Quick tip: Adding custom support information to corporate-owned Android Enterprise devices

This first post after my vacation is a quick tip about adding custom support information to corporate-owned Android Enterprise devices. Custom support information enables IT administrators, to customize the short message that is shown when users try to change a setting that is managed by the organziation, to customize the long message that is shown when looking at more information about the short message, and to show information on the device lock screen. Especially the latter customization can be useful for showing some specific information to the user about the device. Think about easily providing the user access the (management) name of the device, or the serial number of the device. This post will walk through the configuration options, followed with the user experience. Configuring …

Read more

Getting started with Mobile Application Management for Windows

This week is all about Mobile Application Management (MAM) for Windows. A long awaited feature that will be a big help with addressing unmanaged Windows devices. MAM for Windows enables organizations to manage the app in a similar way as already possible on mobile platforms. So, making sure that there is a separation between personal and work data, and making sure that the chances of accidental data leakages getting slimmer. In some areas, especially when looking at browser access, it might feel similar to what could already be achieved by using app enforced restrictions in Conditional Access, or by using Microsoft Defender for Cloud Apps in combination with Conditional Access. Big difference, however, is that MAM for Windows also includes the ability to use app …

Read more

Getting started with Windows driver update management

This week is about a very recent introduced feature around updating Windows devices and that feature is driver updates. Driver update management on itself is not that new, as that was introduced a few months ago as a part of the Windows Update for Business deployment service. However, being able to use Microsoft Intune to manage driver updates via that deployment service is definitely something new. That makes it a lot easier to use the driver management functionality. Microsoft Intune introduced a new Driver updates for Windows 10 and later profile that does all the heavy lifting for managing driver updates on Windows devices. This post will start with an introduction about Windows driver update management, followed with the steps for creating and assigning the profiles. …

Read more

Creating supplemental Application Control policies for the base Application Control policies created with the built-in controls

This week is a follow-up on the post of last week about easily configuring the Intune Management Extension as managed installer for Windows Defender Application Control. That post already had a note regarding supplemental Application Control policies. This week, the focus will be on adding supplemental Application Control policies on top of the base Application Control policies that are created when using the built-in controls in the creation of an Application Control policy. The great thing is that those base Application Control policies all have standard configurations and can easily be reused. This post will focus on those base Application Control policies and using those with supplemental Application Control policies. This post will finish with the distribution of such supplemental Application Control policies and the …

Read more

Easily configuring the Intune Management Extension as managed installer for Windows Defender Application Control

This week is all about a great feature that has been introduced with the latest service release of Microsoft Intune (2306). That feature is the ability to easily configure the Intune Management Extension as a managed installer on Windows devices. Until this new ability, it’s always been challenging to work with the Intune Management Extension in combination with Windows Defender Application Control (WDAC). The main challenge was to configure the Intune Management Extension as a managed installer, to simplify the acceptance of applications that were installed via that extension. With this new feature, it’s now possible to configure the Intune Management Extension as a managed installer, by using a tenant-wide configuration. So, that will take away any challenging configuration to configure a managed installer. This …

Read more

Getting started with Windows 365 Boot

This week is a follow-up on a series of blog post of last year about Windows 365 Enterprise that started here. In the meantime, Microsoft announced many nice upcoming features with Windows 365 App, Windows 365 Boot, Windows 365 Offline and Windows 365 Switch and even a great licensing enhancement with Windows 365 Frontline. In other words, definitely time for a new blog post. This week is all about the introduction of Windows 365 Boot. Windows 365 Boot enables administrators to simplify the sign-in process for users on Windows 11 devices, by taking away the sign-in to their physical device and enabling the sign-in directly to their Windows 365 Cloud PC. So, basically turning the physical device into some sort of a thin client. Signing …

Read more

Managing updates for Visual Studio

This week is all about something relatively new with Microsoft Intune and that is managing Visual Studio settings. Many settings for managing Visual Studio were already available via registry keys and ADMX-files. Those ADMX-files could already be imported within Microsoft Intune, but are now also directly available within the Settings Catalog with the latest service release (2305). That enables organizations to easily manage the most important configuration settings that are required to at least make sure that the basics of the Visual Studio installation are compliant with the company policies. An important part of that is managing the updates for Visual Studio. That can make sure that the installations of Visual Studio within the organization, at least have the latest security updates installed. This post …

Read more

Configuring the default credential provider

This week is a short post about configuring the default credential provider and this is basically a small addition to the blog posts of about two years ago around configuring credential providers. That time the focus was around actually making it impossible to use specific credential providers. This time the focus is around configuring the default credential provider. That can be a powerful combination, but that can also be a step in the direction of guiding users away from using username-password. So, guiding users instead of forcing users. From a technical perspective that could make it a bit easier, as it doesn’t involve removing functionalities. In this case, it simply provides the configured credential provider as the default credential provider. That default credential provider will …

Read more

Providing users with global quiet times for notifications on their mobile devices

This week is a short post about a small nice feature that might be really useful for some users and organizations. That feature is the ability to schedule global quiet time settings for end users within the organization. Those settings make it possible to automatically mute Outlook email and Teams messages notifications on Android and iOS/iPadOS devices. These settings are available within new policies that can be used to limit end user notifications received outside work hours. That’s not something that’s applicable to every organization, but it does provide a great starting point when it is applicable. Besides that, it actually should be applicable to a lot of organizations, simply to provide users with a better balance between work and personal life. And, sometimes the …

Read more

Using authentication strengths in Conditional Access policies

This week is all about a nice feature of Conditional Access. Not a particular new feature, but an important feature for a solid passwordless implementation. That feature is authentication strengths. Authentication strengths is a Conditional Access control that enables IT administrators to specify which combination of authentication methods should be used to access the assigned cloud apps. Before authentication strengths, it was not possible to differentiate between the different authentication methods that can be used as a second factor. Now with authentication strengths, it enables organizations to differentiate the available authentication methods between apps, or to simply prevent the usage of less secure MFA combinations (like password + SMS). With that, it opens a whole new world of potential scenarios that can be easily addressed. …

Read more