The purpose of this blog post is to inform you how to configure Microsoft Defender SmartScreen in Windows, Edge, and Google Chrome via Microsoft Intune.

The purpose of this blog post is to inform you how to assign scope tags on a device via the assigned user his location, which can be used for configuring RBAC

The purpose of this blog post is to inform you how to enforce Multi-Factor Authentication (MFA) via an external device during Windows logon and UAC prompts. A 3rd party tool Duo Security makes this possible.

The purpose of this blog post is to inform you how to enforce a BitLocker startup Pin for standard users. I was inspired by the solution of Oliver Kieselbach, but his solution was user-driven and not enforced so I decided to change some settings, make a proactive remediation script, and create a custom Compliance check to enforce the BitLocker startup pin.

The purpose of this blog post is to inform you how to configure your AutoPilot naming convention with new variables like incrementing the device number.

The purpose of this blog post is to inform you how to configure Attack Surface Reduction (ASR) via Intune. There are several options to configure ASR and some blog posts on how to configure ASR. I will explain the custom configuration and why I have chosen not to use the built-in option.

The purpose of the blog post is to inform you how to enable Hyper-V via Intune on Windows 10 or Windows 11. Hyper-V is required for e.g. Windows Defender Credential guard, Application Guard and Application Control. You can enable Hyper-V in various ways, but I’ll explain in this blogpost the Proactive remediations Script method.

The purpose of the blog post is to inform you how to enable Hyper-V on Windows 10 or Windows 11 via Intune. Hyper-V is required for e.g. Windows Defender Credential guard, Application Guard and Application Control. You can enable Hyper-V in various ways, but I’ll explain in this blogpost the PowerShell script method.

The purpose of the blog post is to inform you how to rollout updates in an enterprise environment with Intune. What is Windows for Business, share my update strategy, how to configure that strategy in the Intune/Endpoint manager portal and how to assign these update rings, and what are the next steps after configuring the update rings.