Lars Lohmann

Non-Destructive PIN reset

When we use Windows Hello for Business and a user forgets the PIN, it can be reset directly from the sign-in page. By default, this will be a destructive PIN reset, the existing PIN, and underlying credentials, including any keys or certificates added to their Windows Hello container, will be

Continue to read »

Windows Hello for Business Cloud Trust

We have a lot of customers who use Windows Hello for Business Azure AD joined Key trust. But now that Windows Hello for Business cloud trust is available (preview), we expect to see a move towards Cloud Trust, maybe this could also be interesting for your setup? Key trust is

Continue to read »

SharePoint integration with Azure AD B2B

When we share data In SharePoint with a user outside our directory, SharePoint will by default use a one-time code sent to the user so the user can verify their identity. This is also the case with OneDrive and if you do it from teams using open in SharePoint. But

Continue to read »

Group writeback in Azure AD

This time we will take a closer look at the new group writeback functionality in Azure AD. I really think this will open a lot of possibilities also on-premises. Prerequisites Azure AD Premium license Azure AD Connect version 2021 December release or later. Enable Azure AD Connect group writeback But

Continue to read »

Welcome to MEM tips and tricks

  This is the first video on the brand new MEM tips and tricks YouTube site created by Mindcore’s Mattias Melkersen. The place to see and learn practical endpoint management skills in the real world.    

Continue to read »

Identity Protection and guests

This time we will have a closer look at Identity Protection and possible impact for guest users (B2B collaboration users).   So in order to test this out we will create a Identity protection user risk policy requiring all users to change password if there risk is calculated to medium

Continue to read »

Creating a Simple No Code Custom Apps in Microsoft Teams

  With the massive growth of Microsoft Teams since the start of the global COVID19 pandemic and Microsoft’s focus on pushing Teams as its primary collaboration interface. Organisations are now looking at how Teams can be used to optimise their End User experience by customising the solution to meet their

Continue to read »

Microsoft Endpoint Manager tenant attach

Now that we have tenant attach available let’s have a closer look. Microsoft is now bringing Configuration Manager and Intune closer together in a the console Microsoft Endpoint Manager admin center (https://endpoint.microsoft.com/). Starting in Configuration Manager version 2002, we can upload Configuration Manager devices to the admin center and start

Continue to read »

Defender tamper protection

When our clients get unwanted guests, one thing they will often try is to disable Windows security features, like our antivirus protection. Now with the right license in place we can prevent this from occurring, the following actions can be prevented: Disabling virus and threat protection Disabling real-time protection Turning

Continue to read »

Windows Virtual Desktop and Azure File Shares

In our original series on Windows Virtual Desktop we used a standard file server to host the FSLogix Profiles, this was the only option at the time – if used together with our on-premises Active Directory. Now it’s possible to use Azure file shares and on-premises Active Directory together (Preview

Continue to read »

Azure AD support for FIDO2 in hybrid environments

Last year we wrote about Azure AD and password-less sign-in http://blog.mindcore.dk/2019/07/azure-ad-and-password-less-sign-in.html Now we also have support (Public preview) for this in hybrid environments, so let’s try it out. We will use the same Yubico security NFC as last time. First thing we need to be aware of is that we

Continue to read »

Windows Virtual Desktop – Part 5

This is part 5 of our posts regarding Windows Virtual Desktop, until now we have covered: Part 1 – Created a Windows Virtual Desktop tenant – Part 1 Part 2 – Created a service principal and some customization of our on-premises AD – Part 2 Part 3 – Provisioning a

Continue to read »

Windows Virtual Desktop – Part 4

This is part 4 of our posts regarding Windows Virtual Desktop, until now we have covered: Part 1 – Created a Windows Virtual Desktop tenant – Part 1 Part 2 – Created a service principal and some customization of our on-premises AD – Part 2 Part 3 – Provisioning a

Continue to read »

Windows Virtual Desktop – Part 3

This is part 3 of our posts regarding Windows Virtual Desktop, until now we have covered: Part 1 – Created a Windows Virtual Desktop tenant – Part 1 Part 2 – Created a service principal and some customization of our on-premises AD – Part 2 In this part we will

Continue to read »

Windows Virtual Desktop – Part 2

This is part 2 of our posts regarding Windows Virtual Desktop, until now we have covered: Part 1 – Created a Windows Virtual Desktop tenant – http://blog.mindcore.dk/2019/11/windows-virtual-desktop-part-1.html Now let’s continue and create a service principal. We will create the service principal with PowerShell, in order to do that you will

Continue to read »

Windows Virtual Desktop – Part 1

This time we will take a look at Windows Virtual Desktop in Azure. We will connect this cloud solution to our own infrastructure so that we can use on-premises services as well. In order to make this work we already have a Site-to-Site VPN gateway connection setup to connect our

Continue to read »

Office 365 – problem

On Tuesday we identified a “funny” little thing when using the web version of outlook. If we invited an internal user to a meeting and that user only had two letters in his alias the invite failed (xx@domain.com), invitations to internal people with mail addresses that had more that two

Continue to read »

Access to Teams based on our own extension attributes – PowerShell

In the last two post we looked at extending Azure AD with our own attributes http://blog.mindcore.dk/2019/10/azure-ad-extension-attributes.html and how to use this attribute to dynamically grant access to a Microsoft team http://blog.mindcore.dk/2019/10/access-to-teams-based-on-our-own.html. This time we will create the team and dynamic group using PowerShell instead. In order to do this we

Continue to read »

Access to Teams based on our own extension attributes

In our last post we looked at extending Azure AD with our own attributes http://blog.mindcore.dk/2019/10/azure-ad-extension-attributes.html Now let’s try to dynamically allow access to a Microsoft team based on the attribute. First we create a Team in Microsoft teams. In teams we create a new private team called TestTeam. We will

Continue to read »

Azure AD extension attributes

This time we will try to extend our Azure AD directory with a new attribute, we will in a later post use this attribute for dynamic groups and team access. But let’s get started, we will in this test attach the extension attribute to users, but it can be assigned

Continue to read »

Microsoft Defender ATP

This time we will take a closer look on how easy it is to onboard clients into Microsoft Defender Advanced Threat Protection with System Center Configuration Manager. First we will go the the Microsoft Defender Security Center https://securitycenter.windows.com/ On this page we select Settings – Onboarding – Windows 10 –

Continue to read »

Azure Bastion

Since we now have Azure Bastion in preview it’s time to take a closer look. Azure Bastion will allow us to have private RDP and SSH access to our Virtual Machines from a HTML5 Web Browser over SSL. We can do this without using public IP address on the VM.

Continue to read »

Desktop Analytics

Desktop analytics is now available but only integrated with SCCM, so no Intune configuration for now, but let’s give it a test spin. We will start by clicking Desktop Analytics in Microsoft 365 Device Management or by using this direct link https://aka.ms/desktopanalytics Select Start. Then we need to Accept service

Continue to read »
Search blog posts
Authors
Modern Workplace consultant and a Microsoft MVP in Enterprise Mobility.
Modern Workplace consultant and a Microsoft MVP in Windows and Devices for IT.

Infrastructure architect with focus on Modern Workplace and Microsoft 365 security.

Passionate IT professional with 20+ experience in IT architecture, consulting, and design. 

Cloud & security specialist with focus on Microsoft backend products and cloud technologies.

Infrastructure architect with focus on design, implementation, migration and consolidation.

Infrastructure consultant with focus on cloud solutions in Office365 and Azure.

follow us in feedly
Categories

Follow on SoMe