I'm excited to see the new Security Baseline version is finally available in Intune. Version 23H2 for Windows 10/11. This is a quick look at the policy and useful details on migration to the new policy. What you will see in the Security Baselines nowWhat's Available in Version 23H2Some Notable SettingsMigrating from an older BaselineIf … Continue reading How to Change Intune Security Baseline Policy to Version 23H2?
Tag: Microsoft Intune
How to Use Intune to Create a Dell BIOS Config Profile?
Creating BIOS Configs and ingesting it during the imaging process is a tad bit old school when you think about moving to newer technologies that can do the same. Microsoft Intune recently introduced the BIOS Config Profile as a template in Intune. At this stage, DELL devices can be set up with this. At the … Continue reading How to Use Intune to Create a Dell BIOS Config Profile?
Why Does Group Policy Analytics Matter In Microsoft Intune?
"We never know what that GPO really does", and "The person who created this GPO is not in the business anymore". Sounds familiar? Most of the businesses that have a Microsoft ecosystem and who have been using AD/ GPO for a long time always have stories to tell about the Group Policies. This blog is … Continue reading Why Does Group Policy Analytics Matter In Microsoft Intune?
Microsoft Intune Enterprise App Catalog is Here!
As announced in Microsoft Ignite 2023, the latest addition to the Intune Suite features the Enterprise Application Management and it's Enterprise App Catalog is finally GA as of today. This will remove a lot of hassle that the Device Management Admins need to go through in re-packaging apps in to a .intunewin file and adding … Continue reading Microsoft Intune Enterprise App Catalog is Here!
How a Synthetic Registration in Entra ID Can Protect the Devices ASAP with Defender for Endpoint?
One of the popular queries I have got by working with many customers for their Defender for Endpoint deployment projects is We need the Defender Security Policies to be assigned and working as soon as the device is onboarded to MDE.Having Onboarded to MDE, if and when Intune enrollment and Device Registration in Entra ID … Continue reading How a Synthetic Registration in Entra ID Can Protect the Devices ASAP with Defender for Endpoint?
Device Hardening with Intune Security Baseline for Windows Policy
The word on the street is not "If I get hacked" but "when I will get hacked" and securing your infrastructure starts from your end users and devices and hardening those devices that the users use every day has never been so important. Security Baseline policy for Windows 10 and later. This is one of … Continue reading Device Hardening with Intune Security Baseline for Windows Policy
From ConfigMgr to Fully Intune Managed in 2024. Let’s Make That a Reality
If you have Config Manager today and if you are thinking or planning on moving the devices and the workloads to Intune, this article is for you. If you are in that state today, chances are you have a stable (or near stable) method of managing the devices, patch updates, and GPOs. Moving the capabilities … Continue reading From ConfigMgr to Fully Intune Managed in 2024. Let’s Make That a Reality
Infographic – Migrate MFA and SSPR Policies to the Converged Authentication Methods Policy
Some useful URLs apart from the below infographic: ❤ Microsoft Learn doc converged-authentication-methods-policyDownload
6. Windows Autopatch – Release Management, Reports and Notifications
In this last section, I want to discuss Release Management, Reports, and Email and Message notifications. These are all must-know sections when you are planning on deploying Autopatch. Release ManagementWhere to find this?Windows Feature Management explainedRelease StatusesPhase StatusesRelease AnnouncementsRelease SettingsAutopatch GroupsPlanning for a New Release (Custom Release)Setting the Release PhaseNotifications - Email and Portal MessagesQuality … Continue reading 6. Windows Autopatch – Release Management, Reports and Notifications
5. Windows Autopatch – Entra ID Groups, and Policies
In this section I would like to deep dive on few things that is getting created as a part of the Tenant Enrollment. The good thing about this is that your Autopatch environment will be ready for you and ready to go when you enrolled it. Entra ID groups, Update Rings and Policies. Microsoft Learn … Continue reading 5. Windows Autopatch – Entra ID Groups, and Policies
4. Tenant Enrollment and Device Registration in Windows Autopatch
Tenant Enrollment for Windows Autopatch For the next steps of getting Autopatch to work, let's check the tenant Enrollment. Now that you have setup the prerequisites and other requirements, the enrollment will be pretty much following the bouncing ball type task. Path to enable Windows Autopatch Intune Portal > Tenant Administration > Tenant Enrollment (under … Continue reading 4. Tenant Enrollment and Device Registration in Windows Autopatch
Don’t Mess Around with MDM User Scopes – A Different Take to “Something Went Wrong 8004005” and “OOBEAADV10” Errors
Something went horribly wrong. Not the policies. Not the deployment profiles, Not the ODJ profile, not the ESP. Let me explain. Setup in a high-level Intune Connector setup Intune Connector account is licensed and the Intune admin role assigned OU delegation done Hybrid Join GPO has setup MDM Auto-enrollment GPO has set Autopilot deployment profiles … Continue reading Don’t Mess Around with MDM User Scopes – A Different Take to “Something Went Wrong 8004005” and “OOBEAADV10” Errors
How to Setup 3rd Party Device Compliance Partners in Intune for Conditional Access
While Intune and Entra ID as a whole provide industry-standard device compliance policies and conditional access policies to govern them, there might be a chance that a subset of your device fleet is managed via a different MDM. In the field when I'm talking with the customers, this is mostly because Microsoft Intune was catching … Continue reading How to Setup 3rd Party Device Compliance Partners in Intune for Conditional Access
3. Windows Autopatch Device Readiness
Existing GPOs, Registry Settings, Config Manager and MDM Settings In this section, I would like to go through some important changes required in your environment before moving to Widows Autopatch. Ideally, this comes in step 3 of the development journey - Pilot. With everything in place, you may have selected the devices that need to … Continue reading 3. Windows Autopatch Device Readiness
2. Setting up Prerequisites for Windows Autopatch
Windows Autopatch Guide Blog 2 of 7 In this section, I will look at the prerequisites that need to be setup in order to carry out a successful Windows Autopatch implementation. Minimum Windows OS Version (at the time of writing)RBAC SetupLicenses for AutopatchNetwork ConfigurationDevice ManagementWrapping Up Minimum Windows OS Version (at the time of writing) … Continue reading 2. Setting up Prerequisites for Windows Autopatch
How to Enable the New Security Settings Management Feature in Defender Security Portal
In Public Preview at the time of the writing. This is a much-needed feature I believe. Also in most of the IT departments due to the tasks being segregated among different admins, most of the time it is a team game and you need 2 different admins (Intune Administrator and a Security Administrator) to collaborate … Continue reading How to Enable the New Security Settings Management Feature in Defender Security Portal
🎙️MS EMS Community Podcast EP04
https://www.youtube.com/watch?v=XWvXVCIUm2c In this episode, myself along with Jonas Bøgvad , Andrew Taylor MVP, Lewis Barry and Eric Woodruff, CIDPRO discusses about,⚡️Intunemaps.com and the thought process behind that⚡️An in-depth look at AAD App Registration⚡️An in-depth look at the PRT⚡️MFA Number matching⚡️FIDO and Security
Configure Intune Built-In Roles Using Azure AD PIM for Groups
The perfect Azure AD, Intune combo does not exi..... Some time ago I wrote about Azure AD PIM for groups and its usages. This came to light a few days ago in Microsoft Tech Community as an article and I thought I will give my touch to it. What is it and Why Does This … Continue reading Configure Intune Built-In Roles Using Azure AD PIM for Groups
Intune Policy Assignment Basics
The easiest step in any policy creation. Yet there is a possibility that the policy assignment to end up with errors. I want to discuss that in this article. We have our policy created with all the settings and we are pretty happy with it. The next step is assigning it to one of the … Continue reading Intune Policy Assignment Basics
Intune Remote Help – From Zero to Hero
This is a comprehensive guide to Intune Remote Help. Hope you find this useful. Remote Help BenefitsRemote Help License RequirementsNetwork ConsiderationsConfigure Remote Help App in IntuneRemote Help Win32 App DeploymentFirewall Rules ConsiderationsRBAC - Assign Users to roleCreate a new RBAC Permission RoleCreate The Conditional Access Policy for the Remote Help AppHow to UseInitiating Chat in … Continue reading Intune Remote Help – From Zero to Hero
EMS Route 