Microsoft Endpoint Manager

Working with enhanced phishing protection in Microsoft Defender SmartScreen

by

This week is all about a new security feature that is part of Microsoft Defender SmartScreen and that was introduced with Windows 11, version 22H2. That feature is enhanced phishing protection. Enhanced phishing protection helps with protecting work accounts against phishing and unsafe usage on sites and apps. It works alongside existing Windows security features and alerts about typed work passwords in any Chromium browser, warns about reused work passwords on sites and apps, and warns when storing plaintext work passwords in Notepad, Word, or any Microsoft 365 Office app. That makes enhanced phishing protection an important addition to the Microsoft Defender SmartScreen security functionalities. This post will go through the available settings, the easy configuration, and the user experience with the enabled notifications. Note: …

Read more

Enhance Microsoft Intune data with Log Analytics: A summary

by

This week an extra blog post about my session at Experts Live Netherlands 2022. I did my session about Enhance Microsoft Intune data with Log Analytics. During that session – after battling some technical challenges – I shared a lot of information around the four most obvious options for using Microsoft Intune in combination with Log Analytics. I showed the direct integration, the combination with Update Compliance, the use of the Azure Monitor HTTP Collector API and even the use of the Azure Monitor Agent. This post will provide a quick summary of that session, by briefly touching those different options. The slides (PDF) of that session are available for download here. Collecting log data via a direct integration The first option was all about …

Read more

Easily managing third-party ADMX-files

by

This week is back to the management capabilities for Windows devices. More specifically, it’s all about managing settings via third-party ADMX-files by using Microsoft Intune. That’s something that used to be a big task and now turned in to a relatively simple action. This blog contains posts around that subject that details the process of ingesting third-party ADMX-files and configuring the related settings. The good thing is that those posts still have value, as the underlying process hasn’t changed. Microsoft did, however, drastically simplify the process for importing third-party ADMX-files and configuring the different settings. This post will describe the new simplified process of working with third-party ADMX-files and provides some details around the configuration that are good to know. Important: At the moment of …

Read more

Common Criteria Mode for corporate-owned Android Enterprise devices

by

This week something completely different compared to the last few weeks. While the last last few weeks were all about the great simplicity of Windows 365 Enterprise, this week is all about Android Enterprise. Different platform, theoretically possibly the same device. With the introduction of Android 11 (API level 30), some nice new features were introduced for enterprises. That includes the addition of the Common Criteria (CC) Mode. CC Mode already exists for a few years for Samsung Knox devices and – in combination with Microsoft Intune – already could be configured by using OEMConfig (with the KSP app), but is now available by default within Android Enterprise. Even better, with one of the latest service releases (2207) of Microsoft Intune that can now be …

Read more

Welcome to the still growing Android device management jungle: A summary

by

The second short post of this week is another extension of one of my sessions at the Workplace Ninja Summit 2022. At the summit I did my second session about Welcome to the still growing Android device management jungle. During that session I shared information around the still growing device management options for Android devices, pointers that can help with making the right decisions and information around the different configuration options. This post will provide a quick summary of that session by going through the different management options, providing important differences and summarizing the main configuration capabilities. The slides (PDF) of that session are available for download here. Android (device) management options When looking at the Android (device) management options, there are many options. And the number …

Read more

Creating the path for mobile devices to on-premises resources: A summary

by

This week a few shorter posts, as my posts this week are extensions of my sessions at the Workplace Ninja Summit 2022. At the summit I did my first session about Creating the path for mobile devices to on-premises resources. During that session I shared information around the architecture and flow of Microsoft Tunnel, I zoomed in on getting up-and-running with Microsoft Tunnel and showed getting insight of Microsoft Tunnel. This post will provide a quick summary of that session by quickly showing the architecture and flow of Microsoft Tunnel and by showing the summary and reminders. The slides (PDF) of that session are available for download here. Architecting Microsoft Tunnel An important part of creating the Microsoft Tunnel infrastructure is a solid architecture. In most cases that …

Read more

Easily managing Cloud PCs

by

The last few weeks were all about getting started with Windows 365 Enterprise Cloud PCs and Microsoft Dev Box. And especially for Windows 365 Enterprise also looking at the main different configuration options. As both are based on the same foundation, the result of both is a Cloud PC that is automatically enrolled and managed by Microsoft Intune. That automatic enrollment makes sure that it’s very easy to get started with managing Cloud PCs. By automatically enrolling into Microsoft Intune, all the standard Windows device management capabilities are also available for Cloud PCs. That means: device configurations, device compliance, application deployment, update management and reporting. This post provides a quick overview of the options that become available for easily managing Cloud PCs and that are …

Read more

Getting started with Microsoft Dev Box

by

The last couple of blog post were all about getting starting with Windows 365 Enterprise Cloud PC. The first blog post, after a nice vacation, had to continue in that area. Just with a twist. This week all about Microsoft Dev Box. Microsoft Dev Box is now in preview and is a new managed service provided by Microsoft that builds on the strong foundation of Windows 365. That new managed service enables developers to create on-demand, high-performance, secure, ready-to-code, project-specific workstations in the cloud. The best part of it is that it enables developers to create their own dev boxes, within the provided technical and financial limits. The idea of this post is to show how IT administrators provide the technical framework, how development teams …

Read more

Device compliance for Windows 365 Enterprise Cloud PCs

by

This week is a short follow-up on my posts of the last couple of weeks about getting started with Windows 365 Enterprise. One of the items that was not specifically addressed is device compliance. In general it would be great to address Cloud PCs like any other laptop or desktop within the organization. There are, however, some differences to keep in mind and that might require organizations to use a slightly adjusted configuration for Cloud PCs. One of the main reason for that could be disk encryption. This post will address how disk encryption is different for Cloud PCs and also how other hardening features are similar for Cloud PCs. Besides that, this post will provide an easy method to work with exceptions for Cloud …

Read more

Getting started with Windows 365 Enterprise using a custom image

by

The last couple of weeks were mainly focused on getting started with Windows 365 Enterprise. Mainly focused on the networking configurations and join types of Cloud PCs. This week the focus will go to the more advanced imaging options. When looking specifically at Windows 11, the available Gallery image only contains the Microsoft 365 apps for enterprise. In some scenarios that might not be sufficient and some tuning and additional apps are required. In those cases, it’s always possible to rely on a custom image. An image that is based on the same starting point, but tuned to be a better fit for that specific scenario. This post will go through a simple process for creating an image based on an Azure Virtual Machine (VM), …

Read more