Tag: Microsoft 365

Intune – Remove Default Microsoft Store Apps

LiamLeave a comment

One slight annoyance with IT Technicians would be preinstalled applications on new computers – we quite often have to remove ‘free’ subscriptions to an Anti-Virus that we don’t want or remove different cloud storage programs like Dropbox.

However, the preinstalled apps from the Microsoft Store is a different annoyance. Quite often you remove these manually or via a script for them to reappear on the next restart or by a feature update. In a business environment, we don’t want to have the Xbox App.

Through Microsoft Intune – we can now create a Configuration Profile to remove these preinstalled apps.

In this post I will show you to create this configuration profile.

Please note this only works for Windows 11 Enterprise and Education 25H2.

Read More »

M365 – Review Enterprise Applications

LiamLeave a comment

By default, your staff can allow consent for any app to access the organisation’s data. In reality you may find nothing wrong with this for Microsoft Services such as Teams, Outlook, but how about third-party apps?

Should you be allowing third-party apps within your M365 tenant?

Third-party apps can stem from trusted sources such as Adobe, Salesforce, but quite often, we come across third-party apps that require an unnecessary amount of permissions and access.

There is currently a whole plethora of ‘AI’ apps, that staff are sign into using their M365 account, giving them access, such as being able to Read their mailbox or Send As them.

In the realm of IT, you will hear the phrase – Least Privilege. This means granting users, applications, and systems the minimum necessary access rights to perform their tasks, and no more.

In our case, we want to give the user the minimum apps that allow them to perform their job. We may have a pre-approved list of applications that they can access. But we also want to prevent them from signing into unapproved applications.

I will show you how to set up Consent and Permissions for Enterprise Applications.

Read More »

M365 – Limit Access on Unmanaged Devices

LiamLeave a comment

In a dream world of IT, every device is managed, protected, encrypted and follows a Configuration Profile. However, we often come across clients, normally on the smaller side, who want their end users to be able to work on their own personal device. You can quite easily stipulate a BYOD Policy, but very often, they are simple and state, the device must have anti-virus, the device must have encryption and they must be up to date – they sign the Policy and no checks on the device itself have been carried out.

Below I’m going to go through the steps, that is put in place to limit access to the Web Apps only and prevent them from downloading files on their device and prevent them from signing into the Desktop Apps too.

Please note, to action these, you need Conditional Access, which is ‘locked’ behind a Microsoft Subscription. Having a Subscription such as Business Premium allows for Conditional Access.

Read More »