Greetings, fellow IT admins! Repackaging setup files and editing your Win32 app again can be tedious and time-consuming. Thankfully, I bring you good news! There is a way to deploy a Win32 app and have it always install the latest version of the app on the computer.  To achieve this, we will deploy a PowerShell script as a Win32 app. This script will grab the latest version from the vendor’s site, download it, and then install it on the end computer. IT admins will not have to repackage the same app over and over again, edit their Win32 apps with every patch, and all your new device ..read more

Are you looking to cut mailbox licensing costs for your Office 365 tenants admin mail accounts? Well, look no further, and I will share a few ways for you to save money on Exchange Online licensing fees for your admin accounts that need to exchange e-mails. So what do I mean by “admin accounts”? In this case, the admin account (sometimes referred to as an ADM account) is a separate privileged account used by IT staff to perform their privileged duties. These account types are a standard security measure implemented in many companies, and in some cases, they need to be mail-enabled. Some valid ..read more

In this post we will do some digging on Win32 app state messages and look at the compliance state and enforcement state messages stored in the local registry for win32 app policies processed by the client. We will also take the state values and convert them into a readable format to help you understand if a Win32 app was processed successfully Where are Win32 app policy results stored on the client? Compliance State Messages Enforcement State Messages Understanding State Messages Applicability ComplianceState DesiredState TargetingMethod InstallContext TargetType EnforcementState Power ..read more

The long waited for Endpoint Privilege Management is finally in public preview! This post is about my first look at this feature, so not a deep dive post. If you need more details on EPM, please read more from the official doc Learn about using Endpoint Privilege Management with Microsoft Intune | Microsoft Learn I was curious about the feature, how to configure all the settings in Intune, and how it looks and works on users’ devices. But before we go into details, let’s talk about what is Endpoint Privilege Management, short for EPM. I remember attending one of the security talks presented ..read more

In this blog post I will be showing you how to get started with certificate based authentication for Azure applications. Table of Contents The story so far App Registrations Client Secrets Certificates Create a Self Signed Certificate Certificate Requirements The “New-SelfSignedCertificate” PowerShell Cmdlet Export the Public Portion for use in Azure Export the Private Key Create and Export the Public and Private Keys Configure Certificate Authentication for an App Registration Easy: Authenticate to Azure AD when the private key is in the local certificate store Example: Authenticate ..read more

Over recent times we have seen Microsoft introduce a range of security hardening configuration options as the world continues to adopt to the fact that their internal infrastructure is no longer the main threat surface. In this post we will look at the latest of which (due to be enforced in January 2024). The new Authentication Methods Policies configuration (also referred to as the “converged authentication method experience”) is something which brings a welcome change, retiring per user based MFA configurations managed through the Microsoft admin portal (which effectively just launches a le ..read more

Cloud Kerberos Trust for Windows Hello for Business is the apex of single sign-on solutions for your Windows devices. in this Trilogy you can expect to learn the what, the how and the wow! The story so far We continue our mini series on Windows Hello for Business Cloud Kerberos Trust. In part 2 we walked through the configuration of Cloud Kerberos Trust for both on-premise infrastructure and clients. If you missed part 1 of our series, your journey into “Cloud Kerberos Trust” should start here: Simplify Windows Hello for Business SSO with Cloud Kerberos Trust – Part 1 We love the elegance and ..read more

Cloud Kerberos Trust for Windows Hello for Business is the apex of single sign-on solutions for your Windows devices. in this Trilogy you can expect to learn the what, the how and the wow! The story so far We continue our mini series on Windows Hello for Business Cloud Kerberos Trust. In part 1 we introduced the concept of Cloud Kerberos Trust and spoke to some of the challenges it can help organisations overcome. One of the things that we love is the simplicity of configuration – both for green field tenants and for organisations already using a different trust method with Windows Hello for ..read more

Cloud Kerberos Trust for Windows Hello for Business is the apex of single sign-on solutions for your Windows devices. In this Trilogy you can expect to learn the what, the how and the wow! The story so far Windows Hello for Business Cloud Kerberos Trust – Every silver lining begins with a journey through pain, non optimal circumstance and wisdom gained through grit and determination. The trust model story has never been simple.. This Photo is licensed under CC BY-SA In this 3-part mini series, we will talk about concepts, strategies, configurations and pain points that we commonly come across ..read more

A ..read more