Author - Robin Hobo

I am a Technology Specialist with focus on the Modern Workplace. I am specialized in Microsoft Intune, Azure Virtual Desktop (AVD), Windows 365 and Windows 11. Also interested in mental health, NLP and personal development.

For my full bio, check the About Me page.

How to manage local user group membership with Microsoft Intune to make users local admin

I did several Intune projects by customers, and with almost every implementation a subset of users’ needs to have local administrator rights (for example developers). There are several ways to grant users these rights, for example via a separate Autopilot profile where you specify that users need to be local Administrator. Or via the “additional local administrators on all Azure AD joined...

Read More

How to deploy Windows Autopatch with Microsoft Endpoint Manager – Intune

Windows Autopatch is a new service from Microsoft that automates the update process of Windows (both quality updates and feature updates), Microsoft 365 Apps for Enterprise (aka Office apps), the Microsoft Edge browser and Microsoft Teams. Once the service is enabled in your tenant and devices are onboarded successful  you don’t need to worry about updates of the supported products anymore...

Read More

How to add or remove system apps in the Android Enterprise Work Profile with Microsoft Intune

Depending on the use cases and the requirements of the company, Android Enterprise Work Profile can be a great enrollment mode for both BYOD devices and company owned devices (in fully managed mode) when using Microsoft Intune. With an Android Enterprise Work Profile, you separate private apps and data from the corporate apps and data to prevent data leakage. Depending on the manufacture and the...

Read More

How to enable and configure Microsoft Remote Help in Microsoft Intune

Recently Microsoft made Remote Help generally available. Remote Help is an application to offer remote assistance to end users that are using Windows 10 or 11 endpoints. Remote Help is a Microsoft Endpoint Manager Premium add-on. It can be fully configurated within the Microsoft Endpoint Manager admin center. Both the IT support engineer and the end user needs to authenticate through Azure AD...

Read More

How to update Security Baselines in Microsoft Intune to a newer version

Security Baselines in Microsoft Intune are templates that contains policy configurations that by default are configured with the best practice from the Microsoft security teams. And that makes a Security Baseline the perfect starting point when creating a new policy set for the modern workplace. When creating a Security Baseline, all settings are pre-configured with the security best-practice...

Read More

How to exclude Shortcuts from syncing to OneDrive with Microsoft Endpoint Manager – Microsoft Intune

Microsoft OneDrive is a great service for storing your files. And when you have “Known Folder Redirection” enabled, your Desktop, Documents and Pictures folders are redirected to OneDrive and synched to the cloud. This way you have the same Desktop, Documents and Pictures folders available on every device which benefits the user experience. However, you have applications that place a...

Read More

How to move or restore a Windows 11 VM in Hyper-V with TPM enabled (Shielded VMs)

In my previous blog I showed you step-by-step how to install Windows 11 as a VM in Hyper-V. The difference with Windows 10 is that Windows 11 requires a TPM (Trusted Platform Module) chip in order to boot. As you could read in my previous blog, this is no problem at all. However, I’m the kind of guy that regularly reinstalls my laptop/desktop and also uses multiple devices to run the same...

Read More

How to install Windows 11 in Hyper-V

Windows 11 has now been released over a month ago and many companies are now considering the switch. It is always good to test extensively first and get some hands-on experience.  If you don’t have a physical PC available to test Windows 11, a good alternative is to do this in a virtual machine (VM). Personally, I use VMs a lot when I need to test Microsoft Intune configurations or when...

Read More

How to setup Android Zero-Touch Enrollment with Microsoft Endpoint Manager – Microsoft Intune

Android Zero-Touch Enrollment is a (free) service to automate and enforce MDM enrollments for Android devices running Android 9 or higher, independent of device manufacture. It offers end-to-end security because the MDM enrollment cannot be skipped by the user. The first time the user tuns on the device, clear instructions will be displayed to start the enrollment. All policies and applications...

Read More

How to add iOS devices manually in the Apple Business Manager (ABM) for automatic Microsoft Endpoint Manager – Microsoft Intune enrollment

It’s a best practice to enroll corporate owned iOS/iPadOS devices via the Apple Automated Device Enrollment (ADE) program (PKA Device Enrollment Program – DEP). It offers “out of the box” security because the enrollment with the MDM solution will start automatically and the user can’t work around it. Next to automatic device enrollment it makes it possible to set...

Read More

How to create and deploy a Windows 11 custom image with Windows 365 Enterprise Cloud PC

Less then a month ago I wrote a blog about How to create and deploy Windows 365 Enterprise Cloud PC Custom Images. What could be the case with cloud services such as Windows 365 is that developments can go fast. So, what have changed in the last 4 weeks after wring my previous blog? In this case a lot! First of all, Microsoft released Windows 11 (Oct, 5) and made it directly available for Windows...

Read More

How to stop receiving “Your weekly PIM digest” emails – A workaround

Microsoft Privileged Identity Management (PIM) is a powerful Azure AD service that provides time-based and approval-based role activation for access to resources in Azure, Azure AD and connected Microsoft services like Microsoft Intune and Microsoft 365. In company environments I always recommend to use PIM. Once PIM is activated you will receive a “Weekly PIM digest” if you have Privileged Role...

Read More

How to create and deploy Windows 365 Enterprise Cloud PC Custom Images

UPDATE : A new version of this blog with Windows 11 Gen2 images is available here. With Windows 365 you can deploy your Cloud PCs with a standard Azure Gallery image. There are Windows 10 Enterprise images available optimized for Cloud PC, with or without the Microsoft 365 Apps pre-installed on it (including Microsoft Teams with AV redirection optimization). However, with Windows 365 Enterprise...

Read More

How to implement and manage Microsoft Windows 365 Cloud PC

In August 2021, Microsoft released Windows 365 Cloud PC. A new cloud-based service that provides Cloud PCs to end users. With this Windows 365 Cloud PC, users get their own personalized desktop in the cloud, which can be accessed from anywhere on any device. It is optimized for Microsoft 365 including Microsoft Teams AV redirection. Unlike Azure Virtual Desktop you pay a fixed price per-user per...

Read More

How to manage your Windows Virtual Desktop session hosts (single user) with Microsoft Endpoint Manager – Microsoft Intune.

By default all Windows Virtual Desktop session hosts are joined with your domain. And in most cases you will apply policy configurations to them via Group Policy Objects (GPO). If you also using Microsoft Endpoint Manager – Microsoft Intune for managing Windows 10 devices, it might also be worth considering to manage your WVD session hosts VMs with it as well.

Read More

How to enable Azure Monitor for Windows Virtual Desktop

At the end of March 2021, Azure Monitor for Windows Virtual Desktop went GA. It will provide a dashboard built on Azure Monitor Workbooks that gives you insides of your Windows Virtual Desktop environment, including; Connection Diagnostics, Connection Performance, Host Diagnostics, Host Performance, Utilizations, Users, Clients and Alerts. In this blog post I will guide you step-by-step how to...

Read More

How to setup Samsung Knox Mobile Enrollment with Microsoft Intune

Samsung Knox Mobile Enrollment (KME) is a Zero Touch provisioning solution. You can fully automate the enrollment of new, or factory reset devices into an MDM solution like Microsoft Intune. The end user only have to turn on their company-owned Android device and connect to a Wi-Fi or cellular network. This will start the enrollment which the end user cannot cancel or work around.

Read More

How to apply Outlook.com mail rules on the Junk Mail folder and delete email based on words saved in a txt file on OneDrive

Outlook Mail Rules cannot be applied to the Junk Folder. This was a bit frustrating for me because after several years of using Outlook.com for my private email, I get quite a bit of spam every day. The problem is that sometimes legitimate messages also ends up in this folder and is deleted after 10 days by default. This forces me to go through my spam mail folder every few days to check if there...

Read More

How to remove Microsoft Store for Business apps in Microsoft Intune

The Microsoft Store for Business is a powerful service to distribute and manage modern Windows 10 applications from the Windows 10 Store (both free and paid applications). You can connect the Microsoft Store for Business with Microsoft Intune to sync the applications for easy deployment via Microsoft Intune. After the application is synced to Intune you only have to assign the application to a...

Read More

How to add Windows 10 devices to Windows Autopilot even faster

UPDATE: An up-to-date version of this blog can be found here: In July, 2018, I wrote this blog about how to setup Windows Autopilot and add existing devices the quickest way. After publishing this blog the Get-WindowsAutoPilotInfo script has been updated several times by the author Michael Niehaus. New functionalities have been added to the scripts. Therefore Windows 10 devices can be added to...

Read More

Dutch Windows Virtual Desktop User Group event – our Session Follow Up

[BLOG in Dutch due the event] Op 9 november 2020 hebben Gertjan Jongeneel en ik een sessie mogen geven op de allereerste editie van de ‘Dutch Windows Virtual Desktop User Group’ (DWVDUG)! Onze sessie had de titel ‘Alles wat je moet weten over Windows Virtual Desktop – Ervaringen uit de praktijk’. Het was een gratis event georganiseerd door de WVDCommunity wat online te volgen was. Als je hierbij...

Read More

How to start with Shared iPads for Business with Microsoft Endpoint Manager (Intune) and Apple Business Manager

I get the following question regularly; “can we configure our Apple iPads as Shared device. Where you as a user, can login and logoff without seeing each other’s data?”. Most of the time it’s about medical personal that works in shifts and don’t have a personal device. But you can also think of maintenance and field agents or flight crew members for example. In this case you want to let the...

Read More

I am speaking at the Dutch Windows Virtual Desktop User Group – DWVDUG

Together with Gertjan Jongeneel, we will give a session during the first Dutch Windows Virtual Desktop User Group (DWVDUG)! We are very honored to be able to speak at this very first edition. Our session is given in Dutch and have the title “Alles wat je moet weten over Windows Virtual Desktop – Ervaringen uit de praktijk”. During this session we will discuss everything you want to know...

Read More

How to fix the borderless window “problem” in Windows Virtual Desktop

First of all, it is not really a Windows Virtual Desktop problem, this has been a Microsoft Windows setting for many years now. However, when publishing a Desktop or a RemoteApp from a Windows Virtual Desktop host pool where the session host VMs running Windows 10, there are no visible borders around the windows by default. For example, see the blow screenshot. A File Explorer window is open...

Read More

How to shadow an active user session in Windows Virtual Desktop via Remote Desktop Connection (MSTC)

During our session last week during the “Microsoft meets Community : Windows Virtual Desktop – second edition:” event, I briefly mentioned the possibilities of shadowing an active user session in Windows Virtual Desktop, if you are interested, you can watch the demo over here. In this blog I want to go into more detail about which steps are required before you can shadow an active user session in...

Read More

Microsoft meets Community WVD event – Our session follow up

On September, 30 2020, Gertjan Jongeneel and I presented a session with the title ‘Sharing everything you want to know about Windows Virtual Desktop – Notes from the field’ at the ‘Microsoft meets Community : Windows Virtual Desktop’ event second edition! This is a free community event organized for Microsoft customers and partners where with expert speakers to share news, insights, and...

Read More

How to deliver a GPU powered Azure VM (example for CAD applications) with Windows Virtual Desktop

It’s not uncommon for customers to ask for the possibilities to deliver a GPU (graphics processing unit) powered desktop with Windows Virtual Desktop. If employees have to work with multimedia enabled applications, you can hardly do without it. Or for example, a construction company that wants to deliver the Autodesk AutoCAD, Autodesk Revit and Autodesk InfraWorks CAD applications.

Read More

How to implement FSLogix Profile container using Azure Files and Active Directory authentication for Windows Virtual Desktop (WVD)

With FSLogix Profile container you can maintain user context (for example application settings) in non-persistent environments like within a Pooled Windows Virtual Desktop Host pool. It will optimize the sign-in time for the end user because the user profiles are stored in VHD(X) file that is mounted to the concerning Session host VM every time the user signs in and therefor nothing has to be...

Read More

How to get the Windows Virtual Desktop – Remote Desktop client for Windows – Insider version

Just like with the rapid development of Windows Virtual Desktop itself, the Remote Desktop client for Windows also get at least an update every month. Microsoft keeps a good record of what’s new with every new version, you can find here. Beside a 32-bit and a 64-bit version, you also have the Public and an Insider version. The Insider version is intent for testing upcoming features before...

Read More

How to publish the Remote Server Administration Tools (RSAT) with Windows Virtual Desktop (WVD)

The Remote Server Administration Tools (RSAT) enables the IT administrator to remotely manage the (local) domain with tools like “Active Directory Users and Computers”, “DNS” and “Group Policy Management”. You can install RSAT locally on a Windows device, but to use the tools, you still need to be connected to the local network or, if you are working remotely, setup a VPN connection first.

Read More

How to change the default Windows Virtual Desktop “SessionDesktop” name to a more friendly one with PowerShell or GUI

When you create a new Windows Virtual Desktop Host pool, a default “Desktop Application Group” (DAG) will be created for you. When you assign a user or an Azure AD Security group to this Desktop group, the user(s) will see a desktop icon appear in their Remote Desktop client with the name “SessionDesktop”. You can easily change this name to a more friendly name with PowerShell or the GUI, as I...

Read More

Windows Virtual Desktop (WVD) – Image Management : How to manage and deploy custom images (including versioning) with the Azure Shared Image Gallery (SIG)

A lot of questions I receive about Windows Virtual Desktop (WVD) are about Image Management. Questions like; How can I create a custom image and apply updates on it? What about versioning and the possibility to rollback an image version? All these functions are available with Windows Virtual Desktop, together with the Azure Shared Image Gallery (SIG). In this blog I will show you step-by-step how...

Read More

How to install and configure Microsoft Teams (Public Preview) for Windows Virtual Desktop (WVD)

Recently, Microsoft released the Public Preview of Microsoft Teams for Windows Virtual Desktop environments. With the new media optimizations included in this version of Microsoft Teams for Windows Virtual Desktop, a local connection will be made between users for audio and video redirection while the application itself is running in the Windows Virtual Desktop environment. This will give end...

Read More

How to deploy and manage Windows Virtual Desktop “Spring Release”

After a long wait the next version of Windows Virtual Desktop (WVD) is now in public preview. This next version is also known as “WVDv2” and “Spring Release” and there are a lot of changes since the first GA release back in 2019 of WVD. To begin, it is now fully integrated with the Microsoft Azure portal, meaning, there is now an official supported management UI, you can now assign applications...

Read More

How to create an Azure Service Principal for use with Windows Virtual Desktop AND Azure ARM Templates, like the ARM Template to Update an existing Windows Virtual Desktop hostpool

Some time ago, I wrote a blog about How to provision a Windows Virtual Desktop (WVD) Host Pool with Service Principal in the case that MFA is enabled for (every) user/admin in the Azure environment and you cannot provision a Windows Virtual Desktop hostpool. And this was working fine when provisioning a new Windows Virtual Desktop host pool via the “Windows Virtual Desktop – Provision a host...

Read More

How to configure automatic Contact Syncing from Microsoft Outlook to the native Contacts App including Contact Fields filtering on iOS and Android BYOD devices with Microsoft Endpoint Manager

After companies apply Mobile Application Management (MAM) / App Protection Policies to their employees’ mobile devices, and forced them to use the Managed Outlook app instead of the native mail application, one of the most frequently asked questions are “how can I see who’s calling me?” and “where are my contacts? I don’t see them in my native contacts app”. This has everything to do with...

Read More

Call to Action : Add the new Microsoft Office (Hub) app for iOS and Android to your current Microsoft Endpoint Manager / Microsoft Intune App Protection Policies

In the last few weeks I have had contact with a few companies that use Microsoft Endpoint Manager / Microsoft Intune for managing their mobile devices. In most cases they do this for a longer time and they also use Mobile Application Management (App protection policies) for securing the company data, for example, on BYOD (Bring Your Own Devices / Private owned devices). And this is a good thing...

Read More

How to apply Outlook.com rules on the junk folder and How to “stop” Outlook.com from moving Emails to Junk or Spam Folder

UPDATE : A more advance flow is described in this new blog. I use Microsoft Outlook.com for my private mail for many years now, and over the years I receive more and more spam. In most cases Outlook.com redirects all spam to my Junk folder, which is good. But in some cases Outlook.com also redirects legitimate messages to my Junk folder, and this force me to scan my Junk folder on legitimate...

Read More

How to start OneDrive (and automatically sign-in) when using a RemoteApp in Windows Virtual Desktop (WVD)

Recently I had a use case where a customer uses Windows Virtual Desktop with RemoteApps, and files had to be opened and saved on the user’s OneDrive within these applications. Not a very exceptional situation if you ask me. I know that with some GPO settings / registry keys you can configure silent sign-in and Files on-demand (recommended within environments like Windows Virtual Desktop)...

Read More

Microsoft MVP – Enterprise Mobility 2020-2021!

Since the first of February, I have been awarded as Microsoft Most Valuable Professional (MVP) – Enterprise Mobility (2020-2021) !!! I am very proud and honored about this award!! I started this website in 2012 to share my IT knowledge and to give back to the community. Soon people from all over the world approached me to say thanks for sharing or asking for help. Besides that I like to...

Read More

Windows Virtual Desktop (WVD) Host Pool deployment error – Subscription is not registered

Recently I was deploying a new Windows Virtual Desktop environment in a complete new Microsoft Azure tenant with a new Azure subscription. Although my user account has the right permissions in the Azure tenant, the WVD tenant and on the Azure Subscription, I still got a deployment error when provisioning a WVD Host pool.

Read More

Talk Techie To Me – Windows Virtual Desktop

Last week I was the guest in the “Talk Techie to me” podcast for the second time. “Talk Techie to me” is a monthly podcast presented by Jeroen Engelander and Madeleine van Rotten. Every month they discuss different topics with different guests and this time it was my turn to talk about Windows Virtual Desktop (WVD). In this podcast we talk about what Windows Virtual Desktop is, the use cases we...

Read More

How to configure Conditional Access with Session Management for Windows Virtual Desktop (WVD)

Recently I implemented Windows Virtual Desktop (WVD) for a customer. This customer has the policy that you always needs to get challenged by Multi-Factor Authentication (MFA) before you get access to a Remote Application or Desktop, except when connecting from a managed device. To achieve this with Windows Virtual Desktop, an Azure Conditional Access policy must be created with session settings...

Read More

How to provision a Windows Virtual Desktop (WVD) Host Pool with Service Principal

As described earlier in this blog you can easily provision a Windows Virtual Desktop (WVD) host pool with an user account that have “RDS Owner” or “RDS Contributor” permissions on the Windows Virtual Desktop tenant. However, this will not work as this user has Multi Factor Authentication (MFA) enabled.

Read More

How to implement and manage Azure AD Domain Services (Azure AD DS) for a fast Windows Virtual Desktop (WVD) PoC deployment

I recently visited a customer who wanted a Windows Virtual Desktop PoC. And although it is customary for me to implement a Windows Virtual Desktop PoC within the current production environment and take it in production after a successful PoC right away, this customer wanted the PoC to be in a completely separate environment. The customer even wanted to implement this Windows Virtual Desktop PoC...

Read More

Quicker assign multiple resources within Microsoft Intune with Policy Sets

With the October 14, 2019 Microsoft Intune update, management of Microsoft Intune has become a little easier. And with “little easier” I mean that it is now possible to assign multiple resources like applications and policies at once. With Policy Sets you can assign applications, application protection policies (MAM), configuration-, compliance- and type restriction policies, AutoPilot profiles...

Read More

How to enroll an Apple device with iOS 13 “User Enrollment” mode in Microsoft Intune

With the release of iOS 13 there were a few major changes, not only did the iPad’s got their own iPadOS, also with the Mobile Device Management (MDM) enrollment modes there are major changes. The Device Enrollment Program (DEP) is renamed to “Automated Device Enrollment” and all devices enrolled with “Automated Device Enrollment” are now automatically set in supervised mode. There is also a new...

Read More

How to configure Shared Credentials for web applications in Azure AD

By a lot of companies I still see that they are using SaaS/web applications with a single account and that the credentials of that account is shared with multiple people within the organization. An example; the marketing department is using multiple social media channels like Twitter, Facebook, Instagram and LinkedIn, everyone of the marketing department has the login credentials of these...

Read More

How to update a custom Windows 10 multi-user image with LOB applications for Windows Virtual Desktop (WVD) Preview

In my previous blog I showed step-by-step how to create a custom Windows 10 multi-user image with Line Of Business (LOB) installed on it for use with Windows Virtual Desktop (WVD). Most of the time updates are needed after a few days or weeks, there are the Windows updates off course, but also the LOB application updates. Or perhaps new LOB applications needs to be added to the image. How do you...

Read More

How to create a custom Windows 10 multi-user image with LOB applications for Windows Virtual Desktop Preview (WVD) Hostpool deployments

A few months ago I wrote a blog about How to deploy Windows Virtual Desktop (Preview) and publish a Full Desktop and the Microsoft Office 365 ProPlus applications. That blog was based on a Windows Virtual Desktop Hostpool deployed with a standard Gallery Image. In this blog I will show you how to deploy a Windows Virtual Desktop Hostpool with a custom Windows 10 multi-user image with your own LOB...

Read More

How to fix “Server App” is not consented, So please consent Server App.” error when logging in to the Windows Virtual Desktop (WVD) Management Tool

Recently, I helped a customer, who is testing with Windows Virtual Desktop (WVD). This customer has installed the Windows Virtual Desktop – Management Tool within their Azure portal. This Management Tool makes managing your WVD environment a lot easier and I definitely recommend looking at this if you have not already done so.

Read More

How to control iOS app uninstall behavior at device unenrollment with Microsoft Intune

Previously, during a device unenrollment, all applications were removed that where pushed/installed via  Microsoft Intune by default. This is not always handy, for example take the Microsoft Office applications. You can add multiple accounts within these applications and if you are using Microsoft Outlook for your work mail and also for your private mail. You want Microsoft Outlook to stay on...

Read More

How to send custom notifications to an iOS device with Microsoft Intune

With the Microsoft Intune, August 5, 2019 update it is now possible to send custom push notifications to end users. This can be useful if you want to send a custom message to a selected group of people, for example for planned maintenance, or to everyone, for example, in the case of emergencies. In this blog I will show you how to send a custom notification to an iOS devise and how it looks like...

Read More

How to configure Remote Access for Work Folders with the Azure AD Application Proxy

In my previous blog I showed you how to deploy Work Folders on Windows Server 2019. In this blog I will show you how to configure Remote Access to these Work Folders via the Azure Active Directory Application Proxy. I great benefit of using the Azure AD Application Proxy is that you don’t need expensive reverse proxy solutions and you don’t have to open your firewall ports, so it is also more...

Read More

How to deploy Work Folders with Windows Server 2019

What if your organization is not using Microsoft OneDrive (yet) and you want to give users the possibilities to access corporate files that are stored on-premises on a file server from BYOD devices? You also want to stay in control of the corporate data and want to enforcing device policies like encryption and screen lock settings? In that case Work Folders can be a good solution for you. In this...

Read More

I’m speaking at the Embrace the Future event!

On June, 12 2019 Comparex Netherlands will organize the “Embrace the Future 2019” event. This event is held in Utrecht (The Netherlands) and the sessions are in Dutch. The event is all about the Modern Workplace and everything that has to do with it. For example, there are breakout sessions about Security, Automation, Digital Content, Software Asset Management, Cloud, Adoption and many more.

Read More

How to deploy Win32 applications with Microsoft Intune

One of the most frequently asked questions from customers is whether it is possible to publish Win32 applications with Microsoft Intune. The answer is Yes. It is possible to deploy Windows 10 Store Apps, MSI files and even .EXE files. Although .EXE files cannot be published directly. You need to “wrap” the .EXE file (and other required source files if applicable) to an .INTUNEWIN file. In this...

Read More

I’m speaking at Experts Live 2019!

Together with colleague Jeroen Engelander I’m speaking at Experts Live 2019. This year the biggest Microsoft community event in the Netherlands takes place on June, 6 in ‘s-Hertogenbosch. The session we will give is called “Journey to the modern workplace”. In this session we take you on a journey from a real world perspective and show the challenges, commonly found...

Read More

How to deploy Windows Virtual Desktop (Preview) and publish a Full Desktop and the Microsoft Office 365 ProPlus applications

As you have probably already heard or read is that Windows Virtual Desktop (WVD) is now available in Public Preview. Windows Virtual Desktop is a desktop and application virtualization service running in Microsoft Azure. The backend is completely managed by Microsoft itself. You can create host pools to publish full desktops or to publish your LOB applications. A big advantage is that Windows 10...

Read More

Talk Techie To Me – Mobility Podcast

Last week I was the guest in the “Talk Techie to me” podcast. “Talk Techie to me” is a weekly podcast presented by Jeroen Engelander, Madeleine van Rotten and Daniel Perrier. Every week they discuss different topics with different guests and this time it was my turn to talk about Enterprise Mobility Management (EMM) solutions and explain the different between Microsoft Enterprise Mobility +...

Read More

How to configure Android Enterprise – Corporate-owned, fully managed user devices mode with Microsoft Intune

In the last two months I wrote some blogs regarding different type of Android Enterprise modes. It’s now time for the last mode; Android Enterprise – Corporate-owned, fully managed user devices. And as the name of this mode indicates, this mode is for user based scenario’s. The enrollment process is more or less the same as with the dedicated device mode. The enrollment process also start with...

Read More

How to configure an Android device in Multi App Kiosk mode with Microsoft Intune

In previous blogs I talked about how to configure Android Enterprise – Corporate-owned – dedicated device mode, and as an addition, how to configure Kiosk Single app mode for Android devices. In this blog I want to show you the Multi-app Kiosk mode for Android devices and how the end user experience looks like. There are some steps different than in Single app mode, I will show you this step-by...

Read More

How to configure an Android device in Single App Kiosk mode with Microsoft Intune

In my previous blog I talked about how to configure Android Enterprise – Corporate-owned dedicated devices mode with Microsoft Intune. The end result was a device on which the end user cannot do much more than open the published applications, and if it concerns a phone, make phone calls and send text messages. If this is still too much, you can go one step further by pushing a Kiosk profile to...

Read More

How to setup Android Enterprise – Corporate-owned dedicated devices with Microsoft Intune

Earlier I wrote about how to configure Android Enterprise – Work Profile. This Android Enterprise mode is designed for personal-owned mobile devices. For corporate-owned devies there are two Android Enterprise modes, one for dedicated devices and one for fully managed user devices. In this blog I will show you how to configure Android Enterprise – Corporate-owned dedicated device mode...

Read More

How to configure Apple DEP within Microsoft Intune and migrate existing DEP devices from another MDM solution to Microsoft Intune

In the January, 2019 update of Microsoft Intune, new Apple DEP capabilities became available. With the latest release of iOS, more options are displayed during the initial setup of an iPhone or iPad, for example, Screen Time and Onboarding. Now, with this update, Microsoft Intune can hide these screens with the Setup Assistant Customization settings.

Read More

How to Migrate from Android Device Admin (legacy) to Android Enterprise with Microsoft Intune

A few days ago I wrote a blog on How to Enable Android Enterprise and configure Personal devices with a Work Profile in Microsoft Intune. After posting this blog I got some questions from people who asked me how to migrate the current enrolled devices to Android Enterprise. Unfortunately, this process cannot be fully automated. Current Android managed devices needs to be re-enrolled before you...

Read More

How to Enable Android Enterprise and configure Personal devices with a Work Profile in Microsoft Intune – The ultimate Step-By-Step Guide

This year Google will stop with the support of Android Device Admin API’s with the release of Android 10. This means that the traditional way to manage Android devices is no longer possible with new Android 10 devices or older Android devices that are upgrading to Android 10 (or higher). Android Enterprise is the new way to manage Android devices. With Microsoft Intune you can manage Android...

Read More

How to configure Windows 10 in Multi App Kiosk mode with Microsoft Intune

Last week I wrote a blog about Windows 10 Kiosk Single App mode. A good way if you have only one app that needs to run on the Windows 10 device. If you have multiple apps that you want to run in Kiosk mode you can configure Windows 10 in “Multi App Kiosk” mode. For example, an Internet cafe that want to make different Internet Browsers available. In this blog I will show you step-by-step how to...

Read More

How to configure Windows 10 in Kiosk Single App, full-screen mode with Microsoft Intune

Recently a few different customers told me they have plans to replace their expensive and hard to manage thin clients with cheaper Windows 10 fat-clients. And I think it’s a good move because you can easily configure Windows 10 in Kiosk mode via Microsoft Intune (by the time of writing this blog still in preview). With Windows 10 in Kiosk mode you can replace the Windows 10 shell with a dedicated...

Read More

How to deploy the Microsoft Teams Desktop client with Microsoft Intune

A few weeks ago I wrote a blog about how to deploy Microsoft Office 365 ProPlus with Microsoft Intune. One of the steps during this configuration was to select which application must be part of the installation. I deselected Skype for Business with the reason that we are now using Microsoft Teams for Instant Messaging (chat) and online meetings. Therefor I will show you how to deploy the...

Read More

How to install the Application Proxy Connector and publish an on-premise web application or website in Microsoft Azure

In Microsoft Azure Active Directory you can publish web based (SaaS) applications and websites in a few different ways. The easiest way is via the Azure App Gallery, in that case you have added the application in just a few steps. If the application is not available in the Azure App Gallery you can add it manually. When adding the application manually you can either add cloud hosted web apps and...

Read More

How to deploy the Microsoft Office 365 ProPlus Suite with Microsoft Intune in a few easy steps

Deploying a full Microsoft Office suite to end points was usually quite a challenge. The first step was always to customize the installation to make sure the correct applications, languages and latest patches were included. The second step was the challenge with the deployment itself. If you had an environment that includes a full operating System Center Configuration Manager (SCCM) then you was...

Read More

How to automatically cleanup devices in Microsoft Intune

If you as an IT admin are using Microsoft Intune for a while, the chance is quite big that you will see devices that are not checked in for a very long time. Often these are devices that are no longer in use or whose device management has been manually removed. By default Microsoft Intune will remove every device that not checked in for over 270 days. This is too long for most IT admins that...

Read More

Automatic add existing Windows 10 devices to Windows Autopilot

A few weeks ago I wrote a blog about “How to setup Windows AutoPilot and add existing devices the quickest way”. At that time I meant with “existing devices”, devices that were not yet in use but were already delivered to the company without being added to AutoPilot. What I didn’t cover in my blog were the Windows 10 devices that are already in use. A few days after I posted my...

Read More

How to integrate Citrix XenMobile with Azure AD for auto enrollment with Autopilot or Azure AD Join

In my previous blog I took you through the steps to configure Windows AutoPilot in combination with Microsoft Intune. In this blog, I want you to show that it is also possible to use Windows AutoPilot or Azure AD Join with other MDM/EMM solutions, like in this case, Citrix XenMobile. In this scenario, after the Windows 10 out-of-box-experience (OOBE) setup, the Windows 10 device is automatically...

Read More

How to setup Windows Autopilot and add existing devices the quickest way

UPDATE 2 (Jan 28, 2023): An up-to-date version of this blog can be found here: UPDATE (Dec 2, 2020) : There is now an even faster way of adding devices to Autopilot. Step 3 of this blog can be replaces with new steps described in this blog : How to add Windows 10 devices to Windows Autopilot even faster Windows 10 Modern Management is hot. More and more companies are looking for the possibilities...

Read More

How to configure Citrix Secure Mail with SSO

Citrix Secure Mail is a feature-rich mail client that comes with Citrix Endpoint Management (a.k.a. Citrix XenMobile). With Citrix Secure Mail you can enforce Mobile Application Management (MAM) policies to secure and containerize business data. You can also pre-configure the users mail account. When publish Citrix Secure Mail with default settings (including the users mail account), the end user...

Read More

How to configure Microsoft Intune / Azure AD Conditional Access to Microsoft Office 365 Exchange Online

With Microsoft Intune you can do great things. You can enroll all kind of mobile devices to enforce MDM policies, push applications and even configure managed mobile applicaties like the Microsoft Office applications. You can add an additional security layer to these managed applications by applying an additional access pincode and encrypt the data within the applications. Data can be isolated...

Read More

How to install and configure Citrix XenDesktop 7.12 with Windows Server 2016 hosts running on Microsoft Azure

It’s almost a year ago, that I wrote an installation guide / step-by-step guide about Citrix XenDesktop. XenDesktop releases arrived at a rapid pace in the past year. At this moment, the current release is version 7.12 which was released in December 2016. So, it’s time for an up-to-data step-by-step blog about the latest XenDesktop release. This time I want to do something different, till now I...

Read More

How to configure Citrix ShareFile SSON with Microsoft Azure AD

In the last few years I have mostly implemented ShareFile Enterprise as part of the XenMobile Enterprise edition and therefor configured the XenMobile server as a SAML identity provider for ShareFile SSON. In the last few months I also see some companies that were only interested in the Citrix ShareFile solution without XenMobile. In this case there are some alternative ways to provide users...

Read More

How to setup Microsoft Azure RemoteApp with a custom image (step-by-step)

In this blog I will guide you step-by-step on how to setup Microsoft Azure RemoteApp with a custom image. First I will create a custom image with a few custom applications installed on it. In the following steps I will show you how to import this image to RemoteApp, publish the applications and give users access to these applications. For this blog I will use a clean Azure environment (with...

Read More

How to add a domain name to Microsoft Azure Directory and add users

There are a few ways to provision users in a Microsoft Azure AD directory. The most common is with the use of the Azure AD Connect tool which syncs your on-premises AD directory with Azure AD. The simplest way (and good for Cloud Only scenarios) is to create users directly in Azure AD. If you want to create a user in Azure AD with the UPN of your domain name, you first need to validate the domain...

Read More

Installing and Configuring Citrix XenDesktop 7.8 and publishing a Windows 10 PVS Desktop

Citrix recently released Citrix XenDesktop 7.8. The releases follow each other rapidly lately and there are quite a few improvements and new features in the latest releases like, session recording, Linux Virtual Desktop support, Framehawk Virtual Channel, AppDisk, Windows 10 support (since version 7.7) and Zones. My last “step-by-step” blog about Citrix XenDesktop was about version 7.1 so it is...

Read More

About Robin Hobo

I am a Technology Specialist Cloud Endpoint working for Microsoft. I am specialized in Microsoft Intune, Azure Virtual Desktop (AVD), Windows 365, Windows 11 and Azure AD. Also interested in mental health, NLP and personal development.

For more information, see my LinkedIn profile.

By continuing to use the site, you agree to the use of cookies. more information

The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.

Close