Managing privacy controls for Office products

This week is all about managing privacy controls for Office products. That includes Office on Android devices, Office on iOS devices, Office for Mac devices, Office for the web, and Microsoft 365 apps for enterprise on Windows devices. Most organizations often already have a good look at the required configurations options for the privacy controls on Windows devices. Office for other platforms, however, are often forgotten. Just like Office for the web. Good thing, though, is that there are nowadays multiple privacy controls available that can be configured for Office on all platforms. For some platforms there are even multiple configurations options. Best part of those configuration options is that there is also an option to configure the privacy controls cross platforms. This post will …

Read more

Getting started with multiple administrative approvals

This week is all about a nice new feature of Microsoft Intune. That new feature is multiple administrative approval (MAA). MAA enables organizations to require a second administrative user to approve a change before the change is actually applied. That limits the chance of accidental mistakes and even helps with the protection against compromised administrative accounts. With MAA, the most breaking and impactful changes can be protected. At this moment that includes specific resources, like apps and scripts. Changes to those resources can protected with MAA. That protection can be created by using Access policies. Access policies can be configured to protect specific resources with MAA. This post will go through the steps to configure those policies, followed with the behavior that those policies introduce. …

Read more

Windows Insider MVP 2023!

Yes! Another year! Last night I received that great email stating that I’m re-awarded as Windows Insider MVP! Even though it’s not exactly at the beginning of the year anymore, it’s still a great feeling and still an awesome way to start the new year! I feel really proud, honored and privileged to be awarded with my fifth Windows Insider MVP award and to already been holding the Microsoft MVP (Enterprise Mobility) award for eight years! Just awesome! No other words. Of course none of this would be possible without the support of my great family! I love them and couldn’t do this without their support! With their support, I’m ready for another awesome year! 

Configuring Shared PC mode with OneDrive sync enabled and configured

This week another short blog post about another nice configuration addition to Windows. This time it’s about configuring Shared PC mode with OneDrive sync. Shared PC mode on itself is nothing new, or special, but there was something missing. That something was the OneDrive sync, as there are scenarios in which it’s still required to use OneDrive on a Shared PC. The default behavior of Windows, however, was to prevent the usage of OneDrive, once Shared PC mode was enabled. That’s still the case but starting with Windows 11 version 22H2 a new setting is introduced that enables IT administrators to enable Shared PC mode with OneDrive sync enabled. A new setting to enabled Shared PC mode. This post will start with a short introduction …

Read more

Easier configuring additional LSA protection

This week another short blog post about another nice configuration addition to Windows. This time it’s about configuring additional Local Security Authority (LSA) protection for credentials. LSA, which includes the Local Security Authority Server Service (LSASS) process, validates users for local and remote sign-ins and enforces local security policies. Starting with Windows 8.1 and later, additional protection is provided for the LSA, to prevent reading memory and code injection by non-protected processes. That provides added security for the credentials that LSA stores and manages. Not really something new, but it’s good to know that something has changed from a configuration perspective. The protected process setting for LSA can also be configured in Windows 8.1 and later. That would, however, always require the manual creation of a …

Read more

Automatically switching the Windows Firewall profile on Azure AD joined devices

This new year starts with short blog post about another nice configuration addition to Windows. Starting with the latest release of Windows 11, it’s now possible to make the Windows Firewall aware of the location of the device. That maybe sounds a bit more than what it actually is. The idea is that it enables Windows to check if it’s on a domain connected network, based on the accessibility of one or more URLs. When one of the URLs is available, Windows will switch the Windows Firewall profile to domain. When none of the URLs are available, Windows will work how it always worked and in general simply rely on the public profile. That behavior enables IT administrators to configure specific firewall exclusions, only when …

Read more