Below are some key new and updated features coming in the future version of Windows 11.
Ability to check your personal Microsoft subscription and status (storage, expiration, renewal, etc.)
Energy savings recommendations
Notepad files under one window via tabs
All your Photos in one app (OneDrive, local, iCloud, etc.)
Group apps in Start (think iOS)
High-level update on new features rolling out on Microsoft Teams
In June alone, Microsoft delivered 45 new features for Teams.
The new advance management plan (coming March 2023) has a very important feature, Endpoint Privilege Management. If this works, it’s huge as something we have been asking since Windows XP. Currently many organizations utilize 3rd party like CyberArk and BeyondTrust to control local admin processes while taking local admin away from a user. This will be an add-on SKU I believe to what you may own in E3 or E5 today.
Reduce your overall TCO with a new Microsoft Intune plan – Microsoft Community Hub
On January 15th, 2020, Microsoft released the new Microsoft Edge browser based on the Chromium platform. I wrote a blog early January describing this change which can be found here.
There are few ways to manage the configuration of Edge settings to enforce security as well as control the updates to Edge. The two most common methods available to the legal community are via Group Policy or Microsoft Intune.
Download the latest Administrative template files at https://www.microsoft.com/en-us/edge/business/download
Drop the ADMX and ADML files in the PolicyDefinition folder on a local PC for testing in your Central Store. If you are not using Central Store to manage your enterprise GPO Administrative templates, I highly recommend it. Here’s a link to help you create and manage a Central Store.
Launch the Group Policy Management MMC and create a new GPO specific to Edge Chromium management. Right-click and edit your new GPO, once the GPO templates are loaded, you will see the new Edge Chromium settings under Administrative Templates in the Computer Configuration as well as the User Configuration nodes. As you will see, Edge now supports Default settings where the users can override while also have mandatory settings (users can’t override). We recommend making changes in the Computer Configuration section.
Microsoft has also released security baselines recommendations for Edge last December. You can find the information and the baseline download here.
The download includes the baseline GPOs, spreadsheets outlining changes, HTML output of the GPO, and PowerShell scripts to import the GPOs into your AD or local PC. The screenshot below is an example of a few settings available to you.
If you have a legacy site that still relies on Internet Explorer, the new Edge browser comes with IE Mode. In Group Policy editor, go to the Computer Configuration > Administrative Templates > Microsoft Edge and find the setting Configure Internet Explorer integration. Configure the setting to Enabled and choose between Internet Explorer mode and Internet Explorer 11. The Internet Explorer mode will open the site in Edge in IE mode where Internet Explorer 11 option will open in the standalone Internet Explorer 11 window. We recommend Internet Explorer mode for the best user experience.
Now Configure the Enterprise Site list as described here to add the policy file that includes which sites need IE mode.
You also have the option to Send all intranet sites to Internet Explorer by enabling that setting in the same location as the Configure Internet Explorer integration. Please don’t do this, the legal vertical needs to stop using Internet Explorer.
If you have embraced Intune for the MDM as well as managing Windows 10 through Intune only or with Co-Management with Configuration Management, you can configure Edge settings via Intune.
Sign on to your Azure portal, select Intune and from the Intune blade, select Device Configuration, and then Profiles. Create a new Profile and choose Windows 10 as the Platform and Administrative Templates for Profile type.
Once it is created, filter the Edge settings by dropping down the All Products list box and changing it to Edge version 77 or later.
Configure the settings for your environment you would like, such as a home page URL, security settings, etc. Once done with the profile, apply to test devices and users for testing before deploying organization-wide.
The Edge baseline policies are also available in Intune. In the top-level Microsoft Intune page, select Device Security.
Select the Microsoft Edge Baseline option, and from the baseline page, you will have the option to create a new profile based on that baseline.
If you do not have Microsoft Intune, you can follow this link to configure with other MDM providers, if you are managing Windows 10 with that MDM provider.
Jay Parekh
Power BI is a powerful service for data analysis, data visualization, and business intelligence. But how can you take advantage of Power BI and pull data from Microsoft online services like Intune.
There are couple of ways to load data into Power BI from Intune per below. Make sure you are logged into your Power BI app. If you don’t have a license, you can get a 60 day trial.
Published for International Legal Technology Association on 1/2/2020
On January 15th, Microsoft will be releasing a new version of Microsoft Edge built on Chromium to all supported versions of Windows 10. This new version of Edge Chromium also supports Windows 7, 8.1, and Windows Server. With this release, the legal vertical vendors will be able to stop supporting Internet Explorer. Read on to learn how to prepare for this new change.
When Microsoft released Windows 10 in the summer of 2015, a new browser named Edge was introduced. This new browser replaced Internet Explorer (IE) 11, which Microsoft introduced in 1995 along with Windows 95. Those of us that have been in IT for a bit will remember the browser wars that started in the nineties. Internet Explorer since then has been the default browser in all Windows versions from Windows 95 and through Windows 8.1. IE has been through many upgrades and became bloated as Microsoft added more features and changed compatibility modes a few times. These changes were hard for many organizations to adopt. The rapid nature of change with HTML standards made it hard for legal vertical web sites to adopt to those changes and continue to support Internet Explorer.
With the introduction of Windows 10 and the new Edge browser, Microsoft hoped their new modern browser would compete with Chrome and Firefox. Unfortunately, that didn’t occur. Customers and 3rd parties did not want to invest in rebuilding sites to make them work in Edge.
Because of this, we have had many clients adopt Google Chrome or Firefox as their default browser regardless of Windows version as they knew those browsers on Windows 7, 8, or 10 and Windows Server (Citrix) would have the same experience (in most cases). Other firms chose to set IE 11 as their default while other firms chose Edge. This browser fragmentation caused many issues in the legal vertical.
In late 2018, Microsoft announced that Edge would be redeveloped to use the open-source Chromium platform started by Google with contributions by a global community. The goal of the new Edge Chromium browser, targeted to be released in mid-January, is for more web compatibility (if the site works on Chrome, it should work the same on the new Edge Chromium). Edge Chromium allows for management via MDM, GPO, and endpoint management solutions like Microsoft Endpoint Configuration Manager which I will discuss later. Because the new Edge browser is based on Google’s Chromium platform, it had many of the Google services in the source. Microsoft has disabled or changed over 50 of them such as Google Now, Pay, Extension store, etc.
The full list of what has been disabled or replaced below:
The official release target is January 15th, as of this writing. To start your testing today, you can join three types of Inside channels at https://www.microsoftedgeinsider.com.
When you launch the site, the default download and the most stable release is the Beta Channel (#1 in the screenshot below). If you would like to try more up to date and frequent Channels update, as Microsoft develops then choose the More platforms and channels link on the site (#2 in the screenshot below). This link will give you access to a Dev Channel which is updated weekly and the Canary Channel which is updated daily. The Canary channel is usually released right after Microsoft updates the code, which is why it is called a Canary build. In the old mining days, a canary would be sent into a coal mine to check for deadly gas.
The channels are also available on other OS platforms. If you click the down arrow below the download button, you will see options for previous Windows client and server versions and macOS.
If you are an organization that has automatic updates enabled in Windows 10, Microsoft will automatically deliver the new browser. I would not recommend this as you will want to enable change management and user experience to avoid confusion and calls to the help desk. For those environments, Microsoft has a blocker tool you can deploy to block Automatic Updates from installing on Windows. Please review the Microsoft site here for more information on this.
If you are a firm that has a system management solution like Intune, Configuration Manager (ConfigMgr), or other tools that manage the Microsoft Updates, you will have a little more control.
In Configuration Manager 1910, you can now manage Edge deployment. In ConfigMgr 1910, under Software Library, you now have Microsoft Edge Management node, and once you click that, you will have the option to Create Microsoft Edge Application.
Clicking the Create Microsoft Edge Application button, you will start the wizard, which is similar to many ConfigMgr dialogs.
The next option is to choose your Channel and version of Edge to deploy. After this, you will have the option to choose the deployment options (Collection, etc.), or you can create the package.
Once the package has been built, the source folder will have the files needed for x86 and x64 versions with a PowerShell script that will be used to call the installation in the Deployment Types.
In Application Management, under Applications, you will see your new application along with the Deployment Types. Just like any ConfigMgr application/package, you can deploy to the Collection of your choosing.
More information on using ConfigMgr is available here. If you are using Intune to manage Windows, you can read more about options here.
If you don’t have ConfigMgr and are using tools like Ivanti, Altiris, Quest (formally Dell) Kace, etc. you can create your package using the offline installer. These are full MSIs so you can use the MSI commands to silently deploy using the tool of your choice.
The configuration of the new Edge can be done through Group Policies for domain joined computers or via supported MDM solutions like Intune for non-domain or hybrid joined computers. For the group policy administrative templates, you can download via the same location as the offline installer.
We will have another series of written or video blogs that will discuss further configuration, management, and update options over the next couple of months.
WARNING: This blog discuses change to file system permissions. Read and apply at your own risk!!!
I had issues with my OneDrive always stating it’s processing 457 changes. This same message was going on for weeks but I ignored it as I had other things to worry about first.
I finally got frustrated and started to play with settings, using my google-fu, resetting, etc.
What finally worked was resetting the permissions on my folders. Like other technical folks, I reimage or reset my PC often as I use it for testing or want a clean install few times a year. By doing so, obviously the NTFS permissions change as I get new local account with a new SID.
From the top root folder, go to Properties, select the Security tab, and choose the Advance settings
Change owner to your account and select the Replace all child object option. Double check to ensure you have everything correct and then click Apply. This will take a while based on how many files you have.
We all have been using Group Policies for decades for all of our on-prem domain joined machine. Now Microsoft has introduced, in preview, ADMX template style settings in Intune.
MS Docs for details. https://docs.microsoft.com/en-us/intune/administrative-templates-windows
5. In the filter, search for a policy setting if needed like the screen shot below or sort the columns accordingly.
6. Select a setting like I have below and choose an option (similar to GPO). For the Excel save setting, I chose the default to be Excel 5.0/95 Workbook so I can see the change (as Excel XLS is default anyways).
7. In my test I have chosen several different settings.
8. Assign the profile accordingly to your test group.
One of the annoying new features for me in Office 365/Outlook and outlook.com personal, is creation of an calendar event based on email content. Now this sounds great, if you need the additional automation. But for someone that wants to control what’s in the calendar little more, I need to disable or adjust. Unfortunately, this can’t be changed in the local Outlook app. You need to logon to Outlook web app.
Go into Settings (sprocket) -> Your app setting -> click Mail.
Once in the options, navigate to the Calendar section and click on Events from email. Here you can disable or configure.
In case anyone missed the big announcement yesterday.
Helping customers shift to a modern desktop – Microsoft 365 Blog
In short:
Windows 10 Enterprise customers will get 30 month support (change from the 18 month). Those on current 1607, 1703, 1709, and 1803 will be extended to 30 months as well.
Future releases for Sept will have 30 months (starting with 1809) and spring releases (starting 1903) will still be 18 months for those that was faster cadences.
This is great news for Enterprise customers. For those on Pro version, might want to reconsider to move to Enterprise unless you can do the 18 month.
There are other announcements but this is the biggest as there were many concerns on the 18 month cycles.
Desktop Guy's Blog 