Month: February 2023

Deploying Microsoft Defender Application Guard for Office

by

This week is all about Microsoft Defender Application Guard (Application Guard) for Office. It’s a follow up on this post of almost 2 years ago. That time the focus was simply on getting started with Application Guard and it slightly missed out on Application Guard for Office. This time Application Guard for Office will be the main focus. Application Guard for Office uses hardware isolation to isolate untrusted Office files, by running the Office application in an isolated Hyper-V container. That isolation makes sure that anything potentially harmful in those untrusted Office files, happens within that isolated Hyper-V container and is isolated from the host operating system. That isolation provides a nice, but resource intensive, additional security layer. This post will start with a quick …

Read more

Configuring search on Windows 11 taskbar

by

This week a short blog post about a small new setting that became available within Windows 11. That setting is the ability to configure search on the taskbar. With the latest version of Windows 11, Microsoft added a search box to the taskbar that enables users to easily find almost anything. It searches across Windows, OneDrive, SharePoint, and more. And it can find apps, files, settings, help, people ,and more. That makes it a very versatile search option for daily Windows users. Very powerful. The new setting enables users to configure the availability of search on the Windows 11 taskbar. From hidden till icon and label. That new setting can also be configured by the administrator, to enforce specific behavior. It could, for example, be …

Read more

Using Smart App Control as starting point for Windows Defender Application Control

by

This week is all about Smart App Control and Windows Defender Application Control (WDAC). Starting with Windows 11, version 22H2, Microsoft introduced Smart App Control for additional protection for consumers against threats by blocking apps that are malicious, untrusted, or potentially unwanted. Smart App Control is based on WDAC and works in a similar way. It provides basic protection rules that can also be reused within an enterprise environment. Smart App Control on itself is only available on a fresh installation of Windows 11, version 22H2, and not after an upgrade. On enterprise managed devices, Smart App Control is automatically turned off. That doesn’t mean, however, that Smart App Control doesn’t provide any useful standard configurations. Smart App Control can be an excellent starting point, …

Read more

Informing users of newly enrolled devices

by

This week is all about a nice small new feature that became general available with the latest service release of Microsoft Intune (2301). That feature is enrollment notification. Enrollment notifications provide organizations with an easy method to notify users when a new device is enrolled. That provides organizations with more grip on the devices that are enrolled within the environment, as users will be informed when a new device was enrolled using their credentials. Besides that, it also provides organizations with an alternative method to welcome employees. In other words, a great way to trigger users. Enrollment notifications can be used for Windows, Android, iOS/iPadOS, and MacOS devices that are enrolled by using the user-driven enrollment methods. The notifications can be email notifications and push …

Read more