Showing posts from July, 2023

How to disable access to removable storage devices with Microsoft Intune

Your computer's USB ports are an obvious gateway to trying to compromise your security. You must therefore limit its use and thus prevent a user from connecting a storage device that could contain a virus or other malware that could affect your security. Microsoft Intune provides the ability to address this vulnerability by creating a CSP. Setting it up will prevent access to the following elements: External USB Storage SD Card To do this, I invite you to follow the procedure below. Create the Configuration Profile Go to Navigate to  Devices  /  Windows  /  Configuration Profiles Click  Create Profile In  Create a Profile,  select : Platform :  Windows 10 and later Profile Type :  Template Template Name :  Device Restriction Click  Create Enter the profile name  in the  name field  and click  Next Configuration Settings , navigate to  General For  Removable Storage , switch the parameter to  Block Click  Next Assignements , select  Devices group or All devices

How to resize Windows 365 cloud PC

Microsoft recently added a function in the Microsoft Intune management console to resize a Windows 365 PC cloud. Small clarification, this option is currently available in Preview. With this new feature, we have the possibility to adjust the following elements: CPU Memory Hard drive The desired changes must match the configurations proposed in the Windows 365 license program. Prerequisites Admin rights Here is the list of prerequisites necessary to perform the resizing of a Cloud PC : For a Cloud PC provisioned with a direct assigned license , at least one of the following roles Global Admin Intune Service Admin Intune Reader + Cloud PC Admin roles Intune Reader + Windows 365 Admin For a Cloud PC provisioned with a group-based license , at least one of the following roles Global Admin Intune Service Admin Intune Reader + Windows 365 Admin In addition to one of the previous three roles, a role with Azure AD group read/write membership and licensing permissions, like the Windows 365 Admi

How to limit rights on C drive for Authenticated Users

In some cases, it can be interesting to control the level of authorization that we leave to users on the C: drive.  With this in mind and to respond to certain customer requests, I made a PowerShell script to limit write rights for authenticated users using the icacls command. The script is available on github : Script details  <# .DESCRIPTION This script allows you to revoke user rights in C: and thus prevent creating folders or files anywhere on the hard disk system. .NOTES   Version:        1.0   Author:         Christopher Mogis   Creation Date:  07/11/2023 #> #Script Parameters Param ( [Parameter(Mandatory= $true )] [ValidateSet( "Remove" , "Add" )] [String[]] $Param ) #Variables $Date = Get-Date #Log Folder Function CreateLogsFolder   {     If (!( Test-Path "C:\CCMTune\Logs\" ))     {     Write-Host "$( $Date ) : Create logs folder C:\CCMTune\Logs"     New-Item -Force -Pa