I am often asked, what actually is this Azure-AD? I thought I could dedicate a blog series to this question, after all it is becoming more and more important. In this series, I will also write about authentication methods, types of identities and objects, licenses and compatible services. In short, everything about Azure Active Directory.
Active Directory
Everything about Microsoft Active Directory. Incl. domain controllers, group policies, DNS and whatever else can be integrated.
Microsoft Azure AD – the license types and functions
Welcome to part 2 of the Azure-AD series. This part covers license types and features. We will also deal with the topic of license procurement and licensing possibilities. Due to the scope of functions, I cannot describe all functions contained in the individual licenses in this article. But I try to cover as much as possible and to provide links to further information.
New for Autopilot with Windows 10 1903 (Updated)
With every new release of Windows 10, there are also new features in the area of Microsoft Autopilot. If you don’t know what Autopilot is, I recommend the article “What is Microsoft Autopilot“. Today we’re talking about new features that are possible with Windows 10 1903. As always with autopilot, this also requires an up-to-date Intune instance.
Properly secure and document group policies
It’s been some time since I started working on the first basic version of the script in August 2014, and posted about it on CONET’s blog. This first version came to just 6 lines of code without the header. Since then a lot has happened and the script has grown in the TechNet Gallery. Time for a new article about the script and its function.
Windows WinRM over HTTPs
Windows Remote Management is no longer a way to think in today’s world. But why do we do it unencrypted? Normally the authentication is done by Kerberos. That’s secure enough for most people. However, Kerberos also has limitations, for example when using local accounts.
In the standard system, communication is via HTTP via TCP port 5985. Why not HTTPS? This is possible, the port TCP 5986 is intended for this. Unfortunately, this is not only missing in the firewall rule templates but also has a few barriers still in the way. We take care of these barriers today.
New version of get-GPOBackup
It has once again reached me a feature desire, and here is the implementation. With version 1.58 the group policy templates can be saved from the central store. This is especially good when importing new templates that may be buggy. This even happens to Microsoft with the German translations for Windows 10 times quite often. If you don’t know the script yet, I recommend having a look at the article: “Gruppenrichtlinien richtig sichern und dokumentieren“.
Choosing the correct Windows 10 Edition
Choosing the right edition of Windows 10 can sometimes be harder than you think for companies. For most companies, the cost versus functionality is a consideration. But which versions are there? More than one actually thinks:
Administrative templates in Intune – incl. list
In January 2019 I reported about the preview of the administrative templates in Intune. Now it’s time to see what happened. Meanwhile, the function is no longer in the preview phase and it has grown too.
GUID List of Group Policy Client Extensions
Microsoft uses GUIDs in the error messages for the GPO Client Side Extension (CSE). If you have to analyze group policies regularly and find the errors, you might want to have a list. Since it works the same way for me, I started to collect. Here is my current status, I hope it helps you.
Strategies for Windows as a Service – A Process-Oriented Perspective
I am often asked about the right strategy for “Windows as a Service”. But is there the right way? The short answer is no. It depends as so often on the circumstances, the requirements of the customer and the other customer-specific circumstances. In this article, I would like to point out different ways to the subject of Windows as a Service (WaaS). You will also get tips on what to consider when searching for your way.
What is important is that Windows as a Service is not a project, it is a process. And the challenge is to develop the process for your company in such a way that it works performant but covers all contingencies. This doesn’t just include the question if you want to skip releases.