Modern Device Management

Windows AppLocker is a technology that has been around since Windows 7 days.  In enterprise environments, it is typically configured via Group Policy, however one can leverage the XML it creates to easily build your own custom policies that perform many of the same tasks with Microsoft Intune. The only thing that one needs to be mindful of is whether you want to Deny or Allow access to a list of executables. Each of the methods have their own advantages and disadvantages, but with Allow (Whitelisting), one needs to apply extra caution as it can result in breaking of the system and cause all sort of functionality issues. I implemented a whitelist applocker policy in 2020, but never blogged about it so this is coming straight out of the archives. What all is involved? Identify a list of apps that you want to Whitelist in the XML. Model the policy that you want to implement using AppLocker in Group Policy Editor and export the XML. Use the XML to create a custom Windows 10 Devic...

Recently, I worked on a requirement for configuring a Macro as part of standard build for devices being provisioned using Autopilot. As of now, there is no single complete solution available out of the box in Intune to achieve this and there are a number of steps involved in the process. At a high-level, the process involves the following: 1.       Install the Macro on a reference device. 2.       Create a self-signing certificate on the same reference device. 3.       Add the certificate against the Macro and capture the .OTM file. 4.       Export the certificate as a Base 64 code. 5.       Configure the Trust setting policy in Intune. 6.       Create a Win32 app to copy the .OTM file in the user’s profile path. 7.       Configure the CSP in Intune to deploy the certificate in Root CA & Trusted...