Month: April 2026

Introducing cross-tenant support for MAM on Windows devices

by

This week is basically sort of a follow-up on last week. This week is all about introducing cross-tenant support for Mobile Application Management (MAM) on Windows devices. That functionality was already briefly mentioned during the previous blog post about protecting downloads in MAM enrolled profiles on managed Windows devices. This week will be more about that functionality specifically. MAM on itself is nothing new, not even for Windows devices. The challenge, however, has been around mixing and matching different environments. That is also often referred to the contractor scenario, in which the user already has a managed device from their own employer and wants to combine that with access to the productivity tools of the customer. For Windows devices that functionality is coming! That is …

Read more

Protecting downloads in MAM enrolled profiles on managed Windows devices

by

This week is all about a combination of new features. That combination of features is allowing MAM enrollment on managed Windows devices and protecting downloads in Microsoft Edge. Both features are relatively new features in Microsoft Edge, that are both currently still behind experimental feature flags. The first feature enables MAM enrollment on managed devices (also known as cross-tenant support) and the second feature protects the downloads in Microsoft Edge in that scenario. That feature makes sure that downloads are always redirected to a folder that is managed within the home tenant of the user account and that enforces organizational compliance. In practice that means that when the user downloads files, in that MAM enrolled profile on a device that is already managed by another …

Read more

Working with the automatic enablement of Windows hotpatch security updates

by

This week is all about the recently introduced configuration that will enable Windows hotpatch security updates by default. The configuration to enable the usage of hotpatch security updates has been available since the introduction of Windows 11 version 24H2, and can be configured relatively as shown in this post. Starting with the Windows security update of May 2026, Windows Autopatch will enable hotpatch security updates by default. That should help organizations with easier getting more secure. The configuration is achieved via a tenant-wide configuration via Windows Autopatch that is only applied when no quality update policies are applied to the device. That configuration is available in Microsoft Intune and will be enabled by default. This post will provide a closer look at that new tenant-wide …

Read more

Managing geolocation access for websites in Microsoft Edge

by

This week is all about managing (geo)location access for websites in Microsoft Edge. When apps are allowed access to the location of the user, that also includes the Microsoft Edge browser. That means that – depending on the configuration in Microsoft Edge – every website could potentially access the location of the user, or at least ask the user for access. Within Microsoft Edge there are, however, controls available that can be used for controlling the access of websites to the location of the user. Those controls enable the organization to define the default behavior, and also the behavior for specific websites. That enables a layered level of control over the location access in Microsoft Edge. The first layer is the access of apps in …

Read more