Browsed by
Category: Device Enrollment

Those Magnificent Drivers in Their Flying Microsoft Store, Or How I Flew From The Enrolment Status Page To Paris in 25 hours 11 minutes

Those Magnificent Drivers in Their Flying Microsoft Store, Or How I Flew From The Enrolment Status Page To Paris in 25 hours 11 minutes

After you have read this enormous blog title, I guess you will know this blog will be about some weird behaviour during the ESP. I couldn’t find any documentation about the ESP, this could happen? I will divide this blog into 4 parts. Background Information about the ESP. The problem. Troubleshooting. Fixing it 1.    Background information I thought I already created a blog about this at some point, but I guess not. So here we go! The Enrolment Status Page…

Read More Read More

Let the Right Chromebook in

Let the Right Chromebook in

This blog will be about Chromebooks and MAM. I will also introduce a colleague of mine. He will co-author my blogs from now on, this will be our first joint effort. His name is Mark Uijtdewilligen. Please follow him on LinkedIn: Mark Uijtdewilligen | LinkedIn Today we received a call from a customer who wanted to buy Chromebooks. Our first reaction was “Huh? Why?” (his company is currently undergoing a transformation from a remote desktop environment to a modern MS365…

Read More Read More

Deliver us from Hybrid

Deliver us from Hybrid

This blog will hopefully show you why sometimes configuring devices for Hybrid Azure Ad Join (HAADJ) is not always the best choice. I will show you all the information you need to make a good choice! Also, I will show you how you could map drive letters with Intune instead of PowerShell. Don’t forget to read the conclusion! I will divide this blog into 8 parts. *Part 1: Do you need HAADJ? *Part 2: How does the SSO work to…

Read More Read More

B for Bitlocker

B for Bitlocker

This blog will be about the Bitlocker recovery key and how to make sure it will be escrowed to Azure. I will show you what options you have to make sure your recovery keys are safe. Bitlocker is one of the many security measures you will need to implement to make sure the data is safe when the device gets stolen. Bitlocker encrypts the data on the device so it can’t be read without authenticated decrypting using a recovery key….

Read More Read More

Natural Born MFA Killers

Natural Born MFA Killers

This blog will be about a weird MFA problem when we were enrolling devices and at the same time configuring MFA. The user in question already had the company  and Authenticator app installed on their IPhone. We were very glad, because it can really save some time. It’s obvious MFA needs to be required when devices need to join Azure Ad. We handed out the surface, so the user could complete the steps to configure Windows Hello and setting up…

Read More Read More

The red screen before Christmas

The red screen before Christmas

Using Autopilot will give you a lot of benefits, especially when combining it with White Glove.  When you have got new devices, you are good to go but when you want to enroll existing “older” devices into Autopilot White Glove you can run into some problems. When we were enrolling a lot of new devices at a customer site no problems were encountered, because we previously enrolled them with Autopilot White glove. After our work was done, the customer asked…

Read More Read More

Fantastic MR. SSO

Fantastic MR. SSO

UPDATE 26-07-2021 I noticed I did not explained how important the PRT is… so I added it!. UPDATE 22-05-2021 After we configured Azure Ad Hybrid for a new customer in our multi-tenant AD because they needed SSO and we don’t want to use ADFS, I decided to update my blog about it. It was missing some important and background information. This blog will be about what kind of problems you can run into when you have multiple customers inside one…

Read More Read More

Company App: Unchained

Company App: Unchained

In this blog I will give you my opinion on how I prefer apps to be deployed. When deploying a zero-trust modern workplace you need to make sure your users are not members of the local admin group. Take a look at my blogs if you want to make sure a user is never a local admin. When your users are no local admin anymore, you can implement an AppLocker policy to make sure your devices are secure. But here…

Read More Read More

The chronicals of Win32 App installations: The RunOnce key, Onedrive and Adminless

The chronicals of Win32 App installations: The RunOnce key, Onedrive and Adminless

This blog will be about some weird RunOnce behaviour when your brand new Win32 App failed installing with out some proper error code. This week, a customer asked me to push their Nuance Dragon speech software to some specific devices. I guess I am a nice person, so I immediately created a new Win32 App with some parameters. To start testing, it’s always recommended to have a dedicated M365 test tenant for testing purposes with some test virtual machines. I…

Read More Read More

Web Content filtering: The final chapter

Web Content filtering: The final chapter

Starting with Microsoft 365 business is an excellent idea. It contains almost everything you need for a secure modern workplace.  With almost everything I mean you’ll be missing out on some great features contained within the Microsoft E5 license. The biggest example would be Microsoft Defender for endpoints, it also has some addons like web content filtering. I can imagine for the SMB, Microsoft E5 might be too expensive for now. The price difference between a Microsoft 365 Business premium…

Read More Read More