The blind event Log

The blind event Log

Today I was called in to take a look at a weird excel addin error. Suddenly on all Windows 2016 terminal servers from a specific customer, they got the following error when opening excel: The first thing that will come to mind, is looking at the latest Windows and office patches that have been installed. And so I did, after removing all the latest patches within a test environment the problem remains. So, I excluded patching problems. What’s next? AppLocker…

Read More Read More

The curious cage of hiding the OOBE stage

The curious cage of hiding the OOBE stage

In this blog, I will show you how to remove the OOBE stage when NOT using autopilot. When using autopilot you can configure the OOBE experience like this. When NOT using autopilot, you have got some challenges. One of them is skipping this kind of questions: Configuring the user account type, is the second challenge. You really want to have a standard user and not an admin! Luckily I already blogged about it, how you can prevent users from becoming…

Read More Read More

Autopilot: The group membership war

Autopilot: The group membership war

This blog will be about my experience with dynamic group membership within Azure AD. Waiting for dynamic group membership to be updated can be a pain, certainly when combining dynamic groups with Autopilot. Imagine you have a Windows 10 device that’s not imported in autopilot, you’ll need to upload the hardware hash and wait for the device to change the autopilot device status to assigned. Waiting…waiting…waiting. But still, the profile status is not assigned. So, what to do now? Grab…

Read More Read More

Remote Wipe: The Next level

Remote Wipe: The Next level

The power of remote wiping your device is great to have. When your devices are configured with Autopilot, a remote wipe will make sure your devices will return to factory defaults and will begin to enroll your device with all that’s configured in Intune. Transforming to a zero-trust modern workplace will require some work. You’ll need to setup Autopilot, collect the hardware hashes, remote wipe, and reset the device to let it enroll in Azure Ad with autopilot. But how…

Read More Read More

Birds of Printer drivers

Birds of Printer drivers

Implementing adminless can be hard, especially when a user is accustomed to the possibility of installing printers on their own. To take away some of this trouble of introducing adminless, you can give your end-users the possibility to install printer drivers on their own. Of course, Printix or Microsoft Universal Printer are better solutions when you have some “static” printers. But for the frontline workers, who suddenly may need to use a printer somewhere, this solution can come in handy….

Read More Read More

ADMX Ingestion the Edge Force Sync

ADMX Ingestion the Edge Force Sync

There is some great news about the possibility to force syncing your edge settings. https://docs.microsoft.com/en-us/deployedge/microsoft-edge-policies That’s some great news, but unfortunately, there is no possibility, for now, to configure these feature within the edge administrative templates in Intune. But why not create your own policy? I performed the edge ADMX ingestion like mentioned on this site: https://docs.microsoft.com/en-us/deployedge/configure-edge-with-mdm#configure-microsoft-edge-in-intune-using-admx-ingestion But I did not copy the whole msedge.admx file, but only the ForceSync path. After I configured the new possibility to set this…

Read More Read More

Fantastic PowerShell and where to find the CA Rules

Fantastic PowerShell and where to find the CA Rules

Automating your tenant deployment is crucial in preventing human mistakes. This is one example from my own experience when working in the field with PowerShell and JSON. When automating your conditional access deployments as I did, you can run into some very weird situations… So, what did I do? I fired up a PowerShell session from a special Win10 VM (created for deployments) and logged in with my admin user within the customer (test)tenant WVDCLOUD: admin@wvdcloud.nl. I checked once again…

Read More Read More

The Appocker Dilemma

The Appocker Dilemma

This blog will be about how a “NotConfigured“ AppLocker policy can come back to haunt you. Implementing  AppLocker is always a wise thing to do even when there is a possibility it “breaks” your Windows 10 installation. In one of my last blogs, I pointed out that implementing Microsoft 365 will help you with your ISO 27001 certification journey.  When you have implemented AppLocker correctly you’re able to cross off some of the categories: A.9.4.4 Use of Privileged Utility Programs…

Read More Read More

A million ways to implement ISO 27001 controls.

A million ways to implement ISO 27001 controls.

After being inspired by Alexander Fields about the CIS framework and Microsoft 365, I took a deep dive into mapping ISO 27001 to a zero-trust modern workplace. I’ll try to show you how Microsoft 365 Business can help you with your ISO 27001 adventure. The ISO 27001 Framework has many CIS controls included. You can check out the mapping of CIS controls to ISO 27001 right here: I’ve created the ultimate Visio flow to help our customers transform their organizations…

Read More Read More

The Wolf of Azure Active Directory Sync Errors

The Wolf of Azure Active Directory Sync Errors

This blog will be about a weird error when trying to remove an email alias: “An azure active directory call was made to keep object in sync between azure active directory and exchange online” Sometimes an easy question can result in taking away much of your time. We got a simple question: Could you remove an email alias and create a shared mailbox with this email address? So you have got 2 options here. The GUI and PowerShell. So I…

Read More Read More