Category: Intune

Intune – Remove Default Microsoft Store Apps

LiamLeave a comment

One slight annoyance with IT Technicians would be preinstalled applications on new computers – we quite often have to remove ‘free’ subscriptions to an Anti-Virus that we don’t want or remove different cloud storage programs like Dropbox.

However, the preinstalled apps from the Microsoft Store is a different annoyance. Quite often you remove these manually or via a script for them to reappear on the next restart or by a feature update. In a business environment, we don’t want to have the Xbox App.

Through Microsoft Intune – we can now create a Configuration Profile to remove these preinstalled apps.

In this post I will show you to create this configuration profile.

Please note this only works for Windows 11 Enterprise and Education 25H2.

Read More »

Intune – Silently Sign into OneDrive and Sync

LiamLeave a comment

One of the luxuries of using Azure AD and Intune, is that staff can pick up a laptop or sit at a desk and start using an enrolled device.

Once they sign in using their Microsoft 365 account, policies, applications automatically get pushed out – open Outlook, it signs you in, emails start populating, and they can continue like normal. However, we do find staff not utilising OneDrive.

With your Microsoft 365 account (depending on the license), you are granted 1TB of storage, which we find more than enough for the average office user. When you sign into OneDrive on a device, you can ‘backup’ the following locations Desktop, Documents and Pictures.

I use the term backup loosely, as OneDrive is not a backup solution.

Once those locations are ‘backed up’, the data will follow you from device to device – providing the end user signs into OneDrive on a new device. However, why create a step for yourself or the end user when we can automate it with Intune.

In this post, I will share an Intune Configuration to help you achieve the above.

Read More »

Intune – How to start pushing out Defender for Endpoint on Windows Devices automatically?

Liam1 Comment

All Windows devices come with their own anti-virus – Windows Defender, but what is Defender For Endpoint, and how do we start pushing it out to our corporate devices?

Microsoft Defender for Endpoint is an enterprise-level security platform designed to help businesses prevent, detect, investigate, and respond to advanced cyber threats on their devices (also known as “endpoints” — like computers, laptops, and mobile devices).

Key Features:

  1. Threat Protection – Detects and blocks malware, ransomware, and other types of cyberattacks.
  2. Endpoint Detection and Response (EDR) – Monitors activities on devices to spot suspicious behavior and helps investigate attacks.
  3. Attack Surface Reduction – Limits the ways attackers can get into systems (e.g., controlling app behavior or blocking malicious websites).
  4. Automated Investigation and Response – Uses AI to analyze threats and take action without needing manual input every time.
  5. Threat Intelligence – Uses data from Microsoft’s global threat database to identify new and emerging threats.

It’s like a smart security system for all company devices — watching for problems, alerting IT teams, and even taking action automatically to keep everything safe.

Providing you have the correct licenses, this post will show you how I push out Defender for Endpoint with devices enrolled into Intune.

Read More »

Defender for Endpoint – Onboarding blob from Connector (Not applicable)

LiamLeave a comment

With the luxury of using Microsoft Intune, alongside configuration policies, you can get a device set up quickly and efficiently just by enrolling it. I prefer some applications to be a Baseline, so we know that every device within a company has program X, Y & Z and one of those is Defender for Endpoint (Microsoft’s paid version of Defender).

In this post I’m going to show what happens, when you receive the following;

Read More »