Windows BitLocker configuration using Intune

by

In this article, I will show you Windows BitLocker configuration using Intune. BitLocker encrypts the hard disk data to prevent data loss if a device is stolen/ lost. If the device is stolen or lost, data is secured. Others can still format the system but won’t be able to get the data. 265-bit encryption has … Read more

Identify simple passwords in the organization

by

We can set some configurations to identify simple passwords in the organization, but first, let’s see what can happen with simple or weak passwords in the organization: Data Breaches: Weak passwords will welcome vulnerability which leads to data breaches. Attackers can gain access to sensitive information about the organization. Account Takeovers: Simple passwords make it … Read more

Self Service Password Reset SSPR

by

Self Service Password Reset (SSPR) is one of the features of Microsoft Entra ID, that gives the ability to change or reset own passwords without the intervention of an Administrator. When the user’s account is locked or forgets their password or wants to change the password for any reason, the user can change the password. … Read more

Setup Outlook profile automatically via Intune

by

Setup Outlook profile automatically via Intune will be great for the organization’s users when setting it up. They don’t have to worry about all the difficult steps like POP3, SMTP or IMAP. The application will automatically get all configuration and setup done without much effort. Intune configuration Let’s dive into the configuration to setup Outlook … Read more

Set Default Apps via Intune

by

Setting up Default apps saves time and reduces efforts for non-IT users. You can’t set for all the apps at once but you can do which are most essentials. Let’s learn how to set default apps via Intune.

Here I will give you two examples but you can add as much as possible in the configuration file.

Configuration

Before we do the configuration, we need to do some preparation work, to prepare the configuration file, follow the below-mentioned steps:

  • Open command prompt as Administrator
  • Run the command – Dism /Online /Export-DefaultAppAssociations:c:\temp\DefaultApps.xml

Set Default Apps via Intune

  • Open the file in Notepad or Notepad++, whichever extension you want to edit start editing in the file.
  • I am going to change for Google Chrome & Outlook application
  • It will look like this:
<?xml version="1.0" encoding="UTF-8"?>
<DefaultAssociations>
  <Association Identifier=".htm" ProgId="ChromeHtml" ApplicationName="Google Chrome" />
  <Association Identifier=".html" ProgId="ChromeHtml" ApplicationName="Google Chrome" />
  <Association Identifier="http" ProgId="ChromeHtml" ApplicationName="Google Chrome" />
  <Association Identifier="https" ProgId="ChromeHtml" ApplicationName="Google Chrome" />
  <Association Identifier="read" ProgId="ChromeHtml" ApplicationName="Google Chrome" />
  <Association Identifier=”.eml” ProgId=”AppXn1scph4yxkh5tvym038c6zjjfpmdg2fg” ApplicationName=”Outlook (new)” />
  <Association Identifier=”mailto” ProgId=”AppXbx2ce4vcxjdhff3d1ms66qqzk12zn827″ ApplicationName=”Outlook (new)” />
</DefaultAssociations>
  • Now, Intune won’t understand this format we need to change it to Base64 format.
  • You can use any of the Base64 Encode websites for this.

Now your preparation work has been completed, let’s go to Intune for further configuration:

  • Go to the Microsoft Intune Admin Center
  • select Devices and open Windows
  • In Configuration Profiles, create a new profile.
  • Select custom template

Set Default Apps via Intune

  • Add a Name and Description as you want.
  • In the Configuration setting Add the New setting.
    • Name & Description – as per your configuration
    • OMA-URI = ./Device/Vendor/MSFT/Policy/Config/ApplicationDefaults/DefaultAssociationsConfiguration

Set Default Apps via Intune

  • You can add as much as you want

Set Default Apps via Intune

  • Assign assignment as per your deployment
  • Applicability Rule will be as per your OS-based deployment or leave it blank.
  • Review the configuration and save.

That’s it, the configuration is done.

Read more

Block Microsoft Store via Intune

by

Keep Store app available in the corporate environment is risky for business, Hence, this article will guide you on how to block Microsoft Store via Intune There are some reasons why it is necessary to block the store: Improve Security: It will reduce the risk of Malware Control Software Installations: Stop users from downloading and … Read more

Dynamic Distribution list

by

The dynamic distribution list is a collection of users created dynamically based on their attributes. Dynamic distribution list creation is simple and maintenance is also easy. Manually Distribution list you have you remove/add users manually when employees join or leave. So in this article, I will show you how to create a Dynamic distribution list … Read more

Block Change Date and Time in Windows via Intune

by

I have created this article to show you how to block change Date and time in Windows via Intune. This will stop users from changing the date and time in the Windows system as this is a common security practice and it is required for the integrity of data and security. There are a couple … Read more

OneDrive Access Delegation

by

OneDrive makes it easy to collaborate by sharing files and folders with others in or outside the organization. Sometimes, we may need to give access to another user’s OneDrive with another user. For the left employee, OneDrive access is required for business users. In this article, I will guide you on OneDrive access delegation. How … Read more

Optimized by Optimole