Windows 10

Excluding Azure file shares from Conditional Access policies requiring MFA

by

This week is another short follow-up on the last couple of weeks. While the last couple of weeks were all about configuring the authentication on Azure file shares and on mapping Azure file shares, this week is all about the exclusion for multi-factor authentication (MFA). During the initial post, about using Azure AD Kerberos authentication for Azure file shares, it was mentioned that Azure AD Kerberos doesn’t support using MFA for accessing Azure file shares. The steps to prevent that, just weren’t described. And based on comments and feedback, it’s good to still walk through the steps for configuring that exclusion. This post will briefly discus the challenge, followed with the steps to create the exclusion for Azure file shares. This post will end with the …

Read more

Mapping Azure file shares on Windows devices

by

This week is a short follow-up on last week. While last week was all about configuring the authentication on Azure file shares, with the best user experience, this week is about automatically mapping those Azure file shares, for an even better user experience, on Windows devices. And to be really honest, that doesn’t really differ from mapping any other network drive. That doesn’t mean that it’s not a good moment to walk through the options for mapping (Azure) file shares. This post will briefly discuss the main different configuration options, followed with the steps to actually easily configure network mappings. That will be achieved by using the easiest most straight forward option, followed with the user experience. Note: When the authentication for the Azure file …

Read more

Configuring Azure AD Kerberos authentication on Azure file shares for Windows devices

by

This week is more Windows. More capabilities for creating a better user experience. This week the focus will be on Azure file shares and the relatively new Azure AD Kerberos authentication option, that can be configured on Windows devices by relying on Microsoft Intune. Azure Files supports the identity-based authentication over SMB, using Kerberos authentication. In preview, that now includes the ability to enable and configure Azure AD for authenticating hybrid identities. That allows users with a hybrid identity, to access Azure file shares using Kerberos authentication. That configuration relies on Azure AD to issue the required Kerberos tickets, to access Azure file shares using the SMB protocol. That basically means that users can access Azure file shares over the Internet, without requiring a line-of-sight …

Read more

Registering devices with the Windows Autopatch service

by

This week is all about the relatively new Windows Autopatch. Windows Autopatch is a cloud service provided, by Microsoft, that automates the update process for Windows, Microsoft 365 Apps for enterprise, Microsoft Edge, and Microsoft Teams. The steps to get started with Windows Autopatch are pretty straight forward, especially with the latest adjustments of how the service interacts with the tenant. Those adjustments improve the security posture of the service, by relying on application-only authentication, and further simplifies the enrollment process of the tenant. Together that makes the enrollment pretty straight forward. That’s also why this post simply assumes that the onboarding is successfully performed. Once the tenant is enrolled to the Windows Autopatch service, the next main action is the registration of the devices …

Read more

Easily managing third-party ADMX-files

by

This week is back to the management capabilities for Windows devices. More specifically, it’s all about managing settings via third-party ADMX-files by using Microsoft Intune. That’s something that used to be a big task and now turned in to a relatively simple action. This blog contains posts around that subject that details the process of ingesting third-party ADMX-files and configuring the related settings. The good thing is that those posts still have value, as the underlying process hasn’t changed. Microsoft did, however, drastically simplify the process for importing third-party ADMX-files and configuring the different settings. This post will describe the new simplified process of working with third-party ADMX-files and provides some details around the configuration that are good to know. Important: At the moment of …

Read more

Easily managing Cloud PCs

by

The last few weeks were all about getting started with Windows 365 Enterprise Cloud PCs and Microsoft Dev Box. And especially for Windows 365 Enterprise also looking at the main different configuration options. As both are based on the same foundation, the result of both is a Cloud PC that is automatically enrolled and managed by Microsoft Intune. That automatic enrollment makes sure that it’s very easy to get started with managing Cloud PCs. By automatically enrolling into Microsoft Intune, all the standard Windows device management capabilities are also available for Cloud PCs. That means: device configurations, device compliance, application deployment, update management and reporting. This post provides a quick overview of the options that become available for easily managing Cloud PCs and that are …

Read more

Getting started with Microsoft Dev Box

by

The last couple of blog post were all about getting starting with Windows 365 Enterprise Cloud PC. The first blog post, after a nice vacation, had to continue in that area. Just with a twist. This week all about Microsoft Dev Box. Microsoft Dev Box is now in preview and is a new managed service provided by Microsoft that builds on the strong foundation of Windows 365. That new managed service enables developers to create on-demand, high-performance, secure, ready-to-code, project-specific workstations in the cloud. The best part of it is that it enables developers to create their own dev boxes, within the provided technical and financial limits. The idea of this post is to show how IT administrators provide the technical framework, how development teams …

Read more

Device compliance for Windows 365 Enterprise Cloud PCs

by

This week is a short follow-up on my posts of the last couple of weeks about getting started with Windows 365 Enterprise. One of the items that was not specifically addressed is device compliance. In general it would be great to address Cloud PCs like any other laptop or desktop within the organization. There are, however, some differences to keep in mind and that might require organizations to use a slightly adjusted configuration for Cloud PCs. One of the main reason for that could be disk encryption. This post will address how disk encryption is different for Cloud PCs and also how other hardening features are similar for Cloud PCs. Besides that, this post will provide an easy method to work with exceptions for Cloud …

Read more

Getting started with Windows 365 Enterprise using a custom image

by

The last couple of weeks were mainly focused on getting started with Windows 365 Enterprise. Mainly focused on the networking configurations and join types of Cloud PCs. This week the focus will go to the more advanced imaging options. When looking specifically at Windows 11, the available Gallery image only contains the Microsoft 365 apps for enterprise. In some scenarios that might not be sufficient and some tuning and additional apps are required. In those cases, it’s always possible to rely on a custom image. An image that is based on the same starting point, but tuned to be a better fit for that specific scenario. This post will go through a simple process for creating an image based on an Azure Virtual Machine (VM), …

Read more

Getting started with Windows 365 Enterprise using an Azure Network Connection

by

This week is a follow-up on last week. Last week was about Windows 365 Enterprise in its simplest form, while this week will be about the more advanced networking forms of Windows 365 Enterprise. In other words, the different options of the Azure network connections and what it brings to Cloud PCs. For a quick introduction about Cloud PCs in its simplest form, with a Microsoft hosted network connection, have a look at that previous post. The more advanced networking connections enable organizations to create a connection with an on-premises environment. That on-premises environment can be an environment running in Azure, or an environment running in any datacenter. As long as it’s connected. The idea of this post is to provide the basics around the …

Read more