Getting started with the Remote Help web app

This week is all about the Remote Help web app. Remote Help on itself is nothing new, but it does have an often overlooked feature that can be useful in multiple occasions. That feature is the Remote Help web app. The Remote Help web app can be used to help users on managed and unmanaged devices, without installing the Remote Help app, and in some scenarios even on Linux devices. The former might sound a little bit weird, but due to the nature of the web app, it does technically work in some scenarios to provide support on Linux. Together that makes the Remote Help web app an interesting feature to be familiar with. It is good to know that the web app only supports …

Read more

Smoothly introducing new feature updates for Windows 11 as optional updates

This week is all about a new method to smoothly introduce a new feature update within the organization. That new method is the ability to create a feature update deployment policy with the option to make the new feature update available as an optional update. By making the latest feature update, or any other feature update that eventually must be deployed, available as an optional update, the user is still in control of actually installing the update. That leaves the IT administrator in control of making the feature update available and the user in control of the installation. Doing that, adds an easy step to smoothly introducing a new feature update in the organization. Besides a smooth process, this also provides an easy start when …

Read more

Combining the different layers of data security on personal Windows devices

This week is a continuation of my previous blog post about working with personal Windows devices. That post was focussed on the different options available for providing secure access to corporate data on personal Windows devices. This post is focussed on providing more details around using those different options actually as different layers in a single solution. All with the focus on providing secure access to corporate data on personal Windows devices, while still providing the user with as much flexibility and options to be productive. Besides that, using different layers of data security also enables the IT administrators to add more granularity to the solution. That makes the total solution less black-and-white. So, for example, not just block the ability of the user to …

Read more

Working with personal Windows devices

This week is kind of a follow up on my post of a couple of weeks ago about why enrolling personal Windows devices might be a really bad idea. That post was focussed on advising against allowing enrolling personal Windows devices into Microsoft Intune (or any other MDM provider). The logic follow up question would be: what are the alternatives? And that’s of course a fair question. This post will be about answering that specific question. And to be quite honest, the answer might come very close to a blog post of about four years around supporting unsupported platforms. The main difference will be what Microsoft has provided over the years. And that’s a lot, especially for the Windows platform. This post will focus on …

Read more

Why enrolling personal Windows devices might be a really bad idea

This week is basically a brief follow-up on one of my sessions at the Modern Endpoint Management Summit 2024. More specifically, my session about Protecting corporate data on personal Windows devices – Your options. During that session I went into a bit more detail about the discussion that I started earlier on Twitter/X around enrolling personal Windows devices. My opinion around that might be lightly biased from what I’ve seen over the years, but I do think that I can provide some insights into why I think that it’s not a good idea to enroll personal Windows devices. In this blog post, I’ll provide a short summary of what I’ve shared during my session. It’s good to have an opinion, but it’s even better to …

Read more

Quick tip: Only turn off notifications network usage when there is a direct requirement

This week is a relatively short post, mainly focused on providing a warning around turning off notifications network usage on Windows devices. Turning off notifications network usage can be used to prevent applications from using the notifications network the send notifications. No matter if that notification is a tile update, tile badge, toast, or any raw updates. It basically turns off the connection between Windows and the Windows Push Notification Services (WNS). WNS enables third-party developers to send those notifications. It provides a mechanism to deliver updates to users and devices in a power-efficient and dependable way. The important thing, however, is to keep in mind that WNS is not only used by third-party developers. It’s also used by many different Microsoft products, including Microsoft …

Read more

Looking closer at enabling Endpoint analytics

This week is all about Endpoint analytics and indirectly Advanced Analytics. More specifically, about enabling Endpoint Analytics and what happens after enabling Endpoint analytics. The process of enabling Endpoint analytics is not that special and can only be performed once per tenant. It is, however, good to be familiar with what happens after enabling Endpoint analytics. To understand the settings that become available and the impact of adjusting those settings. Especially the impact for the Windows devices within the environment. Besides that, it’s also important to be familiar with configurations that are not directly part of Endpoint analytics, but that do influence the results provided by Endpoint analytics. This post will focus on exactly those subjects! This post will provide an overview of what enabling …

Read more

Using a BYOCA with Microsoft Cloud PKI

This week is a follow-up on the post of last week about getting started with Microsoft Cloud PKI (Cloud PKI). This time it’s all about using a bring your own certificate authority (BYOCA) with Cloud PKI. BYOCA is focused on providing organizations with the ability to rely on an existing private CA. That can for example be an existing on-premises PKI infrastructure based on Active Directory Certificate Services (ADCS). BYOCA enables the IT administrator to create an issuing CA in Cloud PKI that is anchored to that existing private CA. By doing that, the issuing CA becomes an extension of the already existing (on-premises) PKI infrastructure. That might take some of the previously mentioned benefits away, as this won’t takeaway all the need to maintain …

Read more

Getting started with Microsoft Cloud PKI

This week is sort of another follow-up on the earlier posts about new Microsoft Intune Suite add-on capabilities. This time it’s all about the latest addition, Microsoft Cloud PKI (Cloud PKI). Cloud PKI provides organizations with a cloud-based service that simplifies and automates the certificate lifecycle management for Intune managed devices. It literally provides a public key infrastructure (PKI) from the cloud. That PKI environment can be built within a few minutes, by simply going through a couple of wizards. Even when relying on at least a two-tier hierarchy, with a root certificate authority (CA) and an issuing CA. There is no longer a need to maintain on-premises servers, connectors, or hardware. Cloud PKI handles the certificate issuance, renewal, and revocation for Intune managed devices. …

Read more

Adding company branding to Microsoft Edge for Business

This week is all about Microsoft Edge for Business and the new ability to add company branding. Microsoft Edge for Business is the new dedicated Microsoft Edge experience that is created for work accounts. It provides IT administrators with the capabilities to provide users with a productive and secure browsing experience across managed and unmanaged devices. That includes the ability to add company branding to the work account in Microsoft Edge for Business. Adding company branding can be especially useful for differentiating between multiple profiles in the browser. The company branding includes organization details like the company name in the profile pill, and the company color and logo in the profile flyout. Besides that, it’s even possible to add a logo to overlay the Microsoft …

Read more