Configure Microsoft Teams application settings using PowerShell and Proactive Remediations in Microsoft Endpoint Manager

Introduction

Almost a year ago, I wrote a blog post on how to configure Microsoft Teams application settings using Configuration Manager and Powershell. For good measures, find this post in the link below:

Not too long ago, I started getting some reports on, that Teams is no longer picking up the changes made to the config.json and that Teams is hanging at the loading screen. I initially tried to reproduce, but was unable to.

I decided to invest some more time into the issue, and ended up being able to reproduce and find the cause. In the process of troubleshooting, I decided to try and move this into Proactive Remediations in Microsoft Endpoint Manager as well. The result made up this blog post.

Below a quick illustration of running the solution manually. The detection script detects that Microsoft Teams needs its settings configured, and the configure script carries out the configuration.

Read more…

Configuring Microsoft Edge and ‘Always allow to open links of this type in the associated app’ using Microsoft Endpoint Manager

Introduction

This is just a really quick post, describing how you configure Microsoft Edge to always – and without prompting the user – open certain links in their associated application.

This might seem like an odd and out of the ordinary post, but I needed this myself, and failed to find the relevant details described properly anywhere.

The mentioned prompt is something that’s generated when opening links to Teams meetings, or when trying to open Office documents in their respective desktop application.

Prompts which in most cases are irrelevant to the end-users, and by eliminating those, the user-experience is improved by a little. TL:DR down below.

Read more…

Notify users when their device is running low on disk space using Toast Notifications and Endpoint Analytics Proactive Remediations

Introduction

This is a follow up, on the post I did a few weeks ago, on notifying users with devices being low on disk space, using Toast Notifications and Configuration Manager

This time, I’m moving all of it, into the Endpoint Analytics Proactive Remediations feature of Microsoft Endpoint Manager Intune. This will actually simplify things a lot, as it removes the need for custom collections, Configuration Items and Baselines.

Read more…

Move away from Group Policy and set wallpaper and lock screen images with local source files and Microsoft Endpoint Manager Intune

Introduction

This is something I currently just have done myself, in our own environment, and while it’s neither super technical nor advanced, then I figured it deserved some attention regardless.

I assume most hybrid (co-managed) environments still look towards Group Policy when doing this, because it’s easy and what we’ve always been doing. I’m regularly asked to change our desktop wallpaper and lock screen images, and when things needs to be done in a hurry, you usually stick to the easy solution.

This time though, I was stubborn and insisted on moving away from Group Policy and do it with Intune. The process made up this short blog post. ๐Ÿ™‚

Read more…

Setting up Microsoft Tunnel Gateway with Microsoft Endpoint Manager and Linux VM(s) in Azure

Introduction

I typically blog about topics, that I’m currently addressing in my own daily work, and this time is no different.

Covid-19 surely has a saying on this particular topic as well, and empowering our users to do more, working securely from home and remote, is key.

In that regard, we needed a simple VPN solution for our iOS devices, and while making my way through the setup and configuration of Microsoft Tunnel Gateway, I decided it was worth blogging as well.

This post will walk you through everything you need know, in order to successfully setup Microsoft Tunnel Gateway as a proof of concept.

This includes:

  • Creating the VM(s) in Azure
  • Assigning static public IP
  • Hardening of the inbound traffic
  • Configuring public DNS record
  • SSH’ing to the Linux server
  • Installing Docker on Linux
  • Setting up configuration in Microsoft Endpoint Manager
  • Installing Microsoft Tunnel on Linux
    • Copying down TLS certificate to Linux
  • Deploying VPN profile in Microsoft Endpoint Manager
  • Verifying connection to VPN on iOS is successful

Read more…

Comparing Security Baselines in Endpoint Manager using Powershell and Microsoft Graph API

Introduction

I just very recently discovered, that a new version of the Security Baseline for Windows 10 was made available in Microsoft Endpoint Manager Intune.

It’s been a while since the last version, more than a year in fact, so it was a pleasant surprise seeing an update on this area.

Security Baselines, and those for Windows 10 in particular, consist of a lot settings. So I wondered what’s changed and started browsing and comparing the various settings via the admin portal.

Then I realized how that’s not very optimal, and began looking for alternatives. I eventually got myself into trying something new, and went on to compare the Security Baselines Profiles using Powershell and the Microsoft Graph. The result of that journey is this post. ๐Ÿ™‚

Read more…

Endpoint Analytics: Locate devices not enrolled with Windows Hello for Business

Introduction

As promised, another use-case and example of Proactive Remediations in the new Endpoint Analytics feature inย Microsoft Endpoint Manager (Intune).

In this example, I’m locating all devices, which currently are not making use of Windows Hello for Business, and display its logged on user a Toast Notificationย to remind them to get started.

If and when any organization is promoting and requiring the use of Windows Hello for Business, you will want to make sure that the users indeed are setting this up – and if not, nag them continuously until done.

Read more…

Windows 10 Toast Notification Script Update: Support for use with Endpoint Analytics Proactive Remediations

Introduction

I accidentally got to spend my entire weekend, toying around and testing the new Endpoint Analytics Proactive Remediations feature in Microsoft Endpoint Manager (Intune).

Long story short is, that Proactive Remediations is capable of running Powershell scripts on a schedule on your Windows 10 devices, similar to what we have done for years with Configuration Manager and scheduled tasks.

So, I needed my Windows 10 Toast Notification Script to work with this delicious new feature – and now it does, hitting a version of 1.8.0. All the details down below.

NOTE: You can’t really tell, but the examples below are indeed generated from using Proactive Remediations. My Toast Notification Script is triggered, if a certain device is not enrolled with Windows Hello for Business. Blog post incoming.ย  ๐Ÿ™‚

  • Apologies for the Danish nonsense. I was testing the multi-language portion (in the script) as well, coming from Proactive Remediations ๐Ÿ™‚

Read more…

How to renew Apple MDM Push Certificate in Microsoft Endpoint Manager

Introduction

So, it’s that time of the year again. My Apple MDM Push Certificate, which is used with the enrollment of iOS devices in Microsoft Endpoint Manager, is due to expire and needs to be renewed.

I have done posts on this topic previously, but as UI and other things receive changes throughout the years, I figured I would do another and updated one for good measures.

For the curious, this is the exact steps I just went through to renew my Apple MDM Push Certificate, which was due to expire in roughly 12 days.

Read more…

A first look into the new Antivirus Endpoint security policy experience in Microsoft Endpoint Manager

Introduction

Good news everyone!

Last week, a new Endpoint security policy experience in Microsoft Endpoint Manager was released. Among the new policies, you will find a brand new way of managing your Microsoft Defender Antivirus. This new policy type, offers the long-sought for tri-state configurations consisting of No, Yes and Not-configured, which simplifies things greatly.

I do think these new policies will make management a lot easier. Once all of your configurations eventually has transitioned away from regular device configuration profiles, the general view of security measures taken on your devices within Microsoft Intune, will improve by a lot.

This is not a typical A-Z guide, but rather my first and brief look into the new options. All of this of course, based on my own production environment. Curious? Read on. ๐Ÿ™‚

Read more…