Tech Trends and Insights

A great example is when you have an Intune tenant where you create and test all your policies before deploying them in a live environment. Once you’ve tested and validated the policies in your test tenant, you can export them and import them into your production tenant.  This process is very practical for several reasons: 1. Consistency : It ensures that the same policies are applied in both test and production environments, reducing the risk of errors or mismatches. 2. Efficiency : Instead of manually recreating the same policies in the production tenant, you can simply export and import, saving time and effort. 3. Risk Mitigation : By testing in a separate tenant first, you can ensure that the policies don’t cause any unintended issues or disruptions in your production environment. 4. Automation : This approach can be automated, making it easier to manage multiple environments, especially when you have complex or numerous policies. This method helps streamline the deployment proc...

  Microsoft 365 Apps Admin Center What is the M365 apps admin center? Deployment Configuration Profile is a configuration profile used to automate and manage how software, such as Microsoft 365 Apps (Office), should be deployed and configured on devices within an organization. This profile allows IT administrators to define exactly how the installation should proceed, which settings should apply, and which components should be included. Where are Deployment Configuration Profiles used? - Microsoft Intune: For cloud-based management of devices and software. - Office Deployment Tool (ODT): For local deployments of Office. - Group Policy: For traditional on-premises networks with Active Directory. I will configure it in the Intune environment To get started with the  Microsoft 365 Apps Admin Center ,  1-Sign in  https://config.office.com/  with you Intune admin account,  you should first go to  Settings  and activate or create a  custom profile ...

🔹 Benefits of IntuneWin: ✅ Seamless app packaging 📦 ✅ Automated deployment ⚙️ ✅ Centralized cloud management ☁️ ✅ Support for installation & uninstallation 🔄 The IntuneWin format is a method for preprocessing Windows Classic (Win32) applications. The tool transforms application installation files into the .intunewin format. Once you apply this tool to the app packaging folder, you can create an app enrollment configuration that enables advanced deployment features, such as OS version dependencies and uninstallation methods for remote application removal. Win32 apps in Intune size limit of 30 GB per app. To start the configuration 1- First you need to download the Microsoft Win32 Content Prep Tool :  Microsoft Win32 Content Prep Tool 2-  Unzip the tool to a folder, E, C , F etc drive (you can choose any folder you like). 3- Save your application  in the same folder as the Content Prep tools.  4- Now we will create the .intunewin package using PowerS...

 ☝As a Global Administrator in Microsoft Entra ID, you might not have access to all subscriptions and management groups in your directory. Below are methods to elevate access to all subscriptions and management groups 1- Global Administrators should consider the following scenarios for elevating access. 2- Regain access to an Azure subscription or management group when a user has lost access. 3- Grant another user or yourself access to an Azure subscription or management group. 4- See all Azure subscriptions or management groups in an organization. 5- Allow an automation app (such as an invoicing or auditing app) to access all Azure subscriptions or management groups. Follow these steps to elevate access for a Global Administrator using the Azure portal. 1- Sign in to the Azure portal or the Microsoft Entra admin center as a Global Administrator. 2- Open Azure -> navigate to Entra ID. 3- Under Manage, select Properties. 4- Under Access management for Azure resources,  set t...

Log in to the Microsoft 365 Admin Center. Navigate to the Copilot section. Go to Settings.Locate the setting for self-service purchases of Microsoft 365 Copilot. Select Not allow to disable self-service purchases. step by step using powershell 👇 PowerShell Script # Install the MSCommerce module Install-Module -Name MSCommerce # Connect to MSCommerce Connect-MSCommerce # Get an overview of all self-service purchase options Get-MSCommerceProductPolicies -PolicyId AllowSelfServicePurchase # Disable a specific self-service purchase product # You need the ProductId from the list above Update-MSCommerceProductPolicy -PolicyId AllowSelfServicePurchase -ProductId CFQ7TTC0HDB0 -Enabled $False # Disable all self-service purchase products Get-MSCommerceProductPolicies -PolicyId AllowSelfServicePurchase | ForEach-Object { Update-MSCommerceProductPolicy -PolicyId AllowSelfServicePurchase -ProductId $_.ProductId -Enabled $False }...

 However, we all know that users are users and things will go wrong. For that, we need to be able to troubleshoot issues. Fortunately, Intune has excellent troubleshooting tools where we can quickly review what issues a user may be having. Step by step:

Recently, someone asked if it's possible to identify guest accounts that haven’t signed into a tenant recently and add them to a group. The target group could be a distribution list or a Microsoft 365 group. With the widespread use of guest accounts in Microsoft 365 for external sharing (think of Loop as the latest example adopting Entra ID B2B Collaboration), it’s inevitable that some guest accounts are no longer in use. Identifying and managing these inactive accounts isn’t just good housekeeping—it’s smart IT management. Why keep accounts that no longer serve a purpose? Here’s how you can take action: 1️⃣ Create a Target Group: Start by creating a distribution list or Microsoft 365 group where you’ll store the inactive guest accounts. You can do this in the Exchange or Microsoft 365 admin centers, or by running PowerShell commands like New-DistributionGroup (for a distribution list) or New-UnifiedGroup (for a Microsoft 365 group). 2️⃣ Update Membership Automatically: Once your g...