Hello - Here is the new HTMD Blog Article for you. Enjoy reading it. Subscribe to YouTube Channel https://www.youtube.com/c/AnoopCNairSCCM?sub_confirmation=1 and LinkedIn page for latest updates https://www.linkedin.com/company/how-to-manage-devices/ The post How to Remove Assigned Groups from Attack Surface Reduction ASR Policy in Microsoft Intune appeared first on HTMD Community Modern Device Management News & Guides by Anoop C Nair.| HTMD Community Modern Device Management News & Guides
This week is all about customizing only the initial Start menu layout on Windows 11. That on itself is nothing new, as customizing the Start menu layout has been possible since the early days of Windows 11. The main configurations related to customizing the Start menu layout are described in this post. That also means that the ideas around customizing the Start menu layout have not changed. Customizing the Start menu layout enables organizations to create a standardized layout for their users...| All about Microsoft Intune
This week is not about something new, this week is about configuring the visibility of the different Settings pages. The Settings app is the Windows application that provides a unified interface to manage the different system settings. Almost everything that was configurable in the old days via Control Panel, is now configurable via the Settings app. With some exceptions of course. The main reasons to make adjustments to the visibility of the different Settings pages, are to create a more con...| All about Microsoft Intune
This week is all about the native functionality to remove preinstalled Microsoft Store apps. Very useful. When working with Windows devices in an enterprise environment, a common request is to control the preinstalled Microsoft Store apps. These default apps, which ship as part of the Windows image, often include consumer-oriented or redundant functionality that does not align with corporate standards. Removing these apps often requires custom scripting, or other creative solutions. Starting ...| All about Microsoft Intune
This week is all about the latest addition to the ability to easily configure the Intune Management Extension as a managed installer on Windows devices. That addition is the ability to easily configure the Intune Management Extension as a managed installer for a specific group of Windows devices. Before it was already really easy to get started with the Intune Management Extension as a managed installer, but that was a tenant-wide configuration, meaning that it was immediately applicable to a...| All about Microsoft Intune
This week is all about the recently introduced functionalities of offline mode and app access without signing in. Those functionalities are specifically created for Android Enterprise dedicated devices that are enrolled into Microsoft Entra shared device mode and that are using the Managed Home Screen as launcher for other approved apps. Both of these functionalities are focused on scenarios in which the user is required to sign in to the device before the apps on the device can be used. With...| All about Microsoft Intune
Important: While writing this post the news came that this capability got delayed again to help ensure delivery of the best possible experience. As the configuration is still available in Microsoft Intune, this post can still provide value. This week is all about the new functionality to install Windows security updates during the Windows out-of-box-experience (OOBE). That functionality is focused on making sure that Windows devices are secure and up-to-date at the moment that the user will a...| All about Microsoft Intune
This week is all about the preventing accidental device wipes by using multiple administrative approval in Microsoft Intune. Multiple administrative approval on itself is nothing new, but the latest addition to that functionality makes it a lot more powerful. Before, multiple administrative approval was mainly focused adding apps and scripts to Microsoft Intune. Nowadays, multiple administrative approval can also be used for Intune roles and the most critical device actions. Those device acti...| All about Microsoft Intune
This week is all about the new Windows Backup for Organizations feature that has become available. The Windows Backup for Organizations feature is initially aimed at making it easier to transition from Windows 10 to Windows 11. Besides that, it also makes it easier to switch towards new Windows 11 devices and versions. At this point in time Windows Backup for Organizations can be used to preserve user settings and Microsoft Store app configurations. Especially the first part seems to have a l...| All about Microsoft Intune
This week is all around managing and containing the usage of personal accounts with the OneDrive app on managed Windows devices. That is definitely not something new, but a recent change in notifications did trigger this post around the usage of personal accounts. Actually, it all started with an item on the public roadmap (490064). That roadmap item is about a new feature that will prompt users for using their personal Microsoft accounts with the OneDrive app, but only when a personal accoun...| All about Microsoft Intune
This week is a relatively short post about the updated device clean-up rules in Microsoft Intune. There can be many reasons why it is important to clean-up devices in Microsoft Intune (and Microsof…| All about Microsoft Intune
According to Message Center update MC1150681, the administrative controls and settings for Office Scripts, previously managed in the Microsoft 365 admin center, will no longer be available after October 27, 2025. Instead, these controls...| Mr T-Bone´s Blog
I´m currently working with a multinational company and their device management with Intune. They use delegated administration in Intune based on Scope Tags. In this blog, we’ll explore why scope tags are important, especially... The post Country based Intune Scope Tags with PowerShell or Azure Automation appeared first on Mr T-Bone´s Blog.| Mr T-Bone´s Blog
Imagine you have a list of rules for how your devices should behave. Declared Configuration is like giving your devices a set of instructions and telling them to always follow these rules. Once you... The post Be prepared for Windows Declared Configuration in Intune appeared first on Mr T-Bone´s Blog.| Mr T-Bone´s Blog
In the ever-evolving landscape of IT management, having real-time insights into the state of your devices is crucial. Microsoft Intune now provides a feature known as Device Query for multiple devices that allows IT... The post Brand new: Device Query for Multiple Devices in Intune appeared first on Mr T-Bone´s Blog.| Mr T-Bone´s Blog
What is Windows Protected Print Mode? Windows Protected Print Mode is a feature introduced in Windows 11 that aims to enhance the security of your printing environment. It uses the modern print stack and... The post Windows protected print mode: A secure print solution appeared first on Mr T-Bone´s Blog.| Mr T-Bone´s Blog
Today, we’re diving into the latest and greatest update for Windows 11 Enterprise – Hotpatching! If you’re like me, you’re always looking for ways to keep your systems secure without the hassle of constant...| Mr T-Bone´s Blog
It’s been a while since there was an actual release of the Autopilot Branding script, although there were a few “preview” releases as we worked out kinks in the processes. Things …| Out of Office Hours
There’s a moment every Intune admin eventually faces. You’ve crafted a beautiful custom policy, deployed it with care, and waited for that sweet green checkmark. But instead, you get… nothing. Or worse, a red...| Mr T-Bone´s Blog
As Rudy Ooms discovered on the Microsoft 365 Message Center, bulletin MC1134168 announced a change coming with the September 2025 cumulative update: You’ll be able to install updates at the end of […]| Out of Office Hours
Let's find out the Best Way to Deploy Powershell Script using Intune. First, we can use Intune to upload the PowerShell scripts and then run the scripts on| How to Manage Devices Community Blog Modern Device Management Guides
Learn how to deploy applications to Microsoft Teams Rooms (MTR) using Microsoft Intune Remediation Scripts. Discover a working workaround when standard app deployment fails on MTR devices.| Thomas Marcussen
I have a customer that uses Intune AutoPatch and wanted to add devices to groups based on domain suffix of the primary user. So I started to add this functionality to my popular script...| Mr T-Bone´s Blog
The latest “what’s new” doc update for Intune includes this tidbit: So now you can restrict ARM64 apps appropriately. Considering how many years ago this was first discussed, it&#…| Out of Office Hours
Microsoft is offering clients an updated Intune Connector for Active Directory and this connector is what Intune will be using starting from Intune 2501. This connector uses Windows Autopilot to deploy devices that are Microsoft Entra hybrid joined. The updated … Continue reading → The post Intune Connector for Active Directory – What To Know About The Latest Security Update appeared first on Thomas Marcussen.| Thomas Marcussen
Learn how to fix Microsoft Intune and Entra ID enrollment issues like error 0x80180014. This guide covers device visibility, orphaned records, and Autopilot troubleshooting for Windows and Microsoft Teams Rooms.| Thomas Marcussen
I have been really irritated with the EU decision to force end users to accept the SSO in Windows. The EU Digital Markets Act (DMA) SSO dialog, commonly referred to as the “Continue to...| Mr T-Bone´s Blog
Autopilot v2, a.k.a. Autopilot device preparation, was announced on May 22, 2024, it wasn’t really done yet. From the original annoucement (highlight added by me): Not sure about what they consider “soon” […]| Out of Office Hours
Organizations need to make full use of the tools that services like Microsoft Defender for Endpoint to minimize the risk of attacks.| Thomas Marcussen
As companies strive to stay ahead in the ever-evolving technological landscape, some have upgraded their domain controllers to Windows Server 2025. While this upgrade brings numerous benefits, it has also introduced a significant problem...| Mr T-Bone´s Blog
I’ve done a few troubleshooting blog posts over the years, and they are easily the most popular on my site. This one in particular is still going strong (#1 post of all time), almost five yea…| Out of Office Hours
I have finally had some time to have a new look at my script to update primary user for devices in Intune. The previous script had some issues when updating mggraph modules to later...| Mr T-Bone´s Blog
Back when Autopilot v2 was announced, and carried over into the documentation, is a claim: [Windows Autopilot device preparation, a.k.a. Autopilot v2] reduces the time IT spends on deploying device…| Out of Office Hours
A while back, I noticed that updates were installing at the end of the Autopilot process, after device ESP had completed and before the user signed in. Per Microsoft’s post, this is now going…| Out of Office Hours
I mentioned in my previous post that I was able to use “Co-management Authority” (a.k.a. “Co-management settings”) to install the ConfigMgr agent and then initiate a task se…| Out of Office Hours
If you missed it this past week, let me first point you to the source: Windows deployment with the next generation of Windows Autopilot So what did this blog tell you? Certainly that there are chan…| Out of Office Hours
The benefits of using Microsoft Intune include access to excellent features, enhanced security, and improved endpoint management| Thomas Marcussen
Phil Wilcock posted a blog last week with details about “non-peerable” content, pointing to Microsoft’s official documentation about what is and isn’t “peerable.”…| Out of Office Hours
In the slow march to its final death, the Microsoft Store for Business (and presumably the Microsoft Store for Education as well) has removed the ability to add, edit, and remove Autopilot devices.…| Out of Office Hours
My first thoughts around Autopilot v2 (a.k.a. Autopilot device preparation) are scattered through a week of posts: Digging into Windows Autopilot v2 Windows Autopilot v2 experience: Some surprises …| Out of Office Hours
One of the things that is not currently included in the APv2 device preparation policy is an option to configure the computer name, so as a result the devices end up being given a random name like …| Out of Office Hours
People have made fun of Microsoft’s progress bars for decades. We’ve all seen examples, e.g. file copies that show days, then minutes, then hours; “updating Windows” message…| Out of Office Hours
On May 1st, Microsoft e-mailed me to congratulate me: Today, the e-mail was to take that away: The basic justification given for that was that the Intune product group was not comfortable sharing N…| Out of Office Hours
Now that my “real” lab tenant has been updated, I can easily try it out. I set up a new unregistered VM, created a new Autopilot device preparation profile that targeted “All user…| Out of Office Hours
Yes, I know the official name is “Windows Autopilot Device Preparation.” But that’s too much of a mouthful and doesn’t really even describe what this is, other than “s…| Out of Office Hours
You’ve probably run into a scenario like this before and never understood why: You assign a new, seemingly harmless policy into a configuration profile in Intune, and now the device reboots a…| Out of Office Hours
I’ve published a bunch of sample Win32 apps for Intune and Autopilot, most of which are just PowerShell scripts bundled into an .intunewin file. For the first few, I posted the step-by-step i…| Out of Office Hours
We’ve all sat and watched the Enrollment Status Page (ESP) during an Autopilot provisioning process — it’s pretty boring overall, showing information that isn’t really usefu…| Out of Office Hours
Back in 2022, I did a post about using the MDM terms of use page (which is almost never actually used since Azure AD now has a better solution as part of conditional access) to prompt for informati…| Out of Office Hours
I’ve been used to the routine: If an app fails to install during Autopilot with ESP monitoring the progress, you don’t find out about it right away. Instead, you would have to wait unti…| Out of Office Hours
If you are doing user-driven Windows Autopilot provisioning in combination with a ConfigMgr task sequence initiated via “Co-management settings” in Intune, you know that the task sequen…| Out of Office Hours
It seems like a simple question, but a complete answer isn’t necessarily simple. We can start off with the documentation: OK, so about every 8 hours. But it’s different right after you …| Out of Office Hours
I noticed a section on the Features in development page that talks about a change coming on April 1st, which is not very far away (and an interesting place to put “we’re going to break …| Out of Office Hours
It started off as a simple change: I was annoyed that the “Observed Timeline” in the output from the Get-AutopilotDiagnosticsCommunity (and the older Get-AutopilotDiagnostics script too…| Out of Office Hours
