Informing users of newly enrolled devices

This week is all about a nice small new feature that became general available with the latest service release of Microsoft Intune (2301). That feature is enrollment notification. Enrollment notifications provide organizations with an easy method to notify users when a new device is enrolled. That provides organizations with more grip on the devices that are enrolled within the environment, as users will be informed when a new device was enrolled using their credentials. Besides that, it also provides organizations with an alternative method to welcome employees. In other words, a great way to trigger users. Enrollment notifications can be used for Windows, Android, iOS/iPadOS, and MacOS devices that are enrolled by using the user-driven enrollment methods. The notifications can be email notifications and push …

Read more

Managing privacy controls for Office products

This week is all about managing privacy controls for Office products. That includes Office on Android devices, Office on iOS devices, Office for Mac devices, Office for the web, and Microsoft 365 apps for enterprise on Windows devices. Most organizations often already have a good look at the required configurations options for the privacy controls on Windows devices. Office for other platforms, however, are often forgotten. Just like Office for the web. Good thing, though, is that there are nowadays multiple privacy controls available that can be configured for Office on all platforms. For some platforms there are even multiple configurations options. Best part of those configuration options is that there is also an option to configure the privacy controls cross platforms. This post will …

Read more

Getting started with multiple administrative approvals

This week is all about a nice new feature of Microsoft Intune. That new feature is multiple administrative approval (MAA). MAA enables organizations to require a second administrative user to approve a change before the change is actually applied. That limits the chance of accidental mistakes and even helps with the protection against compromised administrative accounts. With MAA, the most breaking and impactful changes can be protected. At this moment that includes specific resources, like apps and scripts. Changes to those resources can protected with MAA. That protection can be created by using Access policies. Access policies can be configured to protect specific resources with MAA. This post will go through the steps to configure those policies, followed with the behavior that those policies introduce. …

Read more

Configuring Shared PC mode with OneDrive sync enabled and configured

This week another short blog post about another nice configuration addition to Windows. This time it’s about configuring Shared PC mode with OneDrive sync. Shared PC mode on itself is nothing new, or special, but there was something missing. That something was the OneDrive sync, as there are scenarios in which it’s still required to use OneDrive on a Shared PC. The default behavior of Windows, however, was to prevent the usage of OneDrive, once Shared PC mode was enabled. That’s still the case but starting with Windows 11 version 22H2 a new setting is introduced that enables IT administrators to enable Shared PC mode with OneDrive sync enabled. A new setting to enabled Shared PC mode. This post will start with a short introduction …

Read more

Easier configuring additional LSA protection

This week another short blog post about another nice configuration addition to Windows. This time it’s about configuring additional Local Security Authority (LSA) protection for credentials. LSA, which includes the Local Security Authority Server Service (LSASS) process, validates users for local and remote sign-ins and enforces local security policies. Starting with Windows 8.1 and later, additional protection is provided for the LSA, to prevent reading memory and code injection by non-protected processes. That provides added security for the credentials that LSA stores and manages. Not really something new, but it’s good to know that something has changed from a configuration perspective. The protected process setting for LSA can also be configured in Windows 8.1 and later. That would, however, always require the manual creation of a …

Read more

Automatically switching the Windows Firewall profile on Azure AD joined devices

This new year starts with short blog post about another nice configuration addition to Windows. Starting with the latest release of Windows 11, it’s now possible to make the Windows Firewall aware of the location of the device. That maybe sounds a bit more than what it actually is. The idea is that it enables Windows to check if it’s on a domain connected network, based on the accessibility of one or more URLs. When one of the URLs is available, Windows will switch the Windows Firewall profile to domain. When none of the URLs are available, Windows will work how it always worked and in general simply rely on the public profile. That behavior enables IT administrators to configure specific firewall exclusions, only when …

Read more

Configuring Windows Package Manager

This week is all about configuring Windows Package Manager. With the ability of standard users installing apps by using winget and with release of the new Microsoft Store apps within Microsoft Intune, the configuration of Windows Package Manager gets more and more important. Of course, it was already important to have a solid configuration, but with Windows Package Manager getting a more prominent role, a good configuration is required. The good thing is that with the introduction of Windows 11, version 22H2, Microsoft also introduced new configuration options for Windows Package Manager. Before, the configuration was limited to Group Policy settings and the settings.json file. Now there are also Configuration Service Provider (CSP) settings. The Policy CSP now contains nodes for the configuration of the …

Read more

Test Base for Microsoft 365 integration with Microsoft Intune

This week is all about the Test Base for Microsoft 365 (Test Base) integration with Microsoft Intune. About a year ago Test Base was also a subject on this blog. Back then it was focused on getting started with Test Base. In the meantime, a lot has changed. And changed in a good way. Some really nice features were added, and one of those features is the integration with Microsoft Intune. As one of the focus areas of Test Base is on IT professionals who want to validate their applications, that integration will make their lives a lot easier. That integration will simplify the creation of a package within the Test Base account. It will preconfigure values during the creation of a package. Of those …

Read more

Organizing Managed Google Play apps with collections

This week is all about a smaller newly introduced feature regarding Android Enterprise. A feature that helps with organizing the Managed Google Play apps within the Managed Google Play store. When structure and details are important, this is that sweet little detail that makes it perfect. Starting with the latest service release of Microsoft Intune (service release 2211), there is now support for organizing apps within the Managed Google Play store by using collections. Collections are shown on the front page of the Managed Google Play store and provide users with easy access to the required apps. Collections can be used to organize apps in different categories. Custom categories. It’s completely up to the IT administrator to create collections, to name collections, to add apps …

Read more

Informing users with organizational messages

This week is all about the latest addition to Microsoft Intune and that is organizational messages. Organizational messages enable organizations to send important messages to their users. That might sound similar to an already existing feature that would allow organizations to send custom notifications. There are, however, some major differences. One of the major challenges with custom notifications is that Microsoft Intune can’t guarantee the delivery of the message. Besides that, it’s only available for Android and iOS. That all changes with organizational messages. Minor detail, however, is that organizational messages rely on Windows 11. Besides that, it provides organizations with a new channel to communicate important messages to users. Important messages that can help users with a better understanding of their workplace, stay informed …

Read more