M365 Environment 20 – Windows Defender Exploit Guard – Attack Surface Reduction

In this post, we’ll see how we can configure Windows Defender Exploit Guard feature Attack Surface Reduction using Microsoft Intune. Windows Defender Exploit Guard is a new set of intrusion prevention capabilities that ships with the Windows 10 Fall Creators Update. There are four components of Windows Defender Exploit Guard which are designed to lock […]

M365 Environment 19 – Windows Defender Credential Guard

In this post, we’ll see how we can configure Windows Defender Credential Guard using Microsoft Intune. Windows Defender Credential Guard is a Windows 10 feature which uses virtualization-based security to isolate secrets so that only privileged system software can access them. Credential Guard prevents these attacks by protecting NTLM password hashes, Kerberos Ticket Granting Tickets, […]

M365 Environment 17 – Extend Windows Defender Application Guard to Google Chrome and Mozilla Firefox

In this post, we’ll extend Windows Defender Application Guard to Mozilla Firefox and Google Chrome. After the configuration, whenever anyone uses Chrome or Firefox to open URLs which are not in the Corporate Network Boundary, it will automatically open in Windows Defender Application Guard window. The steps include installing Windows Defender Companion app from Microsoft […]

M365 Environment 16 – Windows Defender Application Guard

In this post we’ll configure Windows Defender Application Guard. Windows Defender Application Guard is a Windows 10 feature which helps protect in a way that when an employee goes to an untrusted site through either Microsoft Edge or Internet Explorer, Microsoft Edge opens the site in an isolated environment, which is separate from the host […]

M365 Environment 15 – Microsoft Store for Business configuration, Intune Integration and Store Apps

In this post we’ll configure Microsoft Store for Business and add some store apps (offline and online) to the inventory. Then, we’ll integrate it with Microsoft Intune and deploy the apps from Intune. Existing setup done: Two Local users created Azure AD Connect configured Seamless Single Sign-On (IE) configured Seamless Single Sign-On (Firefox) configured Hybrid […]

M365 Environment 14 – Some 3rd Party applications (Browsers)

In this post we’ll deploy some more applications (3rd party web browsers) to the devices. Existing setup done: Two Local users created Azure AD Connect configured Seamless Single Sign-On (IE) configured Seamless Single Sign-On (Firefox) configured Hybrid Azure AD Join configured Intune enrollment – Domain Joined Windows 10 devices Azure AD Join Office 365 Pro […]

M365 Environment 13 – Add Applications in Startup folder

In this post, we’ll see how we can add a application shortcut in Startup folder so that it starts automatically with Windows. We can use 3 methods: Copy pre-existing shortcut to Startup folder using PowerShell script Embed shortcut in PowerShell script. The same script will create the shortcut and put it in Startup folder Create […]

M365 Environment 12 – Set Desktop Background, Lock Screen and Screensaver

In this post we’ll see how we can set the Desktop Background, Lock Screen wallpaper and Screensaver. There are two methods to set the Lock Screen and Background wallpaper. You can either use the Configuration Policy or PowerShell script. We’ll see both of them. Assumption: you have already copied the files to Windows folder using […]

M365 Environment 11 – Copy Files (Win32 App)

In earlier posts we saw how we can deploy Office 365 Pro Plus app to client devices. We also saw how we can deploy PowerShell scripts to configure certain settings. In this post we’ll see how we can create a simple Win32 app. This Win32 app does one simple task, Copy certain required files to […]

M365 Environment 10 – Known folder migration and SharePoint Library sync to OneDrive

In this post, we’ll see how we can migrate known folders to OneDrive and sync a SharePoint Team site’s library to OneDrive. If you want to sync SharePoint library, check previous post to copy the SharePoint library ID. If you do not want to sync SharePoint library, do not follow the SharePoint related configuration. Existing […]