Quick tip: Blocking screen capture with app protection policies on iOS devices

by

This week a relatively short blog post. Not because it’s challenging to get up-and-running in this new year, but mainly to highlight a change in behavior on iOS devices. That change in behavior is all about app protection policies on iOS devices. For apps that have updated to v19.7.6 or later for Xcode 15 and v20.2.1 or later for Xcode 16 of the SDK, the default screen capture behavior will change. Before that update, blocking the screen capture was not option with app protection policies on iOS devices. That has now changed. Starting with that update, blocking screen capture is available in app protection policies and enabled by default when Send Org data to other apps is configured to anything other than “All apps“. This post will …

Read more

Getting started with Microsoft Connected Cache

by

This new year starts with an introduction to Microsoft Connected Cache and is sort of a follow-up on this post of about 4 years ago. That time it was about the addition of Connected Cache for Win32 apps in Configuration Manager. Now, 4 years later, Connected Cache is available as a standalone product and can be used to serve content for Windows feature and quality updates, Microsoft 365 Apps and updates, Intune apps, Store apps, and Windows Defender definition updates. Basically, Connected Cache is a software-only caching solution for delivering Microsoft content within the environment. It can be managed via the Azure portal and it can be deployed to Windows and Linux hosts. No matter if those hosts are physical or virtual. Connected Cache basically …

Read more

Getting started with Administrator protection

by

This week is all about the new functionality on Windows devices to help protect administrator users. That new functionality is Administrator protection. Administrator protection is aimed at protecting the users while still allowing them to perform their required elevated actions with just-in-time administrator privileges. That makes sure that when dealing with users that have local administrator privileges, instead of those users always having those high privileges, Administrator protection makes sure that those users must consent to actually activate those higher privileges. That makes sure that, by default, the user is now operating according to the least privilege concept and only gets those higher privileges when actually needed. In the end that lowers the attack vector for those users and makes sure that nothing happens without …

Read more

Adding additional hardware properties to the device inventory

by

This week is all about enhancing the device inventory for Windows devices. Device inventory is a new feature in Microsoft Intune that is specifically focused on enhancing the existing device inventory for Windows devices. That enables the IT administrator to add additional hardware properties to the existing inventory of Windows devices, by relying on the available properties in the Intune data platform. The additional hardware properties can help the organization to better understand the state of the Windows devices and to make potential business decisions based on that information. It really adds additional insights into Microsoft Intune that help with getting in more control and getting better overviews of the Windows devices within the environment. Basically, getting richer reporting information. This blog post will start …

Read more

Enabling hotpatch for Windows 11 Enterprise

by

This week is all about the latest changes in updating Windows 11 devices. That change is the introduction of hotpatch updates for Windows 11 Enterprise. Hotpatching helps organizations with keeping Windows secure, while minimizing the disruptions for the user. A significant step in keeping Windows more secure and productive. Hotpatching removes the requirement for Windows devices to reboot after every update installation, while still providing a complete set of security fixes. That’s exactly the point of importance for the user experience, as the device has less required reboots. This post will start with a brief introduction about Windows hotpatch, followed with the configuration steps. This post will end with experiencing the configuration. Note: The hotpatch technology is already being used for two years on Windows …

Read more

Working with device compliance for Windows Subsystem for Linux

by

This week is all about the device compliance capabilities for Windows Subsystem for Linux (WSL). WSL is a feature of Windows that allows the user to run a Linux environment on their Windows device, without needing a separate VM or a dual boot. It’s designed to provide a seamless experience for users that want to use Windows and Linux at the same time. By default, Ubuntu is used as the Linux distribution. There are, however, more options such as Debian, Kali, and SUSE. For the IT administrator it’s good to have the ability to be able to check the Linux distribution and version that is used. That can be achieved by using device compliance policies, as there is now a section specifically focused on adding …

Read more

Managing automatic switching in Microsoft Edge for Business

by

This week is all about Microsoft Edge for Business and the automatic switching feature. Microsoft Edge for Business is the dedicated Microsoft Edge experience that is created for work accounts. It provides IT administrators with the capabilities to provide users with a productive and secure browsing experience across managed and unmanaged devices. That includes the ability to manage the automatic switching behavior between work and personal profiles. Automatically switching between profiles can help users to keep their work and personal browsing separate. When the device has an existing work profile, it enables automatic switching when adding a personal profile, to enforce the browsing context separation. That behavior can also be managed. The automatic switching is not always desirable, or sometimes needs some tuning. This post will …

Read more

Configuring Google Chrome for usage with device-based Conditional Access

by

This week is sort of a follow-up on last week. Last week the focus was on configuring Mozilla Firefox for usage with device-based Conditional Access, while this week the focus is on configuring Google Chrome for usage with device-based Conditional Access. That is already a supported scenario for many years, but in the early days that would require the Windows Accounts extension. That, however, has changed, making it easier to configure without installing a specific extension in the browser. Nowadays, there is a setting available that can be configured to automatically sign-in user accounts backed by a Microsoft Cloud identity provider. So, that’s even easier to configure. Especially when knowing that Microsoft Intune has Google Chrome configuration options directly available via the Settings Catalog. Minor …

Read more

Configuring Mozilla Firefox for usage with device-based Conditional Access

by

This week is all about managing and configuring Mozilla Firefox, with the main focus on using it with device-based Conditional Access. When looking specifically at Conditional Access, Mozilla Firefox is nowadays a supported browser for device-based Conditional Access scenarios on devices running Windows 10 and later. That is of course a really good thing, but it does require a specific configuration that should be in place within the browser. A single configuration that could be a real lifesaver on managed devices. Even better, on managed devices that configuration can also be set by using Microsoft Intune. To facilitate that, Mozilla provides easy configuration options via Group Policy templates. This blog post will provide a brief overview of importing those settings, followed with the steps to …

Read more

Updating Enterprise App Catalog apps

by

This week is all about creating awareness about the recently introduced functionality to easily update apps from the Enterprise App Catalog. The Enterprise App Catalog is part of Enterprise App Management and provides a collection of apps that are prepared by Microsoft for usage within Microsoft Intune. This new functionality provides IT administrators with a guided experience for updates that are available for apps within the catalog. That starts with a brief overview of the available updates for apps that are used from the catalog, and that overview results in to a pretty straight forward guided experience for updating a specific app. That guided experience eventually creates a new Win32 app that supersedes the current version of the app, and that can be deployed towards …

Read more