Using a QR code to easily sign in to apps on shared Android devices

by

This week is all about the new ability to use a QR code to sign in to specific apps on (shared) Android devices. QR code authentication is a new authentication method in Entra that enables frontline workers to sign in to apps on shared devices. That authentication method provides users with the ability use a unique QR code in combination with a PIN to sign in. That eliminates the need for users to enter usernames and passwords, making it a more user-friendly experience on shared devices. On Android devices, QR code sign in is now available for the Managed Home Screen app, the Teams app, and even during the web sign-in. This post will briefly go through the QR code authentication method, directly followed with …

Read more

Easier managing Device Control in Microsoft Defender for Endpoint using Microsoft Intune

by

This week is all about easier managing the basics of Device Control in Microsoft Defender for Endpoint using Microsoft Intune. It was already possible for a while to configure the different aspects of the Device Control feature on Windows devices, the configuration of some aspects just became a lot easier. In general, the Device Control features enable IT administrators to control whether users can install and use peripheral devices, such as removable storage, printers, or Bluetooth devices. In the end, the Device Control feature provides IT administrators with more tools to protect organizations from cyberthreats, such as potential data loss, or malware, by reducing the attack surface. Nowadays there are many different configuration options and different configuration profiles. This post will focus on the basic …

Read more

Understanding Device query for multiple devices

by

This week is all about Device query for multiple devices. A long awaited feature. With that, this will also be a follow up on this post about getting started with Device query and this post adding additional hardware properties to the device inventory. Especially the latter might be a little bit surprising, but will be explained throughout this post. Device query for multiple devices provides IT administrators with the ability to easily query for devices with specific properties and values (e.g. all Windows devices with specific application crash events) and the ability to easily summarize data about devices (e.g. count all devices with a specific CPU). Those queries, however, are not performed in real-time on the Windows devices within the environment, but are relying on …

Read more

Expediting Windows quality updates

by

This week is all about expediting the installation of the latest Windows quality updates. Expediting the installation of the latest Windows quality updates can be useful to quickly mitigate security threats when the normal update process wouldn’t facilitate in that deployment yet. That can be achieved because the deployment of expedited Windows quality updates is done without needing to pause or edit the existing update process. It basically enables the IT administrator to temporarily override the deferrals and deadlines to install the specified update as quickly as possible. And that can be used for the most recent monthly quality update as well as an out-of-band security update. This post will look closer at the concept of expediting Windows quality updates, followed with the steps to …

Read more

Configuring a single app, full-screen kiosk with Microsoft Edge on Windows 11

by

This week is all about configuring a single app, full-screen kiosk with Microsoft Edge on Windows 11 devices. A kiosk is nothing new and the Microsoft Edge browser not either. And even the combination of both is nothing new. That being said, there are often unknowns in the configuration options and what actually happens with Microsoft Edge when configuring it as the kiosk application. And that often causes questions. So, this post should take some of those questions away. One of the things that’s often forgotten, for example, is that the Microsoft Edge browser will also run in kiosk mode. And that puts limitations on its capabilities. This post will focus on configuring a single app, full-screen kiosk with Microsoft Edge on Windows 11 devices, …

Read more

Working with in-browser protection in Microsoft Edge for Business

by

This week another blog post focused on the security capabilities within Microsoft Edge. With the introduction of Microsoft Edge for Business, there is a larger focus on providing a Microsoft Edge experience for work. That experience provides IT administrators with the ability to give their users a productive and secure browser for work, across managed and unmanaged devices. With that, Microsoft Edge can be the secure enterprise browser for many organizations. Especially with the focus of Microsoft Edge on security, privacy, and manageability. And not just that, it includes enhanced productivity alongside the security features. That brings us to the focus of this week and that is in-browser protection. In-browser protection is a great example of that combination as it reduces the need for proxies, …

Read more

Tightening browser security with Enhanced Security Mode in Microsoft Edge

by

This week is all about tightening security in Microsoft Edge and making sure that it’s one step closer to a secure enterprise browser. Especially nowadays when users spends most of their time in a web browser, it’s important to make sure that the right controls are in place to protect the users and the corporate data. That can be achieved by having a closer look at the different security features that Microsoft Edge brings to the table. And that are many different features. When specifically looking at protecting the user, think about features like Microsoft Defender SmartScreen, typosquatting protection, and Enhanced Security Mode. Three different security features, all with their own focus. Microsoft Defender SmartScreen to protect against phishing and malware, typosquatting protection to warn …

Read more

Managing Microsoft Edge browser extensions on Windows devices

by

This week is all about browser extensions. And more specifically, about Microsoft Edge browser extension on Windows devices. There are many reasons why organizations might want to look into managing and controlling Microsoft Edge browser extensions. Most of those reasons, however, are security related and focussed on staying in control of corporate data. Lately, there have been multiple examples of malicious browser extensions – not specific to the Microsoft Edge browser – that would collect user data and exfiltrate it to a malicious website. A good reason to get in control of the browser extensions that are being used within the organization. Either by fully controlling which browser extensions can be installed, or by at least blocking unwanted browser extensions. This post will look specifically …

Read more

Working with tamper protection on Windows devices to protect security settings

by

This week is all about working with tamper protection on Windows devices. Not because it’s something new, but mainly to give it some more attention. It does, by the way, introduce new management functionality. That new functionality is the ability to configure tamper protection on unmanaged devices. So, devices that are not managed by Microsoft Intune, or Configuration Manager, but that are managed via Microsoft Defender for Endpoint security settings management. Besides that, it’s just important to highlight the functionality of tamper protection again, to make sure that the functionality and usage is known. Especially as it’s nowadays enabled by default when using Microsoft Defender for Endpoint. Because it’s enabled by default, people easily forget that it’s configured and what it’s used for. This post will …

Read more

Quick tip: Blocking screen capture with app protection policies on iOS devices

by

This week a relatively short blog post. Not because it’s challenging to get up-and-running in this new year, but mainly to highlight a change in behavior on iOS devices. That change in behavior is all about app protection policies on iOS devices. For apps that have updated to v19.7.6 or later for Xcode 15 and v20.2.1 or later for Xcode 16 of the SDK, the default screen capture behavior will change. Before that update, blocking the screen capture was not option with app protection policies on iOS devices. That has now changed. Starting with that update, blocking screen capture is available in app protection policies and enabled by default when Send Org data to other apps is configured to anything other than “All apps“. This post will …

Read more