Modern Device Management

  As of writing this blog, Microsoft have released Windows LAPS for both Azure AD joined and hybrid Azure AD joined devices. An official Cloud LAPS solution has been long awaited and it is finally here. While still in Public preview, it is a good time to test the feature. I tested the solution in my tenant and captured the relevant bits. Check it out. First of all, lets see what the current requirements are - Supported Azure Regions - -Azure Global -Azure Government -Azure China 21Vianet Operating system updates that are currently needed - This feature is now available on the following Windows OS platforms with the specified update or later installed: -Windows 11 22H2 - April 11 2023 Update -Windows 11 21H2 - April 11 2023 Update -Windows 10 20H2, 21H2 and 22H2 - April 11 2023 Update -Windows Server 2022 - April 11 2023 Update -Windows Server 2019 - April 11 2023 Update Device identities that are supported - - Azure AD joined - hybrid Azure AD joined devices only. Note: Azure AD regist

Earlier this year in January, I posted a blog on how to Enable Safe Browsing in Google Chrome in Windows devices using Intune . Now it is time to extend the same security policy to mobile devices. While there are many security features that can be enabled for Google Chrome, the prime focus for this blog will be Safe browsing. I will not go into too much detail about Safe browsing and why Enhanced protection should be enabled as I have already covered the details in the earlier blog post . However, when it comes to mobile devices and iOS in particular, it is not as straight forward as it is for Android. Let's see how the setting can be configured using in Intune. Enabling Enhanced Safe Browsing mode in Android 1. In Microsoft Intune admin center , go to Apps > App configuration policies 2. Click on Add and select Managed Devices. 3. Provide a name and select platform as Android Enterprise. 4. In the Profile type, you can select the profile of your choice, or All profile types. In

Microsoft keeps the security baselines up to date in general with each new versions coming out. Be it Windows OS 10\11, Windows Server OS 2022, Microsoft 365 Apps or Edge. Edge security baseline for v112 was recently released and I wanted to roll this out in my tenant using Intune. This blog covers the details on the setup. If you are using still using GPOs, then you can easily import the security baseline templates and assign them. In Intune, Microsoft had introduced Security baseline profiles to allow rolling out the security baselines out of the box. However, despite being a cloud managed feature, the baselines have not been updated in a long time. However, as of 31st March 2023, in a blog post comment, Microsoft have indicated that the security baselines may now finally be getting updated in Intune. More details can be found in this  link . This is fantastic news and long awaited in my opinion. However, if you don't want to wait until the security baselines are updated in Intu