All about Microsoft Intune

Configuring Azure AD Kerberos authentication on Azure file shares for Windows devices

October 24, 2022 by Peter van der Woude

This week is more Windows. More capabilities for creating a better user experience. This week the focus will be on Azure file shares and the relatively new Azure AD Kerberos authentication option, that can be configured on Windows devices by relying on Microsoft Intune. Azure Files supports the identity-based authentication over SMB, using Kerberos authentication. In preview, that now includes the ability to enable and configure Azure AD for authenticating hybrid identities. That allows users with a hybrid identity, to access Azure file shares using Kerberos authentication. That configuration relies on Azure AD to issue the required Kerberos tickets, to access Azure file shares using the SMB protocol. That basically means that users can access Azure file shares over the Internet, without requiring a line-of-sight …

Registering devices with the Windows Autopatch service

October 17, 2022 by Peter van der Woude

This week is all about the relatively new Windows Autopatch. Windows Autopatch is a cloud service provided, by Microsoft, that automates the update process for Windows, Microsoft 365 Apps for enterprise, Microsoft Edge, and Microsoft Teams. The steps to get started with Windows Autopatch are pretty straight forward, especially with the latest adjustments of how the service interacts with the tenant. Those adjustments improve the security posture of the service, by relying on application-only authentication, and further simplifies the enrollment process of the tenant. Together that makes the enrollment pretty straight forward. That’s also why this post simply assumes that the onboarding is successfully performed. Once the tenant is enrolled to the Windows Autopatch service, the next main action is the registration of the devices …

Using Microsoft Defender for Endpoint on Android for protecting the personal profile

October 10, 2022October 10, 2022 by Peter van der Woude

This week another post about Microsoft Defender functionality, but on a completely different platform. This week is all about using Microsoft Defender for Endpoint, on Android devices, for protecting the personal profile. And for now, specifically focused on personally owned devices. That protection functionality is focused on providing users with the same level of protection in their personal profile, as provided in their work profile. It provides users – within their personal profile – with malware scanning on user-installed apps, protection from malicious URLs, network protection, and privacy controls. That provides users with better protection and organizations with more control on which devices are allowed to have access to company data. This post will mainly focus on the configuration of that additional protection of the …

Working with enhanced phishing protection in Microsoft Defender SmartScreen

October 3, 2022 by Peter van der Woude

This week is all about a new security feature that is part of Microsoft Defender SmartScreen and that was introduced with Windows 11, version 22H2. That feature is enhanced phishing protection. Enhanced phishing protection helps with protecting work accounts against phishing and unsafe usage on sites and apps. It works alongside existing Windows security features and alerts about typed work passwords in any Chromium browser, warns about reused work passwords on sites and apps, and warns when storing plaintext work passwords in Notepad, Word, or any Microsoft 365 Office app. That makes enhanced phishing protection an important addition to the Microsoft Defender SmartScreen security functionalities. This post will go through the available settings, the easy configuration, and the user experience with the enabled notifications. Note: …

Enhance Microsoft Intune data with Log Analytics: A summary

October 1, 2022 by Peter van der Woude

This week an extra blog post about my session at Experts Live Netherlands 2022. I did my session about Enhance Microsoft Intune data with Log Analytics. During that session – after battling some technical challenges – I shared a lot of information around the four most obvious options for using Microsoft Intune in combination with Log Analytics. I showed the direct integration, the combination with Update Compliance, the use of the Azure Monitor HTTP Collector API and even the use of the Azure Monitor Agent. This post will provide a quick summary of that session, by briefly touching those different options. The slides (PDF) of that session are available for download here. Collecting log data via a direct integration The first option was all about …

Easily managing third-party ADMX-files

September 26, 2022 by Peter van der Woude

This week is back to the management capabilities for Windows devices. More specifically, it’s all about managing settings via third-party ADMX-files by using Microsoft Intune. That’s something that used to be a big task and now turned in to a relatively simple action. This blog contains posts around that subject that details the process of ingesting third-party ADMX-files and configuring the related settings. The good thing is that those posts still have value, as the underlying process hasn’t changed. Microsoft did, however, drastically simplify the process for importing third-party ADMX-files and configuring the different settings. This post will describe the new simplified process of working with third-party ADMX-files and provides some details around the configuration that are good to know. Important: At the moment of …

Common Criteria Mode for corporate-owned Android Enterprise devices

September 19, 2022 by Peter van der Woude

This week something completely different compared to the last few weeks. While the last last few weeks were all about the great simplicity of Windows 365 Enterprise, this week is all about Android Enterprise. Different platform, theoretically possibly the same device. With the introduction of Android 11 (API level 30), some nice new features were introduced for enterprises. That includes the addition of the Common Criteria (CC) Mode. CC Mode already exists for a few years for Samsung Knox devices and – in combination with Microsoft Intune – already could be configured by using OEMConfig (with the KSP app), but is now available by default within Android Enterprise. Even better, with one of the latest service releases (2207) of Microsoft Intune that can now be …

Welcome to the still growing Android device management jungle: A summary

September 14, 2022 by Peter van der Woude

The second short post of this week is another extension of one of my sessions at the Workplace Ninja Summit 2022. At the summit I did my second session about Welcome to the still growing Android device management jungle. During that session I shared information around the still growing device management options for Android devices, pointers that can help with making the right decisions and information around the different configuration options. This post will provide a quick summary of that session by going through the different management options, providing important differences and summarizing the main configuration capabilities. The slides (PDF) of that session are available for download here. Android (device) management options When looking at the Android (device) management options, there are many options. And the number …

Creating the path for mobile devices to on-premises resources: A summary

September 15, 2022September 12, 2022 by Peter van der Woude

This week a few shorter posts, as my posts this week are extensions of my sessions at the Workplace Ninja Summit 2022. At the summit I did my first session about Creating the path for mobile devices to on-premises resources. During that session I shared information around the architecture and flow of Microsoft Tunnel, I zoomed in on getting up-and-running with Microsoft Tunnel and showed getting insight of Microsoft Tunnel. This post will provide a quick summary of that session by quickly showing the architecture and flow of Microsoft Tunnel and by showing the summary and reminders. The slides (PDF) of that session are available for download here. Architecting Microsoft Tunnel An important part of creating the Microsoft Tunnel infrastructure is a solid architecture. In most cases that …

Easily managing Cloud PCs

September 5, 2022 by Peter van der Woude

The last few weeks were all about getting started with Windows 365 Enterprise Cloud PCs and Microsoft Dev Box. And especially for Windows 365 Enterprise also looking at the main different configuration options. As both are based on the same foundation, the result of both is a Cloud PC that is automatically enrolled and managed by Microsoft Intune. That automatic enrollment makes sure that it’s very easy to get started with managing Cloud PCs. By automatically enrolling into Microsoft Intune, all the standard Windows device management capabilities are also available for Cloud PCs. That means: device configurations, device compliance, application deployment, update management and reporting. This post provides a quick overview of the options that become available for easily managing Cloud PCs and that are …

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this:

Share this: