Deploy AppLocker Policies to only allow Microsoft/Citrix signed code and Store apps

In some scenarios there’s a demand for an increased security on Windows 10. Recently we worked on a scenario where only Microsoft code, Citrix code and Store Applications could run. Combined with no-local administrator privileges this creates a highly secure platform. Malware typically isn’t signed (and especially not by Microsoft or Citrix, if so we have bigger problems) and therefore unable to run…


Windows 10 Upgrade reboot loop or error 0xC1900101- 0x20017

Recently I spent time troubleshooting a device unable to upgrade from the November Update (1511) of Windows 10 to the latest Anniversary Update (1607). Setup would progress until the near end, after which it would reboot and remain stuck in a reboot loop. It’s difficult to troubleshoot these situations, first thing to do is: Boot from…


Distribute Office Click-To-Run via Microsoft Intune (MDM) – Part 2

You might have tried following this guide in order to deploy Office Pro Plus (Click-to-Run) via Intune, resulting in the MSI being deployed but the Office bits not being streamed. I’ve found many people in my inbox struggling and eager to find a solution. I’m glad that Pouyan Khabazi and Paul Huijbregts (both from Wortell)…


Distribute Office Click-To-Run via Microsoft Intune (MDM)

Update August 17 2016, please consult this new post for a potential solution. Update July 26th 2016, the Office ProPlus generator has been changed and no longer works with Intune distribution. The MSI will get installed but Office ProPlus won’t be streamed. We are working with Valorem Consulting to have this fixed. You can use…


Silently push the Microsoft Intune Company Portal to Azure AD Joined Windows 10 devices

Starting today Microsoft Intune has been integrated with the Business Store. This means that you can use Microsoft Intune to manage public store applications and silently deploy them to users. End-user won’t have to go to the public store and therefore won’t need a Microsoft Account.   When it comes to Microsoft’s Enterprise Mobility Suite it’s…


Automatic Bitlocker on Windows 10 during Azure AD Join

There are a lot of myths on how to automatically trigger Bitlocker on an Azure AD Joined Windows 10 device, let’s hope this post will get you some answers. Windows 10 will automatically encrypt the local drive when joining an InstantGo capable device to Azure Active Directory (AAD). An AAD Join can either done during the…


Get mobile users going fast using Windows 10 and EMS!

Get mobile users going fast! Use Windows 10 and Enterprise Mobility Suite (EMS) to have end-user self-provision their work device. Using the power of Azure this will give you the ultimate cloud managed workstation, ready for the future! This video shows you how the end-user experience is when Windows 10 is combined with EMS, it…


Windows 10 Setup Command Line Switches

Command Line Switches Switch Parameters Action /auto <migration choice> Upgrade; DataOnly; Clean Automate install with migration choice for the installation. The media setup UI and progress screens are shown by default, but are automated. This switch also assumes the following default configurations: EULA acceptance, Dynamic Update is enabled, telemetry collection and upload opt-in, OOBE will…


Installer stuck at 18% when upgrading from Windows 10 (10074 to 10122)

Are you trying to upgrade to Windows 10 preview build 10122 and the installation hangs at 18%? The following approach unblocked me, hopefully it works for you too – please let us know in the comments: Download psexec.exe from sysinternals to e.g. c:\temp Open an elevated command prompt Execute psexec with the following parameters (try…


Tune in to Windows Intune!

On the first of October I’ve switched to a new role within Microsoft: Windows Intune TSP (Technical Solution Professional) covering the BeNeLux, Austria and Switzerland. Because of the switch in technology I’ve started a new blog: Tune in to Windows Intune Take care