Quantcast
Channel: Windows 365 & Intune Management
Viewing all 144 articles
Browse latest View live

Sequencing Google Chrome using App-V 5.1

June 16, 2018, 12:56 am
$
0
0
1)  Launch the Microsoft Application Virtualization Sequencer from Start->Programs


2)  Select the "Standard application" type in the Type of Application to be Virtualized



3)  Select "Perform a custom installation" in the select installer screen




Provide the virtual application name as Google Chrome and click next.

4)  Before the application is installed, make sure that the below registy entries are placed to disable the updates.

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Google\Update]
"UpdateDefault=dword:00000000
"AutoUpdateCheckPeriodMinutes"=dword:0000000

5)  Start the installation during monitoring phase.Install the package using source "GoogleChromeStandaloneEnterprise.msi"


After installation, perform the following steps.
- Delete the services : Google Update service (gupdate, gupdatem) using the below command in CMD ;
SC DELETE gupdate
SC DELETE gupdatem
- Remove the shortcut from desktop
- Remove the folder Update from Program Files (x86) during monitoring phase, after installation and unpin the application from taskbar after first launch.

6) Click "I am finished Installing"


7) Launch the shortcut in the configure phase and perform any additional post configuration if needed.



To customize further like adding home page, start screen etc.. check this link.

http://app2pack.blogspot.com/2016/02/sequence-customize-google-chrome-480.html



8) Ensure that all the buttons are clicked and opened so that Maximum functions are captured in the "Feature block One" itself.

9) Click next.Select the OS as per the requirement and select continue to modify using package editor option.



10) Create a powershell script to add a registry in the local machine for single signon. Add the below script ( AddSigninreg.ps1 )  under the Package Files --> scripts tab in package editor.

set-location hklm:
new-itemproperty -path "HKLM:\software\policies\Google\Chrome\" -name "SigninAllowed" -propertytype dword -value 0 

Similarly  add the below script ( RemoveReg.ps1 ) 

Remove-Item -Path 'HKLM:\SOFTWARE\Policies\Google\Chrome' -Recurse


11) Save the package.

12) To execute the above scripts,  edit the Google Chrome_DeploymentConfig.xml file.

<MachineScripts>
      <AddPackage>
        <Path>powershell.exe</Path>
        <Arguments>-ExecutionPolicy Bypass -File ".\AddSigninreg.ps1"</Arguments>
        <Wait RollbackOnError="true"/>
      </AddPackage>

      <RemovePackage>
        <Path>powershell.exe</Path>
        <Arguments>-ExecutionPolicy Bypass -File ".\RemoveReg.ps1"</Arguments>
        <Wait RollbackOnError="true" />
      </RemovePackage>
    </MachineScripts>

13) Save the Google Chrome_DeploymentConfig.xml file.

14) Testing the package using standalone powershell.

Enable script execution in the App-V client using the below command in powershell.

Set-AppvClientConfiguration -EnablePackageScripts 1

Publish the Google Chrome App-V package:

Add-AppvClientPackage "path to .appv file" -Dynamicdeploymentconfiguration "path to Google Chrome_DeploymentConfig.xml" | Publish-AppvClientPackage -Global | mount-AppvClientPackage
Search

Build your first MSIX Package using DAC

July 12, 2018, 10:15 pm
$
0
0
Microsoft is building up a MSIX Packaging Tool which we are expecting to be released pretty soon. Till then how to create a MSIX package? It's very easy. If you have used Desktop App Converter tool to create .appx package earlier then you are ready to create MSIX.

The steps to create MSIX are pretty same like how we create .appx using DAC. You can follow the below link to create your first MSIX package.

Project Centennial - First hands on Converting desktop apps to Universal Windows Platform (UWP)

There are some changes that needs to be followed regarding to requirements in the above link. Instead of writing those changes I have decided to share a link where it has been already well explained by Pascal Berger.

https://blog.basevision.ch/2018/07/how-to-create-an-msix-right-now-in-the-insider-preview-a-step-by-step-tutorial/

So why wait? Try out your first MSIX creation.

MS Ignite 2018 : MSIX inside and out - BRK2467

October 10, 2018, 4:24 am

MS Ignite 2018: MSIX – Accelerating Windows 10 and app deployment - BRK3220

October 10, 2018, 4:25 am

Adobe Acrobat DC App-V & Windows 10 Issue - Resolved

October 29, 2018, 11:08 pm
$
0
0
Later have been seeing issues when removing earlier versions of Adobe Acrobat DC and installing newer version in windows 10 1703/1709 which has been explained very well in the below blog by Ryan Ververs-Bijkerk


https://www.logitblog.com/app-v-application-was-unable-to-start-correctly-on-windows-10/


The solution was to restart the machine and try again earlier. Now this is fixed with the release of new updates for windows 10.


1703 fixed in 2018.10 - KB4462939
1709 fixed in 2018.10 - KB4462932
1803 fixed in 2018.10 - KB4462933


Thanks to Tim Mangan for sharing this update information.

MSIX Packaging Tool- 0x80131500 when building

March 7, 2019, 9:29 pm
$
0
0
Recently tested converting TortoiseSVN msi package to MSIX using MSIX Package converter. Everything worked fine during monitoring phase and during build the tool struck up and showed an error code 0x80131500.


Capture.PNG


When checked for the msix log file it showed error stating duplicate ID's in the Appx manifest file.


[3/7/2019 6:38:14 AM] [Error] ERROR: PRI191: 0x80080204 - Appx manifest not found or is invalid. Please ensure well-formed manifest file is present. Or specify an index name with /in switch.

[3/7/2019 6:38:14 AM] [Error]

[3/7/2019 6:38:14 AM] [Error] error C00CE1A1: App manifest validation error: The app manifest must be valid as per schema: Line 20, Column 2554, Reason: 'f26e2640-0cff-43dc-8325-575a3261d885' is a duplicate key for the unique Identity Constraint '{http://schemas.microsoft.com/appx/manifest/foundation/windows10}Class_Id'.

[3/7/2019 6:38:14 AM] [Error]

Since there was no output generated other than the log file, it was hard to find a solution. So when checked in MSIX Techcommunity it seems it is an issue with MSIX tool build v1.2019.110.0. This issue is resolved in latest insider build v1.2019.304.0.


Thanks to JamesPike & Tim Mangan for confirming this issue and its resolution.


Release Notes : https://docs.microsoft.com/en-us/windows/msix/packaging-tool/release-notes/history


Download Free MSIX Packaging Insider Tool : https://docs.microsoft.com/en-us/windows/msix/packaging-tool/insider-program


Join MSIX TechCommunity : https://techcommunity.microsoft.com/t5/MSIX/ct-p/MSIX

Automate Convertion of old App-V 4.6 packages into App-V 5.1 using Powershell

April 1, 2020, 10:05 pm
$
0
0
App-V 5.1 is out now. There might be a case where you need to convert old App-V 4.5 or App-V 4.6 applications to new App-V 5.1 format.If there are one or two packages it will be easy to create. But what if suppose there are some 100's of App-V 4.x apps? It will be quite complex and time consuming. 
This powershell script will make this scenario very easy. Just provide the folder where the old packages (App-V 4.5 or App-V 4.6) are kept and run the powershell script. Within some minutes, new App-V 5.1 packages will be created in the output folder. 
For Example: Create a single folder named App-V packages in C:\ drive (C:\App-V packages). Copy all the old App-V 4.x packages to this folder. Edit the powershell script and give this main folder as input to the  $appv46folder variable.

# specify the folder where bulk App-V 4.6 packages are kept

$appv46folder = "C:\App-V packages"  

NOTE: Do not create subfolders inside the main folder as it has not been handled in the PS.
Run this script where App-V 5.1 sequencer has been installed.Prior to conversion it is good to test the packages for its conversion using Test-AppVLegacyPackage
Convereted App-V 5.1 packages can be found in  C:\AppV5convertedpackages folder.
Check this link to know about converting of old App-V 4.x applications to new App-V 5.1 format – 
NOTE: If you are running a computer with a 64-bit architecture, you must use the x86 version of PowerShell to run this script. Also execution policy has to be enabled to allow this script to be run.
This script can also be used to convert old App-V packages into App-V 5.0 format too. 
Disclaimer: This script is designed only for testing purpose and hence I do not own any responsibility for any system failures or issues. Test the script in your environment before you do any mass conversion.
To download the script click HERE

Intune - Linux Password & Custom compliance policies

November 15, 2022, 4:04 am
$
0
0

Microsoft has recently released Linux support in Intune with device enrollment and compliance policies.

To know more about enrollment check here - https://sccmentor.com/2022/10/19/first-steps-into-linux-management-via-microsoft-intune/

To understand the commands that are used to install Intune portal check here - https://joymalya.com/linux-management-with-microsoft-intune/

In this blog, I will cover how to create password and custom compliance policies and what needs to be done in client end to mark the device as complaint.

Password complexity:

When password complexity requirements are enforced, devices with weak passwords are marked as non-compliant in Intune. To resolve this issue, you need to change your device password so that it meets organization’s requirements for length and quality.

  • Basically, Intune checks pam_pwquality configuration for enforcement w.r.t Password policy in the client machine.

  • Install the following by running the command in the client terminal: sudo apt install libpam-pwquality

Next, check that pam_pwquality line in /etc/pam.d/common-password. It should be edited like below to match the password compliance policy as set in Intune.

# check that the pam_pwquality line in /etc/pam.d/common-password contains at least the required settings: password requisite pam_pwquality.so retry=3 dcredit=-1 ocredit=-1 ucredit=-1 lcredit=-1 minlen=8


Example common-password file:


If the /etc/pam.d/common-password file is not edited to match the Intune policy requirement then the machine will report non-compliant.

Custom Compliance

With custom compliance, we can use shell scripts to evaluate a Linux device.

Discovery scripts for Linux must be POSIX-compliant shell scripts, such as Bash. However, the scripts can call more complex interpreters from inside the script, like Python. To successfully use other interpreters, they must be correctly installed and configured on the devices in advance of receiving the discovery script.

About POSIX-compliant syntax: Because the custom compliance script interpreter for Linux supports only a POSIX-compliant shell, it’s important to use POSIX-syntax.

To know more, check here - Create a discovery script for custom compliance policy in Microsoft Intune | Microsoft Learn

Below is an example where we have created a shell script to check for a running process or not and if so, it outputs in JSON format. Intune checks the output with the JSON file and marks the device as complaint. If not it will mark as non-complaint.


For Select your discovery script in custom compliance in Intune , select Set reusable settings, and then specify a script that’s been previously added to the Microsoft Endpoint Manager admin center. This script must have been uploaded before you begin to create the policy.To add the script to MEM Admin center follow this article - Create a discovery script for custom compliance policy in Microsoft Intune | Microsoft Learn

Sample Script to check for running process:

#!/bin/sh
checkProcess(){
Process="processname"
if pgrep -x "$Process">/dev/null
then
Process="running"
printf'{"Process": "%s"}\n'"$Process"
else
Process="notrunning"
printf'{"Process": "%s"}\n'"$Process"
fi
checkProcess
In the above script I have used printf to output the result in JSON format.

For Select your rules file, select the folder icon and then locate and add the JSON file for Linux that you want to use with this policy.

The JSON you enter is validated and any problems are displayed. Sample JSON to match the script output.If not what to display in Intune portal application as non-complaint.

{
"Rules": [{
"SettingName": "Process",
"Operator": "IsEquals",
"DataType": "String",
"Operand": "running",
"MoreInfoUrl": "https://abc.com/",
"RemediationStrings": [{
"Language": "en_US",
"Title": "Process is missing",
"Description": "Process is not running."
		}]
	}]
}
Search

Linux - Intune portal shows unable to check status

February 9, 2023, 4:05 am
$
0
0



After Intune installation and logging in to register the device, the intune app shows unable to check status error, and clicking retry does nothing. In Intune, the device got registered but it shows as not evaluated.

Solution:

  1. Remove the device entry from Intune.
  2. In the client end open the terminal and run sudo apt remove intune-portal && sudo apt purge intune-portal
  3. Run sudo rm -f /home/[username]/.config/intune

Restart the machine and retry Intune installation this time, after that the device should report compliant/non-compliant status.

Intune & macOS management - Couldn't add your device. Your IT support doesn't allow OSX devices to be added to management

March 4, 2024, 12:46 pm
$
0
0

After creating Apple MDM push certificate in Intune portal and while testing in the macOS device, after you install the company portal and login and try to enrol, the app shows error as 

"Couldn't add your device.

Your IT support doesn't allow OSX devices to be added to management." 


First step is to check in Intune portal - devices - enrollment - monitor - enrollment failure for any entry for the affected user.


In this scenario, the issue was due to the device type restrictions that was blocking the macOS devices.

Solution:

Open intune portal -  Devices - Enrollment - click Apple.

Select device platform restrictions and switch to MacOS restrictions tab.

Your administrator would have created a device restriction to block the enrollment of MacOS earlier. If there are multiple restrictions created for devices open one by one and make sure the macOS platform is allowed for enrollment. 

When you edit the restrictions and go to the properties and under platform settings, you can find out whether the macOS devices are allowed to enroll or if they are blocked.

The case of missing shortcut Icon - App-V 5.X

January 18, 2023, 3:39 am
$
0
0
Recently I have been seeing many queries regarding shortcut Icon not displayed after publishing an virtualized App-V 5.x package. The answer would be quite simple. But I would like to demonstrate it with a simple example so that it can shed some light.


Let us assume a person X has sequenced an application say example Adobe Reader application. He is doing some manual clean up in the package editor. He removed some junk entries to keep the package clean. He also removed the Installer folder that has the installer cache (.msi, .mst, .msp)captured from the installer package as he felt it is also unnecessary junk entries like all others do.





After completing sequencing, he published the package to the machine in a standalone environment and saw that the shortcut icon is missing. He was wondering why the Icon is missing. He came back with a query as why the Icon is missing even after successful sequencing.





Now lets troubleshoot for him. First let's edit the shortcut for icon. We can see that it is looking in %ALLUSERSPROFILE%\Microsoft\AppV\Client\Integration\.....\SC_Reader.ico.





Lets take Procmon capture to get a proper solution. We can see that it is searching for SC_Reader.ico in  the Installer location and the path is not found clearly from procmon trace. When checked manually in the %Allusersprofile% we do see that the Installer folder is missing. This is because the person X has removed it from the package considering it as Junk entries earlier.





We can clearly see that after doing a fresh sequencing of the application that the Icon files are indeed kept in the Windows\Installer folder.





So to conclude do not remove files and folders blindly considering it as junk entries. Do not remove Windows\Installer completely. Perform cleanup with caution. Make sure if removing the Installer folder completely will not affect the functionality.

W365: Error code 0x80072ee2

February 20, 2024, 12:21 pm
$
0
0

Recently i started seeing the below error message when accessing cloud pc through the windows app. 

The connection cannot proceed because the authentication authority cannot be contacted.

Error code: 0x80072ee2


Steps taken to resolve was quite simple. 

Try closing down windows app forcefully. 

Even if it fails to connect to windows 365 cloud pc next time then restart the base laptop which should fix this error. 


W365 - cloud pc disconnect Error Code 0x3

April 2, 2024, 1:26 am
$
0
0

 


As per Microsoft, Error code: 0x3 can occur when the processor is over-utilized and session can get disconnected abruptly.

Solution is to Restart Cloud PC to resolve Error Code 0x3

You can restart the cloud pc by going to windows365.microsoft.com and  select the three dot icon next to the Cloud PC and click Restart. After restart, you should be able to access the cloud pc.




Intune - Even if Intune app shows complaint, Edge browser displays yellow banner

May 1, 2024, 12:29 am
$
0
0

In Ubuntu 22.04 LTs, even after registering the device in Intune app and it shows as complaint, Microsoft Edge browser shows yellow blocking banner when opening Sharepoint online or OneDrive link even when the Intune portal app shows as complaint.



open Intune portal app and click remove this device and restart the device and sign in again and register the device. The yellow banner should disappear.

Image

w365: Embracing the Future: Switching to Windows 365 and Its Benefits

May 6, 2024, 5:17 am
$
0
0

In the ever-evolving landscape of modern work environments, businesses seek innovative solutions that offer flexibility, security, and efficiency. Windows 365 emerges as a game-changer, revolutionizing how organizations operate by providing a seamless, cloud-based PC experience. This blog explores what Windows 365 is, why it’s beneficial, and how switching to this platform can transform your business.


 What is Windows 365?


Windows 365 is Microsoft’s cloud-based service that streams a full Windows experience from the Microsoft Cloud to any device. It essentially transforms your physical device into a high-performance cloud PC. With Windows 365, users can access their personalized Windows environment, including apps, data, and settings, from anywhere and on any device with an internet connection. Windows 365 is managed through Intune whereas Azure virtual desktop is managed through Azure portal. 


Key Benefits of Switching to Windows 365


1. Enhanced Flexibility and Accessibility


One of the primary advantages of Windows 365 is the ability to access your desktop from anywhere. Whether you're working from home, a coffee shop, or traveling, you can log into your cloud PC and pick up right where you left off. This flexibility is crucial in today’s hybrid work environments, where employees are no longer confined to a single physical location.


2. Seamless User Experience


Windows 365 offers a consistent and personalized user experience. Your desktop, apps, and settings are always available and up-to-date, regardless of the device you're using. This eliminates the frustration of configuring settings or installing software repeatedly on different devices.


3. Improved Security


Security is a paramount concern for businesses of all sizes. Windows 365 leverages Microsoft’s robust security framework, providing enterprise-grade protection. Data is stored and processed in the cloud, reducing the risk of data loss or theft from physical devices. Additionally, features like multifactor authentication, secure boot, and Microsoft Defender for Endpoint ensure comprehensive security.


4. Simplified Management and Maintenance


Managing and maintaining physical hardware can be complex and time-consuming. Windows 365 simplifies this by centralizing the management of cloud PCs. IT administrators can easily deploy, update, and manage cloud PCs through the Microsoft Endpoint Manager, reducing the overhead associated with traditional device management.


5. Scalability and Cost Efficiency


Windows 365 offers scalable solutions that can adapt to the changing needs of your business. You can quickly scale up or down based on your workforce requirements without the need for significant capital investment in hardware. This scalability is particularly beneficial for businesses with fluctuating staffing needs or those experiencing rapid growth.


6. Enhanced Collaboration and Productivity


With Windows 365, collaboration becomes seamless. Employees can share and access files in real-time, using familiar tools like Microsoft Teams and OneDrive. This fosters a collaborative work environment, enhancing productivity and ensuring that teams stay connected and efficient, regardless of their physical location.


How to Transition to Windows 365

 Assess Your Needs


Before making the switch, assess your organization’s needs. Consider factors such as the number of users, required computing power, and specific business applications.

Plan and Prepare


Develop a transition plan that outlines the steps for migrating to Windows 365. Ensure you have the necessary infrastructure, including reliable internet connectivity and compatible devices.

 Train Your Team


Provide training sessions to help your team understand how to use Windows 365 effectively. This will ensure a smooth transition and help employees leverage the platform’s full potential.

Implement and Monitor


Deploy Windows 365 across your organization and monitor its performance. Gather feedback from users and make any necessary adjustments to optimize the experience.

Conclusion


Switching to Windows 365 represents a strategic move towards a more flexible, secure, and efficient work environment. By embracing this innovative platform, businesses can unlock new levels of productivity, collaboration, and scalability. As the future of work continues to evolve, Windows 365 stands out as a vital tool for organizations aiming to stay ahead in a dynamic and competitive landscape.


Explore the possibilities with Windows 365 and take the first step towards transforming your business into a modern, cloud-powered powerhouse.

Search

Intune - Linux Intune app shows disk not encrypted and still checking issue and status unknown

May 8, 2024, 12:25 am
$
0
0

Intune app in ubuntu 22.04 shows disk not encrypted and still checking issue and status unknown even when the disk is actually encrypted using Luks.

Image
solution:
Run below command in terminal.
sudo usermod -a -G disk <username>
sudo rm -Rf /home/[username]/.config/intune
Reboot and then open app and see.

Update:
This issue is actually fixed with latest update

w365: One way clipboard redirection

May 10, 2024, 1:44 am
$
0
0

Due to security measures, organisations will want to restrict clipboard restrictions (copy-paste) from the cloud pc to base laptop but allow copy-paste to work from base laptop to cloud pc. In this case, how can we achieve this??

Prerequisites

  • Session hosts(cloud pc) running Windows 11 Insider Preview Build 25898 or the most recent version of Windows Insider Build (Dev Channel). You must join the Windows Insider Program to activate the Dev Channel Preview Build.

  • Host pool RDP properties must allow clipboard redirection in Intune, otherwise it will be completely blocked.

How to block clipboard redirection from session host (cloud pc) to client laptop:

There are 3 ways to block clipboard redirection from cloud pc to the client laptop. They are,

1. Intune configuration policy

2. GPO

3. Registry

Below, I will share steps to configure through Intune portal.

  1. Open Intune and Create a profile with custom settings for Windows 10 and later devices, with the Templates profile type and the Custom profile template name.

  2. For the Configuration settings tab, select Add

  3. In the Add row pane, do the following 

    • To configure the clipboard from session host to client:

      • Name: (example) Session host to client

      • Description: enter detailed description

      • OMA-URI./Vendor/MSFT/Policy/Config/RemoteDesktopServices/LimitServerToClientClipboardRedirection

      • Data typeString

      • Value

        <![CDATA[<enabled/><data id="TS_SC_CLIPBOARD_RESTRICTION_Text" value="0"/>]]>

        This will block clipboard redirection from session host (cloudpc) to base laptop alone.

Respective Registry keys:

Users can however copy-paste items from base laptop to cloud pc but copy-paste from cloud pc to base laptop will be restricted using this method.

w365: Managing Cloud pc frequent disconnects due to idle session timeout

May 14, 2024, 10:45 pm
$
0
0

Recently, many of our users started complaining that their cloud pc’s are getting disconnected very often and it’s disrupting their work. 

We see that the cloud pc gets disconnected if their session was idle with no activity for 15 mins. By default the cloud pc will get disconnected if it’s idle for 15 mins as per Microsoft.

Managing Frequent Disconnects and Session Timeouts in Windows 365 Cloud PC:

Windows 365 Cloud PC is a robust platform that enables seamless access to a personalized Windows experience from anywhere. However, users might occasionally face issues with frequent disconnects and session timeouts due to inactivity. This can be frustrating, especially if you are in the middle of an important task. In this blog, we will explore the causes of these disconnects and provide solutions to manage session timeouts effectively.

Understanding Session Timeouts and Disconnects

Idle and Inactivity Timeout

Windows 365 Cloud PC sessions might disconnect after 15 minutes of inactivity. This is a default setting to optimize resource usage and ensure security. Inactivity here means no user input (keyboard or mouse) is detected.

Session Timeout

Additionally, sessions may have a 15-minute session timeout. This means that even if the session is active, it will disconnect after a certain period if no user input is detected.

Causes of Disconnects

1. Idle Timeout:

   - If you leave your Cloud PC idle without any interaction for 15 minutes, the session will automatically disconnect.

2. Session Timeout:

   - Even if the session is active, without any user interaction for 15 minutes, the session will timeout.

Adjusting Timeout Settings

To prevent frequent disconnects, you can adjust the timeout settings through Microsoft Endpoint Manager (Intune). Here’s how:

1. Log into Microsoft Endpoint Manager:

2. Navigate to Configuration Profiles:

   Go to Devices > Configuration profiles

3. Create a New Profile:

   - Click on Create profile

   - Choose Windows 10 and later as the platform.

   - Select Templates for the profile type, then choose Administrative Templates

4. Configure Timeout Settings:

   - In the settings picker, browse to Administrative templates > Windows Components> Remote Desktop Services > Remote Desktop Session Host > Session Time Limits

   - Configure the following settings:

     - Set time limit for active but idle Remote Desktop Services sessions: Increase the idle timeout duration.

     - Set time limit for disconnected sessions: Extend the session timeout duration.

5. Assign the Profile:

   - Assign this profile to the group of users or devices using Windows 365 Cloud PCs.

   - Ensure the profile is applied to all relevant users.

6. Review and Create:

   - Review the settings and click Create.

   - The profile will be pushed to the assigned devices and users, adjusting the timeout settings accordingly.

To avoid disconnects due to inactivity, consider these practices:

1. Regular Interaction:

   - Make sure to interact with your Cloud PC regularly. Even minimal interactions like moving the mouse can prevent idle timeouts.

2. Keep Applications Running:

   - Some applications can simulate activity. For instance, running a presentation or a video can help keep the session active.

By increasing the idle and session timeout durations, and ensuring regular interaction with the Cloud PC, you can significantly reduce the frequency of disconnects and maintain a seamless working experience.

By following these steps, you can ensure that your Windows 365 Cloud PC remains active and responsive, minimizing interruptions and maximizing productivity.

w365 - Enable watermarking inside windows 365 cloud pc

May 16, 2024, 3:31 am
$
0
0

As businesses continue to adopt Windows 365 Cloud PCs, ensuring data security and compliance becomes increasingly critical. One effective security measure is the implementation of watermarking, which can display QR codes on the screen to deter data leakage and track information access. This blog will guide you through the steps to enable watermarking in Windows 365 Cloud PCs using Microsoft Intune.

What is Watermarking?

Watermarking involves overlaying a visual mark, such as a QR code, on the screen. This can help prevent unauthorized sharing of sensitive information by making it easily identifiable. QR codes can also be used to embed tracking information, enhancing the traceability of data access and distribution.

 Benefits of Watermarking

-Deterrence: Visible watermarks discourage users from capturing and sharing sensitive information.

Traceability:QR codes can contain metadata that helps track when and where the information was accessed.

Compliance: Helps organizations! meet regulatory requirements for data protection.

How to enable watermarking inside cloud pc:

  1. Sign in to the Microsoft Intune admin center.

  2. Create a configuration profile for Windows 10 and later devices, with the Settings catalog profile type.

  3. In the settings picker, browse to Windows Components > Remote Desktop Services > Remote Desktop Session Host > Azure Virtual Desktop

 



4. Select the Enable watermarking. Don't select the deprecated one.

5. On the Assignments tab, select the group containing the computers then select Next and On the Review + create tab, review the settings, then select Create.

6. Once done, on the cloud pc, open company portal app and click sync button in settings or restart the cloud pc for watermarking to take effect.

After you enable watermarking, you can find more details from the session host by following these steps:

  1. Scan the QR code and make a note of the Device ID GUID.
  2. Sign in to the Microsoft Intune admin center.
  3. Select Devices > All devices.
  4. In the search box, enter the Device ID GUID to find the device details.

Supported clients:

  • The following clients support watermarking:

    • Remote Desktop client for:

    • Windows App for:

      • Windows
      • macOS
      • Web browser

Intune - Intune portal app in ubuntu 22.04 LTS shows “we are still checking if you can access"

June 5, 2024, 1:01 am
$
0
0

 Intune portal app in ubuntu 22.04 LTS shows “we are still checking if you can access..”

Image

Check whether user is in the AD user group and then retry.
Viewing all 144 articles
Browse latest View live
Search