Modern Device Management

Implementing and maintaining a good security posture is an integral part of overall IT security governance for most organizations now. While you want to harden the security of infrastructure and give least number of privileges to your end users, sometimes you may need to cut back on the restrictions to ensure a good user experience and an effective IT support process. Recently, I had a requirement where the customer wanted to ease the restriction on the end user devices to make the helpdesk support process more efficient. This involved easing the UAC level access for the Standard users and if you are managing your devices using Intune, then this blog may just help you. Let us see what all is involved and some of the ways that you can use to implement this easily. Policy CSP – LocalPoliciesSecurityOptions LocalPoliciesSecurityOptions has many CSP settings and if you are managing these settings at an individual level, then the CSP that we need to concern ourselves with here is U

In the world of Microsoft Endpoint Management (MEM), it is important that devices regularly check in with Intune. If this breaks down, then one practically loses the ability to manage the devices for any MDM based policies. However, not everything is lost at this point and there is a way to get around this and get your devices checking in again. I recently dealt with an issue where devices stopped checking in soon after they were enrolled. While the investigation is on to find the root cause, a 3 rd party remote management application is under suspicion. Now I don’t want to go into too much detail about the application as the investigation has not concluded yet, but I must say that the app was found to be interfering with the Intune services during Autopilot and had to be removed from the standard list of apps. Instead, it was made available to users to install from the Company Portal and almost every device where it was installed, stopped checking in. On further investigation, it