Local administrators on AAD Joined devices

In this article, I will explain how, one could attempt to manage the built-in administrators group, on an AAD Joined Windows 10 device, using a Security Group. Since the local Administrators group, does not support the addition of AAD born security groups, I will be using Intune, PowerShell, GraphAPI and Azure AD to accomplish this. With these tools come great power, and even though this is a simplified use case, I will give some examples on more advanced use cases, at the end of the article. »

Author image Michael Mardahl

Silent Configure Outlook with Intune

Intune is great for a lot of things, but is lacking some of the basic configuration options that Group Policies bring to the table. But for some time now it has been possible to take almost any ADMX file, and ingest it into the Intune management engine. This is however not for the faint of heart! So it’s up to the community to share as many useful ADMX Ingestion / OMA-URI “conversions” as possible. »

Author image Michael Mardahl

Getting off to a good start with Microsoft Office 365 Groups

Office 365 Groups are here to stay! and they offer huge benefits for collaboration on projects and daily tasks. It is however extremely easy to just turn this feature on, and then just let the users go crazy. But you really should consider the following points before jumping the gun. A few pointers on getting off to a good start with Office 365 Groups (UnifiedGroups): Define a Naming Policy for your groups. »

Author image Michael Mardahl

Auto Mapping Office 365 Group Drives with OneDrive

UPDATE (Jan 2019): Microsoft has made changes to the way that Microsoft Teams create Office 365 Groups - so they are no longer added to Outlook by default. This means, that if you are using this script, it might not add files that reside in a Team, to your OneDrive client. I varies from tenant to tenant, I have yet to discover why it works for some, and not others. »

Author image Michael Mardahl

Enabling Microsoft MFA for users in the organization - without user interaction

Enabling MFA in Azure or Office 365, is usually a pretty straight forward thing to do… But afterwards you have to deal with the users - Who all have to finalize the deployment of MFA by completing the MFA setup wizard found at https://aka.ms/MFASetup. However, in most large organizations - IT wants to control this process and maybe even which number the MFA text message challenge is sent to, and thus provisions the mobile phone via Active Directory. »

Author image Michael Mardahl