Palo Alto Global Protect VPN via Intune with Edge browser

This is a quick blog about Palo Alto Global Protect VPN via Microsoft Intune with the Microsoft Edge browser. A customer wants to connect IOS devices with Palo Alto Global Protect VPN with certificated-based authentication and username/password + MFA. As a result, only devices that have a certain configuration can access the VPN. So, I … Read more

Teams Add-In for Microsoft Office – WDAC

Another post about WDAC, this time about the deployment of Teams Add-In for Microsoft Office. You can find the other post here. The Problem This also has a problem installing with the default WDAC configuration. You can see this in the Application event log: Product: Microsoft Teams Meeting Add-in for Microsoft Office — Error 1723. … Read more

EPM Deployment error 2147749902

So, I was trying to implement Endpoint Privilege Management (EPM) and faced deployment error 2147749902. Firstly, I searched Google and found nothing. I complained to my friend Rudy Ooms that his blog didn’t contain the error or fix. This guy has covered almost everything about Intune but it turned out his blog didn’t mention the … Read more

Excluding Users from FSLogix for Intune Managed AVD

This blog post is about excluding users from FSLogix for Intune-only Managed AVD. I got a question about this via a comment on another post. That post is about how to configure FSLogix for Entra Joined AVD hosts. Furthermore, it also explains how to set NTFS permissions for a storage account that is not domain-joined. … Read more

AVD DrainMode dependent on Compliance

An AVD deployment is often joined to Intune. This results in a compliance state in Intune used in Conditional Access for access to Microsoft 365 applications. We don’t want users logging onto AVD machines that aren’t compliant hence the DrainMode dependent on Compliance. Also, AVD deployments are often Hybrid Entra Joined. That comes with the … Read more

Windows Autopatch – Deployment Cadence Scheduled install

There is a new feature within Windows Autopatch called Deployment Cadence with scheduled install. I have waited for feature for a long time. I wrote another blog about Windows Autopatch called notes from the field. Read about it here: This blog states that one of the things that I run into with Windows Autopatch that … Read more

Winget Packager in Azure DevOps Pipeline

A couple of months ago a fellow MVP Stephan van Rooij wrote an application called Winget Intune, when I saw this I immediately wanted to use this as a packager in an Azure DevOps Pipeline. So, the idea is to enter a winget package ID and the application is grabbed from winget, packaged, and uploaded … Read more

Install Applications after ESP (Enrollment Status Page)

A customer wanted to install applications after the ESP (Enrollment Status Page) phase. This application configures a BitLocker PIN which, obviously, needs interaction with the user. This is not possible in the ESP phase because of, well, the ESP. So, I needed a solution for that. I have configured Olivier Kieselbach’s BitLocker PIN solution. It’s … Read more