Windows

Blocking the Microsoft Store (App) with AppLocker

by

If you want to stop users from installing apps from the Microsoft Store and apps.microsoft.com, while still letting built-in Store apps like Photos, Paint, and Snipping Tool run and update automatically in the background, this post will show you how I pulled it off using AppLocker deployed through a Custom OMA-URI policy in Microsoft Intune. … Read more

Create a Custom Entra ID Role to View LAPS Passwords in Microsoft Intune

by

We’re planning to roll out Windows Local Administrator Password Solution (LAPS), and a key requirement is that our helpdesk staff and workplace admins can access the LAPS password. This post shows how to view LAPS passwords in Intune without granting to much permissions. I will explain how to create a custom Microsoft Entra ID role that allows controlled visibility of LAPS passwords, and how to integrate this role seamlessly with existing Privileged Identity Management (PIM) group.

Read more

Deploy Microsoft Project and Visio (Click-to-run)

by

I got a request at work if I could create the deployment of the latest versions (Click-to-run) of Microsoft Visio and Project and set the Monthly update channel. The deployment of the applications should be made available in the Company Portal for users that are a member of the Entra ID synced Active Directory group to which the Visio and or Project Online plan licenses are assigned to.
We still run a 32 bits MS365 Apps on devices so got a mix of 32 bits and 64 bits MS 365 apps. The deployment should automatically detect the MS 365 apps architecture and then install the correct 32 or 64 bits version of Project and / or Visio. In this post I will show you how I did this. I will also provide all the sources and scripts you need to accomplish this.

Read more