IOS Conditional Access – force MDM

This is the config how to block MAM config on Android Phones.

Go to https://endpoint.microsoft.com/

Endpoint security > Conditional Access

Create new Policy

Give it a name like IOS – No MAM

Specify the group or user to apply on

Select the Office 365 app

Select Platform IOS

Add Device Filter

device.deviceOwnership -ne “Personal” -and device.deviceOwnership -ne “Company”

Set Block Access

and set it on ON

Also create a policy to Force authentication check.

Android M365 mail config

Login on https://endpoint.microsoft.com/

Go to Apps -> App configuration policies

Click on +Add -> Managed devices

Add a name
Fill in Description if needed
Select Platform Android Enterprise
Select Profile. I Use All, to make it easy.


Then Select app Microsoft Outlook.

Click on Next

Configuration Settings format, select Use configuration designer
Put Email account configuration settings on Yes
Authentication type to Modern authentication
Username attribute from AAD to User Principal Name
Email addres attribute from AAD to Primary SMTP Adress
Allow only Work or school accounts to Enabled (If you work with workprofile)

Click on Next

Then Select the group or All users. and Save it.

Block MAM on android

This is the config how to block MAM config on Android Phones.

Go to https://endpoint.microsoft.com/

Endpoint security > Conditional Access

Create new Policy

Give it a name like No MAM – Android

Select Users or group or all.

Select Cloud apps Office 365.

Conditions -> Device platforms = Android

Filter for devices -> Rule syntax
device.operatingSystem -eq “AndroidForWork” -or device.operatingSystem -eq “AndroidEnterprise”

Grant = Block Access
Enable Policy.

HP Smart Scan with VPN Connected.

Change Network Settings in Group Policy Editor

To do this, follow the guidelines below:

  1. Open Run dialog box: click Win Key + R.
  2. In the box, type in gpedit.msc and click OK to open Group Policy Editor.
  1. In the gpedit’s window, double-click on Computer Configuration.
  2. Select Administrator Templates > Network > Network Isolation.
  3. Enable the following policies: Subnet Definitions are authoritative and Private Network ranges for apps.
  4. Input your internal IP-subnet range: 10.0.0.0/8.
  5. Save changes and close the program.
  6. Restart PC.

There you go, these are some simple methods that you can try if your VPN blocks Microsoft Store apps on your PC.

If our solutions didn’t work for you, try disabling your VPN temporarily or consider switching to a different VPN client.

Clasic Sticky notes to New Stickynotes

1) On Windows , copy the sticky notes file from AppData\Roaming\Microsoft\Sticky Notes

2) On Windows 10, start Sticky Notes.

4) First, close Sticky Notes on Windows 10.Then, Go to PC Settings > System > Apps & Features > Sticky Notes > Advanced Options > Reset.

5) paste that file StickyNotes.snt to AppData\Local\Packages\Microsoft.MicrosoftStickyNotes_8wekyb3d8bbwe\LocalState\Legacy (having manually created the Legacy folder beforehand)

3) Rename StickyNotes.snt to ThresholdNotes.snt

4) Open Sticky notes and voila.

Enable Windows Update “Features on Demand” and “Turn Windows features on or off” in WSUS Environments

I Found this website very usefull and searched long for this.

If you are running Microsoft Windows in a domain environment with WSUS configured, you may notice that you’re not able to install some FODs (Features on Demand), or use the “Turn Windows features on or off”. This will stop you from installing things like the RSAT tools, .NET Framework, Language Speech packs, etc…

You may see “failure to download files”, “cannot download”, or errors like “0x800F0954” when running DISM to install packages.

To resolve this, you need to modify your domain’s group policy settings to allow your workstations to query Windows Update servers for additional content. The workstations will still use your WSUS server for approvals, downloads, and updates, however in the event content is not found, it will query Windows Update.

Enable download of “Optional features” directly from Windows Update

  1. Open the group policy editor on your domain
  2. Create a new GPO, or modify an existing one. Make sure it applies to the computers you’d like
  3. Navigate to “Computer Configuration”, “Policies”, “Administrative Templates”, and then “System”.
  4. Double click or open “Specify settings for optional component installation and component repair”
  5. Make sure “Never attempt to download payload from Windows Update” is NOT checked
  6. Make sure “Download repair content and optional features directly from Windows Update instead of Windows Server Update Services (WSUS)” IS checked.
  7. Wait for your GPO to update, or run “gpupdate /force” on the workstations.

Please see an example of the configuration below:

Download repair content and optional features directly from Windows Update instead of Windows Server Update Services (WSUS)

You should now be able to download/install RSAT, .NET, Speech language packs, and more!

Install Fonts with Powershell

$ssfFonts = 0x14

$fontSourceFolder = ""

$Shell = New-Object -ComObject Shell.Application

$SystemFontsFolder = $Shell.Namespace($ssfFonts)

$FontFiles = Get-ChildItem $fontSourceFolder

$SystemFontsPath = $SystemFontsFolder.Self.Path

$rebootFlag = $false

 

foreach($FontFile in $FontFiles) {

    # $FontFile will be copied to this path:

    $targetPath = Join-Path $SystemFontsPath $FontFile.Name

    # So, see if target exists...

    if(Test-Path $targetPath){

        # font file with the same name already there.

        # delete and replace.

        $rebootFlag = $true

        Remove-Item $targetPath -Force

        Copy-Item $FontFile.FullName $targetPath -Force

    }else{

        #install the font.

        $SystemFontsFolder.CopyHere($FontFile.fullname)

    }

}

 

#Follow-up message

if($rebootFlag){

    Write-Host "At least one existing font overwritten. A reboot may be necessary."

}