Peter van der Woude

I’m Peter van der Woude, born In 1983 and I’m living together with my wife and two sons in the Netherlands. I’m a huge sports fan – in all honesty more passive then active – who loves watching basketball, cycling, motorsports and many more. I used to be a playing basketball and nowadays start playing a bit again with the boys. In my daily job I work as a Principal Consultant at InSpark and my main focus is helping customers in their road to a modern workplace (using Microsoft Intune)! The best thing about my job is that I could make my hobby into my job. I simply love working with technologies like ConfigMgr, Microsoft Intune, Windows 10, Windows 11, Azure AD, PowerShell and many more. That also gives me the additional energy to share my knowledge with the community. I loving sharing my knowledge by writing here at my blog and by speaking on events like Experts Live, Microsoft TechSummit, Workplace Ninja’s Summit and many more. For being that active in the community, I’ve been awarded with the Microsoft MVP award for Enterprise Mobility since July 2015 and I’ve been awarded with the Windows Insider MVP award since January 2019. I’m really proud and honored to have these awards.

Getting started with secure password deployment in Microsoft Edge

by

This week is still about Microsoft Edge. More specifically, this week is all about the secure password deployment feature of Microsoft Edge. Secure password deployment enables IT administrators to securely deploy encrypted shared passwords to users. That can be useful with shared credentials for specific user accounts and applications. For example for easily getting access to a specific dashboard, or to specific social media accounts. There are many possible use cases. With secure password deployment, users will receive the deployed passwords in their work profile in Microsoft Edge on their managed device. That will help with reducing the risk of (over)sharing passwords with the wrong audience, and with that it helps with enhancing the overall security posture of the organization. This post will look closer …

Read more

Allowing users to request the installation of browser extensions for Microsoft Edge

by

This week is also about Microsoft Edge. More specifically, about managing browser extensions for Microsoft Edge. That has been a subject before, but in that case it was focused on fully managing Microsoft Edge browser extensions on Windows devices. In that case, it was a pretty strict configuration focussed on creating an allow list for Microsoft Edge browser extensions. There are, however, easier methods for allowing users to request the installation of extensions for Microsoft Edge. Within the Microsoft Edge management service there is ability to block the installation of extensions by default, while allowing user to request the installation of any blocked extension. Once the installation is requested, the IT administrator has to approve the installation by allowing the requested extension. With that, IT …

Read more

Reinforcing data protection with watermark protection in Microsoft Edge

by

This week is all about watermark protection in Microsoft Edge. Watermark protection is focused on visibly reinforcing data protection in Microsoft Edge, and that reinforcement is achieved by overlaying a watermark on sensitive data when viewed in the browser. Watermark protection in Microsoft Edge is – like in any other Microsoft solution – designed to discourage sharing screenshots, support compliance requirements, and increase the awareness of users when handling sensitive data. With that, watermark protection does not technically prevent users from sharing sensitive data, but it does make the user aware of the sensitivity of the data. And on top of that, it will become a lot easier to understand the source of a potential data leakage. This post will provide a closer look on …

Read more

Starting with admin tasks in Microsoft Intune

by

This week is all about the recently newly introduced admin tasks node in the Microsoft Intune admin center. That node provides a centralized view for many different types of administrative tasks. The idea behind that node is to provide a unified experience that helps IT administrators with focusing on the tasks that really matter without navigating through all different nodes within Microsoft Intune admin center. The admin tasks node now provides an overview of all the different security tasks, user elevation requests, and admin approvals request. That further simplifies the life of an IT administrator, when using Microsoft Intune. And the best part of it: it only shows the administrative tasks that the IT administrator is allowed to see based on the original source node. …

Read more

Configuring Windows Spotlight

by

This week is all about configuring Windows Spotlight. Windows Spotlight is definitely not something new, as it already exists since the beginning of Windows 10, but it is good to be familiar with the capabilities and configuration options. This week will be a refresher. Windows Spotlight is a Windows feature that can be used to display different wallpapers on the background of the desktop and the lock screen, and offers suggestions, fun facts, tips or organizational messages. In that case, when using Windows Spotlight for displaying different wallpapers, a new image is displayed every day on the lock screen or the desktop. On top of that, when using Windows Spotlight for displaying suggestions, fun facts, tips, recommendations are displayed on how to enhance productivity in …

Read more

Understanding Windows 365 Reserve

by

This week is a little less technical, as it is more theoretical about the concept of Windows 365 Reserve. A concept that justifies some additional context, information and awareness. Windows 365 Reserve is a version of Windows 365 that is focused on providing organizations with a flexible solution to keep users productive during unexpected disruptions on their physical devices. The main idea behind that concept is to add business continuity by enabling direct access to a Cloud PC when there are issues with physical devices. From a user perspective, the concept of Windows 365 Reserve is just another Cloud PC. From a licensing perspective, it is also just another Cloud PC, but just temporarily and with a limited feature set. This post will go into …

Read more

Getting started with Windows 365 Cloud Apps

by

This week is all about getting started with Windows 365 Cloud Apps. Not something really new, but definitely a simple IT administrator experience that is worth highlighting. Cloud Apps provides IT administrators with the ability to easily provide users with secure access to specific apps only, that are hosted on a Cloud PC. And that access is without the need for a dedicated Cloud PC for those users. That functionality relies on Windows 365 Frontline in shared mode. So, that also means that this functionality requires Windows 365 Frontline licenses. Keep in mind that, even though the name might imply something different, this license is not directly related to any Microsoft 365 F1 or F3 license. The best part of it is, that it has …

Read more

Applying a customizable Taskbar layout

by

This week is all about customizing the Taskbar layout on Windows 11. More specific, customizing the pinned applications on the Taskbar. That on itself is nothing new, as, just like customizing the Start menu layout, customizing the Taskbar layout has been possible since the early days of Windows 11. The main configurations related to customizing the Taskbar layout are described in this post. That also means that the ideas around customizing the Taskbar layout have not changed. Customizing the Taskbar layout enables organizations to provide users with a standard set of options and pinned applications in the Taskbar. To create a standardized layout for Windows 11, the IT administrator should use a XML-file that contains the configuration of the pinned applications in the Taskbar. What makes …

Read more

Elevating in user context using Endpoint Privilege Management

by

This week is all about the new feature that was recently introduced in Endpoint Privilege Management (EPM), and that feature is the ability to elevate as the current user. Elevating files, or processes, as the current user enables it to run under the signed-in user account. That enables organizations to address one of the last gaps in the product, which is being able to access personal files while running elevated files, or processes. That means that it is actually running in the user context for that specific action, instead of using the virtual account that is normally used in EPM. It maintains the same user identity. That provides the user with access to the user profile, environment variables, and personalized settings, but also keeps audit …

Read more

Managing account management on Shared PCs

by

This week is all about a closer look at Shared PC Mode on Windows 11. More specifically, this week is all about managing account management capabilities in Shared PC Mode. Account management in Shared PC Mode is about managing the accounts on the device, determining the users that can sign on to the device, and configuring what automatically starts. This post will mainly focus on the first, managing the accounts on the device. Especially on a device that is being shared between many users, it is important to make sure that those accounts are managed properly to prevent the disk from filling up completely. Luckily, within the capabilities of Shared PC Mode there are options for managing those accounts, including cleaning up accounts when needed. …

Read more