M365 – Review Enterprise Applications

July 22, 2025July 22, 2025 LiamLeave a comment

By default, your staff can allow consent for any app to access the organisation’s data. In reality you may find nothing wrong with this for Microsoft Services such as Teams, Outlook, but how about third-party apps?

Should you be allowing third-party apps within your M365 tenant?

Third-party apps can stem from trusted sources such as Adobe, Salesforce, but quite often, we come across third-party apps that require an unnecessary amount of permissions and access.

There is currently a whole plethora of ‘AI’ apps, that staff are sign into using their M365 account, giving them access, such as being able to Read their mailbox or Send As them.

In the realm of IT, you will hear the phrase – Least Privilege. This means granting users, applications, and systems the minimum necessary access rights to perform their tasks, and no more.

In our case, we want to give the user the minimum apps that allow them to perform their job. We may have a pre-approved list of applications that they can access. But we also want to prevent them from signing into unapproved applications.

I will show you how to set up Consent and Permissions for Enterprise Applications.

Intune – Silently Sign into OneDrive and Sync

June 30, 2025July 3, 2025 LiamLeave a comment

One of the luxuries of using Azure AD and Intune, is that staff can pick up a laptop or sit at a desk and start using an enrolled device.

Once they sign in using their Microsoft 365 account, policies, applications automatically get pushed out – open Outlook, it signs you in, emails start populating, and they can continue like normal. However, we do find staff not utilising OneDrive.

With your Microsoft 365 account (depending on the license), you are granted 1TB of storage, which we find more than enough for the average office user. When you sign into OneDrive on a device, you can ‘backup’ the following locations Desktop, Documents and Pictures.

I use the term backup loosely, as OneDrive is not a backup solution.

Once those locations are ‘backed up’, the data will follow you from device to device – providing the end user signs into OneDrive on a new device. However, why create a step for yourself or the end user when we can automate it with Intune.

In this post, I will share an Intune Configuration to help you achieve the above.

Defender for Endpoint – Push Out via GPO

June 3, 2025June 3, 2025 LiamLeave a comment

In a previous post, I explained how we push out Defender for Endpoint via Microsoft Intune and the Microsoft 365 Admin Portal. (Intune Post)

In this post, I will explain how I install Defender for Endpoint via a Group Policy within an Active Directory environment.

You can use the below as a template, and reconfigure some steps for your own requirements.

Driver Cannot Load – iqvw64e.sys

May 28, 2025 LiamLeave a comment

With Windows 11 becoming more and more popular due to the deadline of Windows 10, we have seen a small increase in driver issue, more specifically, “A security setting is detecting this as a vulnerable driver and blocking it from loading. You’ll need to adjust your settings to load this driver.”

This prompt is due to a setting within Windows 11 Defender. Windows Security > Device Security > Core isolation details > Microsoft Vulnerable Driver Blocklist. More information here – Microsoft KB.

In this post, and this driver in question (iqvw64e.sys) – I’ll show you the steps on how I resolved it.

Intune – How to start pushing out Defender for Endpoint on Windows Devices automatically?

May 23, 2025May 23, 2025 Liam1 Comment

All Windows devices come with their own anti-virus – Windows Defender, but what is Defender For Endpoint, and how do we start pushing it out to our corporate devices?

Microsoft Defender for Endpoint is an enterprise-level security platform designed to help businesses prevent, detect, investigate, and respond to advanced cyber threats on their devices (also known as “endpoints” — like computers, laptops, and mobile devices).

Key Features:

Threat Protection – Detects and blocks malware, ransomware, and other types of cyberattacks.
Endpoint Detection and Response (EDR) – Monitors activities on devices to spot suspicious behavior and helps investigate attacks.
Attack Surface Reduction – Limits the ways attackers can get into systems (e.g., controlling app behavior or blocking malicious websites).
Automated Investigation and Response – Uses AI to analyze threats and take action without needing manual input every time.
Threat Intelligence – Uses data from Microsoft’s global threat database to identify new and emerging threats.

It’s like a smart security system for all company devices — watching for problems, alerting IT teams, and even taking action automatically to keep everything safe.

Providing you have the correct licenses, this post will show you how I push out Defender for Endpoint with devices enrolled into Intune.

LRS Computers

Helpdesk Support