The Security baseline in Intune is based on the Security Baseline for Edge v85.. We are currently on Edge baseline 107 (no new recommended settings for 108 & 109). That is only one reason for creating you own Edge Security baseline using Settings Catalog instead. More reasons are that it is easier to troubleshoot and…
Configuring Desktop App Installer using CSP and script?!
Desktop App installer a.k.a. Windows Package Manager and Winget is a powerful addition to the Windows platform. It is also something that we all need to learn and configure according to our organization’s requirements, compliance requirements and security. The “New” Store support in Intune makes this a bit trickier as well as we must allow…
Customizing Taskbar and Start in Windows 11 22h2 with PowerShell
In Windows 11 22H2 we have some great new options for the Start Menu layout which I really like, More Pins or More recommendations. There is no builtin way to configure the default for the end-user with which Start Menu layout to use. We get a lot of questions from end-users that they would like…
MMUGSE – physical event 2022-10-19 @Microsoft Reactor Stockholm.
Yes!! Finally we can meet up in person again! We will arrange a physical hybrid user group event @Microsoft Reactor in Stockholm on the 19th of October.(In Swedish) The world has changed a lot since last time we did a physical event which was before covid. This time we will livestream it as well as…
Switch to Private Firewall profile on AAD joined when connected to specific network.
One of the biggest differences there is between supporting an ADD joined Windows devices compared to On-premise is the Domain firewall profile. When a AD joined device are connected to the domain network it switches to a domain firewall profile where we can have management ports open. Administrative shares, WinRM, Remote Registry and much more…
Remove built-in apps in Windows 11 22H2 during OSD
I have updated the script I use to uninstall built in apps in Windows 10 and Windows 11. Windows 11 22H2 has some changes when it comes to removing built-in apps. Is uninstalling built-in apps still a thing, yes it is. Teams Personal is one example of a similar app to Teams that causes unnecessary…
Installing updates during OSD using PSWindowsUpdate
When we move workloads to Intune in our Co-Management scenarios we lose some features we have been using and need to go back to basic. In this short post we will install updates during OSD using the PSWindowsUpdate module which is great. When we moved the Windows Update workload and uninstalled WSUS we need another…
Logging the Co-management and Defender onboarding process during OSD
When starting to move workloads to Intune of the first workload to move is Compliance and Endpoint Protection. When moving the Endpoint protection workload the following configurations are moved to Intune instead of MEMCM: Windows Defender Antimalware Windows Defender Application Guard Windows Defender Firewall Windows Defender SmartScreen Windows Encryption Windows Defender Exploit Guard Windows Defender…