Microsoft MVP & Security Intelligence
Showing 160 of 160 articles
Upcoming changes to system preferred authentication in Microsoft Entra may impact the login experience for your end users. The post System-Preferred Authentication is Coming to the First-Factor Login Screen appeared first on Our Cloud Network.
A large-scale npm supply chain attack compromised over 90 versions of @redhat-cloud-services packages, silently infecting CI/CD environments and developer systems. The malicious code steals credentials from GitHub, cloud platforms, and local machines, then spreads like a worm by…
Save your spot and tune in for a brand-new Intune edition of Tech Community Live! Whether you need help with your cloud-native management strategy, tackling Windows Autopilot and enrollment challenges, strengthening security and compliance, or trying to gain better visibility…
This AMA is designed for IT teams looking to cut through the noise and gain clearer insight into what’s really happening across their device estate.You can’t secure or manage what you can’t fully see. As organizations support more users, more device types, and more ways of…
Security and compliance aren’t standing still—and neither is Intune. With new features, enforcement changes, SDK requirements, and evolving security expectations arriving at a rapid pace, IT teams are under constant pressure to stay current without disrupting productivity or…
Moving to Intune isn’t just about replacing legacy management tools; it’s about rethinking how devices are deployed, secured, and managed in a cloud-first world. But where should you start? How do you avoid recreating old processes that add complexity, slow down users, or limit…
Join this Ask Microsoft Anything (AMA) to dive into the real-world deployment scenarios organizations are navigating every day.A successful Intune deployment is about more than getting devices enrolled. You want a reliable, secure, and frustration-free experience from day one…
Microsoft Scout is integrated across the Microsoft 365 apps you use every day, keeping it grounded in your flow of work. The post Introducing Microsoft Scout: Your always-on personal agent appeared first on Microsoft 365 Blog.
Discover how Microsoft enables fast, secure AI development with MDASH and new security capabilities. The post Microsoft Build 2026: Securing code, agents, and models across the development lifecycle appeared first on Microsoft Security Blog.
Work IQ is a new intelligence layer for Microsoft 365, designed to understand how work gets done across your organizations. The post Announcing the new Work IQ APIs appeared first on Microsoft 365 Blog.
Discover how Microsoft's new pay-as-you-go SharePoint storage meter (MC1330893) changes overage billing. Learn how to opt in, manage costs, and scale flexibly. The post Microsoft Introduces Pay-As-You-Go SharePoint Storage Meter appeared first on Our Cloud Network.
Most Intune enrollments aren't Intune Problems.
Welcome to the June edition of our monthly newsletter, summarizing the latest news and developments in the exciting, ever-evolving world of Microsoft Entra. What went into General Availability (GA) since May 2026? Enable Phish‑Resistant MFA for Linux Desktops with Microsoft…
Discover the new Microsoft Entra device soft-delete feature in public preview. Learn how to view and restore deleted devices using the portal or PowerShell. The post How to restore devices deleted in Microsoft Entra appeared first on Our Cloud Network.
A dependency confusion campaign leveraged 33 malicious npm packages to collect reconnaissance data from developer and build environments. This report details the attack chain, observed tradecraft, and detection opportunities to help organizations identify and disrupt related…
Microsoft is named a Leader in the 2026 Gartner® Magic Quadrant™ for Endpoint Protection. The post Microsoft is named a Leader in the 2026 Gartner® Magic Quadrant™ for Endpoint Protection appeared first on Microsoft Security Blog.
Claude Opus 4.8 is now available in Microsoft Foundry, giving developers and enterprises access to Anthropic’s most capable Opus model for coding, agentic tasks, and professional work. The post Claude Opus 4.8 is now available in Microsoft Foundry appeared first on Microsoft…
undefined
Welcome back everyone, a shorter week this week and I think everyone is out enjoying the weather because it’s a very short newsletter too! Still, quality over quantity, it’s all worth checking out! Community Content Video Content Microsoft Content Community Content We start this…
HelloWhen the user logs in to a device for the first time and launches Edge, the following splash screen appears, even though we have created the Intune configuration below, which is intended to prevent this. We have following Intune configuration: Why does the splash screen…
The Mini Shai-Hulud campaign used malicious npm packages to target cloud and CI/CD credentials across developer environments. This report details the attack chain, detection opportunities, and mitigation guidance to help organizations identify and disrupt related activity. The…
Whether it's Android app deployment, identity setup on macOS, certificate authority renewal, or faster compliance evaluations, the throughline is the same: less friction for the IT admins doing the work. More control over how admins manage and protect Android devices A device…
On July 1, we're introducing new Microsoft 365 SKUs with Copilot built-in, designed to fit into the way small businesses already work. The post Introducing Microsoft 365 Business with Copilot: The new standard for small business appeared first on Microsoft 365 Blog.
We’ve redesigned the Copilot app and how Copilot shows up across Microsoft 365 apps to better move with it: cleaner, faster, and in the flow of your work. The post Introducing a new design for Microsoft 365 Copilot appeared first on Microsoft 365 Blog.
Microsoft Threat Intelligence presents a comprehensive analysis of The Gentlemen, a Go-based ransomware deployed by affiliates of Storm-2697 that combines per-file ephemeral key encryption with an aggressive self-propagation module to deploy itself across an entire network using…
I'm having trouble accessing macOSWiFiConfiguration policies. They are completely inaccessible via the Intune admin portal (no actual data is displayed) and the Microsoft Graph API. When using Graph (/beta/deviceManagement/deviceConfigurations or with policyId) an…
Hi everyone,We are currently evaluating Microsoft Entra ID Governance as a potential replacement for Saviynt for SAP-focused IGA requirements across a mixed SAP landscape, including:SAP SuccessFactorsSAP ConcurSAP S/4HANA Private CloudOther SAP SaaS and enterprise applicationsI…
Microsoft exposes a cryptojacking campaign using SEO poisoning and ScreenConnect to target high-performance PCs, with malicious sites also surfaced through AI chatbots. The post From poisoned search results to GPU mining: A cryptojacking campaign abusing ScreenConnect and…
Learn what’s new in Copilot Studio, May 2026: computer-using agents are now generally available, plus redesigned workflows and Work IQ extensibility. The post New and improved: Computer-using agents, a new workflows experience, and real-time voice experiences appeared first on…
As organizations grow, so does their tenant footprint. Over time, tenants created for acquisitions, development projects, regional operations, or partner collaboration can fall outside central IT visibility, creating what many security teams now refer to as shadow tenants. One…
The Intune Management Extension is doing a lot more than most people give it credit for. That is why Intune Management Extension Release Notes make sense: when the local SideCar/IME […]
Compare directly assigning Graph API permissions to Entra Managed Identities versus using Workload Identity Federation with an App Registration. The post Direct Managed Identity or Federated Managed Identity? appeared first on Our Cloud Network.
With Cilium-based cross-cluster networking, we are delivering a managed, high-performance network that can span your entire fleet. The post Powering multi-cluster workloads with seamless cross‑cluster networking for Azure Kubernetes Fleet Manager appeared first on Microsoft…
Microsoft has been recognized as a Leader in The Forrester Wave™: Workforce Identity Security Platforms, Q2 2026, receiving the highest scores in both the current offering and strategy categories. The post Microsoft recognized as a Leader in The Forrester Wave™ for Workforce…
A multi-stage attack on Linux devices began with an exposed F5 BIG-IP edge appliance and pivoted to an internal Confluence server for credential theft and identity compromise. Learn how the threat actor attempted Kerberos relay and lateral movement, and how Microsoft Defender…
How Frontier firms secure AI at scale: read how Microsoft customers embed governance, identity, and cloud security to make protection an enabler of AI growth. The post Microsoft Security success stories: How St. Luke’s and ManpowerGroup are securing AI foundations appeared first…
Azure NetApp Files is redefining what’s possible for EDA in the cloud—delivering scalable, high-performance storage that supports massive concurrency, low latency, and consistent production performance. With independent benchmark validation and real-world adoption, organizations…
It’s that time again, another week has flown by and I’m back again with this weeks treasure trove of Intune content! Community Content Video Content Microsoft Content Community Content We start this week with a new portal (plus PWA) from Sebastian F. Markdanner with a custom…
Hello all!We have an organization with about 12,000 Windows 11 Workstations. I'm noticing that even though install deadline is set, and updates are allowed to be installed before install deadline hits, we are noticing in Software Center that updates say "will install after…
Hi everyone, I've been stuck on this for a few days and would really appreciate some guidance from anyone who has dealt with cross-app silent SSO using MSAL.js v5. Here's the setup. We have 3 separate Next.js applications all belonging to the same organisation, all registered…
Hey all,Looking for some opinions from others managing BIOS and Drivers on enterprise environments.We’re considering pushing BIOS/firmware updates monthly across our Windows 11 fleet using Intune, but it feels a bit too aggressive.Is anyone actually doing BIOS updates this…
Performance in the cloud is no longer defined by individual resources—it’s shaped by how compute, storage, and networking work together. Azure IaaS takes a system-level approach to help organizations achieve consistent, scalable performance across AI, cloud-native, and…
We are excited to announce the general availability (GA) of Entra-Only identities for Azure Files SMB. With native Microsoft Entra ID authentication, organizations can now grant secure, identity-based access to SMB file shares using cloud-native-only identities. The post Azure…
This blog exposes the gap between what Intune shows as Last check-in (last sync) and what the device is actually capable of once the MDM certificate has expired. Please note: […]
By Iris Yuning Ye, Product Manager – Microsoft Intune & Justin Ploegert, Principal Product Manager – Microsoft Entra A new setting ‘Enable Registration During Setup’ for Platform single sign-on (PSSO) during Automated Device Enrollment (ADE) is now generally available for…
Hi AllI hope you are well.Anyway, the YellowKey BitLocker Exploit has came to my attention.We already have automatic / silent BitLocker encryption enabled.So, is there anything we should be doing (preferably via Intune) to mitigate this new exploit? SK
Getting new devices into users’ hands quickly while maintaining strong identity and compliance has always required a careful balance. IT admins need streamlined deployment workflows, while end users expect a frictionless experience from the very first sign-in. Today, we’re…
This blog will show you all the information you need to know about the new Intune Sync Debug Tool. Which can be downloaded here: call4cloud-code/Intune-Sync-Debug-Tool-V2: Intune Sync Debug Tool V2 […]
Can you believe another week has passed already! The year is absolutely flying by, it would be nice if the weather caught up though. Still a lot of excitement around the new device view and App catalogue in Intune, you may spot a theme in this weeks content. Community Content…
Many organizations continue to depend on Microsoft Identity Manager (MIM) 2016 for scenarios that are not easily replicated elsewhere, such as: Synchronization across multiple directories and forests: Complex attribute flows and identity correlation logic Management of custom…
Hi,How can I allow a user with the "Access package assignment manager" role assigned only to a single catalog to manage access package assignments when "Restricted access to Microsoft Entra admin center" is set to Yes?I do not see any option to manage assignments through the…
In the first version of the IntuneWin Downloader, the goal was simple: Download IntuneWin content from Intune and recover the original Win32 app source files when they were no longer […]
Microsoft Entra forces the move to Passkeys. New Registration Campaigns automate the eviction of passwords for a phishing-resistant future. Read more. The post Registration Campaigns Now Include Passkeys in Microsoft Entra appeared first on Our Cloud Network.
PostgreSQL has become foundational to how modern applications are built. It powers everything from early‑stage startups to some of the most demanding production systems in the world. Its longevity isn’t accidental, it’s the result of decades of engineering discipline, community…
Hi,I used the InTune prep tool to bundle the Amazon DCV client. Everything seems to work correctly, bundle created and it uploads well. When I use the company portal to install, it looks like it pushes\installs properly but the DCV client does not run on the laptop after…
We use Microsoft Intune to manage our iOS mobile devices.To achieve the highest possible level of efficiency, we use PowerShell as a supplementary tool for administration.Since our devices may contain two SIM cards, it is important for us to be able to read this information in…
A while ago, I wrote about something interesting that showed up in the Intune “In development” documentation. Microsoft mentioned new Maintenance Window settings for OS updates, drivers, and updates in […]
Secure your M365 tenant by stopping Global Admin sprawl. Discover expert best practices for PIM, least privilege, and break-glass accounts. The post How Many Global Admins Should I Have in Microsoft 365? appeared first on Our Cloud Network.
Up until today, Autopilot enrollment which included Company Portal from the Microsoft Store (NEW) was successful. Starting today, the same enrollment workflow with similar hardware is failing to install Company Portal, reporting an error code of 0x87D1041C ("The application was…
Together, Microsoft and SAP are helping enterprises transform operations, decision-making, and innovation at scale on Azure. The post Advancing enterprise AI: New SAP on Azure announcements from SAP Sapphire 2026 appeared first on Microsoft Azure Blog.
We have a device compliance policy for all cloud apps. We would like to allow personal (BYOD) devices to be able to connect to Windows 365 Cloud PC. In the sign in logs we see the failures for application "Windows 365 Client" app id 4fb5cc57-dbbc-4cdc-9595-748adff5f414. We can't…
Microsoft and Red Hat show how Azure Red Hat OpenShift powers modernization and production AI with secure, scalable enterprise governance. The post Red Hat Summit 2026: Platform modernization and AI on Microsoft Azure Red Hat OpenShift appeared first on Microsoft Azure Blog.
High assurance identity verification is no longer limited to regulated industries or edge cases. It is increasingly becoming a baseline requirement for scenarios like remote onboarding, account recovery, and access to sensitive resources. Microsoft tracks over 600 million…
See what's new in Copilot Studio, April 2026: updates to workflows, increased control over agent operations, and an expanded agent usage estimator. The post New and improved: Agent governance, intelligent workflows, and connected app experiences appeared first on Microsoft 365…
To avoid gaps in protection, organizations need to fully deploy and scale core identity protections–from phishing-resistant authentication to Conditional Access policies to risk remediation and resiliency–across cloud and hybrid deployments. That’s why we’re launching the Secure…
AI is reshaping application development. Explore key trends from Cosmos DB Conf 2026 and how teams are building scalable, AI-native applications with Azure Cosmos DB. The post Build AI apps with Azure Cosmos DB: Key trends from Cosmos Conf 2026 appeared first on Microsoft Azure…
I have a question about passkeys in the Authenticator app regarding attestation in connection with QR code-based cross-device sign-in. When we register a passkey with attestation enabled in the Authenticator app, it can be used to complete the sign-in process on another device…
In this blog, we will look at something new coming: Controlled Configuration for Microsoft Defender antivirus settings. It sounds like another Defender setting at first, but the pieces already sitting […]
We identified an upgrade issue with the early March release of Microsoft Tunnel version 20260129.1 that caused servers to become stuck and unable to complete the upgrade. The issue can be resolved by uninstalling and reinstalling the server to a newer version (20260330.1 or…
Welcome to the May edition of our monthly newsletter, summarizing the latest news and developments in the exciting, ever-evolving world of Microsoft Entra. What went into General Availability (GA) since April 2026? Network content filtering by file type in Global Secure Access -…
Welcome one and all and greetings from Denmark where I am currently in the office planning what exciting things we are adding to Tenant Manager and Robopack next! Yesterday I was at the excellent EUCTech event at Legoland, was great to meet some of you there. I wonder how many…
Every year, World Passkey Day gives us an opportunity to reflect on how far we’ve come in moving beyond passwords—and how much further we still need to go. Billions of accounts are protected by passkeys worldwide. At Microsoft, hundreds of millions of people use passkeys every…
Entra, previously known as Azure Active Directory, is Microsoft's Identity Management-as-a-Service solution, offering seamless access, easy collaboration, efficiency in IT processes and improved security and compliance. In its Release Notes for Entra ID and in the Message…
In our previous post, we introduced Microsoft Entra Tenant Governance and how it helps organizations secure and manage multi-tenant environments at scale. Today, we’re excited to announce that the Tenant Configuration Management (TCM) APIs are now generally available, providing…
A new identity inflection point If you’ve gotten past the headline to this first sentence, you’re probably my kind of people. You’re probably a professional in the world of IAM (Identity and Access Management) who’s looking after their own enterprise; and you may even have…
Recently, my team and I met with customers across several industries including finance, retail, telecommunications, and the public sector regarding the topic of agent adoption. During our time with them, several key themes bubbled to the surface. While AI agent adoption is…
As organizations adopt cloud applications, hybrid work, and distributed teams, many are re-evaluating how users securely access applications and data. Secure Access Service Edge (SASE) has become a common starting point for these conversations, but for many teams, understanding…
As demand for cloud and AI grows, Microsoft is expanding Azure across Europe to deliver scalable, resilient infrastructure that supports innovation, compliance, and performance. The post Scaling cloud and AI: Microsoft Azure’s commitment to Europe’s digital future appeared first…
On Wednesday May 20, 2026, I’m co-presenting at KNVI’s 'AI-IT Impact' event Dutch at Nest in Amstelveen Dutch. Fellow speakers Raymond Comvalius, Tom Dalderup and Erwin Derksen are my co-presenters for this day to answer the question: What happens if AI is just running in your…
Microsoft Entra ID to enable App Instance Lock by default for new apps in June 2026 to secure sensitive properties. The post App Instance Lock enabled by default for new applications appeared first on Our Cloud Network.
Today, we’re announcing additional capabilities in Cowork to expand on what it can make possible for you. The post Copilot Cowork: From conversation to action across skills, integrations, and devices appeared first on Microsoft 365 Blog.
As AI and agents take on more of the execution, people have more agency than ever to unlock their ambition, direct what gets done, and own the outcomes. The post Microsoft 365 Copilot, human agency, and the opportunity for every organization appeared first on Microsoft 365 Blog.
Hi, all of a sudden Intune chaanges its behavior. I have a policy in place that sets persistent browser session. On the device filter tab I excluded devices with this syntax:device.trustType -eq "ServerAD" -or device.deviceOwnership -eq "Company" Starting last week I have to…
One theme is crystal clear across the security industry: AI is transforming security, and security must transform with it. Organizations everywhere are embracing generative AI to boost productivity and accelerate innovation. But with this rapid adoption comes new challenges that…
Microsoft Agent 365 helps you take control of agent sprawl as your control plane to observe, govern, and secure agents and their interactions. The post Microsoft Agent 365, now generally available, expands capabilities and integrations appeared first on Microsoft 365 Blog.
Welcome back and it was great to meet many of you at MEM summit last week. Next week I’m off again to EUCTech at Legoland so if the newsletter is slightly late, I’m probably still building Lego models! If any of you have not bought a copy of my second edition of the Intune…
Effective identity governance often starts with a simple question: who has access? Today, I am happy to introduce account discovery with Microsoft Entra ID Governance, a new capability designed to close this visibility gap from day one. As organizations connect SaaS and…
Troubleshooting stories from the field are the best. That’s why I like writing them down. Although, sometimes they might appear as straight cases of schadenfreude, I feel there are lessons to be learned for anyone, if you’re willing to look closely and listen carefully. This…
When a device suddenly shows the full Out-of-Box Experience (showing privacy screen/region/etc), most administrators come to the same conclusion. The Autopilot profile did NOT apply, so the device must NOT […]
Learn why you should stop using third-party applications which use insecure authentication methods in Microsoft Entra. The post Why you should stop using third-party apps with poor authentication appeared first on Our Cloud Network.
Welcome back! This weeks newsletter is coming live from MEM summit in Paris where is has been so good to meet so many of you. In fact, as you are reading this I will be speaking at my second session. It’s quite a lightweight edition this week, probably because so many people are…
Organizations rely on Microsoft Entra to secure access in an ever-changing identity threat landscape without sacrificing workforce productivity. As organizations adopt advanced identity and access capabilities, IT teams often need greater transparency into how those capabilities…
From first draft to final polish, Copilot acts as a true collaborator, taking action while you stay in control. The post Copilot’s agentic capabilities in Word, Excel, and PowerPoint are generally available appeared first on Microsoft 365 Blog.
Stumbled on a tenant with 'JOIN' available for all users. Haven't worked with this much - most tenants I see only have registration. But then I noticed the horrifying 'Registering user is added as local administrator on the device during Microsoft Entra join' option was ALSO set…
Everything that depends on instant device actions (such as remediations) in Intune relies on Windows Push Notifications, and that is where troubleshooting goes blind. The Windows Notification Services (WNS) gives […]
Microsoft Entra adds the new AI Reader role for Microsoft 365 Copilot. Learn why it's a privileged role and how it should be used. The post New AI Reader Role Added to Microsoft Entra appeared first on Our Cloud Network.
It’s a fairly quiet newsletter this week, I imagine a lot of people are finalising sessions for MEM summit in Paris next week and the MVPs are rapidly getting their renewals ready. Still some excellent content here though! Community Content Video Content Microsoft Content…
Entra Passkey Registration Campaigns are delayed. Learn why the Enabled state is paused, when the Managed state begins, and how to drive passkey adoption today. The post Microsoft Entra Passkeys: Registration Campaign Delays Explained appeared first on Our Cloud Network.
A while ago, I wrote about hotpatch updates and why the story felt a bit too clean. Fewer reboots, faster security fixes, less disruption. On paper, it is hard to […]
Whilst it has been a shorter week, it feels like it has been busier than usual, but we have had some exciting news with the merger of Software Central and Robopack! Only a couple of weeks until MEM summit in Paris too, hopefully I’ll see some of you there. Community Content…
Entra, previously known as Azure Active Directory, is Microsoft's Identity Management-as-a-Service solution, offering seamless access, easy collaboration, efficiency in IT processes and improved security and compliance. In its Release Notes for Entra ID and in the Message…
The moment the IME version 1.101.105.0 was released, and the IME stopped responding completely, with no new logs being written, I knew where to look. Microsoft needed a way to […]
Jay Gundotra has invited me on stage of the Microsoft 365 Community Conference to present on Entra and Microsoft 365 Governance solutions. As the virtual Product Owner for ENow App Governance, I'm joining him, and of course I'm inviting you all to join me for this session. About…
Can you believe it’s April already (although I wish someone would tell the weather that!). After a fun-filled week at Microsoft MVP summit last week, it’s now back to normality for a few weeks before I’m off to Paris for the MEM Summit. No Tech Takeoff this week, but plenty of…
Raymond Comvalius and I featured in an interview with Sean Deuby, Principal Technologist Americas at Semperis, for the Hybrid Identity Protection Podcast on Entra app sprawl. About the Hybrid Identity Protection Podcast The Hybrid Identity Protection (HIP) Podcast is the premier…
Welcome to a slightly delayed newsletter, I am currently on site at Microsoft learning loads of exciting new things which I can’t tell you about, but it will all be worth the wait. So great to catch up with all of the MVPs and the incredible Microsoft staff, thank you to…
Microsoft Entra Connect Sync version v2.6.3.0 addresses an issue where auto-upgrade would halt synchronization. What's Fixed Microsoft addressed a known issue in Entra Connect Sync v2.5.190.0 and v2.6.1.0, where the Automatic Upgrades feature could stop Entra Connect Sync from…
The Dutch Microsoft Entra Community, run by fellow MVPs Pim Jacobs, Jan Bakker and Michel van Vliet and Microsoft senior product manager Stefan van der Wiele has been gaining significant traction since its inaugural meetup on February 1st, 2024. For its upcoming meetup, Raymond…
Do you know how persistent your browser session is when a Conditional Access policy is active, in which the setting Persistent browser session is set to Never persistent? I assumed that the browser session would never be persistent, like the setting says. Maybe I just thought to…
Entra, previously known as Azure Active Directory, is Microsoft's Identity Management-as-a-Service solution, offering seamless access, easy collaboration, efficiency in IT processes and improved security and compliance. In its Release Notes for Entra ID and in the Message…
Microsoft Entra Connect Sync version v2.6.1.0 builds on the application-based authentication feature. What's New Entra Connect Sync v2.6.1.0 offers three application-based authentication improvements and two other improvements: Enhanced application-based authentication logging…
Today, we’re going to have a look at an approach in converting Microsoft 365 Apps (at most people still know as the Office 365 suite) from 32-bit to 64-bit with Microsoft Intune. As an admin we can streamline the migration from the M365 Apps x32 installation to x64 using the…
Following the Hybrid Identity Protection Conference in Charleston, South Carolina in November last year, I will be presenting an updated session on Enterprise Applications and Application Registrations in Microsoft Entra on the very first European Hybrid Identity Protection…
Organizations who choose to leverage Entra's identity governance and administration (IGA) capabilities – in stead of the more mainstream SailPoint and Saviynt solutions, but perhaps as a logical successor to Microsoft Identity Manager – may notice that the Entra Provisioning…
Raymond and I have been invited as speakers for the upcoming Connect event, organized by the Workplace Ninja's User Group the Netherlands, on February 4th, 2026, at the Van der Valk Hotel in Gorinchem, the Netherlands. About Workplace Ninja's Connect Workplace Ninja's Connect…
A few weeks ago, Raymond Comvalius and I joined Erdal Ozkaya on the Sentinels Talk Show to talk about the Entra ID Security. This 45-minute discussion is now available on-demand: Watch it on YouTube Listen to it on Spotify With 50 years of combined Microsoft MVP experience,…
Today we are going to have a look at the new PowerShell script installer feature that is available since January 2026 in Microsoft Intune. It’s now possible to upload a PowerShell script as the installer instead of specifying a command line when adding a Win32 app package. A lot…
On October 15th, 2025, Darryl Baker, senior solutions architect at Netwrix, and I presented a webinar titled 'Managing Active Directory Like It’s 2003 Leaves You Exposed in 2025' with the IT GRC Forum. Active Directory and Windows Server have evolved significantly, but many…
I wrote two blog posts in the past about configuring the time zone on Windows devices with Microsoft Intune. I wrote a long time ago how to use a custom configuration policy to configure a time zone. And I also wrote a PowerShell script that configures the time zone…
Entra, previously known as Azure Active Directory, is Microsoft's Identity Management-as-a-Service solution, offering seamless access, easy collaboration, efficiency in IT processes and improved security and compliance. In its Release Notes for Entra ID and in the Message…
Entra ID, previously known as Azure Active Directory, is Microsoft's Identity Management-as-a-Service solution, offering seamless access, easy collaboration, efficiency in IT processes and improved security and compliance. In its Release Notes for Entra ID and in the Message…
While being touted as one of the more robust ways to prevent Adversary in the Middle (AitM) attacks against TLS-protected resources, for some admins, the Enterprise Certificate Pinning feature in Windows may lock out their entire organization. However, Enterprise Certificate…
Today, I share a blog post on how we can enable Kerberos authentication for cloud-only identities on Azure file shares. Azure file shares can come handy when a file share is needed from every location and working with a cloud managed device, but till a short while back we could…
Entra ID, previously known as Azure Active Directory, is Microsoft's Identity Management-as-a-Service solution, offering seamless access, easy collaboration, efficiency in IT processes and improved security and compliance. In its Release Notes for Entra ID and in the Message…
Microsoft Entra Connect Sync version v2.5.190.0 enforces the use of Connector API v2. What's Changed Microsoft Entra Connect Sync version v2.5.190.0 enforces the use of the v2 AAD Connector API. From Entra Connect Sync v2.5.190.0 onwards, using the previous V1 connector API is…
Entra ID, previously known as Azure Active Directory, is Microsoft's Identity Management-as-a-Service solution, offering seamless access, easy collaboration, efficiency in IT processes and improved security and compliance. In its Release Notes for Entra ID and in the Message…
The Hybrid Identity Protection Conference is Semperis Inc.’s event in the spirit of The Expert Conference (TEC) to bring together the leading experts in the field of Identity and Access Management. The event offers a unique opportunity to spend time with peers, whose day-to-day…
Technology is evolving fast—and that means the role of the tech professional is more vital than ever before. Microsoft Ignite is the place to meet the experts, get your questions answered, and connect with the tech community. I’ll be there, co-presenting a lab on everything…
Todays blog post is about managing Windows 365 Link devices with Microsoft Intune. I recently got my hands on a Link device as preparation for my employers Wortell Ready event. It was meant for a demo during my session about Windows 365, but if you get your hands on such a…
Two weeks ago, I visited Charleston in South Carolina to deliver a session on the 2025 Hybrid Identity Protection Conference. As I like to help my customers tackle their identity challenges, I didn't have the opportunity to spend an entire week in this lovely place. The…
Considering our Norwegian friends, Raymond and I held back on proposing any session for this year's Nordic Infrastructure Conference (NIC) in Oslo, Norway. As the Spektrum was being remodeled – especially the section that normally offers the speakers' lounge – the organization…
Today, I share a short post about an issue I recently faced when a customer wanted to perform a clean Windows 11 install on some HP ProBooks of different generations. The laptops where still running Windows 10 but they had a reason to perform a clean install using an image on…
Today we’re going to have a look at Intune compliance policies for Windows 365 Cloud PCs. Windows 365 Cloud PCs are just virtualized workplaces running a version of Windows, therefor we can and need to target Intune compliance policies to these devices. But because these are…
Today, as short post about an error I faced when I needed to configure the Intune connector for Active Directory to set up Windows Autopilot Entra hybrid join. The installation of the Intune connecter went without any issues. And the requirement for Edge WebView Runtime was also…
Last week I shared in a blog post how we can easily create ring deployment groups in Entra ID. Today’s blog post describes how we can create different update policies to deploy updates for Microsoft Defender in a managed way. Keeping Microsoft Defender up to date is critical to…
It’s been a while since I updated the Autopilot Manager solution but here we go with an update to support Windows Corporate Identifiers. Maybe a quick recap of what Autopilot Manger is. The idea is a more user friendly on-the-fly Autopilot hardware hash upload to the Intune…
I spent some time to further enhance the SyncML Viewer utility (see here to learn more about the tool). This release (Version 1.4.0) fixes some minor bugs, and added some new features. Three of them are worth mentioning here. So, I’m showing them quickly in this update post.…
To make your life easier, I’ve submitted SyncML Viewer to the official Windows Package Manager Community Repository (winget). From now on you can get it by a simple command: winget install SyncMLViewer After a quick install you can use it: You have to open a new shell as the…
Maybe you have read the previous article How to configure certificate-based WiFi with Intune already and asked how to do the same with the freshly released Microsoft Cloud PKI. Then you don’t have to wait any longer, I promised to write about it and here is the setup with…
As promised in my last post about WiFi and certificate-based authentication, I spent some time creating a new SyncML Viewer version v1.3.0. This time I would say I focused on the usability of the tool. I added a lot of features since version 1.2.0. I’m going to demonstrate a few…
I think everyone agrees about the fact that most users are working with a laptop nowadays. This means a majority of their time they are using WiFi connections to do their work. So, in a cloud era where we don’t have many on-premises services anymore, the connectivity to get…
A month ago, I published a new version of the SyncML Viewer to support MMP-C. With this release I came to the idea of integrating some SyncML requests functionality. Sending local SyncML requests to the Windows OS and letting it process the OMA DM commands and get results back.…
Quite some time ago now, I published the SyncML Viewer to monitor the MDM protocol between a Windows client device and the Microsoft MDM backend (Intune). In the meantime, Microsoft brought to life the Microsoft Managed Platform Cloud (MMP-C) and uses the so-called Declared…
New enhancements to Autopilot Manager are here. This time I focused on further optional automations of the import process based on customer feedback. Another year is gone and Autopilot Manager once again gets new features. Ironically last time I introduced new features (Evolving…
In enterprise environments, we have to deal with a lot of requirements when it comes to app management. One of the common challenges is to control the installation moment during enrollment. We already have some basic controls in place. If the Enrollment Status Page (ESP) is…
Today we are going to look under the hood of certificate requests or renewals on an MDM (Intune) managed Windows client. The environment is simple and uses a Windows client and SCEPman as the Cloud CA, which is easily set up and nothing more than an Azure App Service. It is…
It looks like getting back all the script content in Intune is of high interest 😉, soon after I published how to get back your Proactive Remediation Scripts, I got another request for the Intune Win32 Application scripts (Detection and Requirement scripts). So here we go,…
One of my blog readers kindly asked if I can provide a similar script like the one downloading all Intune PowerShell scripts for the Proactive Remediation Scripts. I’m happy to provide a modified version of my script to do exactly this. It uses the same technique as I used in my…
Today I’m going to show how we can achieve user device affinity with Intune application deployment as known from ConfigMgr. When we are going to deploy applications to users, we are independent of the user’s devices. The application belongs to a user and it can be installed or…
In a lot of Microsoft Intune environments there is often the requirement to monitor configuration changes and taking action based on changes. The most simple and common action is to send someone or a group of people an email that a policy was modified. These monitoring…
Three years ago, I coded a small utility to decode Intune Win32 Apps and wrote a blog post about it – How to decode Intune Win32 App Packages. In addition to the small Decoder utility, I wrote a short PowerShell script to parse the Intune Management Extension (IME) log file to…
A year ago, I released the Autopilot Manager to support Autopilot hash imports during Windows OOBE via an approval process (if not already familiar with Autopilot Manager, please read here Introducing Autopilot Manager first) and the solution is used by a lot of companies in the…
Microsoft Intune is great when it comes to managing Windows devices and for sure it doesn’t need to hide when it comes to mobile phones like Android phones or Apple phones. Most companies I engage with do have the majority of devices running Windows, but there is always a…
Ignite 2021 is almost over and most of the content I was hunting after is also available as on-demand sessions. So, a good time to start a blog about my impressions. In this post I will go over my highlights I captured for the Windows and Modern Management with Microsoft…
If you deliver a concept of a modern managed Windows 10 desktop managed with Intune, you take care of security settings and necessary Windows configurations. One part of the important configurations, beside security settings, are the small corporate identity things like…
This is a very small follow up post for my article about language change How to completely change Windows 10 language with Intune. I mentioned the Company Portal and the issue that it sometimes got stuck at a language. During that time I didn’t realized something very simple…
I thought it might be nice to end the year 2020 with a short collection of my most viewed blog articles in 2020. For me the number one is not a real surprise, measured on the feedback it is a real helper for many out there. My own guess would have predicted some other posts…
Autopilot Manager simplifies Windows Autopilot imports by using a small client program and an Azure app service. It provides end user feedback during import and has several modes to operate at. A self-service mode or an help desk approval mode.
As a lot of my blog readers probably know :-), I’m working a lot with Microsoft Endpoint Manager – Intune and testing a lot of things in the Modern Management approach with Windows 10. It is absolutely necessary to have a good lab setup to test all these new features in a save…
A lot of people waited for this enhancement a long time, it is a rather small enhancement, but with a fairly big impact in user experience. So, I thought that it is worth a small blog post :-). In the past if you installed the new Edge on Chromium basis and started it for the…