Registering devices with the Windows Autopatch service

This week is all about the relatively new Windows Autopatch. Windows Autopatch is a cloud service provided, by Microsoft, that automates the update process for Windows, Microsoft 365 Apps for enterprise, Microsoft Edge, and Microsoft Teams. The steps to get started with Windows Autopatch are pretty straight forward, especially with the latest adjustments of how the service interacts with the tenant. Those adjustments improve the security posture of the service, by relying on application-only authentication, and further simplifies the enrollment process of the tenant. Together that makes the enrollment pretty straight forward. That’s also why this post simply assumes that the onboarding is successfully performed. Once the tenant is enrolled to the Windows Autopatch service, the next main action is the registration of the devices …

Read more

Easily managing third-party ADMX-files

This week is back to the management capabilities for Windows devices. More specifically, it’s all about managing settings via third-party ADMX-files by using Microsoft Intune. That’s something that used to be a big task and now turned in to a relatively simple action. This blog contains posts around that subject that details the process of ingesting third-party ADMX-files and configuring the related settings. The good thing is that those posts still have value, as the underlying process hasn’t changed. Microsoft did, however, drastically simplify the process for importing third-party ADMX-files and configuring the different settings. This post will describe the new simplified process of working with third-party ADMX-files and provides some details around the configuration that are good to know. Important: At the moment of …

Read more

Easily managing Cloud PCs

The last few weeks were all about getting started with Windows 365 Enterprise Cloud PCs and Microsoft Dev Box. And especially for Windows 365 Enterprise also looking at the main different configuration options. As both are based on the same foundation, the result of both is a Cloud PC that is automatically enrolled and managed by Microsoft Intune. That automatic enrollment makes sure that it’s very easy to get started with managing Cloud PCs. By automatically enrolling into Microsoft Intune, all the standard Windows device management capabilities are also available for Cloud PCs. That means: device configurations, device compliance, application deployment, update management and reporting. This post provides a quick overview of the options that become available for easily managing Cloud PCs and that are …

Read more

Getting started with Microsoft Dev Box

The last couple of blog post were all about getting starting with Windows 365 Enterprise Cloud PC. The first blog post, after a nice vacation, had to continue in that area. Just with a twist. This week all about Microsoft Dev Box. Microsoft Dev Box is now in preview and is a new managed service provided by Microsoft that builds on the strong foundation of Windows 365. That new managed service enables developers to create on-demand, high-performance, secure, ready-to-code, project-specific workstations in the cloud. The best part of it is that it enables developers to create their own dev boxes, within the provided technical and financial limits. The idea of this post is to show how IT administrators provide the technical framework, how development teams …

Read more

Device compliance for Windows 365 Enterprise Cloud PCs

This week is a short follow-up on my posts of the last couple of weeks about getting started with Windows 365 Enterprise. One of the items that was not specifically addressed is device compliance. In general it would be great to address Cloud PCs like any other laptop or desktop within the organization. There are, however, some differences to keep in mind and that might require organizations to use a slightly adjusted configuration for Cloud PCs. One of the main reason for that could be disk encryption. This post will address how disk encryption is different for Cloud PCs and also how other hardening features are similar for Cloud PCs. Besides that, this post will provide an easy method to work with exceptions for Cloud …

Read more

Getting started with Windows 365 Enterprise using a custom image

The last couple of weeks were mainly focused on getting started with Windows 365 Enterprise. Mainly focused on the networking configurations and join types of Cloud PCs. This week the focus will go to the more advanced imaging options. When looking specifically at Windows 11, the available Gallery image only contains the Microsoft 365 apps for enterprise. In some scenarios that might not be sufficient and some tuning and additional apps are required. In those cases, it’s always possible to rely on a custom image. An image that is based on the same starting point, but tuned to be a better fit for that specific scenario. This post will go through a simple process for creating an image based on an Azure Virtual Machine (VM), …

Read more

Getting started with Windows 365 Enterprise using a Microsoft Hosted Network

This week is not about something totally new, but it is about something that really deserves a place on this blog. It’s all about Windows 365 Enterprise. More specifically, Windows 365 Enterprise in its simplest form, in a Microsoft Hosted Network. Windows 365 Enterprise is a cloud-service provided by Microsoft that will automatically create Windows virtual machines (a.k.a. Cloud PCs) for licensed users. A very straight forward method to provide users with a personal PC from the cloud (a.k.a. Cloud PC). It combines the strengths of different Microsoft products by relying on Microsoft Endpoint Manager for management, by relying on Azure AD for identity and access control and by relying on Azure Virtual Desktop for remote connectivity. The idea of this post is to provide …

Read more

Easily managing Universal Print printers on Windows 11 devices

This week is al about Microsoft Universal Print. Not, however, about the concept, the connectors, the printers, or the printer shares. Just about the configuration, via Microsoft Intune, on Windows devices. And in particular, at this moment, Windows 11 devices. Windows 11 devices now contain the UniversalPrint CSP that can be used to easily configure Universal Print printers on Windows devices. That replaces the existing Universal Print printer provisioning tool and provides a direct configuration (and integration) option with Microsoft Intune. Based on the provided configurations it retrieves the required printer information from the Universal Print service and installs the printer on the Windows device. This post will go through the available settings in the UniversalPrint CSP and the configuration via Microsoft Intune. Important [Updated: 16-08-22]: Eventually …

Read more

Getting started with Device Control Printer Protection

This week is a follow-up on an earlier post about controlling devices connected to Windows devices. That post was focussed on device control as a feature of Microsoft Defender for Endpoint, in general. This post will specifically focus on Device Control Printer Protection. Device Control Printer Protection is the printer protection feature that can be used to prevent users from printing via non-corporate network printers or non-approved USB-printers. That adds an additional layer of data protection and security. This post will look in more detail at the printer protection configuration options, at applying printer protection and at the experience with printer protection enabled (the user experience and the administrator experience). Note: The configuration options (protect) are available within a Microsoft 365 E3 license and the …

Read more

Getting started with Azure Monitor agent on Windows client devices

This week is about something totally different compared to the last weeks and maybe even months. There have been examples before about gathering additional data of Windows devices and using that information for dashboards and more. Those examples were mainly focused on existing data and custom scripting. This time the focus is on the Azure Monitor agent for Windows client devices. A few months ago Microsoft introduced the Windows client installer that can be used to collect data from desktops, workstations and laptops, in addition to the already existing options for servers and virtual machines. It enables the collection of Event Logs, Performance Counters and more. That could be useful with for example the introduction of AppLocker, to gather events about the behavior of apps. …

Read more