Desktop App installer a.k.a. Windows Package Manager and Winget is a powerful addition to the Windows platform. It is also something that we all need to learn and configure according to our organization’s requirements, compliance requirements and security. The “New” Store support in Intune makes this a bit trickier as well as we must allow…
Category: Intune
Customizing Taskbar and Start in Windows 11 22h2 with PowerShell
In Windows 11 22H2 we have some great new options for the Start Menu layout which I really like, More Pins or More recommendations. There is no builtin way to configure the default for the end-user with which Start Menu layout to use. We get a lot of questions from end-users that they would like…
Switch to Private Firewall profile on AAD joined when connected to specific network.
One of the biggest differences there is between supporting an ADD joined Windows devices compared to On-premise is the Domain firewall profile. When a AD joined device are connected to the domain network it switches to a domain firewall profile where we can have management ports open. Administrative shares, WinRM, Remote Registry and much more…
Installing updates during OSD using PSWindowsUpdate
When we move workloads to Intune in our Co-Management scenarios we lose some features we have been using and need to go back to basic. In this short post we will install updates during OSD using the PSWindowsUpdate module which is great. When we moved the Windows Update workload and uninstalled WSUS we need another…
Logging the Co-management and Defender onboarding process during OSD
When starting to move workloads to Intune of the first workload to move is Compliance and Endpoint Protection. When moving the Endpoint protection workload the following configurations are moved to Intune instead of MEMCM: Windows Defender Antimalware Windows Defender Application Guard Windows Defender Firewall Windows Defender SmartScreen Windows Encryption Windows Defender Exploit Guard Windows Defender…
Using Install-language during AutoPilot Windows 11 insider
At the session I presented with Michael Niehaus on customizing Windows 11 at MMS 2022 in Minneapolis we talked about the new PowerShell support for installing Language packs and set system language which are included in the Windows 11 Insider build 22257. During the session we got the question if it works together with AutoPilot…
Co-Management and the importance of device token enrollment.
After returning from presenting at MMS 2022 in Minneapolis, my first physical event in 2 1/2 years! A great experience as always! I thought it was time to write a post on how important it is that enrollment using a device token works when using Co-management in MEMCM + MEM. The Configuration Manager client will…
Intune Configuration Profile for Google Chrome based on STIG
Google Chrome is a very popular browser but as other browsers it needs to be managed as well. One great reference for how to secure and configure Google Chrome is the Security Technical Implementation Guide (STIG) which can be found here:Google Chrome Current Windows Security Technical Implementation Guide (stigviewer.com) I have created a Custom policy…