Automate Local Admin Rights Removal with Privilege Manager

Automate Local Admin Rights Removal with Privilege Manager

Automate Local Admin Rights Removal with Privilege Manager

This is the second guest post from my partner Recast Software. 
Imagine reducing 90% of critical security vulnerabilities with a single change to your IT policy. Local admin rights removal can achieve exactly that — especially when you automate it. IT departments face a constant influx of tickets and issues to manage. Many of these result from a need to elevate permissions, perhaps to update a piece of software or access a resource.

The old way of getting around this issue was to give end users local admin permissions on their device. I know many of you are cringing just reading that—so am I. There are many, many reasons to make local admin rights removal a priority. The risks associated with local admin rights greatly outweigh the benefit of fewer tickets from end-users.

Read More » Automate Local Admin Rights Removal with Privilege Manager
Easy and Effective App Management in Intune

Easy and Effective App Management in Intune

Easy and Effective App Management in Intune

This post is a practical guide to app management in Intune — the patterns I now use by default to streamline application packaging, deployment, and patching. The goal is to keep app management in Intune simple enough that small teams can run it confidently, while still being effective at scale.

This is the first guest post from my partner Recast Software. Managing an ever-growing array of systems and permissions, SysAdmins often find third-party application patching slipping through the cracks. Despite best efforts to keep Windows updates in check, the other applications on our endpoints too frequently get overlooked. If you want a deeper Intune foundation first, see my other Intune guides on jannikreinhard.com.

This is where Application Manager by Recast Software (makers of Right Click Tools) comes into play. With Application Manager you can keep your third-party applications as up to date as possible. This way you can focus on more pressing projects, while resting easier knowing that your endpoints are more secure. If you are new to the platform, Microsoft’s official Intune app documentation is a helpful companion to this walkthrough.

Read More » Easy and Effective App Management in Intune
Microsoft Defender for Endpoint: Setup and Best Practices

Microsoft Defender for Endpoint: Setup and Best Practices

Microsoft Defender for Endpoint: Setup and Best Practices

After some weeks, here is the second part of my series on Microsoft Defender for Endpoint. In this part, we delve into essential insights and best practices for Microsoft Defender for Endpoint. I will guide you through important configurations and strategies to enhance your organization’s security.

Part 1 (How to enroll device to Microsoft Defender for Endpoint and how does it work)

Microsoft Defender for Endpoint setup and best practices overview
Read More » Microsoft Defender for Endpoint: Setup and Best Practices
How to Onboard Devices to Microsoft Defender for Endpoint

How to Onboard Devices to Microsoft Defender for Endpoint

How to Onboard Devices to Microsoft Defender for Endpoint

Do you know that you can deploy configurations to devices without enrolling them to Intune? No, then follow this blog how to enroll devices to Microsoft Defender for Endpoint (MDE).

In this blog I want to show you how you can onboard your devices in MDE. In the next blog I will show you what are the capabilities and features in the MDE Admin center.

Microsoft Defender for Endpoint device enrollment infographic
Read More » How to Onboard Devices to Microsoft Defender for Endpoint
Management of external devices (peripherals) with Intune

Management of external devices (peripherals) with Intune

Management of external devices (peripherals) with Intune

Managing external devices with Intune is one of the most effective ways to reduce the security risk of your end devices and to protect them from data loss or malicious hardware. By controlling peripherals such as USB sticks, Bluetooth accessories, and removable storage, you close a common attack vector. Intune Device Control, part of the attack surface reduction policies, has the answer for this. In this blog post we take a closer look at how to lock down external devices with Intune step by step.

Managing external devices with Intune using Device Control policies
Read More » Management of external devices (peripherals) with Intune
Intune Endpoint Privilege Management: Setup Guide

Intune Endpoint Privilege Management: Setup Guide

Intune Endpoint Privilege Management: Setup Guide

In my second part of the Intune suite series, after covering Remote Help in part 1, I want to talk about Endpoint Privilege Management. This feature is brand new and was released yesterday. Endpoint Privilege Management (EPM) is a powerful feature in Microsoft Intune that allows you to enable users to run as standard users, without administrative rights, while still being able to complete tasks that require elevated privileges. This blog post will guide you through setting up Endpoint Privilege Management in your organization, ensuring users can remain productive without compromising on security.

Microsoft Intune Endpoint Privilege Management setup screen

Source: Microsoft Learn: Endpoint Privilege Management

Read More » Intune Endpoint Privilege Management: Setup Guide