Everything can be done automatically, as long as you configure it manually :-)
Following up on my previous post about the new Outlook client, I want to share a quick update. The new Outlook now comes preinstalled on Windows 11 version 23H2 and later. In this post, I’ll provide a PowerShell script to help you uninstall it automatically across your devices using Microsoft Intune.
More details on the preinstalled new Outlook: Control installation and use of new Outlook – Microsoft 365 Apps | Microsoft Learn
In an era where data breaches and cyber threats are increasingly common, protecting your personal files has never been more important.
With the release of Windows 11 24H2, Microsoft has introduced enhanced features for personal data encryption, making it easier than ever to secure your sensitive information.
This blog post will guide you through the process of encrypting your files located in Desktop, Documents, and Photos using Personal Data Encryption and Microsoft Intune.
In today’s digital landscape, safeguarding your organization’s IT infrastructure is more critical than ever. One effective strategy to enhance security is by configuring certain file types to open in Notepad, preventing potentially malicious code from executing.
In this blog post, we’ll walk you through the steps to use Microsoft Intune to associate specific file types with Notepad, ensuring that risky files are opened safely in plain text. This proactive measure can reduce the risk of malware infections and enhance your overall cybersecurity posture.
Note: While this approach can reduce the risk of malware infections, it’s important to consider the potential impact on users who may need to open these file types for legitimate purposes. Associating files like scripts or executables with Notepad might disrupt normal workflows for developers or IT professionals. Therefore, it’s crucial to evaluate the needs of different user groups within your organization and implement this strategy accordingly.
Approximately two years ago, I authored a blog post detailing how to customize the taskbar in Windows 11. You can find that post here: Customize your Windows 11 taskbar during OSD with ConfigMgr using just PowerShell – imab.dk
Since then, there have been some changes from Microsoft, and the method I previously described is no longer supported. For more information on these changes, please refer to: Configure the applications pinned to the taskbar | Microsoft Learn
In summary, the cmdlet Import-StartLayout is no longer supported and does not accept the .xml file, resulting in the following error: Import-StartLayout : The file C:\WINDOWS\Taskbar.xml is not a valid layout file
To address this, I have modified the solution I used back then, and the new approach is outlined in this blog post.
Disclaimer! Following introduction has been written using Copilot, because time is of the essence and AI is or will be an inevitable thing – also in regard to writing blogs. The script and the rest of the post is written by me. 🙂
In the ever-evolving landscape of cybersecurity, staying one step ahead is crucial. Today, we delve into a PowerShell script designed to enhance your system’s security by removing the Quick Assist app from Windows 11.
As highlighted in this Microsoft Security Blog, threat actors have been misusing Quick Assist in social engineering attacks leading to ransomware. Quick Assist, a built-in remote control app in Windows 11, has been exploited by cybercriminals, notably the financially motivated group Storm-1811, known for deploying Black Basta ransomware.
To counter this threat, our featured PowerShell script, removes the Quick Assist app from your system. This script is a proactive measure to mitigate the risk of such attacks, especially for environments where Quick Assist is not in use.
In the following sections, we’ll walk you through the script and its usage with Microsoft Intune. Let’s get started!
I know Microsoft Intune has the ability to configure this particular user rights assignment natively already. At time of writing, the new security baseline for Windows 11 23H2 in Intune configure this as well, restricting local logons to the built-in groups: Users and Administrators.
This solution does something else. This solution grabs the currently logged on user and configures the ‘Allow logon locally‘ policy to ONLY allow this very user as well as Administrators to be able to log on locally. A custom group is added as well for backup reasons. If no user is logged on, the script does nothing. More details down below.
The solution is made to prevent ‘stealing’ credentials from one user/device and be able to use it on another device within the same environment.
This post is a just a quick follow up on my previous post: Uninstall any application in a jiffy using PowerShell and Configuration Manager
I received a few questions whether the PowerShell script can be used with Microsoft Intune instead of Microsoft Configuration Manager. And sure! This post will explain one of many approaches available with Intune. 🙂
PowerShell version 2 is to this day still preinstalled on Windows 11 and all Windows Server versions with the exception of Windows Server 2022.
As the reader may know, PowerShell is a powerful tool that plays an important role in administering Windows systems. However, it also contains various features that can be leveraged by attackers with ill intentions.
If PowerShell version 2 is installed, it’s possible to bypass the constrained language mode, which normally is being enforced by application control solutions like AppLocker and similar.
PowerShell Constrained Language is a language mode of PowerShell designed to support day-to-day administrative tasks, yet restrict access to sensitive language elements that can be used to invoke arbitrary Windows APIs
If you haven’t removed PowerShell version 2 already, you should consider looking into it today as an early Christmas present. 🙂
Ps. this solution is only targeting workstations. If you need to remove PowerShell version 2 from servers, you cannot leverage Microsoft Intune. You should instead look into Configuration Manager or similar.
Last week, on September 21, Microsoft announced that Windows Copilot will begin to roll out to Windows 11, starting September 26.
Curious to know more on managing Windows Copilot, I dug into the various documentation on the subject, as well as researching on Twitter.
I managed to get to enable Windows Copilot on my Intune-managed Windows 11 device. Note that I’m located in Europe, and some documentation suggests that Windows Copilot isn’t available here just yet.
This post serves as notes from the field. 🙂
I’ve been encrypting my Windows 11 devices using an Endpoint security disk encryption policy for a while now and haven’t had any issues. That’s until today.
Turns out there’s a known issue around this, which I haven’t encountered until now.
If the device in question doesn’t support Modern Standby, you will have to combine the ‘old’ Endpoint protection policies with the new Endpoint security policies. My findings down below.
If the device is HSTI-compliant but doesn’t support Modern Standby, an endpoint protection policy has to be configured to enforce silent BitLocker drive encryption
