Configure Endpoint Protection (Bitlocker) with Intune on Windows 10

Standard

In this blogpost I want show you how to use the Endpoint Protection (Bitlocker) policy within Intune to configure Bitlocker on Windows 10. With Endpoint Protection policies you can configure and enforce Bitlocker on your Windows 10 devices. With the old policies we could already enforce Bitlocker but not enforce the settings of Bitlocker. With Windows 10 1703 the user interface for the end user was already improved but still the user needs to select the Bitlocker settings themselves. There are some settings where the user need to make the right decision and probably not all users know the consequences of some of the settings. The setting about saving the recovery key is for me to most important one. In a MDM scenario I want to enforce that the key will be saved in AzureAD an not locally on a USB drive. So most of the time I want to enforce this setting and more ideal I just want to enable it for the user without disturbing the user.
Continue reading

Users cannot join Windows 10 devices to AzureAD

Standard

The last couple of days I’m working on a issue with a customer related to joining Windows 10 workstations to AzureAD. This customer is using Dell Hardware and Windows 10 1703 (Creator’s Update) and a federated Azure AD with Intune MDM. When the failing workstations have installed Windows 10 and the user tries to add the device to AzureAD the user cannot login to ADFS. In the OOBE stage of the deployment the user enters his username and based on that it’s redirected tot the customers ADFS environment. The login form of ADFS loads and after entering the users credentials the login page returns. So the user stays in the ADFS login page (looping). Both on the Windows 10 client and the ADFS environment no errors are logged in the event logs.

Continue reading

Deploy MSI apps through the new Intune Portal

Standard

With Microsoft Intune we can deploy MSI applications to MDM enrolled Windows 10 devices. This functionality is already available within the ‘old’ Microsoft Intune portal. In the early days of the new portal (https://portal.azure.com) it was not possible to add the MSI applications through the new portal. Microsoft has now added this functionality to the new portal. This blogpost shows how you can easily add the application through the new portal. Based on my experience the process is improved and the whole experience is much better than the old portal infrastructure.

Continue reading

Configure Trusted Sites in Internet Explorer Through a MDM Deployed GPO

Standard

With Windows 10 1703 (Creators Update) we now have the possibility to configure settings through a MDM deployed Group Policy Object. In this blogpost I explained how to configure the App-V client with these new capabilities. Within this blogpost you can also find the basics about deploying a GPO through a MDM solution. Since my preffered MDM solution is Microsoft Intune my blogposts will only cover the steps needed to configure these settings through Microsoft Intune. In this blogpost I want to cover the scenario to configure the Trusted Sites on a Windows 10 1703 machine through a MDM deployed GPO.

Continue reading