In March 2021, I published the blogpost “Configuring Windows Update for Business settings for your Microsoft Endpoint Manager managed Modern Workplace“, in that blogpost I described the Windows Update for Business (WUfB) configuration I used, based on the best practices defined by Microsoft defined in their paper titled: “Optimizing Windows 10 Update Adoption“, which is…
Category: Windows 10
Gradual rollout options for upgrading to Windows 11 are now available in Microsoft Endpoint Manager
Microsoft has made available service release 2111 for Microsoft Endpoint Manager, this release contains a lot of updates which are described on the What’s new page, see: Week of November 15, 2021 (Service release 2111). Some of the updates are related to who we can gradually rollout to Windows 11, which is reflected in the…
With Windows Update for Business configured, will my devices automagically start updating to Windows 11?
Tomorrow, on October 5th Microsoft will make Windows 11 Generally Available. Many of my customers already asked if this will have any impact on their existing deployment rings. Here is what I know so far. Microsoft released the following documentation: Plan for Windows 11 and Prepare for Windows 11. On the page they mention the…
Customizing the Microsoft Endpoint Manager company portal and my experiences doing so.
The Microsoft Company Portal app is a cross platform app available in the app stores of Apple, Android and Microsoft. The app, depending on the installed platform provides several options depending on the scenario it’s used in. In my implementations of Windows 10 Modern Workplaces the Company Portal is one of the apps which always…
Designing and configuring compliance policies for your Windows Modern Workplace using Microsoft Endpoint Manager
Measuring your managed systems against a baseline has been around for a while, in Microsoft Endpoint Configuration Manager(MECM)/ConfigMgr we can already use one or more Configuration Items combined in a Configuration Baseline to measure and remediate clients against an imported or self created baseline. You can measure for example if the Windows Firewall is enabled…
Configuring Windows Update for Business settings for your Microsoft Endpoint Manager managed Modern Workplace
Keeping Microsoft windows devices up-to-date has been a challenge I have been dealing with for a long time now. Within Microsoft Endpoint Configuration Manager/ConfigMgr getting grips on your updates was and is not an easy experience which you configure once and never have to touch again. If you in todays world are using Microsoft Endpoint…
Have you already started your journey towards Passwordless authentication on your Modern Workplace?
One of the main Identity related topics during Microsoft Ignite March 2021 edition was passwordless. Microsoft announced at the event that passwordless authentication is now generally available, and Microsoft is now urging their customers to start their journey towards passwordless. As the name implies, going passwordless means that we will get rid of passwords for…
Create Powershell Session is failed using OAuth when using the Exchange Online V2 PowerShell module
Update: Since September 2022, the v3.0 PowerShell module of Exchange Online is available, which when used solves this issue as well. You can update your existing PowerShell module by running the following command. Update-Module -Name ExchangeOnlineManagement Today, while wanting to check some settings in our Exchange Online environment, I ran into an issue where the…
Announcing #WPNinjasNL Tuesdays Webinar #21, Tuesday March 16, featuring Patrick van den Born and Rick Stijnman
For next week, Tuesday, March 16 we are proud to announce that Patrick van den Born and Rick Stijnman will be hosting a session about: Deploying Windows 10 Multi User with Azure DevOps, Terraform and Packer Session abstract: At the moment, terms such as DevOps, SCRUM, Infrastructure-as-Code, WVD, Cloud, etc. are all kinds of things…
Demystifying Windows 10 in cloud configuration
On February 2, 2021 Microsoft announced “Windows 10 in cloud configuration”, when reading the title I was immediately interested to find out what that meant. Hence, even Mary Jo Foley wrote an article on the subject: Microsoft makes available Windows 10 ‘in cloud’ configuration settings for IT admins Let’s dive in deeper and see. Microsoft…
Updating your Security baselines in Microsoft Endpoint Manager to a newer version
With the 2101 Service Release of Microsoft Intune, released this week (February 1, 2021) Microsoft released a lot of new features (more on that in other blogposts). One of the important changes in this service release is the fact that the security baselines for Windows 10 and Microsoft Defender for Endpoint (formerly Microsoft Defender ATP)…
Enabling Self Service Password Reset (SSPR) for your Modern Workplace users
On modern workplaces we use authentication techniques provided by Windows Hello for Business, like biometric and PIN. Due to this, user don’t login with their password all the time. Nowadays Microsoft even recommends to not set any password expiration policies because passwords which expire make users select predictable passwords, composed of sequential words and numbers…
Designing and building your Microsoft Endpoint Manager/Intune environment for Operations
In my work as a modern workplace consultant, I see a lot of Microsoft Endpoint Manager/Intune environments. Many of these environments have been build based on trial and therefore it lacks structure and overview. Most of the environments have been built from scratch, adding and removing functionality until a point was reached where the solution…
A guide to implementing Applocker on your Modern Workplace
At our last Windows Management User Group Netherlands meeting, we had the honor to have Sami Laiho, one of the world’s leading professionals in the Windows OS and Security flying over to the Netherlands and present for our user group. In his presentation titled: “Securing Windows in 2020 and forward”, Sami made us aware that…
Challenges while managing administrative privileges on your Azure AD joined Windows 10 devices
By default, on Windows 10 devices which are Azure AD joined, the user performing the join is added to the Local Administrator group. Besides the user and the local administrator (which is disabled by default), two other SIDs are added without any friendly name which explain who they are. So where are those SIDs coming…