Browsed by
Category: Powershell

Close Encounters of Fiddler

Close Encounters of Fiddler

*The power of combining Fiddler and PowerShell. Did you ever wonder how to automate Office365 deployment? It’s a lot of work to configure conditional access, device configurations, update settings and compliance settings manually… and we haven’t even talked about the risk of human error. For all these worries and concerns automation is your solution. *How does it work? First, we need Fiddler and PowerShell. Download and install Fiddler, don’t forget to configure the SSL decrypt settings and open the Intune…

Read More Read More

The chronicals of Win32 App installations: The RunOnce key, Onedrive and Adminless

The chronicals of Win32 App installations: The RunOnce key, Onedrive and Adminless

This blog will be about some weird RunOnce behavior when installing applications. This week, a customer asked me to push their Nuance Dragon speech software to some specific devices. I guess I am a nice person, so I immediately created a new Win32 App with some parameters. To start testing, it’s always recommended to have a dedicated M365 test tenant for testing purposes with some test virtual machines. I enrolled a new virtual Windows 10 and waited until the application…

Read More Read More

The book of Non-Managed Shared Devices

The book of Non-Managed Shared Devices

This blog will be about what options you have when you got a lot of non-managed shared devices that need to run the Teams desktop app. Imagine the next scenario:  Just right before the first Covid19 wave, a company made the decision to transform their organization to a modern zero trust company. Before this decision was made, everyone was working on a remote desktop cluster which was placed inside a datacentre and none of their (shared) on-premise devices were managed….

Read More Read More

The Conditional Access Experiment

The Conditional Access Experiment

Some time ago I was inspired to check something out.  Of course, almost all schools are working with Teams nowadays and so is my son’s school. After installing teams and logging in with my son’s office365 account, I was asked the famous question if I’d wanted to “allow my organization to manage my device”. Okay… So the school allows anyone to register a device to their tenant? I guess the school has a lot of devices to manage. If it…

Read More Read More

Remote Wipe: The Next level

Remote Wipe: The Next level

The power of remote wiping your device is great to have. When your devices are configured with Autopilot, a remote wipe will make sure your devices will return to factory defaults and will begin to enroll your device with all that’s configured in Intune. Transforming to a zero-trust modern workplace will require some work. You’ll need to setup Autopilot, collect the hardware hashes, remote wipe, and reset the device to let it enroll in Azure Ad with autopilot. But how…

Read More Read More

Birds of Printer drivers

Birds of Printer drivers

Implementing adminless can be hard, especially when a user is accustomed to the possibility of installing printers on their own. To take away some of this trouble of introducing adminless, you can give your end-users the possibility to install printer drivers on their own. Of course, Printix or Microsoft Universal Printer are better solutions when you have some “static” printers. But for the frontline workers, who suddenly may need to use a printer somewhere, this solution can come in handy….

Read More Read More

Fantastic PowerShell and where to find the CA Rules

Fantastic PowerShell and where to find the CA Rules

Automating your tenant deployment is crucial in preventing human mistakes. This is one example from my own experience when working in the field with PowerShell and JSON. When automating your conditional access deployments as I did, you can run into some very weird situations… So, what did I do? I fired up a PowerShell session from a special Win10 VM (created for deployments) and logged in with my admin user within the customer (test)tenant WVDCLOUD: admin@wvdcloud.nl. I checked once again…

Read More Read More

Thank you for Application Guard for Office apps.

Thank you for Application Guard for Office apps.

In this blog, I will show you, how to start testing with Application Guard for Office apps. To make sure Malware can’t get their foot in the door, you have to protect your endpoint. Hardening your Office apps is the first step. Some time ago Microsoft created the possibility to isolate your Office app documents you open from an untrusted location… First you have to meet the minimum software and license requirements Windows 10 Enterprise edition, Client Build version 2004…

Read More Read More

The Fellowship Of Group Labeling

The Fellowship Of Group Labeling

Labelling your data with sensitivity labels is the way to go. Confidential data within your organization needs to be labelled with a proper sensitivity label. You can do this manually or automatically. But there is more, labelling your teams/Microsoft 365 groups itself is the next best thing. There are 3 options you can define, when setting up your Sensivity group labels. Setting your team privacy Allowing external users Non-compliant settings: You shall not pass(block access), full access and limited access)…

Read More Read More

Basic Authentication and the Last Crusade

Basic Authentication and the Last Crusade

In this blog I’ll show you a new option to disable basic authentication protocols. Like most of you probably know, Microsoft is going to disable basic authentication for ActiveSync, PowerShell, Exchange Web Service, POP3 and IMAP4. You should especially disable POP3 and IMAP basic authentication as soon as possible. Of course, implementing conditional access rules is the way to go. Read my other blog to learn how to automate your conditional access deployment. When not having the proper licensing for…

Read More Read More