Conditional Access 5 Ways to Screw Up Conditional Access Nowadays where cloud services are available from all over the world we cannot (only) rely on trusted networks and on identities protected by usernames and passwords. Conditional access allows you to define granular
Windows Autopilot Windows Autopilot White Glove Field Notes I'm happy to share some field notes and experiences with the Windows Autopilot White Glove feature which is available with the Windows 10 1903 release. I've done a lot of testing and engineering
Windows Autopilot Windows Autopilot White Glove Error 0x81036501 While testing Autopilot White glove for a customer project my test machines always got stuck within the "Registering your device for mobile management" step and timed out after 12 minutes and returned the
Intune Intune Win32 app requirements deep dive The Intune Win32 app requirements feature is quite underrated and often overseen in my experience. The ability to specify a custom PowerShell scripts allow us to check for specific hardware or device properties
Intune 5 Ways to Screw up your Intune Tenant Here are 5 common recommendations based on misconfigurations I've came across in the field which will give your Intune tenant and devices a hard time to work smoothly. So better read this post
Intune Automating network drive mapping configuration with Intune I'm thrilled to introduce the intune-drive-mapping-generator which creates PowerShell scripts to map network drives with Intune. The tool is open source and built on ASP.NET Core MVC. The intune-drive-mapping-generator is your tool
Intune Intune create and remediate desktop shortcuts Why want you to create desktop shortcuts with Intune? Business specific apps may require special shortcuts in order to launch the application with the right parameters. Or you need to create a shortcut
Azure AD Bypassing Conditional Access Device Platform Policies Recently I read a great article from the Microsoft IAM Director Sue Bohn concerning a Conditional Access Q&A. One question was about the device platform feature - which let's you apply
Azure AD Calling the Microsoft Graph API without a user A colleague recently asked me how to access the Microsoft Graph API using PowerShell without specifying his user account or credentials. So here's a little post about the required configuration to authenticate against
Windows Hello for Business Mastering Windows Hello for Business with your hybrid Identity I had the honor to deploy Windows Hello for Business several times for customers transitioning to a modern workplace using Azure AD and Microsoft Intune to manage their Windows 10 devices - combined
Microsoft Defender ATP Onboard macOS to Microsoft Defender ATP with Microsoft Intune Microsoft Defender ATP (MDATP) for macOS hit finally the public preview status. We can now protect our macOS endpoints with cloud based power. I created a little guide about the onboarding process with
Intune Enroll macOS devices to Microsoft Intune As Microsoft starts to empower the integration for non Windows devices and also the available apps for macOS devices you might want to profit from your existing MDM solution of choice (Microsoft Intune)
Windows 10 Intune configure lid close action When using your notebooks and portable devices together with a docking station your users might like to close the lid. The Windows 10 1903 release introduces additional power CSP settings. One of them
OneDrive for Business Introducing the OneDrive AutoMountTeamSites setting Reviewing the latest OneDrive features I wanted to try the new AutoMountTeamSites setting which lets you preconfigure SharePoint online sites to sync automatically for defined users and devices. Updated on 12.07.2019:
Intune Intune map network drives and execute PowerShell script on each user logon Recently a customer needed a drive mapping solution to access his on premise file shares during his transition phase to a cloud-only workplace. I wanted to share the solution with you because it's
Azure AD Clean up stale Azure AD devices If you are using Azure AD and the time passes you'll have a lot of old device entries. If you enable the automatic device cleanup rule in Microsoft Intune the device is only
Automation Set Office 365 UsageLocation property with Azure automation If you want to assign Microsoft licenses to your Azure AD users e.g. Microsoft 365 E3 licenses you can do this with group based licensing as described here. The problem is that
SwissSkills SwissSkills some thoughts about this years competition That's it. Saturday morning, the day after my SwissSkills 2018 competition in Bern. Waiting for a call to answer even though I know that my performance was not good enough to deserve a
OneDrive for Business Deploy OneDrive KFM with Microsoft Intune OMA-URI OneDrive KFM (Known Folder Move) allows you to redirect common Windows folders (Desktop, Documents and Pictures) to the users personal OneDrive. OneDrive Known Folder Move is the modern replacement for the well known
Intune Windows 10 1803 New MDM Policy CSP Settings Hello. Long time no see. Finally I'm back with a new post. This time I created a nice little list with Windows 10 1803 New MDM Policy CSP Settings for the next Windows
Surface Hub Surface Hub Miracast Connection Error Recently I had to troubleshoot a sticky Surface Hub Miracast Connection error for a customer. They were unable to connect to the surface hub from domain joined devices but a newly installed device
Windows 10 Windows 10 1709 Cannot Access SMB2 Share Guest Access After Upgrading to Windows 10 1709 (Fall Creators Update) I couldn't access my Synology NAS anymore. Therefore I started troubleshooting the Windows 10 1709 Cannot Access SMB2 Share Guest Access error: An error
PowerShell PowerShell Script Test Open TCP Ports Recently I was troubleshooting ADFS connection issues when I discovered a nice little Cmdlet called "Test-NetConnection". With this Cmdelet you can verify TCP connectivity, in my case from a client to
Active Directory Manage Local Administrator Rights Using Group Policy If you imagine that your users or administrators have uncontrolled local administrator rights it's a nightmare. They have (certainly) full control over their computer, and could do a lot of harm. So managing
PowerShell PowerShell Function Validate Object Properties Using ValidateScript Recently I was working on a PowerShell script with many custom functions. When I started to use PowerShell custom objects I wanted to be able to pass them to a function. So I