-
Using Intune Remediations to Ensure Windows Services Are Set to Automatic and Running
Managing Windows services across a fleet of devices can be a daunting task—especially when you need to ensure that critical services are always running and set to start automatically. Whether it’s the Windows Update service, a custom in-house service, or something like the Print Spooler, ensuring these services are correctly configured is essential for system…
-
Blocking Store App Downloads on Windows 11 – The Browser Trick
With Windows 11, Microsoft continues to blur the lines between system components and Store apps. Notepad, Calculator, even Paint – they’re all Store apps now. And while that’s great for updates and modularity, it’s a headache for IT admins trying to keep user environments clean and controlled. For a while, blocking the Microsoft Store via…
-
Entra ID Guest User Lifecycle Management — Automated, License-Free & Auditable
Managing guest users in Entra ID can quickly become a compliance headache. Stale accounts, forgotten access, and manual cleanup are a recipe for risk. But what if you could automate the entire lifecycle — from detection to deletion — without shelling out for premium identity governance licenses? That’s exactly what this solution delivers: a lightweight,…
-
Desktop Shortcuts via Intune Remediations
🎯 Scenario You want to deploy desktop shortcuts via Intune. One for a classic installed app (PuTTY), and another for a Microsoft Store app (Calculator). Both should be handled via remediation scripts — detection + remediation — and work silently in the background. 🧪 Variant 1: Installed Program (PuTTY) 🔍 Detection Script 🛠️ Remediation Script…
-
Windows Hello for Business: ESS & MFU – Smarter Security for Smarter Devices
🧠 Why ESS & MFU Matter 🔒 ESS isolates biometric data (fingerprint, facial recognition) at the hardware level. This protects against replay and extraction attacks—your face and fingerprint stay yours. 🧩 MFU enforces true two-factor authentication directly on the device. Think PIN + fingerprint or PIN + facial recognition. No cloud dependency, no shortcuts. Together,…
-
Timezone Control in AVD & Windows 365 via Intune
Managing timezones in cloud-based desktops might seem trivial, but it can make or break user experience — especially in distributed teams. Whether you’re running Azure Virtual Desktop (AVD) or Windows 365 Cloud PCs, Intune gives you full control over how time is handled. Let’s explore how to redirect the client timezone, when it’s already enabled…
-
Workplace Ninja Summit 2025 – My Key Takeaways from Baden
Last week, I had the chance to attend the Workplace Ninja Summit in Baden, Switzerland, together with three colleagues. In short: it was an incredibly valuable experience. The sessions from Microsoft and community experts made one thing crystal clear:☁ Cloud-native first is no longer a future vision – it’s the new standard. ✅ What does that mean in practice?…
-
In-Place Upgrade to Windows 11 24H2 Multisession in AVD
Microsoft’s Windows 11 24H2 multisession image has been around since late 2024, quietly available in the Azure Marketplace. While it’s not a revolutionary release, it does bring stability and long-term support to Azure Virtual Desktop (AVD) environments. For admins and consultants, the real value lies in the ability to perform an in-place upgrade—keeping existing session hosts…
-
Entra ID MFA Methods Reporting with PowerShell – Simplified & Customizable
🔐 Multi-Factor Authentication (MFA) is a cornerstone of modern identity security. But how do you keep track of which users are registered, which methods they use, and whether they’re truly protected? If you’ve ever wished for a simple way to generate a detailed report of MFA methods across your tenant—or even scoped to a specific group—this PowerShell…
-
Windows Backup & Restore via Intune & Autopilot
Finally, a native way to keep user data safe across device lifecycles Microsoft has quietly introduced a long-awaited feature that’s bound to make both IT admins and end users breathe a little easier: Windows Backup integrated with Intune and Autopilot. This isn’t just about file recovery—it’s about preserving the user experience across device transitions, migrations, and even hardware failures. Let’s break down…