When starting to move workloads to Intune of the first workload to move is Compliance and Endpoint Protection. When moving the Endpoint protection workload the following configurations are moved to Intune instead of MEMCM: Windows Defender Antimalware Windows Defender Application Guard Windows Defender Firewall Windows Defender SmartScreen Windows Encryption Windows Defender Exploit Guard Windows Defender…
Category: Intune
Using Install-language during AutoPilot Windows 11 insider
At the session I presented with Michael Niehaus on customizing Windows 11 at MMS 2022 in Minneapolis we talked about the new PowerShell support for installing Language packs and set system language which are included in the Windows 11 Insider build 22257. During the session we got the question if it works together with AutoPilot…
Co-Management and the importance of device token enrollment.
After returning from presenting at MMS 2022 in Minneapolis, my first physical event in 2 1/2 years! A great experience as always! I thought it was time to write a post on how important it is that enrollment using a device token works when using Co-management in MEMCM + MEM. The Configuration Manager client will…
Intune Configuration Profile for Google Chrome based on STIG
Google Chrome is a very popular browser but as other browsers it needs to be managed as well. One great reference for how to secure and configure Google Chrome is the Security Technical Implementation Guide (STIG) which can be found here:Google Chrome Current Windows Security Technical Implementation Guide (stigviewer.com) I have created a Custom policy…
Remote help for Intune/MEM
I wrote a post on 4Sysops.com on the new Remote Help feature in Intune/MEM. A great and long awaited feature as we today need to buy a separate product or use Quick Assist which is built in and free but has many limitations (and should be removed from all corporate managed devices). In Configuration Manager…
Troubleshooting Windows 10/11 Enterprise subscription is not valid
Wrote a blog post on how to Troubleshoot Windows 10/11 Subscription based activation over at 4Sysops. The issue we saw show up as Windows 10 Enterprise subscription is not valid as shown below. It turns out the If there is more than one Azure AD account added under “Access work or School”, they will fail…
Customize default Windows 11 Start Menu using Intune
Now the time has come to look at customizing the default Windows 11 Start Menu. Customizing the Start Menu using Intune is simple and works great by using the new CSP “ConfigureStartPins”. More information can be found here: https://docs.microsoft.com/en-us/windows/configuration/customize-start-menu-layout-windows-11For on-premise there is no support for using the same feature either with PowerShell or Group Policy, however…
Modify Windows 11 Taskbar during OSD, Intune and GPO
When it comes to modifying the TaskBar in Windows 11 nothing has changed since Windows 10. The only change is that the Start Menu part of the XML file is no longer used, it has been replaced by a .json file. More on that in the next post. More information can be found here on…