Export/Import your Conditional Access policy baselines for your customers

Export/Import your Conditional Access policy baselines for your customers

I have recently come across an amazing new PowerShell module which allows you to export/import your Conditional Access policies. This module is brilliant if your someone like who loves a bit of PowerShell and baselines their configuration so it can be reused for other customers.

Before we continue, I wanted to highlight the author of this module Daniel Chronlund. Make sure you follow his blog and give him a #FF on Twitter.
https://danielchronlund.com
http://twitter.com/danielchronlund

So first of all, lets install the module on your client machine

Install-Module -Name DCToolbox

Once installed, lets see how we use this module by running the following command.

Get-Command -Module DCToolbox

Before running the above commands I suggest running the following command as it provides useful examples.

Get-DCHelp
Copy-DCExample

The below command provides you with 4 options to choice from;

Option NumberOption NameDescription
1Microsoft Graph with PowerShell examplesProvides PowerSell scripting examples
2Manage Conditional Access as codeProvides PowerSell scripting examples
3Activate an Azure AD Privileged Identity Management (PIM) roleProvides PowerSell scripting examples
4General PowerShell script templateCreate PowerShell script

Each of this options copy the required coding to your clipboard which you can then import into something like PowerShell ISE.

Microsoft Graph with PowerShell examples

*** Connect Examples ***

Connect to Microsoft Graph with delegated credentials.

$Parameters = @{
ClientID = ''
ClientSecret = ''
}
$AccessToken = Connect-DCMsGraphAsDelegated @Parameters

Connect to Microsoft Graph with application credentials.

$Parameters = @{
TenantName = 'example.onmicrosoft.com'
ClientID = ''
ClientSecret = ''
}
$AccessToken = Connect-DCMsGraphAsApplication @Parameters

*** Microsoft Graph Query Examples ***

GET data from Microsoft Graph.

$Parameters = @{
AccessToken = $AccessToken
GraphMethod = 'GET'
GraphUri = 'https://graph.microsoft.com/v1.0/users'
}
Invoke-DCMsGraphQuery @Parameters

POST changes to Microsoft Graph.

$Parameters = @{
AccessToken = $AccessToken
GraphMethod = 'POST'
GraphUri = 'https://graph.microsoft.com/v1.0/users'
GraphBody = @"

"@
}
Invoke-DCMsGraphQuery @Parameters

PUT changes to Microsoft Graph.

$Parameters = @{
AccessToken = $AccessToken
GraphMethod = 'PUT'
GraphUri = 'https://graph.microsoft.com/v1.0/users'
GraphBody = @"

"@
}
Invoke-DCMsGraphQuery @Parameters

PATCH changes to Microsoft Graph.

$Parameters = @{
AccessToken = $AccessToken
GraphMethod = 'PATCH'
GraphUri = 'https://graph.microsoft.com/v1.0/users'
GraphBody = @"

"@
}
Invoke-DCMsGraphQuery @Parameters

DELETE data from Microsoft Graph.

$Parameters = @{
AccessToken = $AccessToken
GraphMethod = 'DELETE'
GraphUri = 'https://graph.microsoft.com/v1.0/users'
}
Invoke-DCMsGraphQuery @Parameters
<#
Filter examples:
/users?$filter=startswith(givenName,'J')
/users?$filter=givenName eq 'Test'
>

Learn more about the Graph commands.

help Connect-DCMsGraphAsDelegated -Full
help Connect-DCMsGraphAsApplication -Full
help Invoke-DCMsGraphQuery -Full

Manage Conditional Acces as code


You first need to register a new application in your Azure AD according to this article:
https://danielchronlund.com/2018/11/19/fetch-data-from-microsoft-graph-with-powershell-paging-support/

The following Microsoft Graph API permissions are required for this to work:
Policy.ReadWrite.ConditionalAccess
Policy.Read.All
Directory.Read.All
Agreement.Read.All
Application.Read.All

Also, the user running this (the one who signs in when the authentication pops up) must have the appropriate permissions in Azure AD (Global Admin, Security Admin, Conditional Access Admin, etc).

Export your Conditional Access policies to a JSON file for backup.

$Parameters = @{
ClientID = ''
ClientSecret = ''
FilePath = 'C:\Temp\Conditional Access Backup.json'
}
Export-DCConditionalAccessPolicyDesign @Parameters

Import Conditional Access policies from a JSON file exported by Export-DCConditionalAccessPolicyDesign.

$Parameters = @{
ClientID = ''
ClientSecret = ''
FilePath = 'C:\Temp\Conditional Access Backup.json'
SkipReportOnlyMode = $false
DeleteAllExistingPolicies = $false
}
Import-DCConditionalAccessPolicyDesign @Parameters

Export Conditional Access policy design report to Excel.

$Parameters = @{
ClientID = ''
ClientSecret = ''
}
New-DCConditionalAccessPolicyDesignReport @Parameters

Export Conditional Access Assignment Report to Excel.

$Parameters = @{
ClientID = ''
ClientSecret = ''
IncludeGroupMembers = $false
}
New-DCConditionalAccessAssignmentReport @Parameters

Learn more about the different Conditional Access commands in DCToolbox.

help Export-DCConditionalAccessPolicyDesign -Full
help Import-DCConditionalAccessPolicyDesign -Full
help New-DCConditionalAccessPolicyDesignReport -Full
help New-DCConditionalAccessAssignmentReport -Full

Activate an Azure AD Privileged Identity Management (PIM) role.

Enable-DCAzureADPIMRole

User sign-in will popup and the after signing in, the following will happen:

VERBOSE: Connecting to Azure AD...

*** Activate PIM Role ***

[1] User Account Administrator
[2] Application Administrator
[3] Security Administrator
[0] Exit

Choice: 3
Duration [1 hour(s)]: 1
Reason: Need to do some security work!
VERBOSE: Activating PIM role...
VERBOSE: Security Administrator has been activated until 11/13/2020 11:41:01!

Learn more about Enable-DCAzureADPIMRole.

help Enable-DCAzureADPIMRole -Full

Privileged Identity Management | My roles: https://portal.azure.com/#blade/Microsoft_Azure_PIMCommon/ActivationMenuBlade/aadmigratedroles

Privileged Identity Management | Azure AD roles | Overview: https://portal.azure.com/#blade/Microsoft_Azure_PIMCommon/ResourceMenuBlade/aadoverview/resourceId//resourceType/tenant/provider/aadroles

General PowerShell script template

<#
    .SYNOPSIS
        A simple script template.

    .DESCRIPTION
        Write a description of what the script does and how to use it.
        
    .PARAMETER Parameter1
        Inputs a string into the script.
            
    .PARAMETER Parameter2
        Inputs an integer into the script.
            
    .PARAMETER Parameter3
        Sets a script switch.

    .INPUTS
        None

    .OUTPUTS
        System.String

    .NOTES
        Version:        1.0
        Author:         Daniel Chronlund
        Creation Date:  2021-01-01

    .EXAMPLE
        Script-Template -Parameter "Text" -Verbose

    .EXAMPLE
        Script-Template -Parameter "Text" -Verbose
#>

# ----- [Initialisations] -----

# Script parameters.
param (
    [parameter(Mandatory = $true)]
    [string]$Parameter1 = "Text",

    [parameter(Mandatory = $true)]
    [int32]$Parameter2 = 1,

    [parameter(Mandatory = $false)]
    [switch]$Parameter3
)

# Set Error Action - Possible choices: Stop, SilentlyContinue
$ErrorActionPreference = "Stop"

# ----- [Declarations] -----

# Variable 1 description.
$Variable1 = ""

# Variable 2 description.
$Variable2 = ""

# ----- [Functions] -----

function function1
{
    <#
        .SYNOPSIS
            A brief description of the function1 function.
        
        .DESCRIPTION
            A detailed description of the function1 function.
        
        .PARAMETER Parameter1
            A description of the Parameter1 parameter.
        
        .EXAMPLE
            function1 -Parameter1 'Value1'
    #>

    param (
        [parameter(Mandatory = $true)]
        [string]$Parameter1
    )

    $Output = $Parameter1

    $Output
}

# ----- [Execution] -----

# Do the following.
function1 -Parameter1 'Test'

# ----- [End] -----

Now you have all knowledge and tools required to backup for Conditional Access Policies for use with other tenants.

Regards
The Author – Blogabout.Cloud

QuickTip: Unable to see available applications for Windows 10 device in Company Portal

QuickTip: Unable to see available applications for Windows 10 device in Company Portal

When enrolling new or existing Windows 10 devices into Microsoft Endpoint Manager, the user may not be able to see the available straight away as shown below;

Screenshot of no device shown.

The resolution for this is a very simple one from the Company Portal

http://portal.manage.microsoft.com go to ‘Devices’

Select Tap here.

Screenshot of my devices.

On the next screen, select your device to enroll it.

Screenshot of selecting which device.

You are returned to My Devices. The device should show a green check, as shown in the following screenshot.

Screenshot of my devices.

Return to the Apps screen. The applications should now be visible.

Screenshot of apps displayed.

Regards
The Author – Blogabout.Cloud

Deploy Win32 Apps with Endpoint Manager (Intune) MSI Edition.

Deploy Win32 Apps with Endpoint Manager (Intune) MSI Edition.

In this post, we will detail how to deploy Win32 Apps with Endpoint Manager. We’ll deploy GitHub with the MSI installer as an example.

Win32 Apps Endpoint Manager Prerequisites

Intune Win32 Application

Prepare Endpoint Manager Win32 application

First, you need to “wrap” all the required files into an Endpoint Manager (Intune) format. To do so, Microsoft has a tool that will “convert” your application into a .intunewin file at the end of the process. The generated .intunewin file contains all compressed and encrypted source setup files and the encryption information to decrypt it.

Important Info
  • To view help, run IntuneWinAppUtil.exe -h.
  • Download the Microsoft Win32 Content Prep Tool and have the desired application source files.
  • Open a command prompt as admin and browse to the folder of IntuneWinAppUtil.exe
  • Run the following command line
    • IntuneWinAppUtil.exe -c <source folder> -s <source setup file> -o <output folder>
    • In this example we used an HP Driver: IntuneWinAppUtil.exe -c D:\Intune -s GitHubDesktopSetup.msi -o d:\intune

Create Microsoft Endpoint Manager Win32 Application

Endpoint Manager Win32 Apps
  • Select Windows app (Win32) from the App type drop list
  • On the App Information pane click Select App package file and select the previously created .intunewin file and click Ok
  • Complete the missing App Information. Click Next
  • Depending on the application format, install and uninstall command lines will be auto-completed. Adjust the parameter if needed. Click Next
  • On the Requirement pane, OS architecture and minimum OS are required. Click Next
Endpoint Manager Win32 Apps
  • Detection rules work the same way as in ConfigMgr application model. In the case of an MSI, it is simple. Select Manually configure detection rule, select rule type MSI and the MSI Product Code should be auto-populated. Click Next
  • On the Dependencies tab: Software dependencies are applications that must be installed before this application can be installed. Adjust if needed. Click Next
  • On the Assignment tab, select the group of users or computer to deploy the Win32 App
Endpoint Manager Win32 Apps
  • Review your Win32 App setting and click Create
  • At this point, it will upload the.IntuneWin file and soon after, a notification will display to say it’s ready to go!

Regards
The Author – Blogabout.Cloud

Whats new in the Microsoft 365 Roadmap today? 25th November 2020

Whats new in the Microsoft 365 Roadmap today? 25th November 2020

Additions : 3
Updates : 1

New FeaturesCurrent Status
Microsoft To Do: New sharing experience – Invite-Less SharingIn Development
Forms: Text Formatting (Bold, Italicize, and Underline) in Forms and QuizzesIn Development
Azure Active Directory: Application Proxy – Header-based authentication appsIn Development
Updated FeaturesCurrent StatusUpdate Type
Microsoft Teams: Live Event Presenters can now present from their iPad to the audienceIn DevelopmentTitle, Description

Regards
The Author – Blogabout.Cloud

How to migrate from Exchange Server 2010 to Exchange 2016

How to migrate from Exchange Server 2010 to Exchange 2016

I have recently been engaged to move a customer from Microsoft Exchange 2010 to Exchange 2016 so they can move to a moderm platform and leverage the features such as cloud deployments, improved reliability, and new architecture that is more in line with their technology roadmap

Before I move on I just want to highlight the features of 2016 in comparsion to 2010.

Architecture

Exchange 2010 had separate components such as Mailbox,  Hub Transport, Unified Messaging, and Client Access for performing separate roles in the server. In 2016, all of these components have been combined into a single component called Mailbox, and this component performs the combined role of other components.

Exchange Admin Center

Exchange Admin Center (EAC) has been greatly enhanced to help you connect from anywhere using a web browser. It acts as a single point of control for all operations and is optimized for on-premise, online, and hybrid Exchange deployments. Due to this enhanced EAC, Exchange Management Console (EMC) of 2010 has taken a back seat. Microsoft observed delayed updates in EMC, and this is why it decided to limit its scope in 2016.

Hybrid Configuration Wizard (HCW)

Exchange 2016 has a cloud-based application called Hybrid Configuration Wizard (HCW) that helps to connect with other Microsoft tools like Office 365 in real-time. Improved diagnostics and troubleshooting make it ideal for hybrid deployments.

MAPI over HTTP

MAPI over HTTP is the default protocol in Exchange 2016, as it is more reliable and stable than the RPC over HTTP protocol of Exchange 2010. Also, this protocol allows Outlook to pause a connection, change networks, and resume hibernation, things that were difficult to implement in Exchange 2010.

Certificate Management

In 2010, you had to install certificate for every server through EMC, while in 2016, you can install certificates across multiple servers at the same time through EAC. You can also see the expiry details in EAC.


Now that you know why Exchange 2016 is better, let’s see how to migrate from version 2010 to 2016.

Update the existing environment

If you unsure of the version you’re using, open the Exchange Management Shell and run this command:

Get-ExchangeServer : Format-List Name, Edition, AdminDisplayVersion

This should bring up the current version you’re using. Make sure it says Exchange 2010.

The first step is to update the existing environment to make the 2010 version suitable for upgrading to 2016.  To do that, install Exchange 2010 Service Pack 3 and Exchange 2010 SP3 Update Rollup 11. These are the minimum supported patch level updates for 2010, and the installation process is fairly self-explanatory.

exchange-server-2010-sp3-upgrade
installing-update-rollup

The next step is to consider updating the Directory Service Requirement and Outlook Client. For Exchange 2016, the minimum Directory Service Requirement is AD Functional Level 2008, and for Outlook Client, it is Exchange 2016 Support Outlook 2010 and above on Windows and Mac Outlook 2011 and above on Mac. You should update clients to this minimum supported version before implementing Exchange 2016.

Prepare the System for Exchange Server 2016

Do you have the system requirements needed to support Exchange 2016? Let’s double check the below requirements again, as Exchange Server 2016 supports only the following:

  • Windows Server 2012 / 2012 R2
  • Minimum memory requirement for Mailbox server role is 8GB plus an additional minimum requirement of 4GB for edge transport
  • Paging file size should be set to physical RAM, and an additional 10MB to 32788MB, depending on the size of the RAM. If you’re using 32GB of RAM, then go for the maximum of 32788MB
  • Disk space of at least 30GB on the drive on which you plan to install Exchange. Also, an additional 500MB is needed for every Unified Messaging (UM) language pack that you want to install. Additionally, you need 200MB of available disk space on the system drive, and a hard disk of a minimum of 500MB of free space for message queue database
  • A screen resolution of 1024 X 768 pixels.
  • Disk partitions that are formatted on the NTFS file system
  • .NET framework and UCS API should be installed before installing Exchange 2016. You can download both from Microsoft website and install it in your system.

Make sure your system meets all these prerequisites before installing Exchange 2016.

Next, you have to prepare the schema update. This step is irreversible, so make sure you have a full backup of Active Directory before proceeding.

A good part about this migration is you don’t have to worry much about changing HTTPS names for OWA as both the versions support the same set of naming services and active sync directories.

Install Active Directory for Exchange 2016

Next, run the Exchange 2016 setup. Choose a specific directory to extract all the files of this setup. Once the extraction is complete, run the following commands, one after the other. Open the command prompt and go to the directory where you have extracted the files.

The first command is to prepare the schema, which is, setup.exe /PrepareSchema /IAcceptExchangeServerLicenseTerms

prepare-active-directory-schema

Now your schema is prepared, so move on to the next command, which is, setup.exe /PrepareAD /IAcceptExchangeServerLicenseTerms. Once that’s done, prepare your domain with the command setup.exe /PrepareDomain /IAcceptExchangeServerLicenseTerms. With this, we have completed the Active Directory installation for Exchange 2016.

Install Exchange 2016

Windows Server 2012 and 2012 R2

Install-WindowsFeature AS-HTTP-Activation, Desktop-Experience, NET-Framework-45-Features, RPC-over-HTTP-proxy, RSAT-Clustering, RSAT-Clustering-CmdInterface, RSAT-Clustering-Mgmt, RSAT-Clustering-PowerShell, Web-Mgmt-Console, WAS-Process-Model, Web-Asp-Net45, Web-Basic-Auth, Web-Client-Auth, Web-Digest-Auth, Web-Dir-Browsing, Web-Dyn-Compression, Web-Http-Errors, Web-Http-Logging, Web-Http-Redirect, Web-Http-Tracing, Web-ISAPI-Ext, Web-ISAPI-Filter, Web-Lgcy-Mgmt-Console, Web-Metabase, Web-Mgmt-Console, Web-Mgmt-Service, Web-Net-Ext45, Web-Request-Monitor, Web-Server, Web-Stat-Compression, Web-Static-Content, Web-Windows-Auth, Web-WMI, Windows-Identity-Foundation, RSAT-ADDS
exchange-2016-pre-requisites-01

A restart is required after the roles and features have finished installing. If you’d prefer that the server restarts itself automatically simply append -Restart to the command.

After the restart download and install (in order):

Windows Server 2016

Install-WindowsFeature NET-Framework-45-Features, RPC-over-HTTP-proxy, RSAT-Clustering, RSAT-Clustering-CmdInterface, RSAT-Clustering-Mgmt, RSAT-Clustering-PowerShell, Web-Mgmt-Console, WAS-Process-Model, Web-Asp-Net45, Web-Basic-Auth, Web-Client-Auth, Web-Digest-Auth, Web-Dir-Browsing, Web-Dyn-Compression, Web-Http-Errors, Web-Http-Logging, Web-Http-Redirect, Web-Http-Tracing, Web-ISAPI-Ext, Web-ISAPI-Filter, Web-Lgcy-Mgmt-Console, Web-Metabase, Web-Mgmt-Console, Web-Mgmt-Service, Web-Net-Ext45, Web-Request-Monitor, Web-Server, Web-Stat-Compression, Web-Static-Content, Web-Windows-Auth, Web-WMI, Windows-Identity-Foundation, RSAT-ADDS

Next, install the following (in order):

Now that you have the environment set up and Exchane prerequisites are now met we can now install Exchange 2016. Using the installation wizard lets follow the steps through.

Browse through the setup directory, and run the file called Setup.exe.

initializing-setup

During the installation, you’ll be prompted to choose the server role selection. Choose “Mailbox role,” and the other options will automatically be deactivated because Mailbox and Edge Transport cannot coexist in the same machine.

server-role-selection

Installation will complete within the next few minutes.

server-progress-exchange-setup

Once the installation is complete, click on the Finish button. This will load the Exchange Admin Center on the browser.

exchange-admin-center

Exchange management console in 2010 is replaced with a web-based Exchange Admin Center in 2016. This is the place where you can have greater control over all operations.

exchange-admin-center-interface

Other Configurations

After installing Exchange 2016 successfully, update the Service Connection Point for AutoDiscover. To do this, use the Set-ClientAccess command from Exchange Management Shell.

Go to the Exchange Management Shell, and type this command:

Set-ClientAccessService -Identity 'ServerName' -AutoDiscoverServiceInternalURI https://autodiscover.yourURL.com/Autodiscover/Autodiscover.xml

Next, update the settings of Outlook Anywhere. To do this, go to EAC, and click on servers on the left hand side. This will open up the list of servers. Click the Edit icon and a pop-up will open. Choose the Outlook Anywhere option, and update the DNS lookup and IMAP4 settings with the name of your new server.

outlook-anywhere-interface

Once you’ve configured the settings, run IIS RESET. To do this, go to your command prompt and run the command iisreset. This will stop and restart IIS services.

The next step is to configure your Receive Connector to relay email applications. To configure this, go to the mail flow option in your EAC, click on a connector, and edit it.

receive-connector

Next up is your Mail Database installation. When you install 2016, a default database is created. You can rename this database and move it from C Drive to another drive. Open the EMC shell and run these commands to rename and move your database.

Get-MailboxDatabase -Server 'ServerName' : Set-MailboxDatabase -Name 'DatabaseName'

Move-DatabasePath -Identity 'ServerName' -EdbFilePath E:\Database\'ServerName'\'DatabaseName'.EDB. -LogFolderPath E:\Database\'DatabaseName'_Log

Once that’s done, update the OWA directory. Exchange 2016 supports acting-as-a-proxy for 2010, so both the versions can coexist using the same URLs. Now, change the OWA and autodiscover URL to Exchange 2016, to ensure all URLs go through Exchange 2016. You can use the below script to do that.

$Server  = 'SeverName'
$HTTPS_FQDN = your_URL
Get -OWAVirtualDirectory -Server $Server | Set -OWAVirtualDirectory -ExternalURL $null
Get -ECPVirtualDirectory -Server $Server | Set -ECPVirtualDirectory -ExternalURL $null
Get -OABVirtualDirectory -Server $Server | Set -OABVirtualDirectory -ExternalURL $null
Get -ActiveSyncVirtualDirectory -Server $Server | Set -ActiveSyncVirtualDirectory -ExternalURL $null
Get -WebServicesVirtualDirectory -Server $Server | Set -WebServicesVirtualDirectory -ExternalURL $null
Enable -OutlookAnywhere -Server $Server -ClientAuthenticationMethod Basic -SSLOffloading $False -ExternalHostName $HTTPS_FQDN

Lastly, update the DNS, so it points to autodiscover and OWA. To do that, open your Accu Directory Domain Controller Machine. Open the DNS Manager, and change the record to ensure that it points to the new server.

Test your configuration

Finally, it’s time to test if your configurations work. It’s best to create a new user to login and test the account functionality. To create a new user, open EAC and click on Recipients. From here, add a new user and check if everything is working fine.

If all is good, migrate all users from the Exchange 2010 to the Exchange 2016 database.

In short, much has changed between Exchange 2010 and Exchange 2016, so it’s best you migrate to the latest version to make the most of the new functionalities. Migrating to 2016 is not so difficult when you follow the aforementioned steps.

Regards,
The Author – Blogabout.Cloud

Whats new in the Microsoft 365 Roadmap today? 24th November 2020

Whats new in the Microsoft 365 Roadmap today? 24th November 2020

Additions : 9
Updates : 9

New FeaturesCurrent Status
Microsoft Teams: Live Event Presenters can now present from their iPad to the audience.?In Development
Microsoft Compliance center: Compliance capabilities for card content generated through apps in Teams messagesIn Development
Azure Advanced Threat Protection: Microsoft Defender for Identity – Administrative functions in Microsoft 365 security centerIn Development
Azure Advanced Threat Protection: Microsoft Defender for Identity – Full alert experience in Microsoft 365 security centerIn Development
Azure Advanced Threat Detection: Microsoft Defender for Identity – New Detection – Golden ticket using AES encryptionIn Development
Azure Advanced Threat Protection: Microsoft Defender for Identity – Detection improvement – NetlogonIn Development
Azure Advanced Threat Detection: Microsoft Defender for Identity – Detection improvement – Suspicious additions to sensitive groupsIn Development
Microsoft Teams: Multi-Window Meetings and Calling experiences for GCC-High and DoDIn Development
Microsoft Teams: meeting recordings saved to OneDrive and SharePoint for GCCIn Development
Updated FeaturesCurrent StatusUpdate Type
Microsoft Teams: Multi-Window Meetings and Calling experiencesLaunchedTitle
Microsoft Edge v.87: Kiosk mode privacy features are now availableLaunchedStatus
Microsoft Edge v.87: Single Sign On (SSO) now available for Azure Active Directory (AAD) accounts on down-level WindowsLaunchedStatus
Microsoft Edge v.87: The new version of the Enterprise new tab page (NTP) integrates productivity with customizable, work relevant feed content.LaunchedStatus
Microsoft Edge v.87: Anchored text notes support for PDF files.LaunchedStatus
Microsoft Edge v.87: Automatically switch users to their WIP enabled profile for work sites that authenticate with their work account.LaunchedStatus
Microsoft Edge v.87: ClickOnce deployment enabled by defaultLaunchedStatus
Microsoft Edge v.87: The new version of the Enterprise new tab page (NTP) integrates productivity with customizable, work relevant feed content.LaunchedStatus
Microsoft Edge v.87: Reset your Microsoft Edge sync data in the cloud manuallyLaunchedStatus

Regards
The Author – Blogabout.Cloud

Decrapifing your Windows Autopilot devices

Decrapifing your Windows Autopilot devices

If you anywhere like me, you will share a pet hate for Windows 10 Bloatware new brand new devices. In the “good old days” you would get an image without the crap installed and that would be it but with Windows Autopilot deployments the bloatware is preinstalled so how do we deal with this challenge today?

The Script

First of all, we need a script that will remove the Windows 10 Bloatware, here a script that I have modified to make it a bit smoother for what we are trying to achieve.

https://github.com/TheWatcherNode/blogaboutcloud/blob/master/Get-Windows10_Bloater.ps1

Microsoft Endpoint Manager Console

Log into your Microsoft Endpoint Manager Dashboard using the https://endpoint.microsoft.com portal. Then select Devices –> Scripts and Add

Select Windows 10 not macOS then provide the name of the script and a brief description

Under script location browse to the required PowerShell script on your client device.

Understanding this section

Run this script using the logged on credentials: Select Yes to run the script with the user’s credentials on the device. Choose No (default) to run the script in the system context. Many administrators choose Yes. If the script is required to run in the system context, choose No.

Enforce script signature check: Select Yes if the script must be signed by a trusted publisher. Select No (default) if there isn’t a requirement for the script to be signed.

Run script in 64-bit PowerShell host: Select Yes to run the script in a 64-bit PowerShell (PS) host on a 64-bit client architecture. Select No (default) runs the script in a 32-bit PowerShell host.

Specify Tags if you are utilizing them in your environment and once you completed that section, select the groups where you want the scripts applied.

Review your settings and press Add

This script will now apply to your Windows 10 device and remove all the unwanted Windows 10 Bloatware.

Regards
The Author – Blogabout.Cloud

Whats new in Microsoft 365 Roadmap today? 20th November 2020

Whats new in Microsoft 365 Roadmap today? 20th November 2020

Additions : 7
Updates : 6

New FeaturesCurrent Status
Microsoft Information Protection: Exact Data Match to support improved auditabilityIn Development
Microsoft Search: Dynamic height for resultsIn Development
Microsoft 365 compliance center: Advanced Audit log retention (1 year)In Development
Microsoft Project: Export Timeline to PDFIn Development
Microsoft Teams: Give feedback improvementsIn Development
Microsoft Information Protection: Exact Data Match to support Auto-labelingIn Development
Microsoft Information Protection: Exact Data Match to support notifications for data upload status through alert policiesIn Development
Updated FeaturesCurrent StatusUpdate Type
Microsoft Information Protection: Default service encryption using Microsoft managed keys for Exchange OnlineLaunchedTitle
Automatic sensitivity labeling in Office apps on WindowsLaunchedStatus
Microsoft Lists: Updated Choice column experience – built on SharePointLaunchedStatus
Microsoft Project: Export to ExcelRolling OutStatus
Outlook: Outlook on the web – Favorite people and calendar event browser notificationsRolling OutStatus
Microsoft Forms: Progress Bar for multipage Forms and Quizzes for Government CloudsLaunchedStatus

Regards
The Author – Blogabout.Cloud

Whats new in the Microsoft 365 Roadmap today? 19th November 2020

Whats new in the Microsoft 365 Roadmap today? 19th November 2020

Additions : 2
Updates : 1

New FeaturesCurrent Status
Microsoft Information Protection: Teams location picker supports security groups and distribution lists.In Development
Microsoft Graph: Webhooks for To-Do Tasks (Preview)In Development
Updated FeaturesCurrent StatusUpdate Type
OneNote: OneNote Feed in Outlook and Outlook on the webLaunchedStatus
Whats new in Microsoft 365 Roadmap today? 18th November 2020

Whats new in Microsoft 365 Roadmap today? 18th November 2020

Additions : 7
Updates : 7

New FeaturesCurrent Status
Microsoft Teams: Add document libraries, pages or news to a channel in Teams via the new SharePoint tabIn Development
OneDrive: Dark Mode for the WebIn Development
Microsoft Information Protection: Data-at-Rest Encryption for Microsoft 365 in WWMT and GCCIn Development
Microsoft Information Protection: Data-at-Rest Encryption for Microsoft 365 in DoD and GCC-HighIn Development
Microsoft Information Protection: Exchange Online service encryption using Microsoft managed keys for government cloudsIn Development
Microsoft 365 compliance center: Communication Compliance Teams conversation contextIn Development
Microsoft Information Protection: Mandatory Labeling in Office appsIn Development
Updated FeaturesCurrent StatusUpdate Type
Excel: Office Scripts for task and workflow automation in ExcelLaunchedStatus
Outlook for Android: Two way synchronization with local CalendarLaunchedStatus
Access: DAO Interface Support (without ACE Redistributable Engine)LaunchedStatus
Exchange: Block sending to a Distribution Group when it’s on the BCC lineRolling OutStatus, Description
PowerPoint for Mac: Record Slide Show UpdatesIn DevelopmentStatus
Microsoft Compliance center: Double-byte character supportIn DevelopmentStatus, Description
Microsoft Forms: Confirm Phishing Option Available for IT AdminsRolling OutStatus