The PowerShell Win32 App Express

The PowerShell Win32 App Express

In my last blog I expressed my opinion about how important it is to use the company portal to distribute apps.  Like I was mentioning, it can be a lot of work when you need to create all these apps each time a customer asks for one.  Of course, you can create one Chocolatey app which simply installs every app. But I prefer to give the user a nice dashboard with all the possible apps he or she can install.  You will need to automate this somehow…

Read More Read More

500 Days of blocking Onedrive extensions

500 Days of blocking Onedrive extensions

I was mentioning in my latest blog, I would show how you can automate the company apps deployment, but first I would like you to show something brand new. This blog will be about how to prevent some files to be uploaded with Onedrive and not using the Onedrive admin center Excluding extensions in the Onedrive admin center was the way to go to make sure some files are not synced with Onedrive. Of course, you don’t want certain files…

Read More Read More

Company App: Unchained

Company App: Unchained

In this blog I will give you my opinion on how I prefer apps to be deployed. When deploying a zero-trust modern workplace you need to make sure your users are not member of the local admin group. Take a look at my blogs if you want to make sure a user is never a local admin. When your users are no local admin anymore, you can implement an AppLocker policy to make sure your devices are secure. But here…

Read More Read More

Not yet another AppLocker Blog.

Not yet another AppLocker Blog.

Provisioning your non (for now) Azure ad enrolled Windows 10 Pro devices with AppLocker can be very hard because AppLocker won’t work on Windows 10 Pro devices without Intune… at least that’s what I thought.  When configuring AppLocker on a Windows 10 pro device, you will notice this message inside the event log: component not available on this SKU.  Take a look at the operating system requirements… Some time ago I created a blog about how you can automatically wipe and reset your domain joined devices to enroll them with autopilot.  In this PowerShell script…

Read More Read More

Close Encounters of Fiddler

Close Encounters of Fiddler

*The power of combining Fiddler and PowerShell. Did you ever wonder how to automate Office365 deployment? It’s a lot of work to configure conditional access, device configurations, update settings and compliance settings manually… and we haven’t even talked about the risk of human error. For all these worries and concerns automation is your solution. *How does it work? First, we need Fiddler and PowerShell. Download and install Fiddler, don’t forget to configure the SSL decrypt settings and open the Intune…

Read More Read More

The chronicals of Win32 App installations: The RunOnce key, Onedrive and Adminless

The chronicals of Win32 App installations: The RunOnce key, Onedrive and Adminless

This blog will be about some weird RunOnce behavior when installing applications. This week, a customer asked me to push their Nuance Dragon speech software to some specific devices. I guess I am a nice person, so I immediately created a new Win32 App with some parameters. To start testing, it’s always recommended to have a dedicated M365 test tenant for testing purposes with some test virtual machines. I enrolled a new virtual Windows 10 and waited until the application…

Read More Read More

The book of Non-Managed Shared Devices

The book of Non-Managed Shared Devices

This blog will be about what options you have when you got a lot of non-managed shared devices that need to run the Teams desktop app. Imagine the next scenario:  Just right before the first Covid19 wave, a company made the decision to transform their organization to a modern zero trust company. Before this decision was made, everyone was working on a remote desktop cluster which was placed inside a datacentre and none of their (shared) on-premise devices were managed….

Read More Read More

The Conditional Access Experiment

The Conditional Access Experiment

Some time ago I was inspired to check something out.  Of course, almost all schools are working with Teams nowadays and so is my son’s school. After installing teams and logging in with my son’s office365 account, I was asked the famous question if I’d wanted to “allow my organization to manage my device”. Okay… So the school allows anyone to register a device to their tenant? I guess the school has a lot of devices to manage. If it…

Read More Read More

Web Content filtering: The final chapter

Web Content filtering: The final chapter

Starting with Microsoft 365 business is an excellent idea. It contains almost everything you need for a secure modern workplace.  With almost everything I mean you’ll be missing out on some great features contained within the Microsoft E5 license. The biggest example would be Microsoft Defender for endpoints, it also has some addons like web content filtering. I can imagine for the SMB, Microsoft E5 might be too expensive for now. The price difference between a Microsoft 365 Business premium…

Read More Read More

The blind event Log

The blind event Log

Today I was called in to take a look at a weird excel addin error. Suddenly on all Windows 2016 terminal servers from a specific customer, they got the following error when opening excel: The first thing that will come to mind, is looking at the latest Windows and office patches that have been installed. And so I did, after removing all the latest patches within a test environment the problem remains. So, I excluded patching problems. What’s next? AppLocker…

Read More Read More