Using Microsoft Defender for Endpoint on Android for protecting the personal profile

by

This week another post about Microsoft Defender functionality, but on a completely different platform. This week is all about using Microsoft Defender for Endpoint, on Android devices, for protecting the personal profile. And for now, specifically focused on personally owned devices. That protection functionality is focused on providing users with the same level of protection in their personal profile, as provided in their work profile. It provides users – within their personal profile – with malware scanning on user-installed apps, protection from malicious URLs, network protection, and privacy controls. That provides users with better protection and organizations with more control on which devices are allowed to have access to company data. This post will mainly focus on the configuration of that additional protection of the …

Read more

Working with enhanced phishing protection in Microsoft Defender SmartScreen

by

This week is all about a new security feature that is part of Microsoft Defender SmartScreen and that was introduced with Windows 11, version 22H2. That feature is enhanced phishing protection. Enhanced phishing protection helps with protecting work accounts against phishing and unsafe usage on sites and apps. It works alongside existing Windows security features and alerts about typed work passwords in any Chromium browser, warns about reused work passwords on sites and apps, and warns when storing plaintext work passwords in Notepad, Word, or any Microsoft 365 Office app. That makes enhanced phishing protection an important addition to the Microsoft Defender SmartScreen security functionalities. This post will go through the available settings, the easy configuration, and the user experience with the enabled notifications. Note: …

Read more

Enhance Microsoft Intune data with Log Analytics: A summary

by

This week an extra blog post about my session at Experts Live Netherlands 2022. I did my session about Enhance Microsoft Intune data with Log Analytics. During that session – after battling some technical challenges – I shared a lot of information around the four most obvious options for using Microsoft Intune in combination with Log Analytics. I showed the direct integration, the combination with Update Compliance, the use of the Azure Monitor HTTP Collector API and even the use of the Azure Monitor Agent. This post will provide a quick summary of that session, by briefly touching those different options. The slides (PDF) of that session are available for download here. Collecting log data via a direct integration The first option was all about …

Read more

Easily managing third-party ADMX-files

by

This week is back to the management capabilities for Windows devices. More specifically, it’s all about managing settings via third-party ADMX-files by using Microsoft Intune. That’s something that used to be a big task and now turned in to a relatively simple action. This blog contains posts around that subject that details the process of ingesting third-party ADMX-files and configuring the related settings. The good thing is that those posts still have value, as the underlying process hasn’t changed. Microsoft did, however, drastically simplify the process for importing third-party ADMX-files and configuring the different settings. This post will describe the new simplified process of working with third-party ADMX-files and provides some details around the configuration that are good to know. Important: At the moment of …

Read more

Common Criteria Mode for corporate-owned Android Enterprise devices

by

This week something completely different compared to the last few weeks. While the last last few weeks were all about the great simplicity of Windows 365 Enterprise, this week is all about Android Enterprise. Different platform, theoretically possibly the same device. With the introduction of Android 11 (API level 30), some nice new features were introduced for enterprises. That includes the addition of the Common Criteria (CC) Mode. CC Mode already exists for a few years for Samsung Knox devices and – in combination with Microsoft Intune – already could be configured by using OEMConfig (with the KSP app), but is now available by default within Android Enterprise. Even better, with one of the latest service releases (2207) of Microsoft Intune that can now be …

Read more

Welcome to the still growing Android device management jungle: A summary

by

The second short post of this week is another extension of one of my sessions at the Workplace Ninja Summit 2022. At the summit I did my second session about Welcome to the still growing Android device management jungle. During that session I shared information around the still growing device management options for Android devices, pointers that can help with making the right decisions and information around the different configuration options. This post will provide a quick summary of that session by going through the different management options, providing important differences and summarizing the main configuration capabilities. The slides (PDF) of that session are available for download here. Android (device) management options When looking at the Android (device) management options, there are many options. And the number …

Read more

Creating the path for mobile devices to on-premises resources: A summary

by

This week a few shorter posts, as my posts this week are extensions of my sessions at the Workplace Ninja Summit 2022. At the summit I did my first session about Creating the path for mobile devices to on-premises resources. During that session I shared information around the architecture and flow of Microsoft Tunnel, I zoomed in on getting up-and-running with Microsoft Tunnel and showed getting insight of Microsoft Tunnel. This post will provide a quick summary of that session by quickly showing the architecture and flow of Microsoft Tunnel and by showing the summary and reminders. The slides (PDF) of that session are available for download here. Architecting Microsoft Tunnel An important part of creating the Microsoft Tunnel infrastructure is a solid architecture. In most cases that …

Read more

Easily managing Cloud PCs

by

The last few weeks were all about getting started with Windows 365 Enterprise Cloud PCs and Microsoft Dev Box. And especially for Windows 365 Enterprise also looking at the main different configuration options. As both are based on the same foundation, the result of both is a Cloud PC that is automatically enrolled and managed by Microsoft Intune. That automatic enrollment makes sure that it’s very easy to get started with managing Cloud PCs. By automatically enrolling into Microsoft Intune, all the standard Windows device management capabilities are also available for Cloud PCs. That means: device configurations, device compliance, application deployment, update management and reporting. This post provides a quick overview of the options that become available for easily managing Cloud PCs and that are …

Read more

Getting started with Microsoft Dev Box

by

The last couple of blog post were all about getting starting with Windows 365 Enterprise Cloud PC. The first blog post, after a nice vacation, had to continue in that area. Just with a twist. This week all about Microsoft Dev Box. Microsoft Dev Box is now in preview and is a new managed service provided by Microsoft that builds on the strong foundation of Windows 365. That new managed service enables developers to create on-demand, high-performance, secure, ready-to-code, project-specific workstations in the cloud. The best part of it is that it enables developers to create their own dev boxes, within the provided technical and financial limits. The idea of this post is to show how IT administrators provide the technical framework, how development teams …

Read more

Device compliance for Windows 365 Enterprise Cloud PCs

by

This week is a short follow-up on my posts of the last couple of weeks about getting started with Windows 365 Enterprise. One of the items that was not specifically addressed is device compliance. In general it would be great to address Cloud PCs like any other laptop or desktop within the organization. There are, however, some differences to keep in mind and that might require organizations to use a slightly adjusted configuration for Cloud PCs. One of the main reason for that could be disk encryption. This post will address how disk encryption is different for Cloud PCs and also how other hardening features are similar for Cloud PCs. Besides that, this post will provide an easy method to work with exceptions for Cloud …

Read more