Customize Windows 10 Start menu with Configuration Manager (MDM) or Microsoft Intune #OMA-URI

Undoubtedly you ever been asked the question to customize the Windows 10 start menu? Your response might be like “Sure, I’ll fix this by group policy, imaging (task sequence) or last resort by manually importing a .xml file.” All – almost all – valid options in a fully managed environment where your clients are domain joined (Active Directory) and/or fully managed by Configuration Manager or MDT. But hey what about your non-domain joined Windows 10 devices which are outside the company and managed by Microsoft Intune (MDM)? Well OMA-URI is your best friend! Smile

Configuration Service Provider (CSP)

In Windows 10 Enterprise and Windows 10 Education, you can use a mobile device management (MDM) policy to deploy a customized Start layout to users. No reimaging is required, and the Start layout can be updated simply by overwriting the .xml file that contains the layout. This enables you to customize Start layouts for different departments or organizations, with minimal management overhead. With Microsoft Intune (MDM), you define the Start layout using an OMA-URI setting, which is based on the Policy configuration service provider (CSP).

Continue reading “Customize Windows 10 Start menu with Configuration Manager (MDM) or Microsoft Intune #OMA-URI”

Advertisements

Updated Microsoft Intune On-premises Connector for On-premises or Hosted Exchange

image

For those who are using On-Premises Exchange or Hosted Exchange with Microsoft Intune (standalone) hereby a quick post to inform you the Microsoft Intune Exchange connector (5.0.6175.0) has been updated last month (March 2016). At time of writing no release notes were available what has been addressed with the updated connector.

Continue reading “Updated Microsoft Intune On-premises Connector for On-premises or Hosted Exchange”

Updated: Exchange Connector permissions changed in Configuration Manager Current Branch (1511 and higher)

Exchange Connector Current Branch

Note! Updated with additional permissions (Get-Mailbox) 04/28/2016

During a Configuration Manager Current Branch (1511) implementation I bumped into an issue configuring the Exchange Connector. After configuring the Exchange Connector, devices which are connected by Exchange were not successfully discovered and therefore not appearing in the admin console.

Continue reading “Updated: Exchange Connector permissions changed in Configuration Manager Current Branch (1511 and higher)”

Part 3 – Create & deploy Enterprise Data Protection using System Center Configuration Manager Current Branch

image

In this blog series of Enterprise Data Protection (EDP) I will provide you some more insights what EDP is, how it works and how to create & deploy EDP policies by Configuration Manager and Microsoft Intune.

In this 3rd blog post I’ll outline how to create & deploy Enterprise Data Protection policies by Configuration Manager Current Branch (1511) to Windows 10 devices.

Continue reading “Part 3 – Create & deploy Enterprise Data Protection using System Center Configuration Manager Current Branch”

Part 2 – Define Privileged Desktop & Universal Applications for Enterprise Data Protection

My very first challenge – which was in my modest opinion the hardest part – with Enterprise Data Protection (EDP) was defining protected applications in a correct way. Many of you including myself were struggling how to define restricted applications.

image

In a serie blog posts I will provide some guidance how EDP works and how to configure protected apps, Configuration Manager and Microsoft Intune.

In this blog I’ll explain how you can retrieve the mandatory information required in order to define protected applications for your Enterprise Data Protection policies.

Continue reading “Part 2 – Define Privileged Desktop & Universal Applications for Enterprise Data Protection”

Blog series: Protect your Company Data using Enterprise Data Protection (EDP)

Recently I had the chance during a technical Friday jam session to play around with Enterprise Data Protection (EDP) with some other geeks .

EDP

In short Enterprise data protection (EDP) helps to protect against potential data loss without interfering end-user experience. EDP also helps to protect enterprise apps & data against accidental data loss on enterprise-owned devices, including personal devices that end-users bring to work without requiring changes to your environment or other apps.

Although EDP is introduced with Windows 10 release, the underlying technologies are common known. EDP is primary relying on Encrypted File System (EFS) and AppLocker. In a serie blog posts I will provid some guidance how EDP works and how to configure protected apps, Configuration Manager and Microsoft Intune.

Note!

Enterprise data protection is currently being tested with a number of enterprise customers, and will become available to Windows Insiders soon.

Stay tuned!

Getting started with Windows Store for Business

clip_image001

With the new Windows Store for Business, organizations can make volume purchases of Windows apps. The Store for Business provides app purchases based on organizational identity, flexible distribution options, and the ability to reclaim or re-use licenses. Organizations can also use the Store for Business to create a private store for their employees that includes apps from the Store, as well private Line-of-Business (LOB) apps or deploy purchased apps offline by Configuration Manager or Microsoft Intune.

Choose the best app store for the right scenario.

Continue reading “Getting started with Windows Store for Business”