Windows LAPS (Local Administrator Password Solution) is an easy to use solution provided by Microsoft to manage local administrator account on Windows devices. If you have your organization devices enrolled into Microsoft Intune and Azure AD then you can use my step by step guide on Implementation of Windows LAPS …
Rotating the Local Administrator account password is an essential security practice to protect your organization’s devices from unauthorized access. It makes it easier to manage a Local administrator account and its password when you are using Windows LAPS which can be configured using Microsoft Intune. Windows 10 / 11 provides …
You may need to delete a local user account when its not in use any more or to perform a cleanup of local user account across all your organization devices. Whichever may be the reason, you can easily delete a local user account on a Windows 10 or Windows 11 …
Its a good security practice to keep built-in local Administrator account disabled and do not use for any activities on a windows device. By default its disabled already for you on a windows 10 device. Please note that when you boot your Windows device into Safe mode, Administrator account will …
In my previous blog post, which shows how to create a local admin account using Intune, I have created a local user account and added it to the local Administrators group using a custom device configuration profile and using OMA-URI settings. In this blog post, We will see a different …
Windows Local Administrator Password Solution (LAPS) is a free tool from Microsoft that allows you to manage and rotate local administrator passwords on Windows devices. By default, local administrator passwords on Windows devices are the same across all devices, which can be a security risk. LAPS solves this problem by …
In this blog post, we will see how to block or whitelist chrome extensions using Intune. This will give you greater control over which extensions can be used on your organization’s devices, helping to keep your data secure and your employees productive. Allowing users to install extensions in browsers can …
In this blog post, we will see how to block or whitelist Edge extensions using Intune. This will give you greater control over which extensions can be used on your organization’s devices, helping to keep your data secure and your employees productive. Allowing users to install extensions in browsers can …
Recently I was reported an error message which occured when a user tried to access Outlook on the Web (Outlook WebApp). User was unable to access the emails via Outlook on the web but can access emails using Outlook desktop client. There could be many reasons which results in 500 …
Azure AD security group is used to group users and devices. We can then use the Azure AD security group to apply Device configuration policies or deployment of apps on those devices. You can add members into Azure AD group either manually or by using a Dynamic membership rule. My …
With Intune, you can create and manage local admin accounts on your Windows 10 devices, which is particularly useful for managing devices that are not connected to a domain. You can easily create a local user account and then add it to Administrators group using Intune. If you are managing …
Recently I was working on user’s migration from one domain to another. Therefore, to migrate the users over to the new domain, I simply logged on to Microsoft 365 admin center and updated users User principal Name (UPN) to the new one. UPN in Microsoft 365 is used by users …
Default apps in Windows are the programs or applications that are set to automatically open and handle specific file types on your computer. For example: When you open a document with .docx extenstion, it will open it in Microsoft word. A saved document with .pdf extention will open in Adobe …
One of the essential tasks in Intune is to synchronize policies and profiles between devices and Microsoft Intune service. While Intune automatically syncs these updates periodically, there may be times when you need to force a sync manually. You can either go to Settings App on your windows device or …
In an organization’s Office 365 environment, user accounts may need to be disabled for various reasons such as when an employee is leaving the organization or due to security concerns. However, determining when a user account was disabled can be a challenging task. In this blog post, we will see …
As you might be aware of the recent malware attacks which involves Microsoft One Note files. It has been observed that .one file attachments are being sent to users which contains Malware. The malware has the capability to steal credentials related to cryptocurrency wallets, Discord data, as well as web …
Deploying emergency zero-day patches is critical to securing your organization’s devices and networks from cyber threats. With the increase in frequency and sophistication of cyber attacks, organizations need to respond quickly to zero-day vulnerabilities to minimize the risk of data breaches and system downtime. Microsoft Intune, a cloud-based mobile device …
Office 365 is a widely used suite of productivity tools that provides organizations with powerful email capabilities. However, as with any email service, unwanted messages from particular senders or domains can be a significant issue. Fortunately, Office 365 offers several ways to block email addresses or domains to prevent these …
Email communication is an integral part of today’s business world, and it’s hard to imagine our work lives without it. However, with the benefits of email come a few drawbacks as well. One of them is spam emails or unwanted emails from senders or domains that we don’t want to …
You can create block sender list using anti-spam policies. You can add a sender’s email address or domain into this list. The maximum number of Items in the list is around 1000. Inbound emails are automatically protected against spam by using Exchange Online Protection. EOP. There are default Inbound and …
If you are getting unwanted emails from a particular sender email address or multiple different email addresses. You can block it directly in Outlook by using Block Senders list. You can either use Outlook Desktop Client or Outlook for Web (Outlook Web App) to create block list of senders. In …
Exchange Online Protection (EOP) is a cloud based email filtering service which is a part of Microsoft 365. Using EOP, organizations can protect against spam, malware, phishing attacks and other email threats by scanning inbound and outbound emails. EOP is included in all Microsoft 365 organizations with Exchange Online mailboxes. …
While troubleshooting issues related to email delivery, email message header information is really useful information which can help to find root cause of the issue. Recently, It was reported to me that some of the emails sent by the partner company is being Filtered as Spam and Some of the …
Recently it has been notified that Microsoft OneNote files (.one) is packed with malware and then mass-dispatched via email. The malware involved is known to include Redline, Qbot and Shindig but there could be other types of malware included as well. Microsoft Onenote is a digital note-taking app which is …
When you want to deploy any application using Intune, you have to choose from several deployment options available from Microsoft Endoint manager admin center. Line-of-business apps is used for MSI Installer applications. You can use Line-of-business app option for the deployment of a simple .msi file on end user’s devices. …
When you download an application from software vendor’s website. The application installer can be in the form of .msi file or .exe file. Intune provides different ways in which you can deploy the applications on end user devices. Deployment is MSI files using Intune can also be done in two …
Intune is really a powerful device management tool for any organization. You can setup and configure Intune easily and manage your company devices. There are In-built out of the box deployment methods available on Microsoft Endpoint manager admin center. For example, for Deployment of MSI using Intune, there is a …
Most of the organizations create a dynamic Azure AD group to include all autopilot devices using a Dynamic device membership query (device.devicePhysicalIDs -any (_ -contains "[ZTDID]")). This way you can automate the deployment of Autopilot profile, app deployment, Device configuration etc. to all devices using just one Dynamic Azure AD …
There are different ways to Import ADMX template files into Intune. You can either use OMA-URI method to Import ADMX template files or you can use Import ADMX option recently made available on Microsoft Endpoint manager admin center. For importing an ADMX template into Intune, you first need to download …
Settings app contains Gaming which contains Xbox Game Bar, Captures, Game Mode, Xbox Networking related configuration settings. Most of the organizations I have worked with have configured to hide Gaming under Settings app on Windows 10 or Windows 11 devices. In this blog post, I will show you 2 ways …
When you use Game Mode, Windows will prioritize gaming experience by providing system resources to Games to make the gaming experience smoother and better. There are few actions taken in the background when you turn this switch to On. First, it will not allow Windows update to install drivers and …
You can easily integrate Azure DevOps pipelines with any Slack Channel and get notifications of any pipeline related activity in Azure DevOps directly in that slack channel. You can subscribe for builds, releases, YAML pipelines, Approve pipeline stages from slack. In this blog post, we will see how to configure …
You can use Microsoft Intune to upgrade feature update on end user devices. A feature update profile can be created on Microsoft Endpoint Manager admin center from Devices -> Feature Updates for Windows 10 and later (Preview) with the specific release version (for example Windows 10 21H2) you want on …
You can easily deploy and manage Microsoft 365 Apps for Enterprise using Microsoft 365 apps admin center. There are a lot of useful features which are automatically enabled when you start enrolling the devices in to the Inventory. There is no manual step apart from just starting the enrollment process. …
Windows known folders (Desktop, Documents, Picture) move (redirect) to onedrive is highly recommended for all the users in any organizations specially if users are not having a dedicated device. This is also a best practice when users are logging on to Azure virtual desktop or working in a citrix environement. …
Applocker is a set of policies / rules to allow or deny apps from running on your windows device. Applocker helps to improve the overall security of all your devices in your organization by controlling the execution of applications, scripts, dll files, packages apps etc. What are the requirements for …
Microsoft has made it easier to Import third-party ADMX and ADML files in Microsoft Endpoint Manager admin center. Now, you do not need to use custom device configuration profile and OMA-URI to ingest ADMX and configure application or device settings. You can simply download ADMX and ADML files for any …
There is no easy method to download the line of business MSI application setup file which has been uploaded to Intune. Once you create an application deployment in Intune using any method, the files related to the applications are uploaded to the a storage space maintained by microsoft. But there …
Recently I got a requirement to upgrade Zoom Desktop Client to latest version and also at the same time to remove any older zoom desktop client application from all Intune Managed devices (Windows 10 or Windows 11). After spending a lot of time in testing and troubleshooting I finally managed …
When you are troubleshooting an issue with Microsoft Office or Microsoft 365 apps for Enterprises, you may want to completly Uninstall all the Microsoft Office products and removes all traces of it from your device. You can either go to the Control Panel -> Programs and Features to uninstall or …
You can use Microsoft Endpoint Manager Admin Center to easily configure Microsoft Edge browser Home Page, Startup Page and New Tab Page. In my previous blog post, I had shown how you can set Microsoft Edge browser as your default browser on Windows 10 or Windows 11 devices using Microsoft …
Applies to: Windows 10 and Windows 11 Microsoft Edge: Version 77 or later You can set Microsoft Edge as your default browser on a Windows 10 or Windows 11 devices using Microsoft Intune. If all your organization devices are enrolled and managed using Intune, then you can create a Device …
You can monitor your Azure DevOps Repositories and get notified in a slack channel whenever code is pushed/checked in and whenever a pull request (PR) is created, updated or a merge is attempted. In this blog post, we will see how you can integrate Azure DevOps Project with a Slack …
Recently I got a request to manage Zoom settings using Microsoft Intune. The most specific setting which was requested is How to configure autoupdate setting of Zoom desktop client using Intune. There are three options for configuring Zoom Desktop Client. You can use an MSI Installer and deploy using pre-configured …
Zoom desktop client can be installed and configured in bulk on Windows systems using one of below methods: Using MSI Installer. Active Directory administrative templates via GPO or Intune. Updating registry keys on windows machines manually. For mass deployment of zoom with pre-configured settings we will be using MSI Installer …
You can manually force sync Intune Policies or configuration profiles or an application deployment from a target device after they have been assigned. Syncing forces your device to connect with Intune to get the latest updates, requirements, and communications from your organization. You could either wait for the next Intune …
You can exclude certain files, folders or Processes from scanning via Microsoft Defender Anti-virus. Exclusions will get applied to Schduled Scans, On-demand scans and always-on real-time protection and monitoring. Please note that Microsoft Defender Antivirus includes a lot of in-built automatic exclusions based on known operating system behaviours. In case …
In this blog post we will see how to deploy Apache OpenOffice 4.1.12 on Windows 10 / Windows 11 devices using Microsoft Intune. For this deployment we will need to download Apache OpenOffice Windows Installer. The Installer is currently only available as a 32-bit application. Download the application by clicking …
Transport Layer Security (TLS) – TLS protocol is used to provide privacy and data integrity between two communicating applications. SSL and TLS are both cryptographic protocols but because SSL protocols does not providers sufficient level of security compared to TLS, SSL 2.0 and SSL 3.0 have been deprecated. TLS 1.0 …
You can create and retrieve secrets stored in Azure Keyvault by using Azure Portal as well as using command line. In this blog post we will see how to create a secret in Azure Keyvault using AzureCLI and then to retrieve the secret as well. Before we start, we need …
In this blog post, we will see how to create SSH Keys on an Ubuntu server and then use the SSH keys to connect to the server using Putty. First Lets connect to the server by using username root and with password based authentication. Once you are connected to the …
Web content filtering is a part of web protection capabilities in Microsoft defender for Endpoint and Microsoft Defender for business. Web content filtering can be used to track and manage the access to websites based on various content categories. The policies can be applied to either all devices or group …
In this blog post we will see how to deploy an MSI application package using a Powershell script via Microsoft Intune. I will be deploying this application on few Azure AD joined systems which are enrolled into intune already. I will be using an app called eSigner for which MSI …
If you have newly setup Azure Virtual Desktop Environment and you are trying to login to a session host via Windows Desktop Client application or via web client.You may see below error messages. There are two ways users can connect to AVD, one method is via a web client and …
Azure DevTest Lab is a service for easily creating, using, and managing infrastructure-as-a-service (IaaS) virtual machines (VMs) and platform-as-a-service (PaaS) environments in labs. Labs offer preconfigured bases and artifacts for creating VMs, and Azure Resource Manager (ARM) templates for creating environments like Azure Web Apps or SharePoint farms. As per …
In this blog post we will see how to configure auto shutdown schedule of a Virtual machines in Microsoft azure. This is really a useful out of the box feature to save your spending on cloud workloads by shutting down VM’s when not in use. For example, if you know …
Overview Recently I got an error message while performing a sysprep on a Windows 11 machine. I was preparing an Image for Azure Virtual Desktop and during Generalization of Windows 11 system. I received a pop-up error message as shown in below screenshot: Error Message Sysprep was not able to …
You can easily rename a device which is enrolled in Intune. When you take this action, device name is changed In Intune and also device name is changed on that device as well. There are many use cases for this option, for example you have used autopilot on all your …
Security groups are are very useful for managing objects in Azure AD. You can group devices or users and then use the security group to assign permissions or license etc. You can add Devices / Users in the Azure AD security group. You have three types of Azure AD security …
I recently got a requirement where all the office 365 applications for example, Exchange Online / Outlook Client Email Access, Sharepoint Online, One Drive, Microsoft Teams, Microsoft Forms etc. both Online and Installed application access should be blocked from specific devices which were being used by few developers in the …
I recently wanted to administer my sharepoint online sites using Powershell. I installed Sharepoint Online Management shell and then used the command Connect-SPOService. Connect-SPOService -url https://mylab000.sharepoint.com/ whereas the URL given in the end of the Command line is the URL of one of my Sharepoint online site. Error connect-sposervice : …
On Monday May 30, 2022, Microsoft issued CVE-2022-30190 regarding the Microsoft Support Diagnostic Tool (MSDT) in Windows vulnerability. A remote code execution vulnerability exists when MSDT is called using the URL protocol from a calling application such as Word. An attacker who successfully exploits this vulnerability can run arbitrary code …
When you visit any web page via any internet browser for example Google Chrome, the information about the webpage is temporarily stored on your PC. This information contains Images, Audio Files, html pages, CSS styles, Javascript Files etc. Cache saves bandwidth and loads web pages much faster during your next …
WordPress comment form is usually placed at the end of each blog post where blog post readers can provide their feedback about the post, send in their queries and interact with the post author. As the comment is posted and approved by the wordpress site admin, its shown at the …
Recently I got an error message while booting up my Windows 11 laptop. My laptop was working absolutely fine last night but this morning due to low battery, I had connected my laptop to the power source to charge the battery. I also switched on my laptop but due to …
When connecting to Exchange Online Powershell Module v2 using an administrator account, you may get an error message New-ExoPSSession: Create Powershell Session is failed using OAuth. Error Details: New-ExoPSSession : Create Powershell Session is failed using OAuthAt C:\Program Files\WindowsPowerShell\Modules\ExchangeOnlineManagement\2.0.5\netFramework\ExchangeOnlineManagement.psm1:475 char:30… PSSession = New-ExoPSSession -ExchangeEnvironmentName $ExchangeEnviro …~~~~~~~~~~~~~ CategoryInfo : NotSpecified: (:) …
Recently deployed Windows Autopilot solution and to simplify the Autopilot Device registration experience, users are given the capability to register their devices themselves from the OOBE (Out of box experience) page by using the Get-WindowsAutopilotinfo -online command. Some of the organizations may not allow this approach and only want their …
You have created a Conditional Access (CA) Policy in which you have defined a session control for Conditional Access App control setting to blocks the downloads from Microsoft Online services e.g. Sharepoint, Teams, Exchange Online etc. In this policy, you have also excluded the Devices which are compliant by using …
Overview In this article, we will look into the Initial setup of Microsoft Cloud App Security, connect Office 365 app connector and configure basic settings on the Portal. We will create policies to block downloads and then block cut, copy, paste and print while using Microsoft Online applications via browser …
Overview Its recommended to block cut, copy, paste and print of corporate data from an unmanaged device while using Microsoft 365 / Office 365 applications, e.g. Microsoft Teams, Sharepoint, Onedrive, Exchange Online etc. We are categorizing an unmanaged device as Microsoft Intune Non-Compliant device. Using a combination of Conditional Access …
ManageEngine Desktop Central Agent is required for managing client PC’s from Desktop Central Agent. Its a lightweight software which can be deployed on the client’s PC using different methods. If you are using On-Premise Active Directory, then you can use GPO and deploy it using a startup script or if …
What is Work Profile A work profile is setup on an Android device to separate company apps and data from personal apps and data. Personal and work profiles have separate storage areas on Android phone. Therefore, for an IT Admin it makes it easier to manage and secure the data. …
When you have configured Microsoft Intune as per your organization requirements and try to Azure AD Join a Windows 10 device you get a pop-up message saying “Something went wrong.” with the error message “This feature is not supported.Contact your system administrator with the error code 80180014“. You may get …
What is Microsoft Intune ? Microsoft Intune which was previously known as Windows Intune is a part of Microsoft Cloud based Mobile device Management (MDM), Mobile Application Management (MAM) and Windows 10 PC Management Solution. No On-Premise Infrastructure is required for using this service from Microsoft and it can be easily managed using Microsoft Endpoint …
In this blog post, we will see how to add, assign, delete and monitor Managed Google Play store apps using Microsoft Intune. To Apply App Protection Policies or App configuration Policies, you will need to add the apps and assign it to the users. If you want to manage iOS store …
In this blog post, we will see how to add, assign, delete and monitor iOS Store Apps using Microsoft Intune. To Apply App Protection Policies or App configuration Policies, you will need to add the apps and assign it to the users. If you want to manage Google Play store …
There are few way in which Android devices can be enrolled. It totally depends upon your requirement of which type of Android enrollment you will use for android devices. For example, if your company allows Personal Android Phones (BYOD) to be used for accessing the company data, you can go …
In this post we will see how to configure Apple MDM Push Certificate which is required to manage Apple devices using Microsoft Intune. We will be using Microsoft Endpoint Manager admin center portal and Apple Push Certificate Portal to configure it. If you are looking to renew Apple MDM Push …
