Creating a computer group as a function

Introduction To use Machine Groups in our Automation Account inventory we must first create a group by saving a kql query as a function. Requirements – Azure Subscription – if you do not already have a subscription, you can get a free trial here – Log Analytics workspace configured (See

Continue to read »

How to manage servers using Azure Arc – Part 2

Part 2 – Fundamental’s (Log Analytics workspace and Automation Account) Introduction Azure Arc relies on other Azure services to be able to manage machines. Particularly Log Analytics and Automations Accounts.   So, to take advantage of management features like Update management, change tracking etc. we must setup a Log Analytics

Continue to read »

How to manage servers using Azure Arc part 1

How to manage servers using Azure Arc part 1 Introduction In this new series we will cover how to manage your server environment using Azure Arc. But first, what is Azure Arc? Azure Arc is the place to manage your servers if you are allowed to have them internet connected.

Continue to read »

How to configure Windows 365 Enterprise Azure AD join

Windows 365 Enterprise Azure AD join – Microsoft Hosted Network.   Introduction Many of us have been waiting for native Azure AD join for Windows 365 Enterprise since its release in August 2021. But wait no longer! The native Azure AD join support has finally become a reality. In this

Continue to read »

How to secure Windows 365 using a FIDO2 security key

Secure your Windows 365 Cloud PC(s) with Conditional Access and FIDO2 security keys. Introduction We have already written about FIDO2 security keys on several occasions (I will add the links below), which has inspired me to see how I could secure Windows 365 using Conditional Access and a FIDO2 security

Continue to read »

Intune multi app kiosk mode using the new Microsoft edge

Introduction This is my notes while playing around with kiosk. I was testing the brand-new Kiosk setting for the new Microsoft Edge and the only result I got out of that was a non-working device. Eventlog saying MDM Session: Failed to get AAD Token for sync session User Token: (Unknown

Continue to read »

MEMCM debug in-place upgrade (IPU) using Azure blob

Introduction A couple weeks ago I showed you how to get vital logs from a client without disturbing the user. This blog post will cover how to deal with in-place upgrades that did not go as expected. Now as most people still work from home, it can be difficult to

Continue to read »

Modern Roaming Profile – Enterprise State Roaming (ESR) + UE-V

     Introduction Enterprise State Roaming is available to any organization with an Azure AD Premium or Enterprise Mobility + Security (EMS) license. It enables users to sync user- and application settings across devices. It is an upgraded version of what you probably know as Roaming profile, but with no

Continue to read »

Microsoft Defender ATP

This time we will take a closer look on how easy it is to onboard clients into Microsoft Defender Advanced Threat Protection with System Center Configuration Manager. First we will go the the Microsoft Defender Security Center On this page we select Settings – Onboarding – Windows 10 –

Continue to read »

Azure Bastion

Since we now have Azure Bastion in preview it’s time to take a closer look. Azure Bastion will allow us to have private RDP and SSH access to our Virtual Machines from a HTML5 Web Browser over SSL. We can do this without using public IP address on the VM.

Continue to read »

Desktop Analytics

Desktop analytics is now available but only integrated with SCCM, so no Intune configuration for now, but let’s give it a test spin. We will start by clicking Desktop Analytics in Microsoft 365 Device Management or by using this direct link Select Start. Then we need to Accept service

Continue to read »

Azure Sentinel

Since we have Azure Sentinel in preview, let’s give it a test spin. Azure Sentinel is a cloud-native security information and event manager (SIEM) platform that uses built-in AI to help analyze large volumes of data across the enterprise. Azure Sentinel aggregates data from a lot of sources, including users,

Continue to read »

Azure Portal Application

We now have an Azure portal application available on Windows, I haven’t found a lot of information but you can download the Application here: It will install in your user profile in C:Users[user]AppDataLocalMicrosoftAzurePortalProduction At the time of writing the downloaded version is, but just a hour ago it

Continue to read »

Azure Privileged Identity Management – Part 1

Administrating resources and services in a company has always been a challenge and most companies struggle with assigning the right level of access. On one hand administrative privileges are needed to ensure productivity and implementation of new services, while on the other hand these privileges are under attack from adversaries.

Continue to read »

Azure KMS Server

You might find yourself in a situation where you want all your computers to activate using Active Directory based activation except for your Azure VM’s, they should use the Azure KMS server. By default, when Active Directory based activation is enabled all computers on your domain will use Active Directory

Continue to read »

Enterprise State Roaming

This time I will have a quick test-drive of the Enterprise State Roaming Feature (ESR) with a hybrid Azure AD joined device, for those of us still using our own AD. Enterprise State Roaming will offer a secure synchronization of user settings from Windows and applications to the cloud. You

Continue to read »

Azure PowerShell Az module

Starting in December 2018, the Azure PowerShell Az module is in general release and now the intended PowerShell module for interacting with Azure. Az offers shorter commands, improved stability, and cross-platform support. Az also offers feature parity and an easy migration path from AzureRM. Az uses the .NET Standard library,

Continue to read »

Join Windows 10 to Azure Active Directory

This time lets try to join a Windows 10 client build 10061 to Azure AD. First we need to enable Device Registration Azure AD. open the Azure portal and browse to your Directory, select Configure and select Yes on Enable Device Registration, then save the change: On the Windows 10

Continue to read »
Search blog posts
Modern Workplace consultant and a Microsoft MVP in Enterprise Mobility.
Modern Workplace consultant and a Microsoft MVP in Windows and Devices for IT.

Infrastructure architect with focus on Windows Client management & security.

Cloud & security specialist with focus on Microsoft backend products and cloud technologies.

Infrastructure architect with focus on design, implementation, migration and consolidation.

Infrastructure consultant with focus on cloud solutions in Office365 and Azure.

follow us in feedly

Follow on SoMe