Windows 11 Create Recovery Drive
I recently upgraded to Win11 24H2 and when I went to create a recovery drive I ran into problems. After telling Windows that I would like to Create a Recovery Drive including system files Windows went off in search of media and came back and told me i needed a 32GB thumb drive. Tried it without system files and no luck either. No matter what kind of thumb drive 32GB, 64GB, USB 2.0, USB 3.0, Formatted NTFS, FAT32, exFAT. Whether I formatted the drive using the file explorer utility, or using DISKPART and cleaning the drive and restoring the partition and reformatting. Nothing worked. sfc /scannow and DISM did't show any problems either. I know I can and i did, use a third party application to create a recovery disk, I would like to use the built in Microsoft tool. Any suggestions??Save the date: Windows Office Hours - November 20, 2025
Save the date for our next monthly Windows Office Hours, on November 20 from 8:00-9:00a PT! We will have a broad group of product experts, servicing experts, and engineers representing Windows, Microsoft Intune, Configuration Manager, Windows 365, Windows Autopilot, security, public sector, FastTrack, and more. They will be standing by -- in chat -- to provide guidance, discuss strategies and tactics, and, of course, answer any specific questions you may have. For more details about how Windows Office Hours works, go to our Windows IT Pro Blog. If you can't make it at 8:00 a.m. Pacific Time, post your questions on the Windows Office Hours: November 20th event page, up to 48 hours in advance.
Delivery Optimisation No longer working
Delivery Optimisation is not working as intended, I have set the relevant limits within the settings however all downloads that happen always exceed what I have set. This causes a real issue as we don't have the best internet and it completely choles the entire household of any internet to try and feed the download. Is there any fix for this, is this a bug, it used to work perfectly fine? I have tried all the tips to fix but to no avail, task manager clearly shows all the internet being used.Microsoft Defender for Office 365: Migration & Onboarding
This blog covers four key areas that are frequently missed, but they are essential for a secure and auditable deployment of Defender for Office 365. Before diving into the technical details, it is important to clarify a common misconception about Defender for Office 365 protections. Blocking Malicious File Downloads in SharePoint and OneDrive A common assumption during onboarding is that Microsoft Defender for Office 365 protections only apply to email. In reality, Safe Attachments also integrates with SharePoint Online, OneDrive for Business and Microsoft Teams. It scans files for malware even after they are uploaded or shared internally. However, this protection is only effective when the configuration explicitly prevents users from downloading files flagged as malicious. Without this setting, files detected as threats can still be downloaded locally. This creates a major risk particularly if the malware is detected post-delivery. In one investigation, I found that this setting had been left at its default, allowing users to download malicious files from SharePoint. This oversight created a significant exposure risk until it was corrected. This setting is part of the Safe Attachments for SPO/ODB policy and is critical in reducing internal exposure. Once enabled, this setting protects users in real time and acts as a powerful audit point. If someone disables this setting, whether intentionally or by accident, that action is recorded in Purview's Unified Audit Log under the DisallowInfectedFileDownloadDisabled operation. The video below offers a brief walkthrough on how to enable the setting, details the associated audit log events, and provides guidance on configuring alerts for any modifications: Regularly auditing for this event can help identify misconfiguration or potentially malicious administrative activity that could indicate insider threat behaviour. Including this check as part of your continuous security monitoring process is a smart, proactive move. Learn more at Step 2: (Recommended) Use SharePoint Online PowerShell to prevent users from downloading malicious files Once you have established protection against malicious files, the next step is ensuring your tenant is correctly set up to create and manage threat policies. Ensuring Organization Customization is Enabled A frustrating yet common hurdle during Defender for Office 365 onboarding is the inability to create threat policies such as anti-phishing or Safe Attachments policies. This confusion often stems from a basic configuration oversight: the tenant has not been enabled for organization customization. Without this step, the Microsoft 365 platform prevents the creation or editing of many critical security policies in Defender for Office 365. A few years prior with a new client being onboarded to Defender for Office 365, I encountered a situation where policy creation kept failing because this step wasn’t followed. It caused unnecessary delays and frustrated the security team until we identified the missing customization. The fix is simple. Run the Enable-OrganizationCustomization PowerShell cmdlet from Exchange Online. It is a one-time configuration task, but it is essential for policy management and overall service functionality. Including this step early in your deployment or migration plan prevents unnecessary delays and ensures the security team can fully leverage Defender for Office 365's capabilities from day one. This is particularly important for consultants who are brought in to assist after issues have already arisen. Getting ahead of this configuration means one less troubleshooting rabbit hole. With customization enabled, you can now take advantage of the preset security policies to quickly build a solid baseline. Using Preset Security Policies for a Strong Starting Point One of the best tools Microsoft has provided for onboarding is the Preset Security Policies feature. These come in two flavors: Standard and Strict. Figure 4 - Defender for Office 365 Preset security policies (Standard & Strict protection) They represent Microsoft’s recommended baseline configurations for anti-malware, anti-phishing, and spam protection. Learn more at Preset security policies in cloud organizations. For customers with limited security maturity or time to deeply understand the inner workings of Defender for Office 365, these presets are a game-changer. Figure 5 - Microsoft recommendation is to apply standard protection to all users In several cases, I have seen organizations with limited security teams benefit from activating these presets early. This approach gave them immediate protection while freeing up time to better understand and tune policies over time. For incident response, having a consistent and known-good baseline also helps reduce noise and false positives in the initial stages of deployment. Figure 6 - Apply strict Defender for Office 365 protection for priority users After setting foundational policies, controlling who has access to what within Defender for Office 365 is crucial to maintaining a secure environment. Implementing Unified RBAC for Least Privilege Access As more business units engage with Defender for Office 365 for everything from investigation to reporting, it is important to ensure each role has access only to what they need. Unified Role-Based Access Control (RBAC) in Defender for Office 365 makes this possible by allowing granular control over who can see and change what within the security portal. Figure 7 – Example least privilege role configuration for a Defender for Office 365 Incident Responder (image trimmed). This becomes critically valuable in larger or more complex organizations where responsibilities are split between security, compliance, IT, and operations teams. Figure 8 - Activating Microsoft Defender for Office 365 Workload in Defender XDR Roles. By using unified RBAC, you can avoid the dangerous and often default behavior of assigning Security Administrator rights to everyone involved. Instead, define roles based on function. For example, Tier 1 analysts might only need view and investigation access, while admins can manage policies. Figure 9 - Assigning a user to a Custom Microsoft Defender for Office 365 role, Entra Security Groups are also supported. This approach aligns with zero trust principles and makes it easier to audit who has access to sensitive areas. During onboarding, I recommend mapping stakeholders to the available roles and applying this model as early as possible. This helps establish accountability and improves your security posture before an incident occurs. Learn more at Map Defender for Office 365 permissions to the Microsoft Defender XDR Unified RBAC permissions Having set the right roles and permissions, it is vital to understand how these configurations contribute to a resilient and well-prepared security posture. Final Thoughts Successful onboarding to Microsoft Defender for Office 365 is not just about flipping switches. It is about making intentional configuration choices that support operational efficiency and long-term security goals. The points covered here are often missed in quick start guides but they are essential for building a solid foundation. Those who invest time in proper configuration are far better prepared when incidents arise. Migration is just the beginning. Set up Defender for Office 365 right to reduce risk and build real resilience. Please take two minutes to take this survey to let us know what you think of this blog (series), video, and community content. Questions or comments on this blog "Microsoft Defender for Office 365 Migration & Onboarding" for the author or other readers? Please log in and post your response below! _____________ This blog has been generously and expertly authored by Microsoft Security MVP, Purav Desai. with support of the Microsoft Defender for Office 365 product team. Lead M365 Incident Responder, Financial Services | Dual Microsoft Security MVP Learn More and Meet the Author 1) December 16th Ask the Experts Webinar: Microsoft Defender for Office 365 | Ask the Experts: Tips and Tricks (REGISTER HERE) DECEMBER 16, 8 AM US Pacific You’ve watched the latest Microsoft Defender for Office 365 best practices videos and read the blog posts by the esteemed Microsoft Most Valuable Professionals (MVPs). Now bring your toughest questions or unique situations straight to the experts. In this interactive panel discussion, Microsoft MVPs will answer your real-world scenarios, clarify best practices, and highlight practical tips surfaced in the recent series. We’ll kick off with a who’s who and recent blog/video series recap, then dedicate most of the time to your questions across migration, SOC optimization, fine-tuning configuration, Teams protection, and even Microsoft community engagement. Come ready with your questions (or pre-submit here) for the expert Security MVPs on camera, or the Microsoft Defender for Office 365 product team in the chat! REGISTER NOW for 12/16. 2) Additional MVP Tips and Tricks Blogs and Videos in this Four-Part Series: (This post) Microsoft Defender for Office 365: Migration & Onboarding by Purav Desai Safeguarding Microsoft Teams with Microsoft Defender for Office 365 by Pierre Thoor You may be right after all! Disputing Submission Responses in Microsoft Defender for Office 365 by Mona Ghadiri Microsoft Defender for Office 365: Fine-Tuning by Joe Stocker Learn and Engage with the Microsoft Security Community Log in and follow this Microsoft Defender for Office 365 blog and follow/post in the Microsoft Defender for Office 365 discussion space. Follow = Click the heart in the upper right when you're logged in 🤍 Learn more about the Microsoft MVP Program. Join the Microsoft Security Community and be notified of upcoming events, product feedback surveys, and more. Get early access to Microsoft Security products and provide feedback to engineers by joining the Microsoft Customer Connection Community. Join the Microsoft Security Community LinkedIn
Lenovo Yoga with new SSD, Clean Win11 install is SLOOOOOOW!!
I think there is/are hardware issues that I need help determining. I have an older Lenovo Yoga 730 13IKB and have replaced the SSD with a new PNY 5th gen CS2150. It took my Windows 11 25H2 installation from USB over 45 minutes to finish the clean install to the Win11 Setup Screen (choose language, etc). Any expert advice diagnosing this unhappy laptop is WELCOME! BTW, even after running Windows Update, getting all the up-to-date drivers, Device Manager shows everything having drivers, and the BIOS is the most recent per Lenovo's Drivers page for this laptop, the phrase "slower than molasses in January" applies to this Yoga. Why so slow? Details Lenovo Yoga 730-13IKB Type 81CT Core i5-8250U 8GB RAM in dual channel mode (not replaceable) PNY 1TB 2280 m2 SSD PCIe 5th genx4 Windows 11 Home 25H2 OS build 26200.6584
Cannot Boot from Windows 11 USB Installation Media
So the story is a long one. I updated one of my Windows 10 PC's successfully to Windows 11 using the Rufus tool and all was well. What I hadn't noticed was that the previous Windows 10 install had for some strange reason put the Windows Boot Manager on another 'Data only' Solid State drive (presumably creating a small partition on it). The Windows 11 upgrade process left it there. A few days later my PC would not boot. I think I have tracked it down to the failed m.2 NVMe drive where the Boot Manager was. I installed the drive in a USB carrier but the whole drive was impossible to read. It looks dead. So I thought I would try booting from a Windows 11 USB drive - then from the repair tools try to use the Bootrec tools to fix the MBR on the actual proper Windows 11 installation C drive. I have not got to being able to do that as I just cannot get any Windows 11 USB drive to boot up I have tried the original Rufus generated drive (which incidently works fine on two other PC's I have), then tried Media Creator Tool with fresh USB drive from Microsoft sources. No luck. I have been in BIOS and checked Secure Boot UEFI is on. The CSM entry allows UEFI and Legacy. Its the same on PC's that can boot up. The BIOS was updated to latest from ASUS. No luck. When it starts up it appears it is going to boot, you get the ASUS logo then circle wait scroll - then it blue screens. Nothing. Can anyone suggest another way to get a proper Boot Manager on the Windows 11 drive installation?. Could I put that Windows 11 drive in another PC and then target it to add the necessary Boot manager (booting from a USB drive in the first place)? Basically that System C drive is fine - it has no Boot Record. If my original Windows 10 Pro install had not put the Boot Manager on a totally separate drive I would not have this issue. I even checked PSU rails in the system - all OK. At present I have run out of ideas. Anything anyone could suggest to get the USB to boot up would be welcomed. Motherboard is an older Z390A Prime system with Intel 9900K CPU.
Programmatic Method to Limit Data Usage in Windows 11
I think this is my first post so hoping I'm putting it in the right place! I'd like to impose a Data Limit on corporate SIM/Cellular cards in our laptops. There is a way for users to set their own data limits, as shown in this conversation: How to Limit Data Usage in Windows 11 | Microsoft Community Hub However, I'd like to apply this setting myself automatically via Intune, perhaps via a PowerShell script. Can we please have a registry setting or even better an Intune CSP to automate the creation of data limits?
Use mobile phone with windows 11 as desktop extender?
Is there an official way to use a mobile phone(preferably with usb connection) so the mouse can be used on my mobile phone to run it if docked with a windows 11 pc? I have it plugged into a port for power via usbc and keep wanting to move my mouse into the phone to use it. It's a 40gb usbc port so I would assume it's not a bandwidth limit. Not sure what the phones port limit is. It's a samsung galaxy a16 5g with 25 quickvolt recharging. I think it can transfer files via the port. Haven't tested this but it acts like it can.
Using Advanced Startup in Settings to boot from USB resets pin
This has happened on a few occasions recently in the past few weeks on 3 separate computers being worked on. I boot off of a USB to do a memtest. I use the Advanced Startup section in Recovery in 10/11 and choose to boot from the USB in the Recovery Environment. Once the tests completes, I boot back to the login screen and the pin has been wiped and has to be re-set up. I'm wondering why it does this and how do I mitigate this as I routinely test machines memory from the USB? On the most recent machine, it has caused a massive issue as my customers rarely know their passwords. So now were are going backwards trying to reset passwords to be able to get codes (which also don't work because it says "Try another verification method..."). It has become one hurdle after another. My assumption is that it is tripping Secure Boot, but if I'm initiating this from within Windows, isn't it declaring the USB "Safe"? I'd rather not have to turn off Secure Boot every time like I used to in the past, but I haven't had this issue until recently.
