Customizing the Start menu layout on Windows 11 devices

This week is all about customizing the Start menu layout on Windows 11. Customizing the Start menu layout enables organizations to create a standardized layout for theirs users by pinning apps, removing default apps, ordering apps and more. The configuration of such a standardized layout has changed from Windows 10 to Windows 11. To create a standardized layout for Windows 11, the IT administrator must use a JSON-file. In previous versions of Windows, that required a XML-file. That configuration change, justifies an explanation about the Start menu layout in Windows 11 and the different configuration options. This post breaks down the new Start menu layout in Windows 11 and the different configuration options that are available, per section. That breakdown is followed with a zoom-in …

Read more

Simplifying targetting groups of apps with app protection policies

This week is all about the simplification in targetting groups of apps with app protection policies and a followup on my tweet of last week. That tweet provided a quick peak at the new targetting options of app protection policies for Android and iOS/iPadOS devices. The great thing about that simplification is that app protection policies can now be targeted at different categories (or groups) of apps. Those categories of apps are All apps, All Microsoft apps and Core Microsoft apps, and are dynamically updated to include the appropriate apps. That dynamic update will make sure that the already created app protection policies are automatically updated with the latest apps that are available for the different categories and will also make sure that newly created …

Read more

Controlling devices connected to Windows devices

This week is all about device control. Device control is often referred to as a feature of Microsoft Defender for Endpoint and is focused on preventing data leakage. That is achieved by limiting the devices that can be connected to a Windows device. The idea is also pretty straight forward: control which devices can connect to a Windows device. That can be achieved by looking at the hardware device installation, at the removable storage and at the bluetooth connections. Besides that it’s even possible to get creative with printers. Most of these settings – with exception of the printer settings – are configurable via the endpoint security options, but most settings are actually configured via different CSPs on the Windows device. This post will walk …

Read more

Getting new users quickly up-and-running with Temporary Access Pass

This week is a little follow-up on a post of a couple of months ago and about connecting pieces of the puzzle. That post was around Temporary Access Pass (TAP). Even though that post was focused on Windows devices, it did provide some hints for using TAP on mobile devices (Android, iOS) also. An often seen and heard challenge is related to getting new user up-and-running. Especially when requiring Multi-Factor Authentication (MFA) for device enrollment, or when trying to work completely passwordless. Those scenarios introduce chicken-and-egg situations as a device must be registered for usage with MFA and the registration requires MFA, or when trying to work passwordless and an authentication method must be registered to be able to work passwordless. So, to get a …

Read more

Getting started with Test Base for Microsoft 365

This week is about something relatively new, but especially something rather unknown. And that is Test Base for Microsoft 365 (Test Base). Test Base is a validation service based in a secure Azure environment, that enables Software Vendors (SVs) and System Integrators (SIs) to validate their applications against pre-released Windows security and feature updates. The best part is that it also enables customers and partners to do the same. That enables organizations to automatically test their critical business app with the upcoming Windows security and feature updates. A sort of automated testing. That helps organizations to be even better prepared for the upcoming Windows security and feature updates. This post is to create more awareness for Test Base and to make sure that organization are …

Read more

Enhancing the Work Profile experience with system apps

This week is all around enhancing the Work Profile experience with the most common system apps on Android devices. Getting the right system apps available within the Work Profile can enhance the user experience and the data separation. Mainly the latter actually, as for more apps the experience will be divided between a personal app and a work app. And that’s not always the best user experience. That could be useful when looking at for example the Camera app. Without adding that app to the Work Profile, all movies and pictures will be stored in the Personal Profile. This post will start with a quick overview of the most common Android Enterprise system apps, followed with the steps for managing (read: enabling) those apps. This …

Read more

Getting started with Continuous Access Evaluation

This week is all around an Azure AD functionality that tightly integrates with Conditional Access (CA) and that provides a near real time experience with enforcing access to resources and applications. That functionality is Continuous Access Evaluation (CAE). CAE was introduced almost a year ago to Azure AD tenants with CA enabled and provides that near real time experience. That experience is created by enabling a communication between the different Microsoft services and Azure AD. That communication provides a lot of magic that results in the new real time experience. This post starts with a quick introduction in CAE, followed with the steps to enables this functionality (while in preview). This post ends with showing the near real time user experience. Important: At the moment …

Read more

Android Enterprise and Microsoft Intune: A quick summary

This week my post is a few days later, as my post is an extension of my session at the Workplace Ninja Virtual Summit 2021. At the virtual summit I did a session about Why you might want to use corporate-owned devices with Work Profile. During that session I shared a summary about Android Enterprise and I zoomed in on the capabilities of corporate-owned devices with Work Profile. This post will provide a summary of that session about the different important components of Android Enterprise and how that integrates and works with Microsoft Intune, followed with a zoom-in on corporate-owned devices with Work Profile. Most of that information will be summarized in tables and slides. The slides (PDF) of that session are available for download here. Android …

Read more

Configuring Windows Hello for Business dynamic lock

The last few weeks – before my vacation – were all around Windows Hello for Business. And especially around unlocking devices by using Windows Hello for Business functionalities. This week, however, is a little different. This week is around the automatic lock functionality of Windows Hello for Business. That functionality is Windows Hello for Business dynamic lock. Dynamic lock enables organizations to automatically lock devices when users step away from their device. That automatic lock can be achieved by using the bluetooth signal of a paired phone. The device will automatically lock when the signal of that paired phone falls below the configured minimum value. Of course, automatically locking the device doesn’t prevent users from forgetting to lock their device, but it does prevent the …

Read more