Lars Lohmann

Desktop Analytics

Desktop analytics is now available but only integrated with SCCM, so no Intune configuration for now, but let’s give it a test spin. We will start by clicking Desktop Analytics in Microsoft 365 Device Management or by using this direct link Select Start. Then we need to Accept service

Continue to read »

Azure Sentinel

Since we have Azure Sentinel in preview, let’s give it a test spin. Azure Sentinel is a cloud-native security information and event manager (SIEM) platform that uses built-in AI to help analyze large volumes of data across the enterprise. Azure Sentinel aggregates data from a lot of sources, including users,

Continue to read »

ADMX files

This is an updated version of one of our very old articles ADMX files available Also take a look at this post about How to create and manage the Central Store for Group Policy Administrative Templates in Windows And now we are talking policies – I would like to recommend

Continue to read »

Edge based on Chromium has updated policy options

Microsoft has declared the Edge ready for enterprise testing, and by doing so we now have MSI installers and new ADMX files. I have previously written that I am impressed by this new browser, and this has not changed, I still think that Edge (Chromium) has potential to be the

Continue to read »

Azure AD and password-less sign-in

One of the interesting solutions a lot of us has been waiting for is now in public preview – password-less sign-in with Azure Active Directory (Azure AD). We have been able to use it with personal Microsoft accounts, but now we also can start testing with Azure AD accounts. So

Continue to read »

Edge Insider and group policy support

I have been using the Edge Insider (Chromium), for awhile and I am impressed. You can find the download here, and not only for Windows 10 as shown here: We now also have a preview of an admx file (Policy settings). You can find the preview here The

Continue to read »

Mindcore Tech and SSPR follow-up

Yesterday at our Mindcore Tech meeting, one of our test sceneries did not work as expected. We did not get the reset password option on the Windows 10 insider build. The reason behind was “just” some missing configuration in the lab we build during the meeting In order to

Continue to read »

Connect Microsoft Store for Business with Intune

This time let’s try to connect Store for Business with Intune and deploy the Company Portal to all users. First thing to do is to register Store for Business, so sign in to using the same tenant account you use to sign into Intune. Select Manage: Click Settings –

Continue to read »

Office 365 ProPlus and Proofing Tools

This is a quick post about a question I often get – How do we install extra Proofing tools together with Office 365 ProPlus? In the early days of Office 365 C2R we did not have the option to install individual Proofing tools with Office Deployment Tool (ODT). But if

Continue to read »

Azure AD Naming Policy in the portal

Back in March we wrote a post about using PowerShell to create Naming policies for Office 365 groups and teams. Now this feature is available in the Azure portal. Go to Azure Active Directory and Groups: Naming Policy: Since we already added custom blocked words with PowerShell, we can

Continue to read »

Office 365 Message Encryption Templates

We are able to use multiple custom email templates in Office 365. This will allow us to use customized logos and text when sending encrypted emails. By default Office 365 will use the following layout when an external recipient receives an encrypted email:   Let’s try to change this, first

Continue to read »

Azure Portal Application

We now have an Azure portal application available on Windows, I haven’t found a lot of information but you can download the Application here: It will install in your user profile in C:Users[user]AppDataLocalMicrosoftAzurePortalProduction At the time of writing the downloaded version is, but just a hour ago it

Continue to read »

Password-less phone sign-in with the Microsoft Authenticator app

In two of the latest we tested Azure Self-service password reset and integrated the feature with Windows 10: This time let’s use the same user, and enable it to use Password-less phone sign-in with the Microsoft Authenticator app. This feature is in public preview and you need to

Continue to read »

Azure AD Password Protection

We now have Azure AD Password Protection generally available, this will allow us to eliminate easily guessed passwords. By using it we can lower the risk of password spray attacks. Password spraying is using a large number of usernames and loops them with a single password, this will give a

Continue to read »

Azure AD Password Reset on login screen

In one of the last posts we enabled SSPR in our hybrid environment. This time let’s enable password reset on the Windows 10 clients login screen. Before we start we need to be aware of the following: Supported on Windows 10, version April 2018 Update (1803). Device must be

Continue to read »

Azure AD Naming Policy for Office 365 Groups

We can now enforce a Naming Policy for Office 365 Groups, lets give it a test drive. With the Naming Policy feature we can define prefix or suffix that can be automatically added to group names and at the same time we can define words that are blocked from use

Continue to read »

Azure KMS Server

You might find yourself in a situation where you want all your computers to activate using Active Directory based activation except for your Azure VM’s, they should use the Azure KMS server. By default, when Active Directory based activation is enabled all computers on your domain will use Active Directory

Continue to read »

Windows Defender Application Guard – Settings

Let take one more look at the Windows Defender Application Guard. You can find the previous posts about WDAG here: Testing Windows Defender Application Guard on a VM Windows Defender Application Guard In the last post we saw that by default we were not allowed to do copy and paste

Continue to read »

Windows Defender Application Guard

This time let’s give Windows Defender Application Guard a very simple test: You can test this on a physical client or a Hyper-v client, take a look here for the requirements: Testing Windows Defender Application Guard on a VM The test will be done in an enterprise Active Directory domain

Continue to read »

Testing Windows Defender Application Guard on a VM

If you want to test Windows Defender Application Guard your test environment must meet the requirements: A 64-bit computer with minimum 4 cores (logical processors) with CPU virtualization extension, minimum 8GB RAM and 5 GB free space. But what if we want to test this on a virtual Windows 10

Continue to read »

Office Client Policy Service

Microsoft has made the new Office Client Policy Service available as preview, and this is looking promising. The solution is a cloud-based service that can enforce policy settings for Office 365 ProPlus on the office client. This is possible even if the device isn’t domain joined or otherwise managed. The

Continue to read »

Enterprise State Roaming

This time I will have a quick test-drive of the Enterprise State Roaming Feature (ESR) with a hybrid Azure AD joined device, for those of us still using our own AD. Enterprise State Roaming will offer a secure synchronization of user settings from Windows and applications to the cloud. You

Continue to read »

Azure PowerShell Az module

Starting in December 2018, the Azure PowerShell Az module is in general release and now the intended PowerShell module for interacting with Azure. Az offers shorter commands, improved stability, and cross-platform support. Az also offers feature parity and an easy migration path from AzureRM. Az uses the .NET Standard library,

Continue to read »
Search blog posts
Modern Workplace consultant and a Microsoft MVP in Enterprise Mobility.
Modern Workplace consultant and a Microsoft MVP in Windows and Devices for IT.

Infrastructure architect with focus on Modern Workplace and Microsoft 365 security.

Cloud & security specialist with focus on Microsoft backend products and cloud technologies.

Cloud & Security Specialist, with a passion for all things Cybersecurity

Cloud and infrastructure security specialist with background in networking.

Infrastructure architect with focus on design, implementation, migration and consolidation.

Infrastructure consultant with focus on cloud solutions in Office365 and Azure.

follow us in feedly

Follow on SoMe