October 2023 – All about Microsoft Intune

Getting started with web-based device enrollment for iOS devices

November 2, 2023October 30, 2023 by Peter van der Woude

This week is all about a new enrollment feature for iOS/iPadOS devices. That feature is web-based device enrollment. Web-based device enrollment is now one of the two device enrollment methods that is available for personal iOS/iPadOS devices. The other method is the already existing device enrollment with the Company Portal app. The main differentiator for web-based device enrollment is that it provides a faster and more user-friendly enrollment experience. It’s no longer required to first download the Company Portal app. Instead the user can just go to the Company Portal website, or start the new enrollment experience via an app that requires a compliant device. More user-friendly and accessible via the favorite browser of the user. Besides that, web-based device enrollment can be used in …

Using temporary enterprise feature control for early testing new features in Windows

October 26, 2023October 23, 2023 by Peter van der Woude

This week is all about creating awareness around a recently new feature for controlling the availability of new features in Windows 11. That new feature is temporary enterprise feature control. Temporary enterprise feature control is introduced – together with permanent enterprise feature control – to manage the introduction of new features within the enterprise. With the continuous innovation that was recently introduced by Microsoft, new features are no longer only introduced with the latest feature update. New features are now already introduced with the Latest Cumulative Update (LCU), but are off by default. And new features with impact (like new experiences, new in-box applications, removing existing capabilities, or overriding previously configured settings) are behind that new feature, temporary enterprise feature control. New features behind that …

Scheduling automatic policy refreshes for Windows devices without requiring a check-in

October 16, 2023 by Peter van der Woude

This week is sort of a follow-up on a blog post of about four (!) years ago. That post was focussed on the policy refresh on Windows devices. Since very recently, there is now something new available to refresh the applied configurations. That something new is: Config Refresh. Config Refresh can be used to configure a refresh cadence in which the already received configuration policies will be refreshed. No matter if the device is online, or offline. A great addition to at least make sure that the received configuration is applied. Config Refresh became available as a configuration option in Microsoft Intune, with the latest service release (2309). Besides that, it relies on an addition in the DMClient CSP that became available just recently in …

Easily hiding the ability to use passwords for signing into Windows

October 10, 2023October 9, 2023 by Peter van der Woude

This week is basically a follow-up on a few blog posts of about two years ago. Those posts where focused on requiring the use of Windows Hello for Business and on removing the ability to use a password for signing into Windows. Both acceptable starts in the passwordless journey and acceptable methods for requiring the strength of Windows Hello for Business as a sign-in method. Also, however, both methods are not that easy to configure and come with some side-effects. Most problematic side-effect being that it also impacts the sign-in capabilities to other apps and services that are relying on the same credential providers. To address that and to further simplify the passwordless journey on Windows devices, Microsoft introduced a new configuration option. That configuration …

Enabling remote access for specific users on Azure AD joined devices

October 4, 2023October 2, 2023 by Peter van der Woude

This week is sort of a follow-up on my previous posts about restricting the local log on to specific users. While those posts were focused on restricting the local log on, this post will be focused on enabling remote access for specific users. More specifically, remote access for specific users on Azure AD joined devices. That’s not something to exciting, but definitely something that comes in useful every now and then. Besides that, this was already possible – for a long time – but would often require the device to be joined to the same tenant and take out some security configurations (like Network Level Authentication). That’s no longer required – already for almost a year – as it it can now rely on Azure …

S	M	T	W	T	F	S
1	2	3	4	5	6	7
8	9	10	11	12	13	14
15	16	17	18	19	20	21
22	23	24	25	26	27	28
29	30	31