Windows 10

MEMCM debug using Azure blob

Introduction Transitioning more and more to modern, many strive to get rid of the classic VPN for their endpoints. As we have more options managing endpoint without building a large and complex infrastructure it become natural to disconnect the traditional access model and build more enterprise applications to authenticate with

Continue to read »

Transition from legacy WSUS to Windows Update for Business

Introduction In this blog post I will describe how you can transition to Windows Update for Business from a legacy WSUS environment. It is easy to just set it up “modern management” so to speak but managing legacy systems and make sure every system works and get its updates from

Continue to read »

Manage security polices directly from the cloud without co-management

Introduction When you use the Configuration Manager tenant attach scenario, you can deploy endpoint security policies from Intune to devices you manage with Configuration Manager. Prerequisites Tenant attach CMG (only if you need it to apply policies to internet based devices) Configuration Manager current branch version 2006 or later, with

Continue to read »

Windows and Office deployment lab kit

Introduction Microsoft just introduced an updated kit for IT pros to plan, test and validate deployment and management of desktops running Windows 10 Enterprise and Microsoft 365 Apps for enterprise. This was earlier known as “Windows insider lab for Enterprise” or “Olympia”.   The lab will cover technologies: Microsoft Endpoint

Continue to read »

Modern Roaming Profile – Enterprise State Roaming (ESR) + UE-V

     Introduction Enterprise State Roaming is available to any organization with an Azure AD Premium or Enterprise Mobility + Security (EMS) license. It enables users to sync user- and application settings across devices. It is an upgraded version of what you probably know as Roaming profile, but with no

Continue to read »

Microsoft Endpoint Analytics – Proactive remediations

Introduction Proactive remediations in Endpoint analytics will help your organization to fix common issues automatically. Stuff that you know are broken or reoccur can be automated and your helpdesk and Admins will save time. It can also be used for monitoring in your environment, and in this blog post I

Continue to read »

Step by step Autopilot scenarios

Last updated 14.08.2020 Introduction I have written the following blog to share some of the valuable sources of information I have discovered while developing my knowledge related to the rollout of Modern Workplace clients using Microsoft365 Intune and Autopilot. Instead of a standard how to guide I have decided to

Continue to read »

Automatic bitlocker installation on Windows 10

  One of my top recommendations is to always encrypt fixed drives. This recommendation is even more relevant in a world where a large percentage of the workforce is mobile and carries around laptops with access to corporate data, or even worse has corporate data on their laptops. For this

Continue to read »

Azure AD support for FIDO2 in hybrid environments

Last year we wrote about Azure AD and password-less sign-in Now we also have support (Public preview) for this in hybrid environments, so let’s try it out. We will use the same Yubico security NFC as last time. First thing we need to be aware of is that we

Continue to read »

Desktop Analytics

Desktop analytics is now available but only integrated with SCCM, so no Intune configuration for now, but let’s give it a test spin. We will start by clicking Desktop Analytics in Microsoft 365 Device Management or by using this direct link Select Start. Then we need to Accept service

Continue to read »

Azure AD and password-less sign-in

One of the interesting solutions a lot of us has been waiting for is now in public preview – password-less sign-in with Azure Active Directory (Azure AD). We have been able to use it with personal Microsoft accounts, but now we also can start testing with Azure AD accounts. So

Continue to read »

Edge Insider and group policy support

I have been using the Edge Insider (Chromium), for awhile and I am impressed. You can find the download here, and not only for Windows 10 as shown here: We now also have a preview of an admx file (Policy settings). You can find the preview here The

Continue to read »

Mindcore Tech and SSPR follow-up

Yesterday at our Mindcore Tech meeting, one of our test sceneries did not work as expected. We did not get the reset password option on the Windows 10 insider build. The reason behind was “just” some missing configuration in the lab we build during the meeting In order to

Continue to read »

Connect Microsoft Store for Business with Intune

This time let’s try to connect Store for Business with Intune and deploy the Company Portal to all users. First thing to do is to register Store for Business, so sign in to using the same tenant account you use to sign into Intune. Select Manage: Click Settings –

Continue to read »

Azure AD Password Protection

We now have Azure AD Password Protection generally available, this will allow us to eliminate easily guessed passwords. By using it we can lower the risk of password spray attacks. Password spraying is using a large number of usernames and loops them with a single password, this will give a

Continue to read »

Azure AD Password Reset on login screen

In one of the last posts we enabled SSPR in our hybrid environment. This time let’s enable password reset on the Windows 10 clients login screen. Before we start we need to be aware of the following: Supported on Windows 10, version April 2018 Update (1803). Device must be

Continue to read »

Windows Defender Application Guard – Settings

Let take one more look at the Windows Defender Application Guard. You can find the previous posts about WDAG here: Testing Windows Defender Application Guard on a VM Windows Defender Application Guard In the last post we saw that by default we were not allowed to do copy and paste

Continue to read »

Windows Defender Application Guard

This time let’s give Windows Defender Application Guard a very simple test: You can test this on a physical client or a Hyper-v client, take a look here for the requirements: Testing Windows Defender Application Guard on a VM The test will be done in an enterprise Active Directory domain

Continue to read »

Testing Windows Defender Application Guard on a VM

If you want to test Windows Defender Application Guard your test environment must meet the requirements: A 64-bit computer with minimum 4 cores (logical processors) with CPU virtualization extension, minimum 8GB RAM and 5 GB free space. But what if we want to test this on a virtual Windows 10

Continue to read »
Search blog posts
Modern Workplace consultant and a Microsoft MVP in Enterprise Mobility.
Modern Workplace consultant and a Microsoft MVP in Windows and Devices for IT.

Infrastructure architect with focus on Modern Workplace and Microsoft 365 security.

Microsoft specialist with focus on Sentinel and security.

Passionate IT professional with 20+ experience in IT architecture, consulting, and design. 

Cloud & security specialist with focus on Microsoft backend products and cloud technologies.

Infrastructure architect with focus on design, implementation, migration and consolidation.

Infrastructure consultant with focus on cloud solutions in Office365 and Azure.

follow us in feedly

Follow on SoMe