Deploy MSI apps through the new Intune Portal

Standard

With Microsoft Intune we can deploy MSI applications to MDM enrolled Windows 10 devices. This functionality is already available within the ‘old’ Microsoft Intune portal. In the early days of the new portal (https://portal.azure.com) it was not possible to add the MSI applications through the new portal. Microsoft has now added this functionality to the new portal. This blogpost shows how you can easily add the application through the new portal. Based on my experience the process is improved and the whole experience is much better than the old portal infrastructure.

Continue reading

How to change the ADFS Farm WID Sync Port

Standard

The last couple of weeks I was involved in deploying a new Active Directory Federation Services (ADFS) 2016 at a customer. This customer had planned to use a ADFS farm of 4 hosts ADFS servers and 4 ADFS proxy nodes, The ADFS servers were using the Windows Internal Database synchronization between the ADFS nodes to sync the configuration. This synchronization sends unencrypted traffic over port 80 to the other ADFS nodes. The information which is send is only configuration data of the ADFS environment and not usernames and passwords. Bit still the information is send over HTTP to the other ADFS nodes. Since this configuration was not acceptable for the customer we needed to change the configuration. In this blogpost I want to share what actions we performed to change the ADFS configuration. Since this information is not completely documented at this moment I tried to share this information.
Continue reading

Configure Trusted Sites in Internet Explorer Through a MDM Deployed GPO

Standard

With Windows 10 1703 (Creators Update) we now have the possibility to configure settings through a MDM deployed Group Policy Object. In this blogpost I explained how to configure the App-V client with these new capabilities. Within this blogpost you can also find the basics about deploying a GPO through a MDM solution. Since my preffered MDM solution is Microsoft Intune my blogposts will only cover the steps needed to configure these settings through Microsoft Intune. In this blogpost I want to cover the scenario to configure the Trusted Sites on a Windows 10 1703 machine through a MDM deployed GPO.

Continue reading

Using AzureAD Conditional Access to block a Native App

Standard

Last week I was asked to research a scenario where the customer wants to block the use of a native app and only want to allow the browser experience from compliant devices. My first answer was that this was difficult to implement. But after looking into AzureAD Conditional Access it was relative easy to configure. In this series of blogposts I’m using Microsoft Teams as an example. I’m focusing on these scenario’s: The first scenario is blocking the Microsoft Teams Native App and only allow browser access to Microsoft Teams and the second scenario is to only allow the Microsoft Teams app and blocking the browser access.

Continue reading

App-V 5.1 Note-to-self’s

Standard

Last week I installed a fresh new App-V environment. With this short blogpost I want to share 2 configuration ‘note-to-selfs’ which I encountered during the installation and configuration. Both are really obvious configurations but it took me some time to discover the solution. So also for my own reference I want to describe them on my blog.
Continue reading

Configure the App-V client through a MDM Deployed GPO

Standard

In this blogpost, I want to describe how the new MDM Group Policy functionality can be used to configure your Windows 10 workstation. With the Windows 10 Creators Update we’ve the possibility to deploy and apply Group Policy objects through the MDM channel. This means that the policy configuration support in Windows 10 will be expanded to allow access of select Group Policy administrative templates (ADMX-backed policies) for Windows PCs via the Policy configuration service provider (CSP). In this blogpost, I want to use this new functionality to activate and configure the App-V client on a Windows 10 MDM Managed workstation.

Continue reading

Prevent a Azure AD MFA User Lockout

Standard

Within Azure Multi-Factor authentication, a user can configure multiple options for the 2nd factor authentication. Beside those options the user can also configure multiple numbers within Azure Multi-Factor authentication which can be used when doing the 2nd factor authentication. But in practice most users will only configure one phone number. When the user than loses his phone or access to his number the user cannot use Azure MFA anymore. The user cannot change his phone number because a 2nd factor authentication is needed to access this information. So, this means that the user is locked out of Azure MFA and the only solution in this scenario is to call the Helpdesk and change the phone number. But there is a solution which prevents a user MFA lockout. This can be achieved by simply configuring a phone number in the user his account in your Active Directory or Azure Active Directory.
Continue reading

Using Azure MFA cloud based protection with the RD Gateway

Standard

Last week Microsoft released Azure MFA cloud based protection from your on premise servers/devices. In this blogpost Microsoft announced this functionality and showed how this can be used with a VPN device. Before yesterday you had to install the Azure MFA server to provide MFA to RDS sessions through the RD Gateway. Since the MFA Server and the cloud based MFA were different systems with different settings for users this was not the most ideal situation. But with this new functionality we can use the cloud based MFA for the RD Gateway role. If you’re looking for a detailed description about how to setup the RD Gateway with the on premise MFA servers please check this blogpost.
Continue reading

New Job Challenge

Standard

Today is the day that I’m joining KPN Consulting as a Technical Consultant focusing on Remote Desktop Services and the Enterprise Mobility + Security Suite. In the past years I’ve done great projects for Inovativ but today I’m really excited about joining KPN Consulting and want to help customers of KPN Consulting with questions/challenges around the ‘Workplace of tomorrow’ of course within my focus area RDS and EM+S.

At KPN Consulting I will continue to share knowledge through my blog and when speaking on events. So stay tuned for more blogposts around Remote Desktop Services and the Enterprise Mobility + Security Suite. One last note which I want to make is the information which you will find on this blog is my personal opinion and not the opinion of my employer.

Creating a Storage Spaces Direct Performance Dashboard

Standard

In this blogpost I want to show you how you can easily create a PowerBI dashboard based on Storage Spaces Direct performance metrics. PowerBI is great in visualizing data and reports are easy to create. Before you can execute the steps in this blogpost you will need to create a PowerBI account on https://www.powerbi.com. I’ve tested the blogpost below with PowerBI Pro account but based on this page it should also work with a PowerBI free account. Looking to Storage Spaces Direct this blogpost is based on Windows Server 2016. I’ve not tested this on earlier versions and I expect that this is only working on 2016 and later. I’ve created this blogpost to monitor my S2D environment hosting the Remote Desktop Service User Profile Disks, so expect that this dashboard is focusing on delivering an overview for that purpose.
Continue reading