Deploying and configuring uBlock Origin Lite with PowerShell and Microsoft Intune

December 8, 2025December 7, 2025 by Martin Bengtsson

Introduction

Ad blocking is often dismissed as a convenience feature for users tired of intrusive banners and pop-ups. But in 2025 – almost 2026 – it’s time to reframe the conversation: ad blocking is a fundamental security control every organization should implement.

Malvertising has become an extremely effective attack vector. Threat actors exploit legitimate ad networks to deliver malware, phishing sites, and exploit kits – even on trusted websites. Tracking scripts in ads also collect sensitive data, creating privacy and compliance risks.

The good news? Ad blocking is free, proven security you can deploy today. Installing uBlock Origin Lite is easy. Configuring it at scale for an enterprise? That’s the challenging part. In this post, I’ll show you how I solved that challenge with a comprehensive PowerShell script that centrally configures uBlock Origin Lite across managed browsers using Microsoft Intune.

Notifying users on Windows when an iOS update is required – Microsoft Intune, Automation Account and Toast Notification Script combined

November 12, 2025November 12, 2025 by Martin Bengtsson

Introduction

Your users carry iPhones but spend most of their workday on Windows devices. When Apple releases an iOS update, Intune can flag non-compliance – but the built-in notifications on iOS are often overlooked and don’t have the same visibility or urgency as alerts on a user’s primary work device.

The solution: cross-platform automation. By combining two PowerShell solutions – one that monitors iOS versions in Microsoft Intune and maintains dynamic user groups, and another that delivers branded Windows toast notifications – you can automatically alert Windows users when their iOS devices need updating.

BIG ANNOUNCEMENT: Toast Notification Script v3 is here!

November 6, 2025November 6, 2025 by Martin Bengtsson

Introduction

I’ve completely REWRITTEN my popular Toast Notification Script from the ground up – now exclusively for Microsoft Intune!

What’s new:

Built specifically for Intune Remediations
Enhanced logging & smart detection logic
Personalized user greetings
Multiple notification scenarios

Perfect for:

Weekly reminders/messages
Pending reboot notifications
Company Portal integration
Custom organizational messages

Ready to deploy? Get it now: https://github.com/imabdk/Toast-Notification-Script

Temp. documentation down below. 🙂

Building a Break-Glass Local Admin Solution for Windows 11 using Intune and Defender for Endpoint

November 5, 2025November 4, 2025 by Martin Bengtsson

Introduction

I’ve been in situations where I needed local admin access to a device, and I needed it *now*. Users couldn’t log in, LAPS wouldn’t retrieve passwords, or domain connectivity and trust had failed. You’re staring at a locked device with no way in, and waiting isn’t an option.

Modern endpoint management is fantastic until it isn’t. We’ve eliminated persistent local admin accounts, embraced cloud authentication, and deployed LAPS – all best practices. But what happens when all of those fail simultaneously?

This post documents the break-glass solution I built for those “need it now” scenarios: a remotely deployable emergency local administrator account using Intune Remediations, with monitoring through Microsoft Defender for Endpoint.

💡 By default, remediations run on a schedule. However, you can run remediations on-demand in Intune, which triggers the scripts to execute instantly (almost) on targeted devices via Windows Notification Service (WNS). This is critical for true emergencies when you can’t wait.

Blocking SSH binaries with AppLocker and Port 22 in Windows Firewall Using Microsoft Intune

October 6, 2025 by Martin Bengtsson

Introduction

Outbound SSH can be a serious blind spot. Attackers can use SSH tunnels to bypass firewalls, EDR, and even AppLocker — proxying malicious activity without running tools directly on the host. This enables lateral movement and internal compromise.

To mitigate this, I block outbound SSH connections and enforce application control on SSH binaries using Microsoft Intune, combining Windows Firewall and AppLocker for layered protection.

How to manage the new Microsoft 365 companion apps rolling out to Windows 11

October 3, 2025October 3, 2025 by Martin Bengtsson

Introduction

Microsoft is introducing new Microsoft 365 companion apps to Windows 11 devices as part of a broader integration effort. These apps may be installed automatically unless you opt out, but you can also choose to install them early for testing.

In this post, I’ll walk through how to manage the rollout: opting out of auto-installation, installing manually, uninstalling if needed, disabling automatic startup, and pinning the apps to your taskbar for quick access.

Windows Protected Print: Securing Printing on Windows 11 with Microsoft Intune

September 17, 2025August 14, 2025 by Martin Bengtsson

Introduction

Windows Protected Print (WPP) is a new feature in Windows 11 24H2 designed to enhance print security by addressing vulnerabilities such as PrintNightmare. No more dodgy third-party drivers! WPP uses the Internet Printing Protocol (IPP) and Mopria-certified printers to keep things secure and simple. Let’s break down how it works with Windows 11, how to manage it with Microsoft Intune, and what to do when things go south. Buckle up!

The new Outlook is preinstalled on Windows 11 (23H2 and later) and this is how you uninstall it using PowerShell and Microsoft Intune

December 12, 2024December 12, 2024 by Martin Bengtsson

Introduction

Following up on my previous post about the new Outlook client, I want to share a quick update. The new Outlook now comes preinstalled on Windows 11 version 23H2 and later. In this post, I’ll provide a PowerShell script to help you uninstall it automatically across your devices using Microsoft Intune.

More details on the preinstalled new Outlook: Control installation and use of new Outlook – Microsoft 365 Apps | Microsoft Learn

Encrypt your files located in Desktop, Documents and Photos in Windows 11 24H2 using Personal Data Encryption and Microsoft Intune

November 22, 2024 by Martin Bengtsson

Introduction

In an era where data breaches and cyber threats are increasingly common, protecting your personal files has never been more important.

With the release of Windows 11 24H2, Microsoft has introduced enhanced features for personal data encryption, making it easier than ever to secure your sensitive information.

This blog post will guide you through the process of encrypting your files located in Desktop, Documents, and Photos using Personal Data Encryption and Microsoft Intune.

Using Microsoft Intune to safeguard Windows: Associate certain file types to open in Notepad

November 22, 2024November 21, 2024 by Martin Bengtsson

Introduction

In today’s digital landscape, safeguarding your organization’s IT infrastructure is more critical than ever. One effective strategy to enhance security is by configuring certain file types to open in Notepad, preventing potentially malicious code from executing.

In this blog post, we’ll walk you through the steps to use Microsoft Intune to associate specific file types with Notepad, ensuring that risky files are opened safely in plain text. This proactive measure can reduce the risk of malware infections and enhance your overall cybersecurity posture.

Note: While this approach can reduce the risk of malware infections, it’s important to consider the potential impact on users who may need to open these file types for legitimate purposes. Associating files like scripts or executables with Notepad might disrupt normal workflows for developers or IT professionals. Therefore, it’s crucial to evaluate the needs of different user groups within your organization and implement this strategy accordingly.