Easily getting started with Intune Management Extension as managed installer

This week is all about the latest addition to the ability to easily configure the Intune Management Extension as a managed installer on Windows devices. That addition is the ability to easily configure the Intune Management Extension as a managed installer for a specific group of Windows devices. Before it was already really easy to get started with the Intune Management Extension as a managed installer, but that was a tenant-wide configuration, meaning that it was immediately applicable to all Windows devices within the environment. And that now changed. That configuration can now be assigned to specific group of Windows devices. That assignment provides a lot more flexibility with introducing and testing the Intune Management Extension as managed installer. Eventually, that will make the introduction …

Read more

Getting started with Windows Backup for Organizations

This week is all about the new Windows Backup for Organizations feature that has become available. The Windows Backup for Organizations feature is initially aimed at making it easier to transition from Windows 10 to Windows 11. Besides that, it also makes it easier to switch towards new Windows 11 devices and versions. At this point in time Windows Backup for Organizations can be used to preserve user settings and Microsoft Store app configurations. Especially the first part seems to have a lot of similarities with the already existing Enterprise State Roaming functionality. One might consider Windows Backup for Organizations as the on steroids version of Enterprise State Roaming. Where Enterprise State Roaming is really focused on the basics of the user experience, Windows Backup …

Read more

Managing the usage of personal Microsoft accounts in the OneDrive app

This week is all around managing and containing the usage of personal accounts with the OneDrive app on managed Windows devices. That is definitely not something new, but a recent change in notifications did trigger this post around the usage of personal accounts. Actually, it all started with an item on the public roadmap (490064). That roadmap item is about a new feature that will prompt users for using their personal Microsoft accounts with the OneDrive app, but only when a personal account is already signed in on the device. Of course, one might wonder if that’s a really good approach, but especially the latter part is important; the user will only be prompted when a personal account is already signed in on the device. …

Read more

Excluding specific files from being uploaded to OneDrive

This week is another relatively short blog post, again somewhat related to Microsoft Edge. This week, however, is about configuring some specific OneDrive configurations. More specifically, the focus will be on excluding specific files from being uploaded to OneDrive. Not something really new, but the importance became clear again this week. There can be many reasons why organizations might want to exclude specific files from being uploaded to OneDrive, but there are also some generic reasons that are applicable to most organizations. An often heard reason is related to desktop shortcuts. Synchronizing desktop shortcuts (or even shortcuts in general) often results in either duplicate shortcuts or shortcuts to missing applications. Another reason is related to organizational branding in Microsoft Edge. Customizing organizational branding relies on …

Read more

Protecting against typosquatting with website typo protection in Microsoft Edge

This week is a short post about website typo protection in Microsoft Edge. That subject was briefly mentioned earlier when discussing Enhanced Security Mode in this blog post about tightening browser security in Microsoft Edge. This week is mainly focused on awareness for website typo protection. Website typo protection is aimed at protecting users against typosquatting. Typosquatting is intended to hijack traffic of users that meant to visit well-known sites, but that made a spelling mistake. That hijacking is achieved by using addresses with common misspellings or typographical errors of those well-known sites. Often that is used as prank, ad, or (friendly) competition, but more and more often that is also being used for phishing and malware. In the latter cases, users will get to …

Read more

Blocking other browsers with policies for Microsoft Edge (be careful)

This week is all about creating awareness. Creating awareness for the configuration options that are available for Microsoft Edge via the Microsoft 365 admin center, also known as the Microsoft Edge management service. The Microsoft Edge management service is an alternative method, besides Microsoft Intune, for configuring the Microsoft Edge browser via the Cloud. The configurations are stored in the Cloud and the settings can be applied through a group assignment. The user must be signed into the browser to receive those settings, and the browser must be restarted to make new settings applicable. So, pretty similar to the capabilities within Microsoft Intune. Besides that, the Microsoft Edge management service also provides access to additional settings, such as organization branding, AI, and specific security settings. …

Read more

Explicitly denying elevation of specified files using Endpoint Privilege Management

This week is all about a new feature that was recently introduced in Endpoint Privilege Management (EPM), and that feature is the ability to explicitly deny elevation. Explicitly denying the elevation blocks the specified file from running in elevated context. That enables organizations to work the other way around. Instead of configuring which file elevations are allowed, this enables organizations to allow every elevation with the exception of the elevations of those specifically specified files. Of course, the recommendation is to tightly control which files are allowed to elevate. That is, however, not always the situation that every organization is in. Often simply getting insights into what users are installing is already a huge step forward. Especially in combination with no local administrator privileges. As …

Read more

Getting started with the Microsoft Defender Browser Protection extension for Google Chrome

This week is sort of a follow-up on the last couple of weeks. The last couple of weeks the focus was on getting started with the different Microsoft Purview extensions for Google Chrome and Mozilla Firefox, while this week the focus is on getting started with the Microsoft Defender Browser Protection extension for Google Chrome. The Microsoft Defender Browser Protection extension brings protection against online threats, like phishing and malicious websites, functionality known from SmartScreen in Microsoft Edge, to the Google Chrome browser. With that functionality it protects users against threats such as clicking on links in phishing emails and websites that are designed to trick users into downloading and installing malicious software. Of course Google Chrome also provides similar built-in functionality, but that will not …

Read more

Getting started with the Microsoft Purview extension for Mozilla Firefox

This week is sort of a follow-up on last week. Last week the focus was on getting started with the Microsoft Purview extension for Google Chrome, while this week the focus is on getting started with the Microsoft Purview extension for Mozilla Firefox. The story around the extension is pretty similar, as the Microsoft Purview extension for Mozilla Firefox extends the Endpoint data loss prevention (Endpoint DLP) capabilities to sensitive items in the Mozilla Firefox browser. And after the installation of that extension, on Windows devices, organizations get the ability to also monitor attempts to access or upload sensitive items to a Cloud service when using the Mozilla Firefox browser, and to actually enforce protective actions via data loss prevention policies. This post will provide a …

Read more

Getting started with the Microsoft Purview extension for Google Chrome

This week is all about the Microsoft Purview extension for the Google Chrome browser. Not because it’s something really new, but mainly to create some awareness around its existence. The Microsoft Purview extension for Google Chrome extends the Endpoint data loss prevention (Endpoint DLP) capabilities to sensitive items in the Google Chrome browser. After the installation of the Microsoft Purview extension for Google Chrome, on Windows devices, organizations get the ability to also monitor attempts to access or upload sensitive items to a Cloud service when using the Google Chrome browser, and to actually enforce protective actions via data loss prevention policies. This post will provide a brief overview of the Microsoft Purview extension for the Google Chrome browser, followed with the steps to automatically …

Read more