Windows App Management in Microsoft Intune
Audit every managed and unmanaged app per device with more metadata, including publisher, architecture, estimated size on disk, install location, uninstall commands, to help troubleshoot PCs and expose shadow IT before it spreads. Pull curated Win32 apps straight from the Enterprise App Catalog or upload PowerShell scripts to control exactly how each app installs. Stage rollouts in rings with Intune deployments, to gradually deploy, pause or cancel any deployment in flight; and auto-trust every app you push using App Control for Business with Managed Installer, which also works with Autopilot as you provision new devices, now with up to 25 apps. Keep your fleet of apps up-to-date automatically as vendors publish new versions through the Enterprise App Catalog, or trigger updates on demand from the Guided Upgrade Supersedence report. Nicole Zhao, Microsoft Intune Product Manager, shares how to put these built-in enhancements to work across every managed device. *Intune Deployments is currently in private preview. Capabilities shown are subject to change and not yet generally available. Identify shadow apps across your managed devices. Microsoft Intune’s app inventory now surfaces publisher, architecture, size on disk, install location, & uninstall command per device. See how it works. Auto-trust every app you deploy through Intune. App Control for Business with Managed Installer tags your deployments as safe and scopes trust to specific user groups. Check it out. One toggle, continuous app updates. The Enterprise App Catalog in Intune pushes vendor releases to managed devices automatically, or surfaces them in a Guided Supersedence report for manual review. Try it now. QUICK LINKS: 00:00 — Built-in app management 00:51 — App Inventory Visibility 01:42 — Enterprise Application Management (EAM) 02:28 — PowerShell Script Installer GA 03:09 — Ring-Based Deployment Plans 04:44 — Managed Installer Auto-Trust 05:39 — Enterprise App Catalog Auto-Update 06:12 — Guided supersedence 06:50 — Wrap up Link References Go to https://aka.ms/IntuneAppManagement Check out https://aka.ms/RSAC26-Intune-Blog from the RSA Conference for additional security context and guidance when managing apps with Microsoft Intune. Unfamiliar with Microsoft Mechanics? As Microsoft’s official video series for IT, you can watch and share valuable content and demos of current and upcoming tech from the people who build it at Microsoft. Subscribe to our YouTube: https://www.youtube.com/c/MicrosoftMechanicsSeries Talk with other IT Pros, join us on the Microsoft Tech Community: https://techcommunity.microsoft.com/t5/microsoft-mechanics-blog/bg-p/MicrosoftMechanicsBlog Watch or listen from anywhere, subscribe to our podcast: https://microsoftmechanics.libsyn.com/podcast Keep getting this insider knowledge, join us on social: Follow us on Twitter: https://twitter.com/MSFTMechanics Share knowledge on LinkedIn: https://www.linkedin.com/company/microsoft-mechanics/ Enjoy us on Instagram: https://www.instagram.com/msftmechanics/ Loosen up with us on TikTok: https://www.tiktok.com/@msftmechanics Video Transcript: -Controlling the application layer on devices, delivering the right apps, keeping them secure, up to date, and protected has always been one of the toughest challenges as you manage IT environments. This is nothing new, but what is new is how much easier Microsoft Intune now makes it. With the latest built‑in app management enhancements, you can more easily discover apps across your environment with clearer visibility into your full app inventory per device, simplify app preparation and deployment through pre-packaged apps or with scripted installs, as well as safer, gradual app roll-outs using ring-based deployments. -Ensure only trusted apps run by automatically trusting deployed apps through App Control for Business with Managed Installer, and keep devices automatically on the latest versions as vendors release updates, using the new auto-update capability with your Enterprise App Catalog. It all starts with knowing what apps people have running on their managed devices. And that’s where the latest improvements to app inventory in Intune give you the full up-to-date picture with minimal latency. -Here, for each device, you can see a comprehensive list of inventoried applications, including both managed and unmanaged apps. Importantly, we’ve added more app metadata to help you make better decisions about your apps or start troubleshooting. For each app, you can see the publisher name, architecture, and now even estimated size on disk, as well as installed location, uninstall command, and languages, as long as that information was registered in Windows. For shared devices, we’ve also improved the per user app information to include all users on the device. This gives you clear visibility into which applications exist in your environment, to help you identify unknown or shadow applications that may be running against your policy and governance controls. Next, for getting the right apps deployed, let me show you how we’ve made it easier to bring apps into your managed catalog. -Here, Enterprise App Management, or EAM, is designed to simplify app lifecycle management. I’m going to start by creating an app. Unlike the consumer-focused Microsoft Store, which uses community-driven WinGet app types for app discovery, EAM provides a curated list of enterprise-ready Win32 apps. You can find these apps by choosing the Enterprise App Catalog app type and Confirm. From there, you just need to search for the apps you want. In this case, I’ll look for Blender, and then under Configuration, you’ll find available architectures and versions. You’ll see that it pre-populates the app information. And in the Program tab, the install and uninstall command lines are pre-populated, as well as the exit codes. -Now, this used a command line installer type, but something new to give you even more control is the script installer, which is now generally available. This lets you use PowerShell script to control the installation of your Win32 apps. So, I’ll change the installer type to be a PowerShell script, and that will expose a control to upload a custom script as a PS1 file. Next, I’ll choose the Blenderinstaller script from File Explorer. It conveniently enters the name field for me and then mounts the script to give a preview of the pre-installation commands it runs. This gives you precise control over the install behavior of your apps using script-based installation. And as we progress, the rest of the steps for getting this app deployed to your managed devices should be pretty familiar. -Next, for app roll-outs, Intune’s policy-driven deployment lets you introduce application changes gradually using Deployment Plans. This helps avoid issues from misconfigured, compromised, or unintended app updates, giving you more control over the roll-out process. Let me show you how to create a deployment. You’ll start in Deployments, which you’ll find under Managed Devices. At the top, you’ll see two tabs: Deployments, which lists the app payloads targeted for existing roll-outs; and Deployment Plans, which are reusable deployment schedules that you create with ring timing, as well as assigned groups. I’ll move to the Deployments tab and select Create. Then I’ll give it a name, Global Secure Access Client, and description, East Coast rollout, Next, I’ll select a payload. I’ll choose Win32 and Add Payload, and select Global Secure Access Client. -Now I’ll configure the deployment schedule, which is the key step when setting up this deployment. Here I can either build rings manually, where you’ll add time offsets per ring, or I can load an existing deployment plan. In this case, I’ll load a plan. From here, I can choose the plan I want. I’ll pick the East Coast retail store rollout plan. I’ll choose a start date and add a time. Once the plan loads, all the rings are added with their timelines and associated groups or exclusions. For example, this one has a one-week offset between each ring. When I move to the last Review step, this dialog on top tells me that, once created, I can pause, resume, or cancel the deployment at any time. -From there, I can review my deployment and confirm by hitting Create. Now my app will roll out based on this defined schedule. Let’s look at the latest capabilities for keeping your apps trusted. First, App Control for Business with Managed Installer in Intune means that apps you deploy using this method are automatically tagged as safe apps, without manual allow-listing. It lets you upload your app control policies as XML files or leverage built-in controls to automatically trust apps from the managed installer. -There’s also a new option to target the Managed Installer to specific groups where you enable Intune Managed Extension as Managed Installer and scope the managed installer to specific users with inclusion and exclusion policies. Additionally, with Managed Installer enabled during Autopilot device preparation, you can ensure apps are trusted right from the start as you provision new devices. And using device preparation policies, Autopilot also supports an increased app limit of up to 25 apps. Of course, you can combine these capabilities with Windows Defender Application Control together with Intune to allow only trusted and approved apps to run on your managed devices. Now let’s look at new ways to keep apps on the latest version. -First, with the new auto-update capability using the Enterprise App Catalog, you can have Intune automatically keep apps up-to-date on your managed devices. When you add a new app using the Enterprise App Catalog, as part of the initial configuration in the Updates tab, you can choose between Automatically Update and Update with Supersedence. This is a one-time setting that allows Intune to automatically install updates as they are published. From there, once you confirm, you’ll see that, by design, many of the subsequent settings have been streamlined to just Scope tags, Assignments and Review + Create. -And if you want more control over app updates, our second option, Guided Upgrade Supersedence, automatically surfaces available updates of your deployed apps without you having to go look for new versions of each app manually. You’ll see that, under Apps in the Monitor blade, you’ll find a new report called Enterprise App Catalog apps with updates. By clicking into one of these apps, you’ll see that there is an update button in the upper left corner. This lets you supersede existing app versions for that app on managed devices in just a few clicks. You’ll see that all of the necessary information is pre-populated. And this is the same with the program tab and subsequent tabs in the app deployment workflow, including the supersedence relationship. -Everything you’ve seen today is about simplifying control of your application layer, making apps easier to discover, deploy, trust from day one, and keep automatically up to date, so you can deliver the right apps securely and consistently across your environment. To find out more, check out aka.ms/IntuneAppManagement Keep watching Microsoft Mechanics for the latest tech updates, and thanks for watching!
A Practical Look at Device Analytics and Risk Signals with Microsoft Intune
As organizations increasingly rely on laptops, mobile devices, and cloud‑connected applications, visibility into device health, configuration, and security posture is critical. Performance degradation, outdated configurations, and elevated device risk can negatively affect productivity and increase exposure to security threats. Microsoft provides an integrated set of services—Microsoft Intune and Microsoft Defender for Endpoint—that support modern device management, evaluate device risk, and help organizations enforce consistent security controls across their environments. This guide explains how these services work together, the role of Microsoft Configuration Manager, and how built‑in analytics and compliance signals can be used to improve device reliability and security. The Role of Microsoft Configuration Manager Microsoft Configuration Manager (formerly System Center Configuration Manager, or SCCM) is an on‑premises management platform used to deploy applications, manage software updates, enforce configuration baselines, and evaluate compliance—primarily for Windows devices. When Configuration Manager is used together with Microsoft Intune through co‑management, organizations can extend their existing on‑premises management with cloud‑based capabilities. In a co‑managed environment: Configuration Manager continues to manage traditional workloads. Microsoft Intune adds cloud‑based device management and compliance evaluation. Management workloads can be moved gradually from Configuration Manager to Intune. This approach enables organizations to support both legacy infrastructure and modern cloud‑first device management strategies during transitions or hybrid deployments. Learn more: Co-management for Windows devices - Configuration Manager | Microsoft Learn How Microsoft Defender for Endpoint Contributes to Device Security Microsoft Defender for Endpoint is a unified endpoint security platform that delivers preventive protection, post‑breach detection, automated investigation, and response. It continuously evaluates device activity and assigns device risk levels based on observed threats and security signals. Core capabilities include: Threat and vulnerability management, which identifies software vulnerabilities and security misconfigurations Attack surface reduction capabilities to limit common attack vectors Endpoint detection and response (EDR) for alerting, investigation, and forensic analysis Automated investigation and remediation to reduce manual response effort Threat intelligence derived from Microsoft’s global security telemetry When Defender for Endpoint is integrated with Microsoft Intune, device risk levels can be used within compliance policies and Conditional Access to restrict access to organizational resources when risk thresholds are exceeded. Learn more: Integrate Microsoft Defender for Endpoint with Intune for Device Compliance - Microsoft Intune | Microsoft Learn What Microsoft Intune Provides Microsoft Intune is a cloud‑based unified endpoint management (UEM) service that enables organizations to manage devices, protect organizational data, and enforce security requirements across Windows, macOS, iOS, iPadOS, and Android devices. Core Intune capabilities include: Cross‑platform device enrollment and lifecycle management Configuration profiles to apply standardized device settings Compliance policies to evaluate whether devices meet security requirements App protection policies that safeguard organizational data within applications, including on personal (BYOD) devices Integration with Microsoft Entra ID Conditional Access for access decisions based on compliance and risk By integrating Intune with Defender for Endpoint and Conditional Access, organizations can adopt a risk‑based access model that takes real‑time device health and security posture into account. Learn more: What is Microsoft Intune - Microsoft Intune | Microsoft Learn Choosing How to Use Intune and Defender for Endpoint Microsoft positions these services as complementary: Microsoft Intune focuses on device and application management, configuration, and compliance. Microsoft Defender for Endpoint focuses on endpoint threat protection, detection, and response. Many organizations deploy both to combine centralized management with advanced security capabilities. Together, they allow device configuration, security monitoring, and access control to operate as a unified system rather than isolated tools. Microsoft Intune Licensing Overview Microsoft Intune Plan 1 is included with several Microsoft subscription offerings. For nonprofits and small organizations, Microsoft 365 Business Premium includes Intune Plan 1 by default. Other plans that include Intune Plan 1 (as of March 2025) include: Microsoft 365 E3 and E5 Enterprise Mobility + Security (EMS) E3 and E5 Microsoft 365 F1 and F3 Microsoft 365 Government G3 and G5 Microsoft Intune for Education Feature availability may vary by license, and organizations should always review the official service descriptions for current inclusions and limitations. Learn more: Licenses available for Microsoft Intune - Microsoft Intune | Microsoft Learn Designing an Effective Device Enrollment Strategy An effective enrollment strategy establishes consistent management and security controls from the start. Microsoft recommends that organizations: Define security and management objectives. Select appropriate enrollment methods such as Windows Autopilot, Microsoft Entra ID join, or manual enrollment. Apply standardized configuration and security policies. Use compliance policies to evaluate device posture. Plan for scalability and long‑term device lifecycle management. Provide end‑user guidance to support adoption. Enrollment is the foundation for applying policy, evaluating compliance, and maintaining ongoing visibility into managed devices. [learn.microsoft.com] Coordinating Intune and Defender During Device Onboarding Microsoft documents a layered onboarding approach that commonly includes: App protection policies Protect organizational data within supported applications, including on unenrolled BYOD devices. Device enrollment in Intune Enables configuration management, compliance assessment, and reporting. Compliance policies Define security requirements such as OS version, encryption, password policies, and update status. Conditional Access Enforces access decisions based on Intune compliance results and Defender for Endpoint device risk levels. Configuration profiles Apply standardized security and operational settings. This approach helps ensure devices meet baseline security requirements before accessing sensitive organizational resources. Using Endpoint Analytics to Improve Device Experience Endpoint Analytics, available in Microsoft Intune, provides insights into device performance, reliability, and user experience. Microsoft positions Endpoint Analytics as an operational analytics tool, not a real‑time threat detection system With Endpoint Analytics, IT teams can: View dashboards showing startup performance, application reliability, and device health Compare devices against established performance baselines to identify underperforming endpoints Use generated scores and insights to prioritize remediation Investigate issues affecting the end‑user experience, such as slow boot times or outdated configurations These insights help organizations shift from reactive troubleshooting toward proactive device optimization. Learn more: Endpoint analytics overview - Microsoft Intune | Microsoft Learn Summary By combining Microsoft Intune, Microsoft Defender for Endpoint, and Endpoint Analytics, organizations can manage devices consistently, evaluate device health and risk, and enforce access controls based on real conditions rather than assumptions. This integrated approach supports modern work by improving visibility, strengthening security posture, and enabling IT teams to make data‑driven decisions that protect users and organizational data.Agents in Microsoft Intune | Automate Policy Creation, Troubleshooting & Fix Guidance
Automate device and security policy management by turning written compliance requirements into Intune policies. Use natural language to draft, refine, and deploy configuration profiles, review AI-generated recommendations with confidence scores, and stay in full control before publishing to your environment. Reduce risk and manual effort by automatically evaluating admin change requests and blocking harmful scripts before deployment. Prioritize vulnerabilities from Defender, translate them into actionable Intune remediation steps, and schedule ongoing fixes. Jason Githens, Microsoft Intune Principal GPM, shares how to move from reactive security work to continuous, proactive protection. Note: At the time of publishing this video, the Change Review Agent and Policy Configuration Agent are in public preview and the Vulnerability Remediation Agent is in limited public preview. Use natural language to generate ready-to-review policies. Check out the Policy Configuration Agent in Microsoft Intune. Reduce security risk. Detect destructive or compromised change requests in real time. and get AI-driven approve/reject recommendations. Start using the Change Review Agent in Microsoft Intune. Shift from reactive patching to proactive security. See how to schedule automated vulnerability remediation inside Intune. QUICK LINKS: 00:00 — Automate work with Intune Agents 01:08 — Policy Configuration Agent 01:36 — Policy drafts 02:27 — Create a new knowledge source 03:25 — Create a new policy 04:49 — Change Review Agent 06:19 — Vulnerability Remediation Agent 07:46 — Wrap up Link References To get started, go to https://aka.ms/IntuneAgents Unfamiliar with Microsoft Mechanics? As Microsoft’s official video series for IT, you can watch and share valuable content and demos of current and upcoming tech from the people who build it at Microsoft. Subscribe to our YouTube: https://www.youtube.com/c/MicrosoftMechanicsSeries Talk with other IT Pros, join us on the Microsoft Tech Community: https://techcommunity.microsoft.com/t5/microsoft-mechanics-blog/bg-p/MicrosoftMechanicsBlog Watch or listen from anywhere, subscribe to our podcast: https://microsoftmechanics.libsyn.com/podcast Keep getting this insider knowledge, join us on social: Follow us on Twitter: https://twitter.com/MSFTMechanics Share knowledge on LinkedIn: https://www.linkedin.com/company/microsoft-mechanics/ Enjoy us on Instagram: https://www.instagram.com/msftmechanics/ Loosen up with us on TikTok: https://www.tiktok.com/@msftmechanics Video Transcript: -You can now manage your device and security policies without manual work and automate tasks that previously were not automatable. How? Well, today I’ll demonstrate new agents in Microsoft Intune. As part of Security Copilot, they’re now included and rolling out with Microsoft 365 E5. These are designed to automate the busy work for you while continuously improving the security of your digital estate. This includes the new Policy Configuration Agent, which can reason over your compliance documents, for example, security technical implementation guides, STIGs, and create matching Intune policies automatically. The Change Review Agent, which evaluates admin requests, like scripts, using signals from Microsoft Intune, Entra, and Defender, to recommend change request actions, such as approve or reject, before they’re deployed. -Along with the Vulnerability Remediation Agent that analyzes the signals across Defender and Intune and proactively creates recommendations for medium to high-risk device vulnerabilities so they don’t get missed. They use natural language reasoning to interpret your instructions together with your policy control plane to generate informed and actionable configuration guidance. In fact, let’s take a look at what these agents can do, starting with the Policy Configuration Agent, which converts written requirements into actionable settings. From the Agents page in Intune, you can see all of your available agents. I’ll choose the Policy Configuration Agent, and here you’ll see Agent suggestions and Activity. There are tabs for Knowledge, Suggestions, and Settings. When you use this agent, it will create configuration profiles in Intune that will appear alongside your existing device policies. So these aren’t agent-only policies. -These are policies that you or other admins on your team would have typically set and are based on the instructions you’ve laid out. Let me show you. I’m going to create a new policy. You can create policy drafts by describing the configurations you want in natural language as written instructions and optionally, you can use a knowledge source by uploading a text file, which I’ll demonstrate here. But before I do that, let me show you what I’ll be basing it on. For that I’ll move into a text editor, Notepad in my case. You’ll typically start by having or creating this type of knowledge source. You can see it’s a written text document that gives the agent a natural language description of all the different device configurations that need to be set according to specific internal or regulatory compliance requirements. As you saw, it used descriptive, but not precise, terms to help instruct the agent on the breadth of settings available to them. -Back in Intune in the Knowledge tab, you can see all of our uploaded txt files. I’ll Create New this time a knowledge source. I’ll give it a name, then input a description to explain what it’s for. Below that, I can upload a document, so I’ll navigate to my file to upload, then hit Review to confirm. Depending on your file, this could take a minute or so to process, but in my case, I’m processing around 50 settings that could have taken hours to match manually. You can watch this progress from the Overview tab. Once it’s finished, in this case it actually took around three minutes, it will appear under Agent suggestions on the Overview tab. And if I click into the file I just uploaded, you can see the agent has successfully mapped several different settings from the baseline directly to an enforceable Intune policy. -Additionally, the agent has provided a percentage confidence rating for each setting. These scores help you understand how accurately it was able to translate your regulatory or configuration document into actual Intune policy settings. Now that the knowledge source has been mapped with the settings, we’re ready to build a new policy from it. This time, I’ll Create a New policy draft. I’ll give the policy a name and then I’ll add a short description. Now from the optional Knowledge source dropdown, I’ll select the baseline that we just uploaded and processed. You can also create policy drafts without using a defined knowledge source. I need to instruct it to create a policy, or optionally, I can prompt it to remove or refine a setting described in the file. This makes sense, for example, in cases where we know it’s already part of another all devices policy. -Here, you can also add a document that will be appended as text to your instructions. From there, I just need to hit Create. That process will take a few minutes to run, so we’ll skip ahead in time to show the results. In Agent suggestions, I can see my policy draft on top. When I click in, I can see all of the policy details and settings. Everything looks good to me. In my case, it was able to match all the settings. So I’ll create the configuration policy from this draft using the standard policy deployment flow. Importantly, you can review all its configurations and make changes here if you want, just like you normally would before enabling it. Add scope tags and you can assign it to groups or devices. I’ll assign devices later. Then I can review and deploy it using the normal process. Once it’s published, if I move over to my configuration policies, I can see the new one right here with the rest of our policies. -Next, let’s move on to the Change Review Agent. Think of this like an expert script author and troubleshooter to help you evaluate admin change requests. I’m in the Change Review Agent, and to show you what’s behind this, I’ll move right into the Settings tab, and the first thing you might notice is that the agent is operating with a lot of rich information as context from Intune, Entra, Defender, including Threat Intelligence. It pulls signals from all of these sources to fully understand the impact of any proposed change. Moving back to the Overview tab, you can see that the agent has reviewed multiple admin approval requests with a recommendation to approve or reject appended as a prefix to each script name. -Let’s look at this script submission as an example. As soon as the script is loaded, the agent analyzes it, providing deeper context and a summary of what the script does. It has identified that this is a highly destructive script designed to wipe managed devices using Graph API calls. The change requester had no previous risk identified, and the business justification was determined to be vague, so it’s likely this person’s account was compromised. You can view the request to look at what the script is doing exactly, and there’s our device wipe. All of these signals are processed in real time to help determine whether the change should be approved or rejected. In this case, the agent concludes that the script is clearly harmful if executed with its current all managed devices scope, so it recommends rejecting the request. The agent is able to rapidly decipher between legitimate and adversarial intent or policy conflicts from change requests that would introduce risk into your environment. -Finally, the Vulnerability Remediation Agent assesses critical vulnerabilities from Microsoft Defender. It does this in a prioritized manner and maps them to at-risk devices managed in Intune to help you automate fixes. I’ll start in the Microsoft Defender portal under vulnerability management to first set some context. -Here, you’ll see a clear view of the top risk in your environment, including impact scores, exposed devices, severity, owners, and the associated CVEs. Here’s an example where the dashboard flags an application vulnerability that requires updating Relecloud Sync app. You can drill into the details, understand the exposure, and prioritize remediation, but typically this is where the workflow stops. Defender identifies the issue, and remediation has to be coordinated manually. -That’s where the Vulnerability Remediation Agent comes in. It takes prioritized vulnerability data from Defender and brings it into Intune. The result is that you can automate remediation in place from where you manage your device endpoints without switching context or accessing Defender. In our example, Defender indicates Relecloud needs to be updated to version 14.0.7. The agent translates that guidance into actionable steps. On the other hand, if I open the suggestion to update Microsoft Windows 11, OS and built-in applications, you’ll see that not only is the update recommended, but also, best-practice security configuration changes are all listed right here. -And if I move into the agent settings, you’ll see that this agent also lets you automate runs based on a schedule. So that’s how Intune agents help you move from manual effort to intelligent automated guidance while keeping you in control of implementing agent recommendations. And in the future, we’ll start to integrate AI actions into common Intune workflows that you perform every day. -To get started, log into Intune and try out the new agent capabilities. In fact, if you’re already logged in, just go to aka.ms/IntuneAgents and keep watching Microsoft Mechanics for the latest updates. Thanks for watching.
1000 Free Udemy Coupons on Microsoft Power Automate With AI Builder
<<BAKRI ID(Id-ul-Ad'ha) -- 1000 FREE UDEMY COUPONS ON RPA>> On the Occasion of BAKRI ID(Id-ul-Ad'ha), I am very happy to share 1000 Free udemy coupons on Microsoft Power Automate With AI Builder Title : Advanced RPA - Microsoft Power Automate With AI Builder https://www.udemy.com/course/microsoft-power-automate-with-ai-builder/?couponCode=LT-BAKRID <<Our other courses on Udemy and Udemy Business>> Title : PL-500 Microsoft Power Automate RPA Developer BootCamp Link: https://www.udemy.com/course/pl-500-microsoft-power-automate-rpa-developer-bootcamp/?referralCode=891491BAB7F20B865EE6 Title 1: Become RPA Master in MS Power Automate Desktop https://www.udemy.com/course/microsoft-power-automate-desktop-tutorials-for-beginners/?referralCode=03D49B549EE2193E79EE Title 2: RPA : Microsoft Power Automate Desktop - Zero to Expert : 2 https://www.udemy.com/course/microsoft-power-automate-desktop-course-zero-to-expert-2/?referralCode=783F39A1D0CDB4A70A7C Title 3: RPA:Microsoft Power Automate Desktop:Intelligent Automation https://www.udemy.com/course/power-automate-desktop-course-intelligent-automation/?referralCode=E8C51F3C27EA98FE100C Connect with me on LinkedIn : https://www.linkedin.com/in/ameer-basha-p-b44880262/ Youtube Channel : www.youtube.com/learningtechnologiesHow to Add Microsoft 365 Apps to Windows 10/11 Devices Using Microsoft Intune
Managing applications across various devices is crucial for maintaining productivity and security in any organization. Microsoft Intune provides a comprehensive solution for app management, allowing administrators to deploy, configure, and protect applications seamlessly. It allows administrators to install and manage applications on multiple devices at the same time instead of logging into each device and installing applications one by one. This blog will guide you through the process of adding Microsoft 365 Apps to Windows 10/11 devices using Microsoft Intune. Microsoft 365 Apps include: Word, PowerPoint, Excel, Outlook, etc. Adding Microsoft 365 Apps to Intune Before you can assign, monitor, configure, or protect apps, you must add them to Intune. Microsoft 365 App can be added to Intune and deployed to devices running Windows 10/11. Here’s how you can do it: 1. Sign in to Intune: Access the Microsoft Intune admin center using your administrator account credentials by going to Intune Admin Center. 2. Navigate to Apps: In the admin center, select Apps > All Apps (manages all applications for all platforms) > Add. 3. Select App Type: In the App type drop-down box, choose Microsoft 365 Apps for Windows 10/11. 4. App Suite Information: In this step, you will provide information about the app suite. This information helps you to identify the app suite in Intune, and it helps users to find the app suite in the company portal. In the App suite information page, you can confirm or modify the default values: Suite Name: Enter the name of the app suite as it is displayed in the company portal. Make sure that all suite names that you use are unique. If the same app suite name exists twice, only one of the apps is displayed to users in the company portal. Suite Description: Enter a description for the app suite. For example, you could list the apps you've selected to include. Publisher: Microsoft appears as the publisher. Category: Optionally, select one or more of the built-in app categories or a category that you created. This setting makes it easier for users to find the app suite when they browse the company portal. Show this as a featured app in the Company Portal: Select this option to display the app suite prominently on the main page of the company portal when users browse for apps. Please note: If you select "Yes" the app will show as a featured app in the Company Portal and the user will have to go to Company Portal and install add manually. If you select "No" if plan to install automatically. Information URL: Optionally, enter the URL of a website that contains information about this app. The URL is displayed to users in the company portal. Privacy URL: Optionally, enter the URL of a website that contains privacy information for this app. The URL is displayed to users in the company portal. Developer: Microsoft appears as the developer. Owner: Microsoft appears as the owner. Notes: Enter any notes that you want to associate with this app. 5. Click Next to display the Configure app suite page Configuring App Suite Intune allows you to configure the Microsoft 365 app suite to meet your organization’s needs. You can use the configuration designer or XML data to customize the installation: 1. Configuration Designer: This tool provides a user-friendly interface to configure settings such as language, update channel, and app preferences. This does the deployment automatically with the help of Configuration Designer. Please see steps below: Configure app Suite: On the Configuration app suite page choose Configuration designer. Select Office apps: Select the standard Microsoft 365 apps that you want to assign to devices by choosing the apps in the dropdown list. Select other Office apps (license required): Select additional Microsoft 365 apps that you want to assign to devices and that you have licenses for by choosing the apps in the dropdown list. These apps include licensed apps, such as Microsoft Project Online desktop client and Microsoft Visio Online Plan 2. App Suite Information: Architecture: Choose whether you want to assign the 32-bit or 64-bit version of Microsoft 365 Apps. You can install the 32-bit version on both 32-bit and 64-bit devices, but you can install the 64-bit version on 64-bit devices only. Default file format: Choose whether you want to use Office Open Document Format or Office Open XML Format. Update Channel: Choose how Office is updated on devices. For information about the various update channels, see Overview of update channels for Microsoft 365 Apps for enterprise. Choose from: Monthly Monthly (Targeted) Semi-Annual Semi-Annual (Targeted) After you choose a channel, you can choose the following: Remove other versions: Choose Yes to remove other versions of Office (MSI) from user devices. Choose this option when you want to remove pre-existing Office .MSI apps from end-user devices. The installation won't succeed if there are pre-existing .MSI apps on end-user devices. The apps to be uninstalled aren't limited to the apps selected for installation in Configure App Suite, as it will remove all Office (MSI) apps from the end user device. For more information, see Remove existing MSI versions of Office when upgrading to Microsoft 365 Apps. When Intune reinstalls Office on your end user's machines, end users will automatically get the same language packs that they had with previous .MSI Office installations. Version to install: Choose the version of Office that should be installed. Specific version: If you have chosen Specific as the Version to install in the above setting, you can select to install a specific version of Office for the selected channel on end user devices. Properties: Use shared computer activation: Select this option when multiple users share a computer. For more information, see Overview of shared computer activation for Microsoft 365 Apps. Automatically accept the app end user license agreement: Select this option if you don't require end users to accept the license agreement. Intune then automatically accepts the agreement. Languages: Office is automatically installed in any of the supported languages that are installed with Windows on the end-user's device. Select this option if you want to install additional languages with the app suite. 2. XML Data: For more advanced configurations, you can use XML data to define the app suite settings. This method is particularly useful for deploying the Microsoft 365 Apps for business edition. Configuration options for the Office Deployment Tool Assignments Assignments in Microsoft Intune refer to the process of distributing and managing applications, policies, and configurations to users and devices within an organization. This ensures that the right apps and settings are available to the appropriate users and devices. 1. Select the Required, Available for enrolled devices, or Uninstall group assignments for the app suite. For more information, see Add groups to organize users and devices and Assign apps to groups with Microsoft Intune. 2. Click Next to display the Review + create page. Conclusion Microsoft Intune simplifies the process of deploying and managing Microsoft 365 Apps across Windows 10/11 devices. By following the steps outlined in this guide, you can ensure that your organization’s apps are deployed securely and efficiently, enhancing productivity and maintaining security.Golden Path for Education - Part 1a
What is Golden Path Golden Path was developed to simplify and enhance the security of deploying a Microsoft 365 tenant solution in education. It consists of three stages: Stage 1: Deployment Guides are available online at Golden Path. This stage includes: Baseline - Stage 1a Standard - Stage 1b Advanced - Stage 1c Stage 2: A Discovery/Assessment AI tool is used to expose the tenant's configuration and analyze it against the tenant's license configurations, tenant and service settings, Microsoft's general education recommendations, and customer requirements. Stage 3: Drift Configuration management helps understand changes made against the established configuration in the tenant. These changes can be reversed or modified before any breaches or irregularities create problems. Goals and Objectives for Golden Path Goals Develop prescriptive deployment guides that provide a centralized resource with education-specific scenarios to assist organizations in defining, managing, and organizing their tenant and appropriate applications. Reduce the overall complexity of tenant and service deployment. Establish baseline recommended pathways to facilitate a common and agreed-upon configuration based on subject-matter experts. Utilize AI technology to uncover and compare recommended settings against user requirements based on documented configurations. Implement phased configurations to aid customers and partners in understanding what they may not know or should consider during discovery to meet customer expectations. Highlight unused features and products to ensure customers fully leverage the potential and benefits of their purchased product licenses. Identify opportunities for partner participation in achieving customer goals and expectations based on customer requirements and Golden Path findings. Create an easy pathway for customer change management to enhance control, security, compliance, and privacy of tenants. Develop custom assessments to evaluate product entry for items such as Copilot, Defender, Purview, Intune, Zero-Trust, and Microsoft Entra ID. Objectives Deliver information for features available (used/unused) to users based on license model. Prescriptive recommendations based on education scenarios. - Present upgrade license opportunities from A1 to A3 to A5. Security analysis exposing gaps and issues proactively to allow modifications before it's too late. Promote partner access to customers that have defined gaps based on assessments and are requesting partner assistance. Better discovery and assessment analysis with new tools. Designed to be more self-serving customer and partner access management. Speed up user adoption for educators and IT Admins alike. Baseline Stage 1a Baseline is stage 1a in the overall development of the Golden Path for Education. It is based on a majority of licenses within the tenant at the Microsoft 365 A1 for Education level. It also is a set of recommendations for ALL Microsoft Education tenants. Navigation Golden Path has three folders in the navigations. Golden Path Baseline References Golden Path folder consist of the Golden Path overall review. It goes over the entire program and the how and why it is built. Currently there are two pages, Golden Path overview and Baseline Overview. Golden Path overview menu Golden Path overview Stages (Deployment Guides, Discovery/Assessments, Drift Management) Modules (Setup, Identity, Applications, Security, and Devices) Phases (Baseline(A1), Standard(A3), Advanced(A5)) Baseline Overview Steps for each phase (Setup, Identity, Applications, Security, Devices) Licenses that are included General information links List of links for all applications and products included with A1 license List of links for all features included with A1 license Baseline menu Setup Tenant setup is key to establishing a secure and valid tenant. Setup goes through domain assignment, administration, and service management. Overview - Review all the steps that are part of the setup phase section Step 1 - Create your Office 365 tenant account Step 2 - Configure Security Center admin settings Step 3 - Secure and configure your network Step 4 - Sync your on-premises active directory Step 5 - Provision users Step 6 - Sync SIS with School Data Sync (SDS) Step 7 - License Users Identity Establishing an identity via Microsoft Entra ID and establishing authentication methods, Single Sign-On, and user procurement methodologies. Overview - Review all steps that are a part of the identity phase Step 1 - Understand identity definitions Step 2 - Configure Microsoft Entra ID basics Step 3 - Consider education identity steps Step 4 - Consider identity applications Step 5 - Set up access to operation services Step 6 - Set up identity lifecycle Step 7 - Configure security in identity Step 8 - Manage access controls Applications Applications like Microsoft Teams, SharePoint, OneDrive, Exchange Online are the core to a Microsoft tenant. Getting these applications setup are essential to allowing users in education to access services and apps like Learning Accelerators. Overview - Review all steps that are a part of the application phase Exchange Online o Step 1 - Design an Exchange Online environment o Step 2 - Set up Exchange Online o Step 3 - Configure compliance and security in Exchange Online o Step 4 - Configure address books, shared mailboxes, and clients Microsoft Teams o Overview - What is Microsoft Teams for Education o Step 1 - Configure Microsoft Teams for Education o Step 2 - Configure Microsoft Teams policies and settings for education organization OneDrive/SharePoint - Overview o Step 1 - Plan your OneDrive and SharePoint Deployment o Step 2 - Share within OneDrive and SharePoint o Step 3 - Configure security and access controls in OneDrive and SharePoint o Step 4 - Compliance considerations with OneDrive and SharePoint Security and Compliance Security via each phase is essential to maintaining order and blocking access for bad actors. Along with security compliance/privacy considerations that are established to adhere to a multitude of local and government requirements worldwide. Overview Step 1 - Security Considerations Devices Managed and unmanaged devices are another key to helping secure the network and potential cyber-security considerations that enter the network via these devices. Overview Step 1 - Review device management structure Step 2 - Plan device management Step 3 - Configure settings and applications Step 4 - Deploy and manage devices Windows 11 features and tips References menu Mulit-tenant solutions - Architectural recommendations base on multi or large tenant solutions. Accessibility Deploy Office 365 applications Pooled storage management How do you use Golden Path? Golden Path uses deployment guidelines content that contain education scenario specifics. Golden Path has a linked path for each modules based on the phase (Baseline,Standard,Advanced). Users can follow the deployment content to establish or redefine the tenant configuration in order to enable additional services and products. What’s Next Go to https://aka.ms/gp4edu to access the first part of Golden Path. Part 1b (Standard -A3 content) NEXT Part 1c (Advanced – A5 content) Part 2 - We will create a mechanism to discover the tenant configuration settings and allow customers and partners the ability to qualify what is set to standard recommendation. Using AI to deliver user requirements against the configuration will allow additional paths to enable services and features that allow the user/customer to achieve their objectives. Part 3 – Deliver drift management solution for management of unrealized or understood changes that need to be approved or modified.GET STARTED WITH POWER AUTOMATE
My name is MAH E UROOJ and I'm Muslim Pakistani. I'm newly selected Microsoft Learn Student Ambassador milestone - Alpha. I cordially invite you all to attend an MLSA Challenge scheduled this upcoming week. Fasten your seat belts and get ready to test your knowledge and expertise! Get registered for Ambassadors Challenge! Your all presence will make this Challenge a success. You can also get a chance to win Microsoft Certificate and LinkedIn Premium voucher. The challenge joining URL is given below: Fill in the Microsoft Forms link below as an incentive to participate: https://forms.office.com/r/kKinFRiX3y Clouds Skills Challenge URL: https://learn.microsoft.com/training/challenges?id=8daeda86-6f40-4d3f-a722-90458f757bc8&WT.mc_id=cloudskillschallenge_8daeda86-6f40-4d3f-a722-90458f757bc8&wt.mc_id=studentamb_293206 Start Date: May 28, 2024. End Date: June 06, 2024. Microsoft Ambassadors Cloud Skills Challenge. To get more information about Ambassadors Challenge watch the attached CSC KickOff ppt. LEARN, READ, WRITE & GROW!Microsoft 365 A1 for devices for students
I am looking to moving the students to Microsoft Surface SE laptops and to get Microsoft 365 A1 for devices for students for them. I bought one device and one of these licenses for testing purposes and assigned the license to the device group for the device, but it doesn't seem to work. The MS Office apps all say viewer since the student account is an M365 A1 but this license is supposed to provide not only the Intune support but the licensing for office. What needs to be done or configured for it to work with the device???
