Windows 11

Automatically switching the Windows Firewall profile on Azure AD joined devices

by

This new year starts with short blog post about another nice configuration addition to Windows. Starting with the latest release of Windows 11, it’s now possible to make the Windows Firewall aware of the location of the device. That maybe sounds a bit more than what it actually is. The idea is that it enables Windows to check if it’s on a domain connected network, based on the accessibility of one or more URLs. When one of the URLs is available, Windows will switch the Windows Firewall profile to domain. When none of the URLs are available, Windows will work how it always worked and in general simply rely on the public profile. That behavior enables IT administrators to configure specific firewall exclusions, only when …

Read more

Configuring Windows Package Manager

by

This week is all about configuring Windows Package Manager. With the ability of standard users installing apps by using winget and with release of the new Microsoft Store apps within Microsoft Intune, the configuration of Windows Package Manager gets more and more important. Of course, it was already important to have a solid configuration, but with Windows Package Manager getting a more prominent role, a good configuration is required. The good thing is that with the introduction of Windows 11, version 22H2, Microsoft also introduced new configuration options for Windows Package Manager. Before, the configuration was limited to Group Policy settings and the settings.json file. Now there are also Configuration Service Provider (CSP) settings. The Policy CSP now contains nodes for the configuration of the …

Read more

Test Base for Microsoft 365 integration with Microsoft Intune

by

This week is all about the Test Base for Microsoft 365 (Test Base) integration with Microsoft Intune. About a year ago Test Base was also a subject on this blog. Back then it was focused on getting started with Test Base. In the meantime, a lot has changed. And changed in a good way. Some really nice features were added, and one of those features is the integration with Microsoft Intune. As one of the focus areas of Test Base is on IT professionals who want to validate their applications, that integration will make their lives a lot easier. That integration will simplify the creation of a package within the Test Base account. It will preconfigure values during the creation of a package. Of those …

Read more

Informing users with organizational messages

by

This week is all about the latest addition to Microsoft Intune and that is organizational messages. Organizational messages enable organizations to send important messages to their users. That might sound similar to an already existing feature that would allow organizations to send custom notifications. There are, however, some major differences. One of the major challenges with custom notifications is that Microsoft Intune can’t guarantee the delivery of the message. Besides that, it’s only available for Android and iOS. That all changes with organizational messages. Minor detail, however, is that organizational messages rely on Windows 11. Besides that, it provides organizations with a new channel to communicate important messages to users. Important messages that can help users with a better understanding of their workplace, stay informed …

Read more

Simplifying the management and configuration of your favorite browser

by

This week is all about simplifying the management and configuration of your favorite browsers, by using Microsoft Intune. That’s definitely not the sexiest subject, but it’s important to be familiar with the easy options that are available nowadays. With the latest additions to Microsoft Intune, the management and configuration of the different browsers became more of a native functionality. Native functionality was already available for Microsoft Edge, and recently became available for Google Chrome. And now, with the recent addition of importing third-party administrative templates, it became available for every browser that could be easily managed within an on-premises environment, by using Group Policies. Besides that, there are even alternatives when really needed. This post will provide an overview of the different options for managing …

Read more

Excluding Azure file shares from Conditional Access policies requiring MFA

by

This week is another short follow-up on the last couple of weeks. While the last couple of weeks were all about configuring the authentication on Azure file shares and on mapping Azure file shares, this week is all about the exclusion for multi-factor authentication (MFA). During the initial post, about using Azure AD Kerberos authentication for Azure file shares, it was mentioned that Azure AD Kerberos doesn’t support using MFA for accessing Azure file shares. The steps to prevent that, just weren’t described. And based on comments and feedback, it’s good to still walk through the steps for configuring that exclusion. This post will briefly discus the challenge, followed with the steps to create the exclusion for Azure file shares. This post will end with the …

Read more

Mapping Azure file shares on Windows devices

by

This week is a short follow-up on last week. While last week was all about configuring the authentication on Azure file shares, with the best user experience, this week is about automatically mapping those Azure file shares, for an even better user experience, on Windows devices. And to be really honest, that doesn’t really differ from mapping any other network drive. That doesn’t mean that it’s not a good moment to walk through the options for mapping (Azure) file shares. This post will briefly discuss the main different configuration options, followed with the steps to actually easily configure network mappings. That will be achieved by using the easiest most straight forward option, followed with the user experience. Note: When the authentication for the Azure file …

Read more

Configuring Azure AD Kerberos authentication on Azure file shares for Windows devices

by

This week is more Windows. More capabilities for creating a better user experience. This week the focus will be on Azure file shares and the relatively new Azure AD Kerberos authentication option, that can be configured on Windows devices by relying on Microsoft Intune. Azure Files supports the identity-based authentication over SMB, using Kerberos authentication. In preview, that now includes the ability to enable and configure Azure AD for authenticating hybrid identities. That allows users with a hybrid identity, to access Azure file shares using Kerberos authentication. That configuration relies on Azure AD to issue the required Kerberos tickets, to access Azure file shares using the SMB protocol. That basically means that users can access Azure file shares over the Internet, without requiring a line-of-sight …

Read more

Registering devices with the Windows Autopatch service

by

This week is all about the relatively new Windows Autopatch. Windows Autopatch is a cloud service provided, by Microsoft, that automates the update process for Windows, Microsoft 365 Apps for enterprise, Microsoft Edge, and Microsoft Teams. The steps to get started with Windows Autopatch are pretty straight forward, especially with the latest adjustments of how the service interacts with the tenant. Those adjustments improve the security posture of the service, by relying on application-only authentication, and further simplifies the enrollment process of the tenant. Together that makes the enrollment pretty straight forward. That’s also why this post simply assumes that the onboarding is successfully performed. Once the tenant is enrolled to the Windows Autopatch service, the next main action is the registration of the devices …

Read more

Working with enhanced phishing protection in Microsoft Defender SmartScreen

by

This week is all about a new security feature that is part of Microsoft Defender SmartScreen and that was introduced with Windows 11, version 22H2. That feature is enhanced phishing protection. Enhanced phishing protection helps with protecting work accounts against phishing and unsafe usage on sites and apps. It works alongside existing Windows security features and alerts about typed work passwords in any Chromium browser, warns about reused work passwords on sites and apps, and warns when storing plaintext work passwords in Notepad, Word, or any Microsoft 365 Office app. That makes enhanced phishing protection an important addition to the Microsoft Defender SmartScreen security functionalities. This post will go through the available settings, the easy configuration, and the user experience with the enabled notifications. Note: …

Read more