Latest Event Updates

Windows 365 Admin Roles – Not Displaying Device Details

Posted on

According to the principals of Zero Trust, administrative access to anything should be just-in-time and just-enough. In this spirit, many organizations may want to have specific IT-support members being able to support (and/or fully manage) Windows 365 Cloud PCs. To do this, Windows 365 provides two role types:

  1. Windows 365 AdministratorAzure AD role which can administer all aspects of W365.
  2. Cloud PC AdministratorIntune role which can administer aspects like OS images, Azure network connections, and provisioning.

With the above two roles for administration of Cloud PCs, it would be expected that the person with this role could also administer the Cloud PCs after they have been provisioned. Such as to perform restart, reprovision, restore, etc., etc. However, I came to discover that they cannot and accessing the CPC produces error code 401 “you do not have access” for DeviceSettingsMenuBlade.

If we look at the properties of the CPC Admin role, for example, it shows that the role should have access to all of the necessary management of the CPC itself. Granting full Intune Admin rights to the user then allows them to access the CPC and perform options.

Through some investigation, I came to learn that W365 admin roles cannot be combined with Intune admin roles. But clearly the inability to access the CPC without additional W365 rights is a gap for those that practice zero trust with least privileges.

With some trial and error, I found a workaround solution to allow access to the CPC. To achieve least-privilege access controls, an Intune custom role with just Managed Devices enabled will allow the admin to view the device in Intune so that W365-specific CPC operations can be accomplished.  This works for both the W365 Administrator (Azure AD role) and Cloud PC Admin (Intune role).

Hopefully in the future there will be a solution that’s built-in. But for now, this might need to work.

Advertisement

Getting Started with Microsoft Intune’s Endpoint Privilege Management – Part 6

Posted on Updated on

Are you new to endpoint privilege management products? Or have you used other endpoint privilege management products and are looking to explore what Microsoft has to offer? This series of blog post guides will walk you through the core process of Microsoft Intune’s Endpoint Privilege Management (EPM)…navigating you from trial activation, to prerequisites, to onboarding users/devices, to creation of example policies using real applications, and troubleshooting.

In part 5 of this blog post series, I provided practical examples that you can use to validate different application behaviors. For this final post in the series, I’m outlining various places that you can look for clues in troubleshooting EPM and a few practical steps you can perform.

If you’re still stuck on issues, it’s best to open a Microsoft support case.

Troubleshooting Basics

Before outlining explicit troubleshooting steps, you’ll want to understand what is available for troubleshooting so that you’ll know how to troubleshoot. In short, these are the following items that can help you in troubleshooting.

  • Prerequisites
  • Client-side log files
  • Registry keys
  • Windows services
  • Windows events
  • PowerShell module

Windows OS Prerequisites

As you’re figuring out where/how to start troubleshooting, begin with verifying the prerequisites. I’ll be the first to admit that I’m guilty of not having done this myself. So when EPM wasn’t working immediately, the root cause was due to that I didn’t have the minimum installed Windows update.

Visit Microsoft documentation for the latest prerequisite information. But in short, the things to just check-off and ensure exist:

  • Windows 10 20H2 and higher or Windows 11 21H2 and higher.
  • April 2023 Cumulative Update is installed.
  • Windows is either Azure AD joined or hybrid joined.
  • Windows is managed by Microsoft Intune (can be co-managed with ConfigMgr).

If your organization needs deployment assistance for any of the above, consider utilizing FastTrack for deployment guidance.

Console Reports

Did you know that EPM provides reports? Before getting into deep troubleshooting on a client, check the Intune portal first! The “gotcha” is that there are two different places to look at reports.

Reports on EPM policies
Reports “tab” of EPM

Client Log Files

Intune management logs are located in C:\ProgramData\Microsoft\IntuneManagementExtension\Logs\. Primarily we are focused on the Sensor.log, which is used to validate EPM is sending reporting data back into the EPM service.

EPM client logs are located in C:\Program Files\Microsoft EPM Agent\Logs\

Log FilePurpose
EPM.LogRule Management Library, Extensibility Adapter, Interop Functions, Client Stub
EPMConsentUI.logUX for EPM
EPMService.logEPM Service operation, elevation facilitation, etc.
EPMServiceStub.logStub to launch the file post validation
Table of EPM agent log files

EPM Registry Hive

HKLM:\SOFTWARE\Microsoft\PolicyManager\current\device\DeviceHealthMonitoring

Windows Services

  • Microsoft EPM Agent Service (MEMEPMSvc).
  • Microsoft Intune Management Extension (IntuneManagmentExtension).
Windows Services for EPM
EPM Service Executable

Task Scheduler

When EPM is installed and active, two tasks are created in Task Scheduler under Microsoft > Windows > EnterpriseMgmt.

EPM task scheduler

Event Viewer

Events are located within Application and Service Logs > Microsoft > Windows > DeviceManagement-Enterprise-Diagnostics-Provider.

EPM event logs

PowerShell Module

Last but certainly not least, EPM has a PowerShell module that can be imported.

  1. Navigate to C:\Program Files\Microsoft EPM Agent\EpmTools\.
  2. Open the readme.txt file for directions on how to use the EPM PowerShell module, such as the available commands.
  3. As of May 2023, the commands include:
    • Get-Policies
    • Get-DeclaredConfiguration
    • Get-DeclaredConfigurationAnalysis
    • Get-ElevationRules
    • Get-ClientSettings
  4. The command to import the EPM PowerShell module is:
Import-Module 'C:\Program Files\Microsoft EPM Agent\EpmTools\EpmCmdlets.dll'

Troubleshooting Client Enrollment

In the Intune portal

If a client isn’t enrolled, check the Intune portal by selecting the device name and then selecting the setting with the error to get more details.

In the Windows client

Verify the existence of the following items and that they are active.

Where to LookWhat to Look For
Task SchedulerTwo entries with GUIDs
Windows ServicesMicrosoft EPM Agent Service (MEMEPMSvc)
Install Folders (plus log files)C:\Program Files\Microsoft EPM Agent
Registry KeysDHMScopeValue contains “PrivilegeManagement”

ConfigDeviceHealthMonitoringScope contains “PrivilegeManagement”
Event ViewerDeviceManagement > Admin > event 4023
Table of EPM client enrollment evidence

Troubleshooting Policies

Manually synchronizing policies

You can trigger a full policy re-sync for the WinDC (Windows Declared Configuration) policies that will also sync up EPM to refresh any changes immediately:

C:\Windows\system32\DeviceEnroller.exe /c /declaredconfigurationrefresh

Getting List of Policies and Elevation Rules

You can verify the timestamp of the latest synced policies using PowerShell:

Get-Policies -PolicyType clientsettings -Verbose | fl

You can get a list of the verification rules using PowerShell:

Get-Policies -PolicyType ElevationRules -Verbose | Format-Table -AutoSize

Troubleshooting Reporting

Client Logs

C:\ProgramData\Microsoft\IntuneManagementExtension\Logs\sensor.log

GUIDPurpose
e4cd0c46-8d75-4d93-b5ac-99cf25388591Number of diagnostic events being sent to the Intune EPM service
2ef6314a-cc15-487d-abfc-24a02cc9180fNumber of Elevation request being reported
Table of sensor log entries for troubleshooting

Registry Keys

Verify that HKLM:\SOFTWARE\Microsoft\PolicyManager\current\device\DeviceHealthMonitoring\DHMScopeValue contains “PrivilegeManagement”.

If “PrivilegeManagement” is not included:

  1. Ensure you have EPM reports enabled in EPM Client Settings and deployed.
  2. Restart the Intune Management Agent service, then check above registry value again.

Intune Tenant Configuration

Ensure the Intune tenant has Windows data enabled and a configuration profile deployed (and working!) for Windows Health Monitoring.

Intune Windows data features enabled
Windows Health Monitoring settings

What if there are still issues?

The above troubleshooting guide for EPM should help you know what is available for troubleshooting. If you’re still stuck on issues, it’s best to open a Microsoft support case.

Getting Started with Microsoft Intune’s Endpoint Privilege Management – Part 5

Posted on Updated on

Are you new to endpoint privilege management products? Or have you used other endpoint privilege management products and are looking to explore what Microsoft has to offer? This series of blog post guides will walk you through the core process of Microsoft Intune’s Endpoint Privilege Management (EPM)…navigating you from trial activation, to prerequisites, to onboarding users/devices, to creation of example policies using real applications, and troubleshooting.

In part 4 of this blog post series, I outlined the basics of creating EPM elevation rule policies, which included how to get the hash of a file and/or the certificates used to sign the application. For part 5, I’m providing practical examples that you can use to validate different application behaviors.

The Apps, The Examples

First and foremost, I’m going to outline the applications that use for various demonstrations. The benefit is that I use real applications that you can download and use at no cost with no hassle. For that, I turn to Microsoft Edge insider builds and the very popular Sysinternals from Microsoft. The great part about these applications from Sysinternals is each tool varies by the amount of admin privileges that are needed. Some need full admin permissions, some can run without admin privileges (but then need admin to do other things), and more.

Go get these application versions downloaded.

ApplicationVersionElevation BehaviorProof of Concept Purpose
NotMyFault4.21AlwaysWill not be allowed to run.
(As defined by the client default configuration to Deny All)
Process Monitor3.93AlwaysWill be automatically elevated without user interaction required.
VMMap3.32PartialCan partially run under user’s non-admin rights, but then can be elevated to provide the full application experience.
Edge InsiderN/APartialUses the application’s signing certificate to allow any version of the application to be elevated. In this case, it represents a vendor’s application to be installed by the user.
Table of applications used for various EPM proof of concept purposes.

Example #1 – NotMyFault

For transparency, the NotMyFault application will not have a policy created – it’s just an easy way to show the user experience of it being blocked from executing. This can be experienced by trying to run the application by itself and also with a right-click > Run with elevated access.

Attempting to run NotMyFault as standard user
Attempting to run NotMyFault with elevated access for EPM

Example #2 – Process Monitor

Similar to NotMyFault in Example #1 above, procmon requires elevated access to execute. For this example, we’ll configure the EPM elevation rules to automatically elevate any time the user runs it.

Elevation Rule for Process Monitor

  1. Basics page
  2. Configuration Settings page
    • Rule name: Procmon64 v3.93 | Windows Auth
    • Elevation type: Automatic
    • File name: Procmon64.exe
    • Signature source: Not configured
    • File hash: CBE952CBCF66A0DE40D4E494C970A310257712D44363DDB157F469A351D57ACB
  3. Assignment page: All users
Procmon rule configuration summary

User Experience of Process Monitor

User experience is that Process Monitor runs without elevation!

Example #3 – VMMap

VMMap can run with standard user rights…to an extent. Full visibility requires elevated access. For this example, I configure it to use the file hash and user confirmation for Windows Authentication.

VMMap Elevation Rule

  1. Basics page
  2. Configuration Settings page
    • Rule name: vmmap v3.32 | windows auth
    • Elevation type: User confirmed > Windows authentication and Business justification
    • File name: vmmap64.exe
    • Signature source: Not configured
    • File hash: C4EE4DA8A62F92BD0C494267704E439CFFEA7C01528F0F09CB2877D805F1027A
  3. Assignment page: All users
VMMap rule configuration summary

User Experience for VMMap

User experience is that VMMap runs with standard user rights but can run with more!
Attempting to show all processes is blocked by the standard user
Running VMMap with EPM elevated access – business justification first validation
EPM requests second validation – which can use the Windows Hello for Business credential!
VMMap runs showing all processes automatically

Example #4 – Microsoft Edge Insider

This example is design to show how a reusable setting for a vendor’s code signing certificate can be configured to allow users to elevate the applications created by the vendor. This can be useful when a vendor produces updates for their applications and it’s easier for IT to allow those to be installed by the users.

I’m using Microsoft Edge because of the easy access to other channel releases and frequent updates to Microsoft Edge (Beta, Dev, Canary). If you’d prefer to not use a Microsoft application for this, Notepad++ is a great option.

Upload the Reusable Cert

  1. Create the reusable setting (certificate upload) by navigating in the Intune portal to Endpoint Privilege Management > Reusable Settings “tab”. Then click on Add.
Add reusable settings
  1. Basics page – add the name and description
  2. Configuration settings page – upload the certificate file that you’ve exported. You’ll notice the Base 64 value is displayed after processing.
  3. Review and save the certificate.
Reusable certs

Elevation Rule Policy for Microsoft Edge Insider

  1. Basics page
  2. Configuration Settings page
    • Rule name: msedge
    • Elevation type: User confirmed > Business justification
    • File name: (not defined)
    • Signature source: Certificate selected
      • Add or remove a certificate: select the certificate that was previously uploaded.
    • Certificate type: Publisher
  3. Assignment page: All users
Edge Insider Rule

User Experience of Edge Insider

Running with standard user rights
Running Edge Beta with elevated access
Entering the business justification
Edge Beta is installing

Long story short, doing the above process for the other Microsoft Edge Insider channels shows results in the same behavior of only requiring business justification as per our rule.

Install of Edge Insider Canary channel

Wrap-up

The above elevation rules provide several examples to help you get started quickly with EPM.

Getting Started with Microsoft Intune’s Endpoint Privilege Management – Part 4

Posted on Updated on

Are you new to endpoint privilege management products? Or have you used other endpoint privilege management products and are looking to explore what Microsoft has to offer? This series of blog post guides will walk you through the core process of Microsoft Intune’s Endpoint Privilege Management (EPM)…navigating you from trial activation, to prerequisites, to onboarding users/devices, to creation of example policies using real applications, and troubleshooting.

In part 3 of this series of blog post, I dove into how to enroll devices and/or users into the EPM service. For part 4, I’m getting into the basics for the creation of elevation rule policies. Most importantly, I provide tips on things to consider.

Basics of how to Collect Hashes and Certificates

As of the GA release of Intune EPM, the hash of the application or the signing certificate is required for elevation rules. If you’re unfamiliar on how to collect either of these, here’s the quick tutorial.

First, here’s an example of how to get the file hash. Simply use PowerShell with cmdlet Get-FileHash. It’s easy! It’s super important to know that every time an application is compiled, a new hash is generated. So in real-life, supporting multiple versions of an application would require a hash for each.

Example PowerShell cmdlet for Get-FileHash

Next, getting the certificate of an application is a bit more involved, but not too difficult. I’m just outlining the high-level steps with a couple of screenshots.

  1. On the .exe file, right-click and select Properties.
  2. On the tab for Digital Signatures, select the signature and click Details > View Certificate > Install Certificate > install to the Personal store of the current user.
  3. Next, open the certificate manager, navigate to Personal > Certificates > Right-click the certificate and select All Tasks > Export. Export as a Base-64 encoded certificate.
Quick steps to install and applications code-signing certificate
Quick steps to export a certificate

Basics of Creating an EPM Elevation Rules Policy

  1. In the Intune portal, navigate to Endpoint Security > Endpoint Privilege Management.
  2. On the Policies “tab”, select to Create Policy > Platform | Window 10 and later > Profile | Elevation rules policy
Basic steps to create a new EPM elevation rules policy
  1. Basics page: Provide a name and an optional description for the elevation rules policy.
    • Name: I like to use the format of App Name | Source Type | Authentication Type
    • Description: Optional. I like to include pertinent information, such as info about the vendor.
Basics page
  1. Configuration Settings page: click “edit instance” of the user confirmed elevation.
    • Rule name: I prefer to use App Name | App Version | Auth Type
    • Elevation type: as per business requirements
    • File name: The exact name of file that will be identified
    • File path: Optional, but the more concrete the better.
    • Signature source:
      • Use a cert file in reusable settings: This is the most dynamic and flexible approach as the certificate from Reusable settings can be used in multiple rules. Using certificate alone may introduce a certain amount of risk.
      • Upload a cert file: note that uploading a certificate is a one-time
      • Not configured: to use only the file hash and not a certificate.
    • File hash: hashes are the most trusted. It’s important to note that there is a different hash for every application version. As such, using hash means that there would need to be an elevation type for every version of an app, which can be contained within one rule.
Configuration Settings page
  1. Assignments page:
    • Include groups: There are many ways Assuming that you followed along with my philosophy of the approach in my part 3 blog post, you would assign this policy to All Users since it should only be applied to any user of devices that have been enrolled into EPM.
    • Excluded groups: If there are certain users that should be excluded from this rule, such as tier 2 / tier 3 desktop support admins.
Assignments page

Wrap-Up

That’s the majority key considerations and tips for the basics of creating EPM elevation rules policies. Stay tuned for the next blog post which will provide real life examples for applications that you can download and use at no cost with no hassle!

Getting Started with Microsoft Intune’s Endpoint Privilege Management – Part 3

Posted on Updated on

Are you new to endpoint privilege management products? Or have you used other endpoint privilege management products and are looking to explore what Microsoft has to offer? This series of blog post guides will walk you through the core process of Microsoft Intune’s Endpoint Privilege Management (EPM)…navigating you from trial activation, to prerequisites, to onboarding users/devices, to creation of example policies using real applications, and troubleshooting.

In part 2 of this series of blog post, I dove into the EPM trial registration and review of deployment prerequisites. For part 3, I’m covering my approach towards enrolling users/devices into EPM, validating that EPM is enabled, and my recommendations for policies.

Enroll Users or Devices?

When it comes to EPM policies, you can target users, devices, or a mix of both. For example, you might want to enroll all devices, but only apply EPM rule policies to specific users of the device. Or conversely, you might want to have all user devices enrolled, but exclude specific devices. For most (if not all) scenarios, EPM provides flexibility to manage them all!

With that said above, my approach is to enroll devices with an elevation settings policy. Then my EPM rules will target all users while also excluding any users that need to be. A simple illustration of this is in the image below.

When choosing the configuration options for EPM Client Settings policy, there are a couple of main decision points:

  1. Have data sent (or not) and the level of data that is sent (for privacy or regulatory reasons).
  2. Set the default elevation behavior to deny by default or to require user confirmation by default.

As you might guess, deny all requests is the most restrictive and will necessitate creating explicit rules that define which applications are allowed to be elevated and how. And of course, there are options to accommodate the most flexibility by allowing anything to be elevated by the user without any additional validation.

Onboard Users or Devices – The Steps

Following the above model, enrolling devices into EPM is a simple task.

  1. Create your Group that includes your devices (not covered in this guide).
  2. In the Intune portal, navigate to Endpoint Security > Endpoint Privilege Management > select Create Policy. For the policy, select Windows as the platform and Elevation settings policy.
  1. For the basics, enter the name as Enroll Devices | All Data | Deny Requests.
  1. Set the default elevation response to “Deny all requests”.
  1. Finally, assign the policy to the group of devices that were created in Step 1. Then complete the wizard.

Validating EPM Enrolls Devices

To validate EPM functionality, I recommend using a client Hyper-V virtual machine installed, running Windows 10/11, fully updated, and enrolled into Intune. This way, checkpoints can be used for quick reversal of testing. As a reminder, this is a guide for getting started quickly with EPM…it’s not meant to be a checklist of tasks for a production rollout.

  1. Once your Hyper-V virtual machine is ready, add it into the group of devices for testing which has the enrollment policy assinged.
  2. Login to the device with a user (that’s not a local admin!) who will be used to validate EPM policies. Open the Company Portal > Settings > Sync. This is only used to get the enrollment policy.
  1. Validate the EPM service (MEMEPMSvc) is running.
  1. Restart Windows (not just the service) to expedite the endpoint showing in the status in the console.
  2. Confirm the enrollment of the device in the policy reporting by navigating to the EPM Settings policy > View Report.
    Note: This might take an hour to be reflected within the Intune portal.

Getting Started with Microsoft Intune’s Endpoint Privilege Management – Part 2

Posted on Updated on

Are you new to endpoint privilege management products? Or have you used other endpoint privilege management products and are looking to explore what Microsoft has to offer? This series of blog post guides will walk you through the core process of Microsoft Intune’s Endpoint Privilege Management (EPM)…navigating you from trial activation, to prerequisites, to onboarding users/devices, to creation of example policies using real applications, and troubleshooting.

In part 1 of this series of blog post, I briefly touched on what EPM provides as part of the Microsoft Intune Suite. For part 2, I’ll be walking you through trial registration and deployment prerequisites.

Trial registration

First and foremost, the Microsoft Intune Suite (MIS) is a premium set of products delivering different management and security products. Let’s be clear that it is not included with the regular Microsoft Intune licensing. As such, an additional license will be necessary to do a proof-of-concept or production pilot of EPM. There are two choices, both are for 250 licenses over 90 days:

  • Microsoft Intune Endpoint Privilege Management (Preferred) – use this if only testing EPM.
  • Microsoft Intune Plan 2 Trial – use this if testing EPM along with other MIS tools, such as Remote Help.

If you’re unfamiliar with trial license registration, you’ll need to be a Global Administrator or Billing Administrator in your Microsoft 365 tenant. Once you’ve obtained that level of access, the steps to sign-up are straightforward.

  1. Navigate to the Intune portal > Tenant administration > select Intune add-ons.
    Important note: some M365 admin portals may have trials now located in the Marketplace, which is directly in the root menu (not under Billing).
  2. Locate EPM > select View details > select “To try or buy…”.
  1. Select “start free trial”.
  1. Complete the wizard.
  1. Finally, in the M365 admin portal under Billing > Licenses, validate the license is available.

Deployment Prerequisites

Intune EPM prerequisites are outlined at https://learn.microsoft.com/en-us/mem/intune/protect/epm-overview#prerequisites. But in short:

  • Endpoints are managed by Intune.
    • For a POC, cloud-native Intune is the easiest.
    • For production pilots, if Configuration Manager is used as the primary systems management tool, it will need to be set up for co-management. If your organization is not set up for co-management, below are a couple of resources to help you get started.
  • An agent is not required for Windows 10/11. It does require that Windows has the monthly cumulative update for April 2023 to have the ‘code’ ready to support EPM.
    • This minimum update may change over time as new capabilities require newer/code. Monthly cumulative updates are also where any code fixes and security updates will be delivered. If you have trouble keeping up-to-date, then I recommend looking at what Windows Autopatch can do for you.
    • Important: initial general availability release of EPM (April 2023), some VDI instances of Windows are not supported. Hyper-V client? You’re good to go. Windows 365? Not so much.
  • Windows needs to be Hybrid Azure AD joined or cloud-native Azure AD joined.

Getting Started with Microsoft Intune’s Endpoint Privilege Management – Part 1

Posted on Updated on

Are you new to endpoint privilege management products? Or have you used other endpoint privilege management products and are looking to explore what Microsoft has to offer? This series of blog post guides will walk you through the core process of Microsoft Intune’s Endpoint Privilege Management (EPM)…navigating you from trial activation, to prerequisites, to onboarding users/devices, to creation of example policies using real applications, and troubleshooting.

First and foremost, you may be wondering, “what is Intune EPM”? According to Use Endpoint Privilege Management with Microsoft Intune, EPM “allows your organization’s users to run as a standard user (without administrator rights) and complete tasks that require elevated privileges.”

So instead of having to grant an extensive group of people (such as a technical support desk) with admin privileges on every device, you can reduce the risk to the organization by having no-one be a local admin. Just-in-time and just-enough privileges with EPM helps to create a more secure environment.

Maybe you’re an advanced (in skills) endpoint administrator or architect and saying, “my company already has all users with no admins, and we have antivirus, and an endpoint detection / response (EDR) toolset…so why would we need an EPM product?”. My response to that line of thinking is that we need to have layers of protection but also to balance user productivity reducing downtime.

Protecting an endpoint from malicious applications while also achieving that user productivity has multiple layers for the endpoint administrator/architect. The illustration below is how I like to visualize and think about these levels.

Wrap-up

Stay tuned for the next blog post covering the initial trial registration of EPM!

M365 Endpoint Insights – April 2023

Posted on Updated on

When you woke up today, did you wonder what might be happening in the world of Microsoft 365 endpoints? Well, look no further as I’m here to give you the latest news! Lots really cool things happening. I round out Nick’s Nine Things to Know with details on Universal Print usage added to M365 E3, announcements of W365 Frontline and Windows LAPS, a playbook for ransomware protection, and critical information about M365 cloud URLs changing to a new unified domain.

All this AND MORE MORE MORE! Get your copy today at https://lnkd.in/eUiF6UJ4

M365 Endpoint Insights – March 2023

Posted on Updated on

Releasing my monthly digest for #microsoft365#endpoint insights. You’ve got to grab your copy of this one as there are some important tidbits of information that was released. In addition to the Nick’s Nine to Know section, there are four skilling snacks, three releases of the Unpacking Endpoint Management series, and 11 upcoming trainings from April 11 to June 27th (which I recommend early registration and planning to attend).

Furthermore, with the help of #microsoft365apps, I’ve modified (“updated”) the format of the newsletter for better #inclusiveness to the community of people with visual impairments that leverages screen readers. These changes were small overall to able-bodied people, but can significantly improve the experience for others.

Read and download: https://lnkd.in/gti_KcsE

M365 Endpoint Insights – February 2023 edition

Posted on Updated on

Hello community! I’m excited to announce the release of my #microsoft365 Endpoint Insights, February 2023 edition. This month’s release is packed with some pretty outstanding information, including an incredible over 30 items about deployment, management, and virtualization!

Nick’s top 9 things to know includes details about the new AI-powered #bing, big updates to #windows11, cloud-based LAPS for Windows, #microsoftintune troubleshooting, and more! Get your copy of the newsletter today at: M365 Endpoint Insights, February 2023