This is a post about enabling BitLocker on non-HSTI devices with Windows 10 version 1809 and standard user permissions. First of all a little background on HSTI. HSTI is a Hardware Security Testability Interface. It is an interface to report the results of security-related self-tests. Its purpose is to provide high assurance validation of proper security configuration.…
Read MoreAll articles filed in Modern Management
Part 3, Deep dive Microsoft Intune Management Extension – Win32 Apps
Microsoft made it finally happen and provides an integrated way to deploy Win32 Apps via the Intune Management Extension. This is by far the biggest step forward in the Modern Management field. Until now the community came up with lots of ways to utilize PowerShell scripts to finally install some Win32 Apps. By doing this…
Read More
Automation of gathering and importing Windows Autopilot information
Complete process automation of gathering and upload of a device Autopilot information to the Windows Autopilot service with an Azure Automation Runbook.
Read MoreModern Management Summit London 2018
I enjoyed some vacation and did a lot of customer work recently but I had the honor to speak at our SCConfigMgr.com Modern Management Summit 2018 event in London at the Microsoft Reactor. It was an amazing day and I had a lot of discussions around a cloud first modern management approach. If you like…
Read MoreProcess automation for Intune and Azure AD with Azure Automation
Cloud managed environments benefit from the idea of software as a service, you don’t have to think about upgrading or maintenance of the infrastructure itself. But often we need to automate the tools itself. A very good example here is when an employee quits his job, than we need to trigger a lot of processes…
Read MoreUse Delivery Optimization with DHCP Option on Pre-Windows 10 version 1803
The new Windows 10 Peer 2 Peer feature Delivery Optimization was enhanced by the setting to query DHCP option ID 234 to get a Group ID (DOGroupIdSource). It was implemented into the latest Windows 10 version 1803 based on my feedback. I’m a little proud that the idea was well received and my product feedback…
Read MorePart 2, Deep dive Microsoft Intune Management Extension – PowerShell Scripts
Because of the popularity of my first blog post Deep dive Microsoft Intune Management Extension – PowerShell Scripts, I’ve decided to write a second post regarding Intune Management Extension to further explain some architecture behind this feature and upcoming question from the community. A deeper understanding helps to successful troubleshoot the feature. Table of content for…
Read MoreHow to “Push-button reset” Windows 10
The “push-button reset” (PBR) is the way to do a “factory reset” on Windows 10. It constructs a fresh Windows 10 installation and we can start over again. Implementing a Microsoft 365 powered device mobility concept for a modern workplace with Windows 10, makes usage of Windows as a Service and provides new ways of…
Read MoreConfigure Delivery Optimization with Intune for Windows Update for Business
When using the Modern IT approach and building Microsoft 365 powered devices it is a combination of the following cloud services for Modern Management: Microsoft Azure Active Directory for Identity Microsoft Intune for Management Windows Update for Business for Servicing Windows Analytics to Monitor To support the Windows as a Service strategy with cloud services we rely on the…
Read MoreHow to disable SMBv1 with Intune [deep dive analysis]
I recently got motivated to research a bit about new MDM settings available in the latest Windows 10 Insider Build (17074) and how to configure them. Settings available in preview Windows 10 versions normally do not have a lot of technical documentation for it or there is even no documentation for a particular feature and…
Read MoreConfiguring Windows Defender Credential Guard with Intune
The Windows Defender Credential Guard is a feature to protect NTLM, Kerberos and Sign-on credentials. Windows 10 Enterprise provides the capability to isolate certain Operating System (OS) pieces via so called virtualization-based security (VBS). NTLM and Kerberos credentials are normally stored in the Local Security Authority (LSA). Once VBS is enabled the LSASS process will…
Read MoreDeep dive Microsoft Intune Management Extension – PowerShell Scripts
Microsoft made a big step forward in the Modern Management field. Limitations like custom configurations or even Win32 App installs can be addressed now. Microsoft developed an EMS agent (aka SideCar) and released it as a new Intune feature called Intune Management Extension. This agent is able to manage and execute PowerShell scripts on Windows 10…
Read MoreGather Windows 10 Autopilot info in Azure Blob Storage during wipe and reload
UPDATE 22/07/2018: New blog post Automation of gathering and importing Windows Autopilot information The Modern Management strategy is based on Enterprise Mobility + Security and additional services like Office 365. Microsoft created a new SKU called Microsoft 365 for this. To complete the big picture we need some additional services: Microsoft Store for Business Windows Analytics Windows…
Read MoreDeep dive ADMX ingestion to configure SilentAccountConfig with OneDrive
Since Windows 10 1703 you can use a feature called ADMX ingestion to extend policy settings in Intune. What it basically does is to parse an ADMX file and build a MDM policy of it. In the end you can configure the ADMX settings via OMA-URIs in Intune. More details about ADMX ingestion can be…
Read More