Streamline Your Workflow with Multi Admin Approval 🛠️

-

 




As an IT admin, you can utilize a multi admin approval workflow in Microsoft Intune for PowerShell scripts. This ensures that no PowerShell script gets deployed to devices without the approval of another IT admin.


How to configure:

    1- In Microsoft Intune admin ceneter navigate to | Tenant administration | Multi Admin |                   Approval |Access policies and click Create:






    2- Then you need to give the access policy a name and keep the default profile type as "Approval powershell script" 







    3- These actions could include creating, editing, assigning, and deleting. A policy will limit         actions on a script, such as PowerShell scripts or remediation.

    
    4- You need to select a group. 

    
    5- When creating a new PowerShell script, the workflow does not include the Assign step.         However, you will be required to provide a notification.



OBS!! "As you can see, I cannot approve my own request for multi admin approval to create this policy. Someone with an admin role must approve it.




The same process applies when an admin tries to create a PowerShell script or remediation. If you create it, someone else with an admin role must approve it.



    6- I will log in with another admin account to show you and approve the request



The purpose of a multi-admin approval policy is to enhance security and reduce the risk of errors and unauthorized changes in IT systems. By requiring at least two administrators to review and approve an action, such as creating or deploying PowerShell scripts, it ensures that multiple sets of eyes have examined the action before it's executed. This helps to:


       *Prevent mistakes: Requiring approval from multiple administrators reduces the risk of            errors or incorrect changes.


       * Increase security: Having multiple approvals decreases the likelihood of a single                     administrator abusing their privileges.


      * Enhance traceability: All approvals are recorded, providing a clear audit trail and                     increasing accountability among administrators.


It's an important part of maintaining the highest possible security standards in IT administration.

Here is an example of an admin who created a script.






Now another admin need to sign in with admin account to review and approve the script.







Kommentarer

Skicka en kommentar

Populära inlägg i den här bloggen

🚀 IntuneWin – Deploying Win32 Apps via Intune 🎯

-
Bild
🔹 Benefits of IntuneWin: ✅ Seamless app packaging 📦 ✅ Automated deployment ⚙️ ✅ Centralized cloud management ☁️ ✅ Support for installation & uninstallation 🔄 The IntuneWin format is a method for preprocessing Windows Classic (Win32) applications. The tool transforms application installation files into the .intunewin format. Once you apply this tool to the app packaging folder, you can create an app enrollment configuration that enables advanced deployment features, such as OS version dependencies and uninstallation methods for remote application removal. Win32 apps in Intune size limit of 30 GB per app. To start the configuration 1- First you need to download the Microsoft Win32 Content Prep Tool :  Microsoft Win32 Content Prep Tool 2-  Unzip the tool to a folder, E, C , F etc drive (you can choose any folder you like). 3- Save your application  in the same folder as the Content Prep tools.  4- Now we will create the .intunewin package using PowerS...
Read more »

Block Personal devices to acces to Desktop apps like teams, Onedrive etc and how to troubleshooting the issue.

-
Bild
  You can use Conditional Access to block users based on location, IP address, and more, but now we will talk about blocking access for users who are using personal devices 1. Navigate to Entra ID -> Protection -> Conditional Access and create a new policy. 2- Create new policy 3-   Name your policy Assign your policy to a user/group or to all users. If you assign the policy to all users, be sure to exclude the break-glass account. It's essential to always have a break-glass account in place. In case of an error, you could accidentally lock out all users, so make sure these accounts remain unaffected. 4- In the Target resources select All resources (formerly 'All cloud apps') 5- In the conditions: Device platforms: select which devices you want the policy to apply to. In my case i will select windows and MacOS  Client apps: check all boxes except Browser, which will block everything except the browser. Here’s the magic: In the Filter for devices, you can ...
Read more »

🔧 Microsoft 365 Apps Admin Center: Tips & Tricks

-
Bild
  Microsoft 365 Apps Admin Center What is the M365 apps admin center? Deployment Configuration Profile is a configuration profile used to automate and manage how software, such as Microsoft 365 Apps (Office), should be deployed and configured on devices within an organization. This profile allows IT administrators to define exactly how the installation should proceed, which settings should apply, and which components should be included. Where are Deployment Configuration Profiles used? - Microsoft Intune: For cloud-based management of devices and software. - Office Deployment Tool (ODT): For local deployments of Office. - Group Policy: For traditional on-premises networks with Active Directory. I will configure it in the Intune environment To get started with the  Microsoft 365 Apps Admin Center ,  1-Sign in  https://config.office.com/  with you Intune admin account,  you should first go to  Settings  and activate or create a  custom profile ...
Read more »