilot reset. In this post I’ll try to answer questions like “What are the differences between these reset options?” and “When can I use which reset option?”. Factory reset Introduction The Factory reset action returns the device to its factory default settings. This removes all personal and company data and settings from this device. The drive will be securely erased. When triggering this remote …

Read more

Simply installing the Windows 10 Accounts extension for Google Chrome by using PowerShell

by

This week is all about simply automatically installing the Windows 10 Accounts extension for Google Chrome. About a year ago I showed that the extension is required when using conditional access and I also showed earlier that it’s possible to use ADMX ingestion to configure Google Chrome. However, the latter is always the easiest method. It actually might be a bit complicated for a simple configuration. That’s why I’m going a different road this time. This time I’m going for a small PowerShell script that will create a registry key and value. In this post I’ll show how to create the PowerShell script, how to assign it by using Microsoft Intune and the end result in Google Chrome. Create PowerShell script As I’ve decided to …

Read more

Remote Windows AutoPilot Reset

by

This blog post uses remote Windows AutoPilot Reset, to remotely trigger a device reset on Windows 10 devices. This capability is added in Windows 10, Insider Preview Build 17672 and later. This week it’s all about (remote) Windows AutoPilot Reset. That might sounds like something really cool and really new, but it’s actually not that new. Remember my post about Windows Automatic Redeployment? Well, that functionality still exists, but with the addition to trigger the redeployment (read: reset) remotely via Microsoft Intune, this feature is rebranded to (remote) Windows AutoPilot Reset. That means that Windows Autopilot Reset removes personal files, apps, and settings, by resetting Windows 10 while still maintaining the Azure AD Join and the Microsoft Intune enrollment. In this post I’ll show the …

Read more

Microsoft MVP 2018-2019!

by

Yes! Super! Awesome! Earlier today I received that great email that I’m awarded with the 2018-2019 Microsoft MVP Award for my contributions in the Enterprise Mobility technical communities! To me this is always worth a small post on my blog. Not just because I’m very honored, very proud and very exited of receiving my fourth award in a row, but maybe even more because I just need to let everyone know that it’s made possible by my great family. Without their support, this blog wouldn’t exist! Without their support I wouldn’t be able to contribute the way I am! A really big thank you to my awesome wife and our super kids for giving met time to do my “thing”. Me and my family are …

Read more

Automatically assign Windows AutoPilot deployment profile to Windows AutoPilot devices

by

This week another (short) blog post about Windows AutoPilot. More specifically, about automatically assigning a Windows AutoPilot deployment profile to Windows AutoPilot devices. That makes it a lot easier for administrators, as this prevents the administrators from potentially forgetting to assign the deployment profile to newly imported devices. Great improvement. Also, I have to say that this subject is documented pretty good, but it could be easier to find. This post is mainly for creating awareness regarding this subject. I’ll provide the options regarding to grouping Windows AutoPilot devices and I’ll show how those options can be used to create a dynamic group. Options Let’s start by having a look at the configuration options regarding the grouping of Windows AutoPilot devices. The imported Windows AutoPilot …

Read more

Conditional access and legacy authentication

by

This week is still all about conditional access. More specifically, the recently introduced feature to create conditions based on the use of legacy authentication (including older Office versions), which is currently still in preview. By now, I’ve done my fair share of posts regarding blocking legacy authentication (see for example here and here), but now it’s literally getting super easy. And no need for AD FS anymore. This helps with easily closing another backdoor, as previously legacy authentication simply bypassed any conditional access policy. In this post I’ll walk through the required configurations followed by the end-user experience. Configuration Before going through the configuration let’s start with a quick reminder about legacy authentication. Very simplistically said, legacy authentication is basic authentication that uses a single …

Read more