Configure “Enhanced Phishing Protection in Microsoft Defender SmartScreen” in Windows 11 22H2 via Endpoint Manager

Windows 11 22H2 update brought a lot of good stuff and as a tech enthusiast I really appreciate what Microsoft is doing to ensure the end user devices are protected. Enhanced Phishing Protection in Microsoft defender SmartScreen is one of them. While the features are available to the standard Windows Home user, I tested these … Continue reading Configure “Enhanced Phishing Protection in Microsoft Defender SmartScreen” in Windows 11 22H2 via Endpoint Manager

Device Hardening with Endpoint Manager Security Baseline for Windows Policy

The word on the street is not "If I get hacked" but "when I will get hacked" and securing your infrastructure starts from your end users and devices and hardening those devices that the users use every day have never been so important. Security Baseline policy for Windows 10 and later. This is one of … Continue reading Device Hardening with Endpoint Manager Security Baseline for Windows Policy

How to Use Endpoint Manager Import ADMX Function to Map Shared Drives

Earlier this year I wrote the same but more of a manual method to map drives using Endpoint Manager OMA-URI function and by ingesting the ADMX files in raw form to configure the drives. https://shehanperera.com/2022/04/01/network_shares_with_mem/ After Microsoft announced the Preview of the Import ADMX function, I was thrilled as I wanted to test out a … Continue reading How to Use Endpoint Manager Import ADMX Function to Map Shared Drives

Azure AD Device Registration – Part 1 – How to Fix the Pending Registration State Issue?

Firstly I must say, during your cloud journey you may have seen this error many times and fixed this many times. Also there can be engineers who are yet to see this error (among other errors) and want to fix this. In a Hybrid AAD Joined (HAADJ) environment, ideally what you want the device registration … Continue reading Azure AD Device Registration – Part 1 – How to Fix the Pending Registration State Issue?

Device Control Polices with Microsoft Defender for Endpoint and Endpoint Manager

Device Control is one of the core components of any Device Management solution. This identifies what devices the user can install in their system or plug and play. While there are devices that need to be installed on user computers such as printers, specific computer peripherals, and USB keys, you don't want to allow the … Continue reading Device Control Polices with Microsoft Defender for Endpoint and Endpoint Manager

Passwordless Authentication With FEITIAN BioPass FIDO2 Security Key K49

FEITIAN Technologies recently reached me out via LinkedIn to request if I can review one of their latest Passwordless key products - K49. This is not a paid review and only contains my independent opinion as a technologist as well as an avid Identity and Access Management enthusiast. I'm always a big fan of going … Continue reading Passwordless Authentication With FEITIAN BioPass FIDO2 Security Key K49

A Closer Look At The Azure AD Joined Device Local Administrator Role And Endpoint Manager Account Protection Policy

Local Admin is a must needed account/ access that requires in a domain setup for so many reasons. Over the years Microsoft brought many options to manage these accounts in a secure manner. Restricted groups/ LAPS etc. With Azure AD and Endpoint Manager in the scene, many devices are moved to cloud managed rather than … Continue reading A Closer Look At The Azure AD Joined Device Local Administrator Role And Endpoint Manager Account Protection Policy

Windows Autopatch – General Availability With Improvements

This is an update post on the much awaited Windows Autopatch service. This went from Public Preview to General Availability today (12/06/2022) and number of good improvements have been introduced and I would like to go through them. If you haven't read my previous posts on Windows Autopatch, please check them from below. Features EnrollmentDevice … Continue reading Windows Autopatch – General Availability With Improvements

An Attempt to Configure Defender for Endpoint and Endpoint Manager With the Same Device Tag

Most often the device tagging requirements are simple or you do have a set of tags for the devices that are enrolled in Intune and a set of tags for the devices onboarded in Defender for Endpoint. However there can be situations where you need both services to have the same device tagging setup. This … Continue reading An Attempt to Configure Defender for Endpoint and Endpoint Manager With the Same Device Tag

Windows Autopatch – 3. Support Requests

This will be a short post, but I like to emphasize this great feature Windows Autopatch provides. In case you haven't seen the news, Windows Autopatch is now in Public Preview and I'm thrilled to write about it. Post 1 and Post 2 can be found below 1. Tenant Onboarding and Device Registration 2. Deployment … Continue reading Windows Autopatch – 3. Support Requests

Windows Autopatch – 2. Deployment Rings, Security Groups and Device Profiles

In case you haven't seen the news, Windows Autopatch is now in Public Preview and I'm thrilled to write my 2nd post about it. Post 1 can be found below 1. Tenant Onboarding and Device Registration In this post I will talking about the main component of the feature - Deployment Rings and Device Profiles. … Continue reading Windows Autopatch – 2. Deployment Rings, Security Groups and Device Profiles

Windows Autopatch – 1. Tenant Onboarding and Device Registration

Windows Autopatch is finally here and this will update your eligible Windows 10 and 11 devices and Office application. This is a IT admin hands off task as opposed to traditional Patch Tuesday and other patching events and internal IT admins can always open support tickets with Microsoft when required. This is Microsoft looking after … Continue reading Windows Autopatch – 1. Tenant Onboarding and Device Registration