Category Archives: EMS

Automation, EMS, MDATP, Powershell, Security

Grouping devices in MDATP based on registered users

October 5, 2020 Jos Leave a comment

Microsoft Defender Advanced Threat Protection seems to be becoming the defacto leader in the A/V industry, at least when Windows is concerned, but other OS’es seem to be following quickly 🙂

At one of my international customers, many different locations and departments exist and we’d like to group devices in MDATP based on their primary user so we can assigned different administrators automatically, and apply different web filtering policies.

MDATP has the following options available for grouping:

These membership rules don’t say anything about the user, and the machine domains are all cloud native (no hybrid joins). So we need to use Tags to gain flexible targeting in MDATP.

The following PowerShell script can be scheduled as an Azure Runbook to automatically tag all your MDATP devices based on the ‘Company’ attribute of the device’s primary user. It could also be modified easily to e.g. parse a user’s group membership or UPN’s domain.

https://gitlab.com/Lieben/assortedFunctions/-/blob/master/set-MDATPCustomTags.ps1

If you have a lot of devices, it may take a while for the first run (beyond Azure Automation limits), in that case run it locally first and then schedule it.

EMS, Intune, Powershell, Uncategorized

Delete User Profiles Older than a Specified Number of Days on System Restart through Intune

October 22, 2019 Jos Leave a comment

The good old Group Policy “Configuration\Policies\Administrative Templates\System\User Profiles\Delete User Profiles Older than a Specified Number of Days on System Restart ” isn’t part of Intune yet.

If you use shared devices in your environment, you can use below script to set the number of days after which a user profile is cleaned up on Windows 10 MDM / Intune managed.

It has to run under SYSTEM context or it won’t be allowed to write the right key.

Download: https://gitlab.com/Lieben/assortedFunctions/blob/master/set-CleanupUserProfilesAfterDays.ps1

Azure, AzureAD, EMS, Exchange Online, Intune, Office 365

More licenses and features

September 16, 2019 Jos Leave a comment

Pivot table of all Microsoft cloud suites and their features

I’ve updated the Microsoft cloud suites feature comparison page with all other suites Microsoft including all their features. I’ve also added all Education sku’s. You can use the pivot table to sort / mix / match according to your exact needs. If you need any assistance with Microsoft 365, don’t be a stranger 🙂

AzureAD, EMS, Exchange Online, Intune, Microsoft Teams, Office 365, OneDrive for Business, Security, Sharepoint Online

Comparing M365 suites

September 6, 2019 Jos Leave a comment

A full overview of all Microsoft 365 (Business, F1, E3 and E5) plans and their features in a table for your convenience 🙂

Comparing Microsoft’s 365 offers

EMS, Intune

Roaming Chrome settings with Intune MDM

June 12, 2019 Jos 2 Comments

In the Modern Management scenario, Chrome’s best method of roaming settings is your Google Profile, tied to your google account.

For those of you for whom this is not a good option, allow me to present a simple and elegant alternative through OMA-URI. First, ensure you have loaded an ADMX backed template for Chrome and grabbed the Chrome MSI from Google.

Then, add a new Device Configuration Profile with two Custom OMA-URI’s:

Continue reading →

Liebensraum