Blocking the Microsoft Store (App) with AppLocker or Intune settings catalog

If you want to stop users from installing apps from the Microsoft Store and apps.microsoft.com, while still letting built-in Store apps like Photos, Paint, and Snipping Tool run and update automatically in the background, this post will show you how I pulled it off using AppLocker deployed through a Custom OMA-URI policy in Microsoft Intune … Read more

Building a Secure LAPS Password Portal with Azure and Microsoft Graph

Read more

Create a Custom Entra ID Role to View LAPS Passwords in Microsoft Intune

We’re planning to roll out Windows Local Administrator Password Solution (LAPS), and a key requirement is that our helpdesk staff and workplace admins can access the LAPS password. This post shows how to view LAPS passwords in Intune without granting to much permissions. I will explain how to create a custom Microsoft Entra ID role that allows controlled visibility of LAPS passwords, and how to integrate this role seamlessly with existing Privileged Identity Management (PIM) group.

Read more