When you want to deploy any application using Intune, you have to choose from several deployment options available from Microsoft Endoint manager admin center. Line-of-business apps is used for MSI Installer applications. You can use Line-of-business app option for the deployment of a simple .msi file on end user’s devices. …
When you download an application from software vendor’s website. The application installer can be in the form of .msi file or .exe file. Intune provides different ways in which you can deploy the applications on end user devices. Deployment is MSI files using Intune can also be done in two …
Intune is really a powerful device management tool for any organization. You can setup and configure Intune easily and manage your company devices. There are In-built out of the box deployment methods available on Microsoft Endpoint manager admin center. For example, for Deployment of MSI using Intune, there is a …
Most of the organizations create a dynamic Azure AD group to include all autopilot devices using a Dynamic device membership query (device.devicePhysicalIDs -any (_ -contains "[ZTDID]")). This way you can automate the deployment of Autopilot profile, app deployment, Device configuration etc. to all devices using just one Dynamic Azure AD …
There are different ways to Import ADMX template files into Intune. You can either use OMA-URI method to Import ADMX template files or you can use Import ADMX option recently made available on Microsoft Endpoint manager admin center. For importing an ADMX template into Intune, you first need to download …
Settings app contains Gaming which contains Xbox Game Bar, Captures, Game Mode, Xbox Networking related configuration settings. Most of the organizations I have worked with have configured to hide Gaming under Settings app on Windows 10 or Windows 11 devices. In this blog post, I will show you 2 ways …
When you use Game Mode, Windows will prioritize gaming experience by providing system resources to Games to make the gaming experience smoother and better. There are few actions taken in the background when you turn this switch to On. First, it will not allow Windows update to install drivers and …
You can easily integrate Azure DevOps pipelines with any Slack Channel and get notifications of any pipeline related activity in Azure DevOps directly in that slack channel. You can subscribe for builds, releases, YAML pipelines, Approve pipeline stages from slack. In this blog post, we will see how to configure …
You can use Microsoft Intune to upgrade feature update on end user devices. A feature update profile can be created on Microsoft Endpoint Manager admin center from Devices -> Feature Updates for Windows 10 and later (Preview) with the specific release version (for example Windows 10 21H2) you want on …
You can easily deploy and manage Microsoft 365 Apps for Enterprise using Microsoft 365 apps admin center. There are a lot of useful features which are automatically enabled when you start enrolling the devices in to the Inventory. There is no manual step apart from just starting the enrollment process. …
Windows known folders (Desktop, Documents, Picture) move (redirect) to onedrive is highly recommended for all the users in any organizations specially if users are not having a dedicated device. This is also a best practice when users are logging on to Azure virtual desktop or working in a citrix environement. …
Applocker is a set of policies / rules to allow or deny apps from running on your windows device. Applocker helps to improve the overall security of all your devices in your organization by controlling the execution of applications, scripts, dll files, packages apps etc. What are the requirements for …
Microsoft has made it easier to Import third-party ADMX and ADML files in Microsoft Endpoint Manager admin center. Now, you do not need to use custom device configuration profile and OMA-URI to ingest ADMX and configure application or device settings. You can simply download ADMX and ADML files for any …
There is no easy method to download the line of business MSI application setup file which has been uploaded to Intune. Once you create an application deployment in Intune using any method, the files related to the applications are uploaded to the a storage space maintained by microsoft. But there …
Recently I got a requirement to upgrade Zoom Desktop Client to latest version and also at the same time to remove any older zoom desktop client application from all Intune Managed devices (Windows 10 or Windows 11). After spending a lot of time in testing and troubleshooting I finally managed …
When you are troubleshooting an issue with Microsoft Office or Microsoft 365 apps for Enterprises, you may want to completly Uninstall all the Microsoft Office products and removes all traces of it from your device. You can either go to the Control Panel -> Programs and Features to uninstall or …
You can use Microsoft Endpoint Manager Admin Center to easily configure Microsoft Edge browser Home Page, Startup Page and New Tab Page. In my previous blog post, I had shown how you can set Microsoft Edge browser as your default browser on Windows 10 or Windows 11 devices using Microsoft …
Applies to: Windows 10 and Windows 11 Microsoft Edge: Version 77 or later You can set Microsoft Edge as your default browser on a Windows 10 or Windows 11 devices using Microsoft Intune. If all your organization devices are enrolled and managed using Intune, then you can create a Device …
You can monitor your Azure DevOps Repositories and get notified in a slack channel whenever code is pushed/checked in and whenever a pull request (PR) is created, updated or a merge is attempted. In this blog post, we will see how you can integrate Azure DevOps Project with a Slack …
Recently I got a request to manage Zoom settings using Microsoft Intune. The most specific setting which was requested is How to configure autoupdate setting of Zoom desktop client using Intune. There are three options for configuring Zoom Desktop Client. You can use an MSI Installer and deploy using pre-configured …
Zoom desktop client can be installed and configured in bulk on Windows systems using one of below methods: Using MSI Installer. Active Directory administrative templates via GPO or Intune. Updating registry keys on windows machines manually. For mass deployment of zoom with pre-configured settings we will be using MSI Installer …
You can manually force sync Intune Policies or configuration profiles or an application deployment from a target device after they have been assigned. Syncing forces your device to connect with Intune to get the latest updates, requirements, and communications from your organization. You could either wait for the next Intune …
You can exclude certain files, folders or Processes from scanning via Microsoft Defender Anti-virus. Exclusions will get applied to Schduled Scans, On-demand scans and always-on real-time protection and monitoring. Please note that Microsoft Defender Antivirus includes a lot of in-built automatic exclusions based on known operating system behaviours. In case …
In this blog post we will see how to deploy Apache OpenOffice 4.1.12 on Windows 10 / Windows 11 devices using Microsoft Intune. For this deployment we will need to download Apache OpenOffice Windows Installer. The Installer is currently only available as a 32-bit application. Download the application by clicking …
Transport Layer Security (TLS) – TLS protocol is used to provide privacy and data integrity between two communicating applications. SSL and TLS are both cryptographic protocols but because SSL protocols does not providers sufficient level of security compared to TLS, SSL 2.0 and SSL 3.0 have been deprecated. TLS 1.0 …
You can create and retrieve secrets stored in Azure Keyvault by using Azure Portal as well as using command line. In this blog post we will see how to create a secret in Azure Keyvault using AzureCLI and then to retrieve the secret as well. Before we start, we need …
In this blog post, we will see how to create SSH Keys on an Ubuntu server and then use the SSH keys to connect to the server using Putty. First Lets connect to the server by using username root and with password based authentication. Once you are connected to the …
Web content filtering is a part of web protection capabilities in Microsoft defender for Endpoint and Microsoft Defender for business. Web content filtering can be used to track and manage the access to websites based on various content categories. The policies can be applied to either all devices or group …
In this blog post we will see how to deploy an MSI application package using a Powershell script via Microsoft Intune. I will be deploying this application on few Azure AD joined systems which are enrolled into intune already. I will be using an app called eSigner for which MSI …
If you have newly setup Azure Virtual Desktop Environment and you are trying to login to a session host via Windows Desktop Client application or via web client.You may see below error messages. There are two ways users can connect to AVD, one method is via a web client and …
Azure DevTest Lab is a service for easily creating, using, and managing infrastructure-as-a-service (IaaS) virtual machines (VMs) and platform-as-a-service (PaaS) environments in labs. Labs offer preconfigured bases and artifacts for creating VMs, and Azure Resource Manager (ARM) templates for creating environments like Azure Web Apps or SharePoint farms. As per …
In this blog post we will see how to configure auto shutdown schedule of a Virtual machines in Microsoft azure. This is really a useful out of the box feature to save your spending on cloud workloads by shutting down VM’s when not in use. For example, if you know …
Overview Recently I got an error message while performing a sysprep on a Windows 11 machine. I was preparing an Image for Azure Virtual Desktop and during Generalization of Windows 11 system. I received a pop-up error message as shown in below screenshot: Error Message Sysprep was not able to …
You can easily rename a device which is enrolled in Intune. When you take this action, device name is changed In Intune and also device name is changed on that device as well. There are many use cases for this option, for example you have used autopilot on all your …
Security groups are are very useful for managing objects in Azure AD. You can group devices or users and then use the security group to assign permissions or license etc. You can add Devices / Users in the Azure AD security group. You have three types of Azure AD security …
I recently got a requirement where all the office 365 applications for example, Exchange Online / Outlook Client Email Access, Sharepoint Online, One Drive, Microsoft Teams, Microsoft Forms etc. both Online and Installed application access should be blocked from specific devices which were being used by few developers in the …
I recently wanted to administer my sharepoint online sites using Powershell. I installed Sharepoint Online Management shell and then used the command Connect-SPOService. Connect-SPOService -url https://mylab000.sharepoint.com/ whereas the URL given in the end of the Command line is the URL of one of my Sharepoint online site. Error connect-sposervice : …
On Monday May 30, 2022, Microsoft issued CVE-2022-30190 regarding the Microsoft Support Diagnostic Tool (MSDT) in Windows vulnerability. A remote code execution vulnerability exists when MSDT is called using the URL protocol from a calling application such as Word. An attacker who successfully exploits this vulnerability can run arbitrary code …
When you visit any web page via any internet browser for example Google Chrome, the information about the webpage is temporarily stored on your PC. This information contains Images, Audio Files, html pages, CSS styles, Javascript Files etc. Cache saves bandwidth and loads web pages much faster during your next …
WordPress comment form is usually placed at the end of each blog post where blog post readers can provide their feedback about the post, send in their queries and interact with the post author. As the comment is posted and approved by the wordpress site admin, its shown at the …
Recently I got an error message while booting up my Windows 11 laptop. My laptop was working absolutely fine last night but this morning due to low battery, I had connected my laptop to the power source to charge the battery. I also switched on my laptop but due to …
When connecting to Exchange Online Powershell Module v2 using an administrator account, you may get an error message New-ExoPSSession: Create Powershell Session is failed using OAuth. Error Details: New-ExoPSSession : Create Powershell Session is failed using OAuthAt C:\Program Files\WindowsPowerShell\Modules\ExchangeOnlineManagement\2.0.5\netFramework\ExchangeOnlineManagement.psm1:475 char:30… PSSession = New-ExoPSSession -ExchangeEnvironmentName $ExchangeEnviro …~~~~~~~~~~~~~ CategoryInfo : NotSpecified: (:) …
Recently deployed Windows Autopilot solution and to simplify the Autopilot Device registration experience, users are given the capability to register their devices themselves from the OOBE (Out of box experience) page by using the Get-WindowsAutopilotinfo -online command. Some of the organizations may not allow this approach and only want their …
You have created a Conditional Access (CA) Policy in which you have defined a session control for Conditional Access App control setting to blocks the downloads from Microsoft Online services e.g. Sharepoint, Teams, Exchange Online etc. In this policy, you have also excluded the Devices which are compliant by using …
Overview In this article, we will look into the Initial setup of Microsoft Cloud App Security, connect Office 365 app connector and configure basic settings on the Portal. We will create policies to block downloads and then block cut, copy, paste and print while using Microsoft Online applications via browser …
Overview Its recommended to block cut, copy, paste and print of corporate data from an unmanaged device while using Microsoft 365 / Office 365 applications, e.g. Microsoft Teams, Sharepoint, Onedrive, Exchange Online etc. We are categorizing an unmanaged device as Microsoft Intune Non-Compliant device. Using a combination of Conditional Access …
ManageEngine Desktop Central Agent is required for managing client PC’s from Desktop Central Agent. Its a lightweight software which can be deployed on the client’s PC using different methods. If you are using On-Premise Active Directory, then you can use GPO and deploy it using a startup script or if …
What is Work Profile A work profile is setup on an Android device to separate company apps and data from personal apps and data. Personal and work profiles have separate storage areas on Android phone. Therefore, for an IT Admin it makes it easier to manage and secure the data. …
When you have configured Microsoft Intune as per your organization requirements and try to Azure AD Join a Windows 10 device you get a pop-up message saying “Something went wrong.” with the error message “This feature is not supported.Contact your system administrator with the error code 80180014“. You may get …
What is Microsoft Intune ? Microsoft Intune which was previously known as Windows Intune is a part of Microsoft Cloud based Mobile device Management (MDM), Mobile Application Management (MAM) and Windows 10 PC Management Solution. No On-Premise Infrastructure is required for using this service from Microsoft and it can be easily managed using Microsoft Endpoint …
In this blog post, we will see how to add, assign, delete and monitor Managed Google Play store apps using Microsoft Intune. To Apply App Protection Policies or App configuration Policies, you will need to add the apps and assign it to the users. If you want to manage iOS store …
In this blog post, we will see how to add, assign, delete and monitor iOS Store Apps using Microsoft Intune. To Apply App Protection Policies or App configuration Policies, you will need to add the apps and assign it to the users. If you want to manage Google Play store …
There are few way in which Android devices can be enrolled. It totally depends upon your requirement of which type of Android enrollment you will use for android devices. For example, if your company allows Personal Android Phones (BYOD) to be used for accessing the company data, you can go …
In this post we will see how to configure Apple MDM Push Certificate which is required to manage Apple devices using Microsoft Intune. We will be using Microsoft Endpoint Manager admin center portal and Apple Push Certificate Portal to configure it. If you are looking to renew Apple MDM Push …
