Browsed by
Category: Device Enrollment

Remote Wipe: The Next level

Remote Wipe: The Next level

The power of remote wiping your device is great to have. When your devices are configured with Autopilot, a remote wipe will make sure your devices will return to factory defaults and will begin to enroll your device with all that’s configured in Intune. Transforming to a zero-trust modern workplace will require some work. You’ll need to setup Autopilot, collect the hardware hashes, remote wipe, and reset the device to let it enroll in Azure Ad with autopilot. But how…

Read More Read More

Managing Apps in the Microsoft Store.

Managing Apps in the Microsoft Store.

The Microsoft Store. An ideal place to download Spotify/Netflix on a Company Owned device. Of course, you want to block this. There are several ways to block the Microsoft Store so it can’t be accessed at all. But why not only allowing certain Apps, so only Microsoft Apps or Company apps can be installed/opened. The best option is to make sure only your Private store is available. It only requires a CSP to do so. ./User/Vendor/MSFT/Policy/Config/ApplicationManagement/RequirePrivateStoreOnly But, looking at the…

Read More Read More

Intune auto MDM enrollment for devices already Azure AD joined

Intune auto MDM enrollment for devices already Azure AD joined

Today I spend some time to enrol existing azure ad joined devices into Intune. These devices were azure ad joined without Intune enabled/configured. There are 2 ways to make sure the device will be registered in intune Group Policy:  Computer Configuration > Administrative Templates > Windows Components > MDM. 2. Registry: Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\MDM]“AutoEnrollMDM”=dword:00000001“UseAADCredentialType”=dword:00000001 When you apply these changes. You will notice a new Task is being created in the task scheduler. Give it some time… and…

Read More Read More

How to deploy HKCU registry changes while blocking powershell.

How to deploy HKCU registry changes while blocking powershell.

Microsoft just released an update to Intune. The old GPO’s structure is back. But it is still missing settings… Sometimes you really want to push a simple hkey_current_user setting. Normally that is not a problem when you are NOT blocking PowerShell 🙂 . But my opinion.. not blocking PowerShell for the non-admins is a no go. Because malware/cryptoware/privilege escalation uses most of the time Powershell. And a normal user.. does not need access to PowerShell (except for loading scripts 🙂…

Read More Read More

Remove all Local Admins!!

Remove all Local Admins!!

A while ago i posted a linked message to ask for the differences between a normal Azure Ad join and the famous Autopilot function. Of course I know the differences… but I wanted to start a conversation. Because most of the benefits of autopilot, I think you can the same with a regular Azure Ad join. To start with one of the benefits: Removing the local admin. This is certainly a thing you have to make sure of this is…

Read More Read More

My first blogpost :)

My first blogpost :)

I have been thinking a lot about creating a website and to start blogging. The time is now. This a video (in dutch…) how I configured one of my test office365 tenants. The setup of this tenant took about a half-hour. Below the video are some details of what I have done in about a half-hour (after waiting a long time for the Microsoft 365 Business License to be activated on the tenant) Some stuff I had to do manually….

Read More Read More