CCMTune

With the arrival of build 2307 of Microsoft Intune , Microsoft provides a new option on the Application part. Source :  What's new in Microsoft Intune | Microsoft Learn This option allows us to offer users the possibility of uninstalling an Win32 application via the Company Portal. Below you will find the procedure to activate the option in the Microsoft Intune console. Prerequisites Intune tenant up to date Win32 app available in the company portal A valid Uninstall command line Enabling the Uninstall option Go to  Intune.microsoft.com Navigate to Apps / Windows Select an  Win32 App and click Properties On Program , click Edit Activate the option Allow available uninstall  by switching the option to Yes Click Review + Save for all sections and click Save User side Open the company portal then select an available Win32 application. After updating, you should see the mention Uninstall.  Click Uninstall for remove the application.

Your computer's USB ports are an obvious gateway to trying to compromise your security. You must therefore limit its use and thus prevent a user from connecting a storage device that could contain a virus or other malware that could affect your security. Microsoft Intune provides the ability to address this vulnerability by creating a CSP. Setting it up will prevent access to the following elements: External USB Storage SD Card To do this, I invite you to follow the procedure below. Create the Configuration Profile Go to  Intune.microsoft.com Navigate to  Devices  /  Windows  /  Configuration Profiles Click  Create Profile In  Create a Profile,  select : Platform :  Windows 10 and later Profile Type :  Template Template Name :  Device Restriction Click  Create Enter the profile name  in the  name field  and click  Next Configuration Settings , navigate to  General For  Removable Storage ,...

In some cases, it can be interesting to control the level of authorization that we leave to users on the C: drive.  With this in mind and to respond to certain customer requests, I made a PowerShell script to limit write rights for authenticated users using the icacls command. The script is available on github :  https://github.com/ChrisMogis/DriveC_RightsModification Script details  <# .DESCRIPTION This script allows you to revoke user rights in C: and thus prevent creating folders or files anywhere on the hard disk system. .NOTES   Version:        1.0   Author:         Christopher Mogis   Creation Date:  07/11/2023 #> #Script Parameters Param ( [Parameter(Mandatory= $true )] [ValidateSet( "Remove" , "Add" )] [String[]] $Param ) #Variables $Date = Get-Date #Log Folder Function CreateLogsFolder   {     If (!( Test-Path "C:\CCMTune\Logs\" ))     {     Write-Host "$( $...

LAPS lets you manage local account passwords on Windows devices. The solution allows you to control and securely recover the built-in local administrator password. Limited until now to On-premise integration, this solution represented an obstacle to the migration of certain customers to full cloud management of their IT equipment. With the availability of the cloud version of LAPS, customers can now manage securing their Azure AD devices' on-premises Admin accounts and Azure AD Hybrid Join devices from the Microsoft Intune or Microsoft Entra console. 1. Prerequisites for Windows LAPS Microsoft Intune and Azure subscription Windows 10/11 licences , Pro, Enterprise or Education edition Hybrid Azure AD or Azure AD joined devices. An administration account with the necessary rights to perform the different steps. 2. Service activation We have two possibilities, go through the Azure console or Microsoft Entra. In my case, I opt for activation via Microsoft Entra. Go to Microsoft Ent...

Renaming a device manually is quick and easy when we only have one device to fix. But when it comes to doing a large number of devices, then it is better to automate this action. Today, there is the method via CSP but which can have a rather random behavior, in particular on the reporting, console side. I therefore share with you a PowerShell script which, deployed with Microsoft Intune, will allow you to quickly rename your machines. Script overview This script detects the type of device used:  If it's a virtual machine , it takes the defined prefix  (CCMT in my example)  and adds a numeric complement generated with Get-Random command For physical machines , it retrieves the serial number and adds the prefix  (CCMT in my example) The user is informed that his device has received changes and that it will restart automatically in a few minutes. The script is available on Github :  Link Script integration & deployment Prerequisites The prerequisites are: Conve...

Protecting the identity of your users is an important element in terms of computer security. By default, when you start your computer, the startup screen gives you access to the following information : User picture The last connected user on the computer In this article we will see how to hide the identity of the user at the login and lock screen of your computer with Microsoft Intune. Create a configuration profile in Microsoft Intune Go to endpoint.microsoft.com Go to  Devices / Windows / Configuration Profiles Click  Create Profile Select :  Platform :  Windows 10 and later Profile Type :  Settings Catalog Complete the Name field  and click  Next Click  Add settings and Search  Interactive logon Click Local Policies Security Options Select this options on the list : Interactive Logon Do Not Display Username At Sign In Interactive Logon Do Not Display User information When The Session is Locked Interactive Logon Do Not Display Last Signed ...

Available on Windows 10 and 11, Storage Sense can automatically free up drive space for you by getting rid of items that you don't need, like temporary files, like items in your downloads folder and items in your Recycle Bin. Storage Sense also allows you to manage locally available cloud content. If these files have not been used for a while, Storage Sense will automatically revert them to cloud storage only. Manual setup Feature activation Go to Start / Settings / System / Storage Set Storage Sense feature to On Configure your Storage Sense settings Go to  Start  /  Settings  /  System  /  Storage Click Storage to access Storage Sense configuration We have the possibilities to configure   Cleanup of temporary files Automatic User content cleanup Locally available cloud content After configuration, click Run Storage Sense Now With Microsoft Intune Create and configure the Storage Sense configuration profile Go to  Endpoint.microsoft....

Windows Autopilot offers several deployment scenarios, including pre-provisioning. This allows to respond to some use cases such as:  Provide a workstation prepared via Windows Autopilot and then send it to low bandwidth sites for example.   But also to provide the end user, a ready-to-use experience by relieving them of sometimes tedious provisioning tasks. In the following, I will detail all the prerequisites as well as the steps to pre-provision a workstation with Microsoft Intune and Windows Autopilot. 1. Prerequisites Device : Microsoft Intune tenant  with MDM authority  "Set to Intune" Windows Autopilot User Driven AAD or HAAD join devices Windows 10 1903 and above  (Enterprise, Pro and Education) Physical devices with TPM 2.0 with device attestation  (check your hardware compatibility) Virtual machines are not supported Network : Wired ethernet connection   TPM attestation validation process  requires access to the URLs below : *.microsofta...