Getting started with the Remote Help web app

This week is all about the Remote Help web app. Remote Help on itself is nothing new, but it does have an often overlooked feature that can be useful in multiple occasions. That feature is the Remote Help web app. The Remote Help web app can be used to help users on managed and unmanaged devices, without installing the Remote Help app, and in some scenarios even on Linux devices. The former might sound a little bit weird, but due to the nature of the web app, it does technically work in some scenarios to provide support on Linux. Together that makes the Remote Help web app an interesting feature to be familiar with. It is good to know that the web app only supports …

Read more

Quick tip: Only turn off notifications network usage when there is a direct requirement

This week is a relatively short post, mainly focused on providing a warning around turning off notifications network usage on Windows devices. Turning off notifications network usage can be used to prevent applications from using the notifications network the send notifications. No matter if that notification is a tile update, tile badge, toast, or any raw updates. It basically turns off the connection between Windows and the Windows Push Notification Services (WNS). WNS enables third-party developers to send those notifications. It provides a mechanism to deliver updates to users and devices in a power-efficient and dependable way. The important thing, however, is to keep in mind that WNS is not only used by third-party developers. It’s also used by many different Microsoft products, including Microsoft …

Read more

Looking closer at enabling Endpoint analytics

This week is all about Endpoint analytics and indirectly Advanced Analytics. More specifically, about enabling Endpoint Analytics and what happens after enabling Endpoint analytics. The process of enabling Endpoint analytics is not that special and can only be performed once per tenant. It is, however, good to be familiar with what happens after enabling Endpoint analytics. To understand the settings that become available and the impact of adjusting those settings. Especially the impact for the Windows devices within the environment. Besides that, it’s also important to be familiar with configurations that are not directly part of Endpoint analytics, but that do influence the results provided by Endpoint analytics. This post will focus on exactly those subjects! This post will provide an overview of what enabling …

Read more

Using a BYOCA with Microsoft Cloud PKI

This week is a follow-up on the post of last week about getting started with Microsoft Cloud PKI (Cloud PKI). This time it’s all about using a bring your own certificate authority (BYOCA) with Cloud PKI. BYOCA is focused on providing organizations with the ability to rely on an existing private CA. That can for example be an existing on-premises PKI infrastructure based on Active Directory Certificate Services (ADCS). BYOCA enables the IT administrator to create an issuing CA in Cloud PKI that is anchored to that existing private CA. By doing that, the issuing CA becomes an extension of the already existing (on-premises) PKI infrastructure. That might take some of the previously mentioned benefits away, as this won’t takeaway all the need to maintain …

Read more

Getting started with Microsoft Cloud PKI

This week is sort of another follow-up on the earlier posts about new Microsoft Intune Suite add-on capabilities. This time it’s all about the latest addition, Microsoft Cloud PKI (Cloud PKI). Cloud PKI provides organizations with a cloud-based service that simplifies and automates the certificate lifecycle management for Intune managed devices. It literally provides a public key infrastructure (PKI) from the cloud. That PKI environment can be built within a few minutes, by simply going through a couple of wizards. Even when relying on at least a two-tier hierarchy, with a root certificate authority (CA) and an issuing CA. There is no longer a need to maintain on-premises servers, connectors, or hardware. Cloud PKI handles the certificate issuance, renewal, and revocation for Intune managed devices. …

Read more

Getting started with Device query

This week is basically a follow-up on an earlier post about Advanced Analytics. At that time, it was all still in preview and still listening to the name of Advanced Endpoint Analytics. Advanced Analytics is also one of the latest additions to the Microsoft Intune Suite and it builds on top of those earlier previewed functionalities. On top of those features from the preview, Microsoft now also added Battery Health and Device query to the mix of features of Advanced Analytics. Even more insights and more options to actual query devices for information. Battery Health is a report that provides insights into the health of the batteries of the devices within the environment and how it influences the user experience. An interesting report, for even …

Read more

Getting started with Enterprise App Management

This week is sort of a follow-up on the earlier post about new Microsoft Intune Suite add-on capabilities. That time it was around the early capabilities, like Endpoint Privilege Management, the first glimpses of Advanced Analytics, and Microsoft Tunnel for MAM. This time it’s about Enterprise App Management. Enterprise App Management provides organizations with an applications catalog that contains apps that are prepared by Microsoft. Those apps are all Win32 apps that are wrapped and hosted by Microsoft. That can further simplify management and makes sure that the lifecycle of apps is getting better under control. That means more structural updates of apps, which makes sure that the environment gets more secure. This post will start with a further introduction about Enterprise App Management, followed …

Read more

Using Conditional Access for Remote Help

This week is a short post about a small nice addition to Remote Help. That small nice addition, however, can be an important piece towards the solid zero trust implementation within the organization. That addition is the ability to use Conditional Access specifically for Remote Help. That doesn’t mean, however, that Conditional Access was not applicable towards Remote Help before. When assigning a Conditional Access to all cloud apps that would (and will always) also include Remote Help. The main change is that it’s now possible to create a service principal for the Remote Assistance Service that can be used as a cloud app in the assignment of a Conditional Access policy. That enables organizations to create a custom Conditional Access policy specifically for Remote …

Read more

Getting started with Advanced Endpoint Analytics

This week is another post about one of the new Intune Suite add-on capabilities. This time it’s all about Advanced Endpoint Analytics. Advanced Endpoint Analytics adds-on to Endpoint Analytics by providing organizations access to more intelligence to gain even deeper insights into the user experience. It provides IT administrators with the tools to proactively detect and remediate issues that impact user productivity. All of that can be achieved with the new capabilities that are part of Advanced Endpoint Analytics. Those capabilities are anomaly detection, enhanced device timeline, and device scopes. Three powerful capabilities that enable IT administrators to use machine learning to identity anomalies, to have a detailed device timeline, and to have the ability to look at a specific set of devices. When an organization has …

Read more

Getting started with Endpoint Privilege Management

This week is another post about one of the new Intune Suite add-on capabilities. This time it’s all about Endpoint Privilege Management (EPM). At this moment EPM is still in preview, but once it becomes general available it will be licensed as part of the Microsoft Intune Suite. EPM enables organizations to provide standard user permissions to their users and still enable those users to complete tasks that require elevated permissions. Those tasks can include the installation of applications, updating device drivers, running diagnostics, and more. With that, EPM fits perfectly in the Zero Trust architecture of any organization. It enables the principle of using the least privilege, while still allowing users to run specifically approved tasks with elevated permissions. So, users remain productive and elevations are …

Read more