Windows 10

Why enrolling personal Windows devices might be a really bad idea

by

This week is basically a brief follow-up on one of my sessions at the Modern Endpoint Management Summit 2024. More specifically, my session about Protecting corporate data on personal Windows devices – Your options. During that session I went into a bit more detail about the discussion that I started earlier on Twitter/X around enrolling personal Windows devices. My opinion around that might be lightly biased from what I’ve seen over the years, but I do think that I can provide some insights into why I think that it’s not a good idea to enroll personal Windows devices. In this blog post, I’ll provide a short summary of what I’ve shared during my session. It’s good to have an opinion, but it’s even better to …

Read more

Quick tip: Only turn off notifications network usage when there is a direct requirement

by

This week is a relatively short post, mainly focused on providing a warning around turning off notifications network usage on Windows devices. Turning off notifications network usage can be used to prevent applications from using the notifications network the send notifications. No matter if that notification is a tile update, tile badge, toast, or any raw updates. It basically turns off the connection between Windows and the Windows Push Notification Services (WNS). WNS enables third-party developers to send those notifications. It provides a mechanism to deliver updates to users and devices in a power-efficient and dependable way. The important thing, however, is to keep in mind that WNS is not only used by third-party developers. It’s also used by many different Microsoft products, including Microsoft …

Read more

Looking closer at enabling Endpoint analytics

by

This week is all about Endpoint analytics and indirectly Advanced Analytics. More specifically, about enabling Endpoint Analytics and what happens after enabling Endpoint analytics. The process of enabling Endpoint analytics is not that special and can only be performed once per tenant. It is, however, good to be familiar with what happens after enabling Endpoint analytics. To understand the settings that become available and the impact of adjusting those settings. Especially the impact for the Windows devices within the environment. Besides that, it’s also important to be familiar with configurations that are not directly part of Endpoint analytics, but that do influence the results provided by Endpoint analytics. This post will focus on exactly those subjects! This post will provide an overview of what enabling …

Read more

Using a BYOCA with Microsoft Cloud PKI

by

This week is a follow-up on the post of last week about getting started with Microsoft Cloud PKI (Cloud PKI). This time it’s all about using a bring your own certificate authority (BYOCA) with Cloud PKI. BYOCA is focused on providing organizations with the ability to rely on an existing private CA. That can for example be an existing on-premises PKI infrastructure based on Active Directory Certificate Services (ADCS). BYOCA enables the IT administrator to create an issuing CA in Cloud PKI that is anchored to that existing private CA. By doing that, the issuing CA becomes an extension of the already existing (on-premises) PKI infrastructure. That might take some of the previously mentioned benefits away, as this won’t takeaway all the need to maintain …

Read more

Getting started with Microsoft Cloud PKI

by

This week is sort of another follow-up on the earlier posts about new Microsoft Intune Suite add-on capabilities. This time it’s all about the latest addition, Microsoft Cloud PKI (Cloud PKI). Cloud PKI provides organizations with a cloud-based service that simplifies and automates the certificate lifecycle management for Intune managed devices. It literally provides a public key infrastructure (PKI) from the cloud. That PKI environment can be built within a few minutes, by simply going through a couple of wizards. Even when relying on at least a two-tier hierarchy, with a root certificate authority (CA) and an issuing CA. There is no longer a need to maintain on-premises servers, connectors, or hardware. Cloud PKI handles the certificate issuance, renewal, and revocation for Intune managed devices. …

Read more

Adding company branding to Microsoft Edge for Business

by

This week is all about Microsoft Edge for Business and the new ability to add company branding. Microsoft Edge for Business is the new dedicated Microsoft Edge experience that is created for work accounts. It provides IT administrators with the capabilities to provide users with a productive and secure browsing experience across managed and unmanaged devices. That includes the ability to add company branding to the work account in Microsoft Edge for Business. Adding company branding can be especially useful for differentiating between multiple profiles in the browser. The company branding includes organization details like the company name in the profile pill, and the company color and logo in the profile flyout. Besides that, it’s even possible to add a logo to overlay the Microsoft …

Read more

Getting started with Device query

by

This week is basically a follow-up on an earlier post about Advanced Analytics. At that time, it was all still in preview and still listening to the name of Advanced Endpoint Analytics. Advanced Analytics is also one of the latest additions to the Microsoft Intune Suite and it builds on top of those earlier previewed functionalities. On top of those features from the preview, Microsoft now also added Battery Health and Device query to the mix of features of Advanced Analytics. Even more insights and more options to actual query devices for information. Battery Health is a report that provides insights into the health of the batteries of the devices within the environment and how it influences the user experience. An interesting report, for even …

Read more

Getting familiar with the Intune Management Extension log files

by

This week is another post about the Intune Management Extension (IME). This week the focus is on the log files of the IME. Probably not the most interesting subject, but definitely an important subject. Especially as an IT administrator, it’s important to be familiar with the available log files of the IME and to understand the usage of those log files. Besides that, it can also be interesting to be familiar with the configuration options for those log files. Together that will help with a better understanding of the logging capabilities of the IME and the log files that should be used to find the information related to a specific problem. This post will have a closer look at the IME log files and the …

Read more

Understanding the Intune Management Extension client health check

by

This week is sort of a follow-up on the posts of the last couple of weeks about Win32 apps. This week, however, the focus is more on the process that is in place to make sure that everything around the Intune Management Extension (IME) keeps functioning. The IME contains many important components for installing Win32 apps, for running PowerShell scripts, for running inventories, and more. That makes it important that the IME is running successfully. To make sure that the IME is running successfully, the Intune Management Extension Health Evaluation was introduced. That evaluation is focused on performing checks on the service of the IME. This post will have a closer look at the IME client health check and the actions that it performs. Starting …

Read more

Understanding Win32 app inventory

by

This week is another week about apps on Windows devices. The major difference with last week is that this week is all about the discovered apps on Windows devices. In other words, the app inventory on Windows devices. Within Microsoft Intune that inventory always used to be a huge challenge. It was often not complete and simply missing pieces. Nowadays, it’s getting more and more mature. It contains nearly all application types, is structurally inventoried, and is displayed in a (basic) report. Within Microsoft Intune that report is the Discovered apps report. That report contains a aggregated list of the discovered apps on the devices within the tenant. So, it acts as the software inventory within the tenant. This post will look at the process …

Read more