Register Domain-Joined Computers as Devices – The Redundant and Broken Hybrid Azure AD Join GPO
Posted inEntra ID (Azure Active Directory) Group Policy Microsoft 365 Windows Server

Register Domain-Joined Computers as Devices – The Redundant and Broken Hybrid Azure AD Join GPO

The group policy object Register domain-joined computers as devices, or Automatically workplace join client computers in older templates, was previously a requirement for enabling Hybrid Azure AD Join.  After configuring Azure AD Connect and your Seamless SSO GPOs, this had to be enabled. Since Windows 10 1607 ("Anniversary Update"), in Azure AD Connect environments, on-premises Active Directory joined computers become Azure Active Directory registered when a synchronised user signs in to a synchronised computer;…
Using Intune to Deploy the Azure Information Protection (AIP) Unified Labeling Client (Win32 MSI)
Posted inIntune Microsoft 365 Microsoft Intune Sensitivity labels (Azure Information Protection)

Using Intune to Deploy the Azure Information Protection (AIP) Unified Labeling Client (Win32 MSI)

Unified labels refer to a movement whereby Azure Information Protection (AIP) labels are now being replaced by sensitivity labels.  Sensitivity labels offer encryption, watermarks, etc as AIP labels did before them, but are now managed in the new Microsoft 365 Security Centre, with several other benefits beyond the scope of this post. With this change comes a new AIP client, called the unified labeling client, that replaces the old one, now called the classic…
Deploy Microsoft Store Apps using Intune with Configuration Manager (SCCM) Co-Management (Fix ‘Not Applicable’ Status)
Posted inConfiguration Manager Intune Microsoft 365 Microsoft Intune Microsoft Store

Deploy Microsoft Store Apps using Intune with Configuration Manager (SCCM) Co-Management (Fix ‘Not Applicable’ Status)

Intune provides an interface to easily deploy apps from the Microsoft Store to your registered users and devices, but even if you have SCCM (Config Manager) Co-Mangement enabled with the default workloads shifted to Intune in Co-Management properties, there is more to be done.  If you don't follow these steps, you will receive the status of Not applicable in the Intune client apps user and device install status pages. Prerequisite: This only works with…
Prerequisites and Planning for Centrally Deploying Office 365 Outlook Add-Ins
Posted inMicrosoft 365 Office 365 Outlook

Prerequisites and Planning for Centrally Deploying Office 365 Outlook Add-Ins

Deploying Outlook add-ins ("apps") for your O365 tenant is an intuitive experience via AppSource.  As a Global Administrator, click GET IT NOW on the app's page and you are immediately redirected to the Services & add-ins page of the M365 Admin Center. From there, you can configure add-ins for the whole tenant, just yourself, or by group.  All AAD group types, except non-email enabled ones, are supported.  If a group is nested, the top-level…
Manage MyAnalytics Weekly Insight Digest Emails and App Availability
Posted inMicrosoft 365 MyAnalytics Office 365

Manage MyAnalytics Weekly Insight Digest Emails and App Availability

Made available to more than just E5 licencees earlier this year, MyAnalytics will, by default, send users weekly emails regarding their work patterns. Users can control this themselves in settings pane of the MyAnalytics web app. Administrators cannot, in bulk, keep MyAnalytics enabled for users but disable the email digest. The following PowerShell example instead disables MyAnalytics across all your Microsoft 365 Business licensed users, and therefore removing these emails.  This makes use of…