Microsoft MVP 2022-2023!

That feeling never changes and it never gets normal, it just awesome! A few hours ago I received that great email that I’m awarded with the 2022-2023 Microsoft MVP Award for my contributions in the Enterprise Mobility technical communities! That’s number 8! With every year I’m still always looking for words to describe that feeling that comes with recieving this award. I’m feeling humbled, I’m feeling proud, I’m feeling exited, but above all I’m feeling honored! Really honored! As with previous years, to me every award is always worth a small post. On one hand because I’m very delighted, very honored, very proud and very exited of receiving my eigth award in a row, but on the other hand even more because I just need …

Read more

Getting started with Device Control Printer Protection

This week is a follow-up on an earlier post about controlling devices connected to Windows devices. That post was focussed on device control as a feature of Microsoft Defender for Endpoint, in general. This post will specifically focus on Device Control Printer Protection. Device Control Printer Protection is the printer protection feature that can be used to prevent users from printing via non-corporate network printers or non-approved USB-printers. That adds an additional layer of data protection and security. This post will look in more detail at the printer protection configuration options, at applying printer protection and at the experience with printer protection enabled (the user experience and the administrator experience). Note: The configuration options (protect) are available within a Microsoft 365 E3 license and the …

Read more

Using the software updates page in the Microsoft 365 admin center for a high-level overview

This week is all about creating some awareness for a newly introduced page within the Microsoft 365 admin center portal. That new page is the Software updates page and that page provides a high-level overview – in the Windows tab – of the installation status of Windows updates within the organization. It literally provides a high-level overview, as it currently only shows the most important pieces of information. Those pieces of information are the Windows update status information and the End of servicing information. That information provides key insights in the status of devices within the organizations. That includes a quick look at the status of the latest security updates on the devices within the organization, to make sure that the devices are protected from …

Read more

Getting started with Azure Monitor agent on Windows client devices

This week is about something totally different compared to the last weeks and maybe even months. There have been examples before about gathering additional data of Windows devices and using that information for dashboards and more. Those examples were mainly focused on existing data and custom scripting. This time the focus is on the Azure Monitor agent for Windows client devices. A few months ago Microsoft introduced the Windows client installer that can be used to collect data from desktops, workstations and laptops, in addition to the already existing options for servers and virtual machines. It enables the collection of Event Logs, Performance Counters and more. That could be useful with for example the introduction of AppLocker, to gather events about the behavior of apps. …

Read more

Addressing the need for multiple Microsoft Tunnel Gateway servers

This week will focus on addressing the need for multiple Microsoft Tunnel Gateway servers. A single server is easy to setup, and easy to discuss and to describe, but that just a starting point. Often there is a need for multiple Microsoft Tunnel Gateway servers. That could be for providing high availabilty, for supporting the right amount of users and even for providing access to resources on different remote locations. So, it can be multiple servers on the same location and multiple servers on different locations. This post will go through the main scenarios for multiple servers and will focus on the main configurations that should be in place to support and configure those scenarios. No detailed configurations this time. Only descriptions of the main …

Read more

Replacing the TLS certificate for Microsoft Tunnel

This week is a relatively short post that is focused on replacing the Transport Layer Security (TLS) certificate that is used for Microsoft Tunnel. That TLS certificate is used for securing the connection between the mobile devices and the Microsoft Tunnel Gateway and should contain the public name or IP address in its Subject Alternative Name (SAN). Replacing that TLS certificate can be required when the certificate is expired, or when the public name of the Microsoft Tunnel Gateway is changed. Those are a couple of good reasons to replace the TLS certificate. Luckily, those things don’t happen that often, but sadly that also means that it’s always searching for the right actions to perform. This post will walk through the steps that should be …

Read more

Using Microsoft Tunnel for per-app VPN

This week is another mobile focused blog post. This week is al around Microsoft Tunnel. More specifically, this week is all about using Microsoft Tunnel for providing per-app VPN on iOS/iPadOS devices and Android devices. Per-app VPN enables organizations to only allow specifically configured apps to use the configured VPN tunnel. So, not simply pushing all traffice through the VPN tunnel, but only the traffic of specific apps. That provides a solid method for providing access to on-premises resources for only the apps that really need it. This post will start with a quick summary of what should be in place, followed by going through the important per-app VPN specific configurations. Those configurations slightly differ per platform. This post will end by showing the user …

Read more

Backup and restore Android Enterprise fully managed devices

This week is something completely different compared to the last couple of weeks. This week is back to the Android platform. More specifically, backing up and restoring data on Android Enterprise fully managed devices. An often heard challenge with Android Enterprise managed devices, is the lack of available functionalities for restoring data from an old device to a new device. So, the ability to backup the data on the old device and to restore the data on the new device. That’s challenging as there is simply a lack of available backup functionality when relying on Android Enterprise. The Samsung Smart Switch app could be a solution for that challenge. It enables users to seamlessly transfers contacts, photos, music, videos, messages, notes, calendars and more to …

Read more

Easily installing Progressive Web Apps

This week is not something completely new, but more something nice to be aware of. This week is all around Progressive Web Apps (PWAs) and easily and automatically installing them on Windows devices. The great thing about a PWAs is that they’re basically websites that are enhanced to function like installed, native apps on supporting platforms, while functioning like regular websites on other browsers. That provides a great cross-platform experience. On Windows devices, PWAs can actually be installed like a native app and in some ways even behave like native apps. That provides a really powerful experience. With Microsoft Edge basically any website can be installed as an app. The behavior depends on the capabilities of the website. A nice add-on to that is that the …

Read more

Verifying installed applications as part of the compliance of Windows devices

This week is focused on the installed applications on Windows devices. More specifically, this week is focused on making sure that Windows devices are compliant with a list of unapproved apps. There are many methods for making sure that users won’t or can’t install specific apps on their Windows device. That could be by simply making sure that users don’t have the permissions to install apps and lock down their Windows devices, but that could also be by verifying the installed apps on their Windows devices. This post will focus on the latter, by comparing the installed apps with a list of unapproved apps. That can be achieved by using custom compliance settings. A few months ago I wrote about working with custom compliance settings. That …

Read more