User Profile
StuartK73
Steel Contributor
Joined Mar 26, 2018
User Widgets
Recent Discussions
Re: Entra Shared Mode - Force App Stop
Hi Buddy Many thanks for the reply. Do you have a link showing the list of apps that are optimized for Entra Shared Mode? As the one I have, does not say that Excel is optimized: https://learn.microsoft.com/en-us/entra/msal/android/shared-devices#microsoft-applications-that-support-shared-device-mode StuartEdge for Android Smartscreen
Hi All I hope you are well. Anyway, is it possible to configure Edge for Android Smartscreen to: Prevent end user bypass Block potential risky downloads I can see various methods and guides pointing to Edge App Configuration policies but just cannot seem to get the this to work on Android Enterprise Fully Managed devices. Any help would be great. SKDisplay On-prem Password Policy on SSPR Page
Hi All We are beginning to rollout SSPR with on-prem writeback. So far so good. Is there a way we can display our on-prem password policy requirements on the SSPR screen? I have seen the MS docs, but can't really make any sense of them so any help would be greatly appreciated. SKEntra Shared Mode - Force App Stop
Hi All I hope you are well. Anyway, I was asked this yesterday and think I already might know the answer, but here goes. We had an instance of Microsoft Excel stuck in "getting things ready" on an Android Entra Shared Mode Device. Technical Support wondered if there was a way to Force Stop Excel or clear the app data. We had a look in Exit Kiosk Mode, Android Settings, and the Force Stop of Excel said "Action not allowed" and the clear the app data said "Unable to delete data for app" So, my question(s) would be, is going into Exit Kiosk Mode and even trying to force stop / clear data on apps even a valid option, or is this by design? Would adding Excel to this setting help? Any help or confirmation would be greatly appreciated. StuartRe: Separate APP policies
Hi Buddy Many thanks for your reply although I don't think I really understand what you are saying. Anyway, I think I have it working with the following filters: BYOD APP policy > Assigned to E3 / F3 groups > EXCLUDE (app.deviceManagementType -eq "Android Enterprise") Corp Owned / Intune Enrolled COBO APP policy - EXCLUDE (app.deviceManagementType -eq "Unmanaged") In APP Monitor, I can see: BYOD APP policy going to my test BYOD device COBO APP policy going to my test COBO device This is the desired outcome 😎🌲Separate APP policies
Hi All I hope you are well and have a Merry Christmas and a Happy New Year. Anyway, trying to get my head around APP policies for both BYOD and Corp (COBO) Android devices. I'd like nothing more than a single APP policy for Android but there are certain settings such block screenshots that I would like to include in the BYOD APP policy but not include in the Corp (COBO) APP policy. So, my thinking is: BYOD APP policy > Assigned to E3 / F3 groups > Filter on EXCLUDE corp devices Corp Owned / Intune Enrolled COBO APP policy - Filter on EXCLUDE personal devices Could someone advise on the best way to achieve this? What's the best Device / App filter syntax to use? Info appreciatedRemed Script to delete Reg Value
Hi All I hope you are well. Anyway, pulling hair out this one, so could someone help me compile a Detect and Remed script to delete the following Reg key please: Computer\HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate Value I need removed is the SetActiveHours one as below Any help would be greatly appreciated.Re: Restrict some devices
Hi Buddy Unfortunately, these devices are not yet enrolled in Defender for Endpoint, I am and have been pressing for this for a while now. Could you elaborate on "Alternatively, if you have list of devices already identified, then you can block access to them using conditional access device filters. " I'm struggling to get my head around the Include filtered devices in the policy / Exclude filtered devices from the policy. Let say we do CA Policy - Filtered Devices All users All resources Access = BLOCK Include filtered devices in the policy Property Operator Value DeviceID Equals Device ID from Intune Does that policy work out as any user accessing any cloud resource on a deviceID is blocked? SKBlock All Software Installs
Hi All Is there a way to block all software installs on Windows devices except for those we push out via Intune? I have have a look in the Device Config settings but there seems to be some confusing settings in there and some stating set as "Disabled" when disabled isn't an option. Info appreciated.
