The goal of this blogpost is to explain more about what happens between the moment that a configurations setting in Microsoft Endpoint Manager (MEM) are created or modified and applied from that point forward to the endpoint. I will cover the options available to validate and monitor if the settings make it to the endpoint,…
Category: Intune
Designing and configuring compliance policies for your Windows Modern Workplace using Microsoft Endpoint Manager
Measuring your managed systems against a baseline has been around for a while, in Microsoft Endpoint Configuration Manager(MECM)/ConfigMgr we can already use one or more Configuration Items combined in a Configuration Baseline to measure and remediate clients against an imported or self created baseline. You can measure for example if the Windows Firewall is enabled…
Updating your Security baselines in Microsoft Endpoint Manager to a newer version
With the 2101 Service Release of Microsoft Intune, released this week (February 1, 2021) Microsoft released a lot of new features (more on that in other blogposts). One of the important changes in this service release is the fact that the security baselines for Windows 10 and Microsoft Defender for Endpoint (formerly Microsoft Defender ATP)…
Mobile Application Management for Mobile Devices with Microsoft Endpoint Manager/Intune deep dive
With Microsoft Intune, there is a lot of focus on the Mobile Device Management (MDM) aspects of the product. This is logical because from a management perspective, if you manage a device using MDM, you can configure almost all settings remotely, something we as System Administrators have been doing for many years. In many situations,…
Speaking at Workplace Ninja Virtual Edition 2020
I’m very proud to announce that I will be speaking at the Workplace Ninja Virtual Edition 2020 event. The Workplace Ninja Virtual Edition 2020 event will take place from Tuesday 25th till Thursday 27th of August 2020 and will contain 45 sessions, spread across 3 days. Each day will provide 3 tracks, with 5 timeslots….
License requirements for administering Microsoft 365 services
Microsoft licensing is tough and vague but something we must deal with while implementing our solutions. I’m also aware that some of the features I describe on my blog are only available in the most expensive licensing options Microsoft provides, making some of the features I describe not usable for some of my readers. Update…
A guide to implementing Applocker on your Modern Workplace
At our last Windows Management User Group Netherlands meeting, we had the honor to have Sami Laiho, one of the world’s leading professionals in the Windows OS and Security flying over to the Netherlands and present for our user group. In his presentation titled: “Securing Windows in 2020 and forward”, Sami made us aware that…
Implementing RBAC and Scoping in Microsoft Intune
When you create an Intune tenant within your environment, you execute the creation with an account which is Global Administrator within Azure Active Directory. And in my work as an indendent consultant I see a lot of companies which keep using the account with Global Administator rights to manage their Microsoft Intune environment as well….
Intune: Choosing whether to assign to User or Device Groups
One of the disadvantages of being an experienced consultant in IT is the fact that once in a while you need to re-learn. With re-learn I mean that for some concepts it’s easier to understand how it works if you come from no-experience. I’ve experienced this with quite some Microsoft products as well. If you…
What are Guided Scenarios in Microsoft 365 Device Management/Intune?
While browsing the new Microsoft 365 Device Management portal I noticed the following option: “Guided scenarios (preview)”. From the What’s new in Intune page it seems that this functionality was released in the release of October 14th 2019. Disclaimer: This post is written on Oktober 29th 2019 and reflects the state of this functionality at…
iOS restore behaviour when re-enrolling devices with backup data into Intune
While implementing Intune at my customers I rarely encounter green field implementations where computers and mobile devices are newly delivered and no data needs to be restored on the device. Most of the time, the devices are already in use and we need to figure out some strategy to deal with the data from the…