Palo Alto Global Protect VPN via Intune with Edge browser

This is a quick blog about Palo Alto Global Protect VPN via Microsoft Intune with the Microsoft Edge browser. A customer wants to connect IOS devices with Palo Alto Global Protect VPN with certificated-based authentication and username/password + MFA. As a result, only devices that have a certain configuration can access the VPN. So, I … Read more

Teams Add-In for Microsoft Office – WDAC

Another post about WDAC, this time about the deployment of Teams Add-In for Microsoft Office. You can find the other post here. The Problem This also has a problem installing with the default WDAC configuration. You can see this in the Application event log: Product: Microsoft Teams Meeting Add-in for Microsoft Office — Error 1723. … Read more

EPM Deployment error 2147749902

So, I was trying to implement Endpoint Privilege Management (EPM) and faced deployment error 2147749902. Firstly, I searched Google and found nothing. I complained to my friend Rudy Ooms that his blog didn’t contain the error or fix. This guy has covered almost everything about Intune but it turned out his blog didn’t mention the … Read more

Excluding Users from FSLogix for Intune Managed AVD

This blog post is about excluding users from FSLogix for Intune-only Managed AVD. I got a question about this via a comment on another post. That post is about how to configure FSLogix for Entra Joined AVD hosts. Furthermore, it also explains how to set NTFS permissions for a storage account that is not domain-joined. … Read more

AVD DrainMode dependent on Compliance

An AVD deployment is often joined to Intune. This results in a compliance state in Intune used in Conditional Access for access to Microsoft 365 applications. We don’t want users logging onto AVD machines that aren’t compliant hence the DrainMode dependent on Compliance. Also, AVD deployments are often Hybrid Entra Joined. That comes with the … Read more

Automating cleanup Entra Joined AVD hosts

This post is about automating the cleanup for Entra Joined Azure Virtual Desktop (AVD) hosts. So, what is the problem? The problem is that when you frequently deploy Entra Joined AVD hosts, they are only Entra Joined, and they already exist Entra/Intune. You get this error when running the bicep template: That error is because … Read more

Windows Autopatch – Deployment Cadence Scheduled install

There is a new feature within Windows Autopatch called Deployment Cadence with scheduled install. I have waited for feature for a long time. I wrote another blog about Windows Autopatch called notes from the field. Read about it here: This blog states that one of the things that I run into with Windows Autopatch that … Read more