Quick tip: Easy method for constructing settings of ingested ADMX-files

This week a quick extra blog post, just before the start of my vacation, about an easy method for construction settings of ingested ADMX-files. A few years ago I did a post about a deep dive for ingesting third-party ADMX-files and until today I still receive questions on that post that are related to constructing settings of ingested ADMX-files. Even though the described method is still available, there is an easier method for constructing the settings of ingested ADMX-files. A method that is less sensitive to errors. The following four steps walk through that easy method by again using chrome.admx as an example. The first step is ingesting the ADMX-file. That can be achieved by following the same steps as provided in my earlier post. …

Read moreQuick tip: Easy method for constructing settings of ingested ADMX-files

Working with Attack Surface Reduction rules to reduce the attack surface of applications

This week is al about Attack Surface Reduction (ASR) rules. ASR rules are originally introduced as one of the four main features of Windows Defender Exploit Guard. Windows Defender Exploit Guard was introduced as a major update to Microsoft Defender Antivirus, in Windows 10 version 1709, and was the successor of Enhance Mitigation Experience Toolkit (EMET). Nowadays ASR rules are just part of the attack surface reduction controls of Microsoft Defender, but many configuration paths will still refer to Windows Defender Exploit Guard. In this post I’ll have a closer look at configuring ASR rules by using Microsoft Intune. I’ll start with a short introduction about licensing and the different configuration options, followed by the steps for configuring ASR rules and showing the actual configuration. …

Read moreWorking with Attack Surface Reduction rules to reduce the attack surface of applications

Configuring the usage of Bluetooth encryption via Windows 10 MDM

This week a short blog post about configuring Bluetooth on Windows 10 devices that are managed via Microsoft Intune. More specifically, about configuring the Bluetooth encryption strength that is required for pairing Bluetooth devices. Last year there was a vulnerability regarding the Bluetooth encryption key negotiation that was addressed with an update to Windows and a specific configuration that should be performed to required a specific encryption strength. By default Windows allows all Bluetooth traffic, but with this vulnerability in mind some organizations might want to enforce a minimal encryption key size to be required for Bluetooth traffic. Even if that means that some Bluetooth devices won’t work, or stop working. In this post I’ll start with showing how to configure the Bluetooth encryption key …

Read moreConfiguring the usage of Bluetooth encryption via Windows 10 MDM

Creating a custom look-and-feel across Android Enterprise fully managed devices

This week is all about Android Enterprise fully managed devices. More specifically, this week is all about creating a single look-and-feel across all Android Enterprise fully managed devices by using the Microsoft Launcher app. Similar to working with Android Enterprise dedicated devices and using the Managed Home Screen app. The Microsoft Launcher app provides many configuration options that can be configured by using an app configuration policy. That in combination with the recently introduced feature to configure the Microsoft Launcher app as the default launcher, enables the administrator to create a custom look-and-feel across all Android Enterprise fully managed devices. In this post I’ll show how to add the Microsoft Launcher app, how to configure the Microsoft Launcher app and how to configure the default …

Read moreCreating a custom look-and-feel across Android Enterprise fully managed devices

Microsoft MVP 2020-2021!

Awesome! A few hours ago I received that great email that I’m awarded with the 2020-2021 Microsoft MVP Award for my contributions in the Enterprise Mobility technical communities! That’s number 6! To me this is always worth a small post. On one hand because I’m very honored, very proud and very exited of receiving my sixth award in a row, but on the other hand even more because I just need to let everyone know that it’s made possible by my great family. Without their support, this blog wouldn’t exist! Without their support I wouldn’t be able to contribute the way I am! Like every year, a really big thank you to my awesome wife and our super kids for giving met time to do …

Read moreMicrosoft MVP 2020-2021!