Protecting important folders with controlled folder access

This week is all about controlled folder access. Not something particular new, but something important to be familiar with. Controlled folder access is a great addition to further minimize the attack surface of Windows devices. It helps protect the data in the controlled folders from malicious apps and threats, by checking apps against a list of known, trusted apps. That makes it a perfect addition to further protect the (corporate) data on Windows devices. That also makes it mainly a local security feature. To get detailed reporting information, it can be used with Microsoft Defender for Endpoint. This post will mainly focus on the local configuration of controlled folder access and the user experience. Introducing controlled folder access Controlled folder access is a great method …

Read more

Further simplifying management of the Google Chrome browser on Windows devices

This week is all about further simplifying management of the Google Chrome browser on Windows devices. The configuration of the Google Chrome browser was already possible by ingesting ADMX-files, by using PowerShell, or by using Chrome Browser Cloud Manager, but the IT administrator was always in for a sub-optimal experience. It was either a lot of work (when looking at ADMX-files), or it provided limited reporting capabilities (when using PowerShell), or it was a completely separate solution (Chrome Browser Cloud Manager). Non of those were optimal. The great thing is that with the latest service release of Microsoft Intune (2203), the Settings Catalog (and the Administrative Templates) now also include settings for the Google Chrome browser. That enables the IT administrator to simply use the …

Read more

Freezing the install of system updates on Android Enterprise corporate-owned devices

This week is all about a very recent new introduced feature for Android Enterprise corporate-owned devices. That feature is the ability to freeze the install of system updates for a period of time. Freezing system updates on Android Enterprise corporate-owned devices enables organizations to stick to a specific version of Android for the specified period of time. That can be usefull to get the right support of the vendor of an app, or to make sure that a specific app works with the latest verison of Android. That level of control makes Android more and more enterprise ready, without the need of additional management tooling (OEMConfig). This post will start with a quick introduction to the freeze period for system updates, followed with the steps …

Read more

Excluding removable USB-drives from automatic encryption

This week a short blog post to address a scenario that’s been challenging for a while. That scenario is around removable USB-drives and automatic encryption. When organizations have configured that removable drives require encryption, that introduces challenges with storage built into specialized devices like video cameras, voice recorders, conferencing systems, medical devices and many more. That would also require that type of storage to be required, when read access wasn’t sufficient. That, however, would often cause more problems than solutions. To address that challenge, Microsoft has introduced a new policy. That policy can be used to create an exclusion list of devices for which the user will not be prompted for encryption. Even when encryption of removable drives is required. This post will introduce that …

Read more