In service release 2504 of Intune new settings is added to the Windows 11 24H2 Security Baseline. However, they are not released as a new version of the baseline but added when you either create a new policy or edit an existing policy. In this post we will look at the experience upgrading and adding…
Category: Windows 11
Managing extensions in Visual Studio Code
Managing extensions in Visual Studio code is supported since version 1.96 (November 2024) and is a very welcome addition. We can block extensions, allow extensions or control exactly which version of an extension that is allowed and more. ADMX/ADML files are now included in the setup files for Visual Studio code.I will not use them…
Administrator protection in Windows 11 – First look
Administrator Protection in Windows 11 was announced at Ignite a couple of weeks ago which adds a well needed more secure option than UAC to protect our accounts with Local Administrator permissions. Administrator Protection reminds a bit on how Microsoft Endpoint Privilege Management works with a separate virtual account. Instead of the traditional UAC elevation…
Customizing Taskbar and Start in Windows 11 23h2 with PowerShell
Updated script (about time! many requests and comments) that customizes the Taskbar by adding removal of the copilot icon on the Taskbar and fixing removal of search which I got a lot of comments about that it stopped working. The original article can be found here: https://ccmexec.com/2022/10/customizing-taskbar-and-start-in-windows-11-22h2-with-powershell/ Search is also fixed but had to be…
Intune Custom Compliance – check that Credential Guard is running
Custom compliance policies have been around for a long time, and it is a really great feature. I have argued many times that we should not block users from working when they cannot make the device compliant themselves. But with more and more tasks being added on top of managing devices, being proactive is something…
PowerShell script to keep Personal Teams away in Windows 11
Finally time to blog during these busy times, removing Personal Teams in Windows 11 by setting the ConfigureChatAutoInstall registry value to prevent from installing. The challenge is that the permissions on that registry key, HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Communications is set to TrustedInstaller so it is hard to create the necessary value. There are solutions out there that uses…
Windows 11 Multi-App kiosk – a first look
Windows 11 Multi-app kiosk is finally here, when writing this it is not released in the cumulative update for Windows 11 22H2 yet. And because of that it is not possible to configure it through Intune or Provisioning packages just yet when I am writing this. More information: Set up a multi-app kiosk on Windows…
PS Script to Update Boot images with CU-CVE-2023-24932
This will be a short post on how to update WinPE boot images with a Cumulative Update as we need to do that now with the release of May 2023 Cumulative Update to address CVE-2023-24932. Spent all day with colleagues to try to test what happens to OS deployment (and AutoPilot) when deploying the mitigation…