The best of MEM, must read fridays - wk2206 .

2 minute read

This post highlights the most interesting blogs, tweets and articles I’ve read relating to MEM in the past week.


I figured I’d try and start something new. To stay up-to-date on what’s happening in the MEM and Windows management realm I read a ton of stuff. A serious amount of community effort and a similar amount of items Microsoft puts out. The amount of things being put out is all incredibly valuable, and covers all types of knowledge depth imaginable. On a weekly basis I am going to try and shine a light on some of those items that I personally believe you must read. I’ll equally add my view as to why I believe this is something you should probably look into. Items appear in random order.

Item 1

Some promo for a post of my own! When I originally tweeted out our toast-notification for users that had an interactive process blocked the tweet received over a 100 likes and severeal retweets alongside a number of replies on how this was achieved. This blogpost details the why and the how. Modern end-user communication on a WDAC enforced device.

Item 2

This one is a bit special, not a blogpost but just a tweet. Nevertheless it is life-altering-goodness. Thanks Jóhannes for sharing this. TIL: you can get auto completion in @code using… for graph. This makes it so much easier to code for #intune

Item 3

A security issue was uncovered where the msix protocol handler could be used to spoof the publisher of the msix. The issue was being used by malicious adversaries and as a result the handler was disabled by Microsoft. This prevents auto-installs using the string ms-appinstaller: It doesn’t prevent you from distributing msix’s with #Intune or #SCCM though, nor does it prevent you from downloading the msix and installing it that way. This showed up in my twitter feed courtesy of Garrett. More details: Disabling the MSIX ms-appinstaller protocol handler TechCommunity Article Sophos labs sharing their find with technical details on how this works.

Item 4

This one rocked the Infosec community and appeared multiple times in my feed. A win for the defense team. Microsoft, finally, decided that enough was enough with Microsoft apps for enterprise / Office Macro’s. Office Macro’s in documents delivered from the internet will now be blocked by default. I’d still like to see an easy way to identify users / devices that haven’t used macro’s within a given period so I can disable macro’s alltogether on these devices. But I, for one, definitely appreciate this Helping users stay safe: Blocking internet macros by default in Office

Item 5

I always have a keen interest in Cloud Management Gateway related items. Plenty of organizations would’ve been in quite a bit of additional hurt without a CMG. The cloud heavy ConfigMgr is a great title and a great concept. A cloud-heavy CMG is a wonderful additional to managing your Windows devices or wonderful foundation where #Intune is the wonderful addition. I appreciate the insight into how Microsoft uses CMG’s as I’ve been impressed by what the technology brings to the table from day 1. The cloud heavy ConfigMgr - Part 2

Item 6

I’ll close out with an Autopilot post. Written by mr_helaas , the joke in the name doesn’t really translate to English, but I definitely laughed. An extensive post on how to handle computernames in Autopilot scenarios.

Leave a Comment