Browsed by
Category: Azure Ad

Alice and the Device Certificate

Alice and the Device Certificate

This blog will show you how to start troubleshooting when some features of the company portal aren’t working anymore. Some features that stopped working were: App installations and syncing problems. While troubleshooting, it really took me down into the rabbit hole. In one of my last blogs, I showed you which steps you could take to implement Adminless and how to make sure the end-user experience is still great. Dude, Where’s my Admin? – Call4Cloud Almost at the same time,…

Read More Read More

PowerShell: the Killer Queen

PowerShell: the Killer Queen

This blog will show you which options you have in Intune when you want to deploy a PowerShell script with an HKCU registry change but of course, you blocked PowerShell.exe on your Windows 10 Endpoints. I am also going to explain why you need to block PowerShell or which defences you need to put in place when you are allowing it. When you are allowing your employees to run PowerShell you could be exposed to an Insider threat. The employee…

Read More Read More

Battle for the planet of the Credential providers

Battle for the planet of the Credential providers

Choosing between Windows Hello or the Microsoft Authenticator App to login to your Windows 10 Azure Ad joined device can be hard, I hope this blog explains why. Last Friday 09-04, I was experimenting with Windows Hello and trying to remove the Password Credential Provider {60b78e88-ead8-445c-9cfd-0b87f74ea6cd}. It was a deep dive into Windows hello for business (WHfB) with all of its pro’s and con’s, that’s also the reason why I was very surprised and happy to listen to the MS…

Read More Read More

To Retire or Not to Wipe.

To Retire or Not to Wipe.

This blog will be about when and why you need to perform a retire or a (selective) wipe when an employee exits the company or when their device is stolen. In one of my last blogs, I explained why it’s important you need to configure App protection policies.  I want to dedicate this blog to the methods available how you could make sure when a user exits the company there is no company data or/and apps left on the mobile…

Read More Read More

Conditional Access: The Day of the Joining Device

Conditional Access: The Day of the Joining Device

This blog will be about a new User action in conditional Access and how to deploy this setting. I will also show you how to deploy this rule among all other rules in conditional access with the use of PowerShell. When you join/register a device you will need to require MFA in my opinion. It’s also a part of our Baseline tenant enrollment. I guess you don’t want someone outside your company joining a device with stolen credentials? Otherwise requiring…

Read More Read More

Deliver us from Hybrid

Deliver us from Hybrid

This blog will hopefully show you why sometimes configuring devices for Azure ad Hybrid is not always the best choice. Also I will show you how you could map drive letters with Intune instead of PowerShell I will divide this blog into 2 parts. The first part will show you why you don’t always need Azure Ad Hybrid joined devices to get an SSO to your on-premise file server. The second part will show you how to map drive letters…

Read More Read More

The Log Collector

The Log Collector

It’s very nice to see, Microsoft is working on some new features. One of the features which are in development is the possibility to collect remote logs. Source: In development – Microsoft Intune | Microsoft Docs Also look at the possibility to restart an app install!. That’s great. But as these features are in development, we don’t have the option to collect logs remotely. Luckily Solarwinds has a remote background feature, which allows you to gather some event logs remotely….

Read More Read More

Natural Born MFA Killers

Natural Born MFA Killers

This blog will be about a weird MFA problem when we were enrolling devices and at the same time configuring MFA. The user in question already had the company  and Authenticator app installed on their IPhone. We were very glad, because it can really save some time. It’s obvious MFA needs to be required when devices need to join Azure Ad. We handed out the surface, so the user could complete the steps to configure Windows Hello and setting up…

Read More Read More

Intune: Battle of the MDM authority

Intune: Battle of the MDM authority

This blog will be about why it’s important to automate your Microsoft 365 deployments. Today I was called in to investigate a weird problem. A colleague was trying to set up Intune for a new Microsoft 365 customer.  In a normal situation we are doing this by launching our deployment scripts but this time a new colleague wanted to see which steps need to be taken to enroll a customer into Microsoft 365. Everything was going fine until the enrollment…

Read More Read More

The red screen before Christmas

The red screen before Christmas

Using Autopilot will give you a lot of benefits, especially when combining it with White Glove.  When you have got new devices, you are good to go but when you want to enroll existing “older” devices into Autopilot White Glove you can run into some problems. When we were enrolling a lot of new devices at a customer site no problems were encountered, because we previously enrolled them with Autopilot White glove. After our work was done, the customer asked…

Read More Read More