The purpose of this blog post is to inform you how to configure RBAC for Intune in a secure way via Role-assignable groups. So, the RBAC groups can only be populated by a Global administrator or Privileged role administrator.
https://endpointcave.com/wp-content/uploads/2022/06/Roles-scaled.jpg12582560René Laashttps://endpointcave.com/wp-content/uploads/2021/06/base_logo_white_background-1500x430.pngRené Laas2022-06-13 07:30:332022-06-12 21:50:56Configure RBAC for Intune in a secure way
https://endpointcave.com/wp-content/uploads/2022/06/secure-internet-scaled.jpg17032560René Laashttps://endpointcave.com/wp-content/uploads/2021/06/base_logo_white_background-1500x430.pngRené Laas2022-05-31 07:00:202022-05-21 12:39:10How to configure Microsoft defender for Endpoint in combination with SmartScreen
The purpose of this blog post is to inform you how to whitelist a URL/Domain in Microsoft Defender SmartScreen for a device that is managed by Microsoft Intune and devices that are onboarded to Defender for Endpoint.
https://endpointcave.com/wp-content/uploads/2022/05/do-not-enter-scaled.jpg17072560René Laashttps://endpointcave.com/wp-content/uploads/2021/06/base_logo_white_background-1500x430.pngRené Laas2022-05-25 07:00:202022-05-21 12:39:34How to Whitelist a URL/Domain in Microsoft Defender SmartScreen
The purpose of this blog post is to inform you how to configure Microsoft Defender SmartScreen in Windows, Edge, and Google Chrome via Microsoft Intune.
https://endpointcave.com/wp-content/uploads/2022/05/malicious-scaled.jpg18112560René Laashttps://endpointcave.com/wp-content/uploads/2021/06/base_logo_white_background-1500x430.pngRené Laas2022-05-17 13:33:342022-05-17 13:36:24How to configure Microsoft Defender SmartScreen via Microsoft Intune?
The purpose of this blog post is to inform you how to assign scope tags on a device via the assigned user his location, which can be used for configuring RBAC
https://endpointcave.com/wp-content/uploads/2022/04/Tag.jpg14401920René Laashttps://endpointcave.com/wp-content/uploads/2021/06/base_logo_white_background-1500x430.pngRené Laas2022-04-28 20:53:582022-04-28 20:55:24Auto Assign Scope Tags Based on User Location
The purpose of this blog post is to inform you how to enforce Multi-Factor Authentication (MFA) via an external device during Windows logon and UAC prompts. A 3rd party tool Duo Security makes this possible.
https://endpointcave.com/wp-content/uploads/2022/03/feature-update.jpg18002400René Laashttps://endpointcave.com/wp-content/uploads/2021/06/base_logo_white_background-1500x430.pngRené Laas2022-03-18 17:03:472022-03-18 17:07:46Enforce MFA on Windows logon with Intune and Duo
The purpose of this blog post is to inform you how to enforce a BitLocker startup Pin for standard users. I was inspired by the solution of Oliver Kieselbach, but his solution was user-driven and not enforced so I decided to change some settings, make a proactive remediation script, and create a custom Compliance check to enforce the BitLocker startup pin.
https://endpointcave.com/wp-content/uploads/2022/03/Pincode-scaled.jpg19202560René Laashttps://endpointcave.com/wp-content/uploads/2021/06/base_logo_white_background-1500x430.pngRené Laas2022-03-05 17:22:302023-02-23 20:30:37Enforce BitLocker startup PIN on Windows with Intune
The purpose of this blog post is to inform you how to configure your AutoPilot naming convention with new variables like incrementing the device number.
We may request cookies to be set on your device. We use cookies to let us know when you visit our websites, how you interact with us, to enrich your user experience, and to customize your relationship with our website.
Click on the different category headings to find out more. You can also change some of your preferences. Note that blocking some types of cookies may impact your experience on our websites and the services we are able to offer.
Essential Website Cookies
These cookies are strictly necessary to provide you with services available through our website and to use some of its features.
Because these cookies are strictly necessary to deliver the website, refusing them will have impact how our site functions. You always can block or delete cookies by changing your browser settings and force blocking all cookies on this website. But this will always prompt you to accept/refuse cookies when revisiting our site.
We fully respect if you want to refuse cookies but to avoid asking you again and again kindly allow us to store a cookie for that. You are free to opt out any time or opt in for other cookies to get a better experience. If you refuse cookies we will remove all set cookies in our domain.
We provide you with a list of stored cookies on your computer in our domain so you can check what we stored. Due to security reasons we are not able to show or modify cookies from other domains. You can check these in your browser security settings.
Google Analytics Cookies
These cookies collect information that is used either in aggregate form to help us understand how our website is being used or how effective our marketing campaigns are, or to help us customize our website and application for you in order to enhance your experience.
If you do not want that we track your visit to our site you can disable tracking in your browser here:
Other external services
We also use different external services like Google Webfonts, Google Maps, and external Video providers. Since these providers may collect personal data like your IP address we allow you to block them here. Please be aware that this might heavily reduce the functionality and appearance of our site. Changes will take effect once you reload the page.
Google Webfont Settings:
Google Map Settings:
Google reCaptcha Settings:
Vimeo and Youtube video embeds:
Other cookies
The following cookies are also needed - You can choose if you want to allow them:
Privacy Policy
You can read about our cookies and privacy settings in detail on our Privacy Policy Page.