elitego logo dark

EliteGo IT

How to Configure Azure Cloud Backup Service to Windows 11

Leave a Comment / Azure, Backup /

Introduction In this article, I will show you how to configure Azure Cloud Backup Service on Windows 11 using the proper and easiest method. What is a cloud backup service? A cloud backup service is like having a safety deposit box in the sky for all your important digital stuff. Instead of storing your files, photos, and other data on your computer or an external hard drive, you save them to a remote server run by a cloud service provider. This means your data is safely stored off-site and can be accessed anywhere with an internet connection. Cloud backup services provide several key benefits. Safety: If something happens to your computer (like theft, damage, or a crash), your data is still safe and accessible. Accessibility: Access your files from any device, anywhere in the world. Automation: Many services offer automatic backups, so you don’t have to remember to do it yourself. Scalability: Easily increase storage as your data grows. Here, I use the Azure cloud backup service on the Windows 11 operating system. Step 1. On your Azure portal, click “Create A Resource”. Step 2. In the search bar, type “Backup and Site Recovery” and click “Create”. Step 3. Now you can select your resource group and give your vault name after clicking “Create”. Step 4. After creating, click “Go to Resource”. Step 5. In this window, click “Backup”. Step 6. Here, you can select your purposes now. I’m going to select “On-Premises” after clicking “File and Folders” and then clicking “Preparing Infrastructure”. Step 7. After clicking “Download Agent for Windows Server or Windows Client”. Step 8. Then click “Already downloaded or using the latest Recovery Services Agent” after clicking download. Step 9. After clicking and installing “MARS AGENTINSTALLER”. Step 10. After installing, you will get the setup wizard. Click “Next”. Step 11. Click “Next”. Step 12. After clicking “I Don’t Want Update” then click “Next”. Step 13. Click “Install”. Step 14. Click “Process to Register”. Step 15. Click “Browse” and locate your downloaded “VAULTCREDENTIALS” file, then click “Next”. Step 16. Here, you can give your strong password and select the location of your passkey vault, then click “Finish”. Step 17. After configured, click “Close”. Step 18. Now, you can see the backup wizard. Here, you can schedule your backup with files. Conclusion We all clearly understand how to configure Azure cloud backup service to Windows 11 using the proper and easiest method and easiest way. If you need clarification regarding this topic, feel free to contact me.

How to Configure Azure Cloud Backup Service to Windows 11 Read More »

Managing Microsoft 365 Group Creation Permissions: Allowing Specific Users to Create Teams

Leave a Comment / Group, M365, Powershell /

In Microsoft 365, everyone can create groups by default, which enables seamless collaboration across Teams, Outlook, SharePoint, and more. However, organizations may want to limit this to specific users, such as team leads or trained staff, to manage resources and maintain compliance. In this guide, we’ll configure permissions so that only selected users can create Microsoft 365 Groups and Teams. (Image – 1 showing the message received when a restricted user attempts to create a team.) Why Enable Group Creation for Specific Users? By limiting group creation permissions to a designated set of users, you gain greater control over the Teams environment and avoid unnecessary or non-compliant teams being created. This setup allows only approved users to create groups across various services, like Microsoft Teams, while keeping everyone else’s permissions restricted. Note: These restrictions impact various Microsoft services, including Outlook, SharePoint, Viva Engage, and Planner, along with Teams. Key Roles That Retain Group Creation Abilities Certain admin roles retain permissions to create Microsoft 365 Groups, even if general creation permissions are restricted: Global Admins: Can create groups in the Microsoft 365 admin center, Exchange, SharePoint Teams Service Admins: Can create groups in the Teams admin center, Microsoft Entra ID SharePoint Admins: Can create groups in SharePoint admin center, Microsoft Entra ID Admins in these roles can create groups for restricted users and assign them as group owners. Steps to Enable Group Creation for a Specific Group of Users Let’s go through the process of allowing only members of a designated group to create Microsoft 365 Groups, particularly in Teams. Step 1: Create a Group to Control Permissions Begin by creating a group in Microsoft 365 for the users who should be able to create Microsoft 365 Groups: Open the Microsoft 365 Admin Center and go to Groups. Click Add a Group and choose the group type. Name your group (e.g., “Group Creators”) and add the people you want to allow group creation as members (not as owners). Tip: You can add multiple people or even nest other groups under this main group for more flexible control.   (Image – 2 Created Group) Step 2: Run PowerShell Commands to Apply Settings Next, we’ll use PowerShell to update settings and allow only the users in your newly created group to create Microsoft 365 Groups: Install the Microsoft Graph PowerShell Beta module if you haven’t already. Run Update-Module Microsoft.Graph.Beta to ensure it’s up to date. Copy the following script into a text editor, replacing <GroupName> with the name of the group created in Step 1. Import-Module Microsoft.Graph.Beta.Identity.DirectoryManagement Import-Module Microsoft.Graph.Beta.Groups Connect-MgGraph -Scopes “Directory.ReadWrite.All”, “Group.Read.All” $GroupName = “” $AllowGroupCreation = “False” $settingsObjectID = (Get-MgBetaDirectorySetting | Where-object -Property Displayname -Value “Group.Unified” -EQ).id if(!$settingsObjectID) { $params = @{ templateId = “62375ab9-6b52-47ed-826b-58e47e0e304b” values = @( @{ name = “EnableMSStandardBlockedWords” value = “true” } ) } New-MgBetaDirectorySetting -BodyParameter $params $settingsObjectID = (Get-MgBetaDirectorySetting | Where-object -Property Displayname -Value “Group.Unified” -EQ).Id } $groupId = (Get-MgBetaGroup | Where-object {$_.displayname -eq $GroupName}).Id $params = @{ templateId = “62375ab9-6b52-47ed-826b-58e47e0e304b” values = @( @{ name = “EnableGroupCreation” value = $AllowGroupCreation } @{ name = “GroupCreationAllowedGroupId” value = $groupId } ) } Update-MgBetaDirectorySetting -DirectorySettingId $settingsObjectID -BodyParameter $params (Get-MgBetaDirectorySetting -DirectorySettingId $settingsObjectID).Values   Important If you want to switch to a different group in the future, update $GroupName in the script with the new group name and rerun the script. Save the file as GroupCreators.ps1. Open PowerShell, navigate to the file location, and run:   .GroupCreators.ps1 (Image – 3 Result After executing the Script) Step 3: Verify the Changes After updating, allow about 30 minutes for the changes to take effect. Here’s how to verify: Log in with a user account that is not a member of the “Group Creators” group. Open Microsoft Teams and attempt to create a new team. You should see a message indicating that team creation is disabled. Now, try the same with a user who is a member of the “Group Creators” group. They should be able to create a team successfully Suggested Articles     1. Getting Started with Conditional Access Policies in Azure Entra: Enable MFA with Microsoft’s Default Policies     2. Use Case Scenario: Adding Multiple Users to Calendar Access     3. How to Silently Synchronize SharePoint Site Library to File Explorer using Intune Reference https://learn.microsoft.com/en-us/microsoft-365/solutions/manage-creation-of-groups?view=o365-worldwide

Managing Microsoft 365 Group Creation Permissions: Allowing Specific Users to Create Teams Read More »

Getting Started with Conditional Access Policies in Azure Entra: Enable MFA with Microsoft’s Default Policies

Leave a Comment / Azure, Azure Entra, Azure MFA, Cloud Security, Conditional Access Policy, Entra ID, Identity and Access Management, M365, Microsoft 365 Security, Microsoft Security, Multi-Factor Authentication /

With modern security requirements, organizations need to secure user identities and access beyond the traditional network. Microsoft Entra Conditional Access helps organizations implement strong security controls, enforcing policies based on user identity, device compliance, and network location. In this article, we’ll walk through the steps to enable Conditional Access policies with Microsoft’s default policy templates to enforce Multi-Factor Authentication (MFA) and safeguard your organization. What is Conditional Access? As organizational security extends beyond physical networks, protecting access with identity-driven policies has become crucial. Microsoft Entra Conditional Access is a Zero Trust policy engine that combines signals (like user location and device compliance) to make intelligent access control decisions. It’s a powerful way to enforce if-then conditions on access—if a user wants to access a resource, then they must complete an action, like verifying identity with MFA. Example of Conditional Access Policy: If a user attempts to access Microsoft 365, they must complete Multi-Factor Authentication to gain access. This security model ensures that only verified users can access your organization’s resources, providing greater protection against unauthorized access. Conditional Access Policies and Their Benefits Conditional Access is a key feature for tenants with Microsoft Entra ID P1 or P2 licenses, designed to enable stronger identity and access management controls. With Conditional Access policies, you can enforce various security measures, like MFA, for specific scenarios based on conditions like device, location, or identity type. These policies play a significant role in protecting cloud resources, especially when users connect from outside secure networks. Enforcing MFA with Conditional Access is particularly useful for securing Microsoft 365 and Azure resources, providing additional layers of verification to prevent unauthorized access. In this guide, we’ll configure Microsoft’s four default policy templates to simplify the setup and enhance overall security. Step-by-Step Guide to Enabling Conditional Access Policies in Azure Entra In this guide, we’ll enable Microsoft’s default Conditional Access policies for MFA, covering the essential steps to set up these policies for the first time in a new tenant. Step 1: Disable Security Defaults By default, new tenants in Microsoft Entra come with Security Defaults enabled. Security Defaults provide baseline protection, but to use Conditional Access, you’ll first need to disable these settings. Method 1: Disabling Security Defaults in Entra Admin Center Open Entra Admin Center. Navigate to Identity → Overview → Properties. Select Manage Security Defaults and toggle off the security defaults. (Image-1: Disabling Security Defaults in Entra Admin Center) Method 2: Disabling Security Defaults via Conditional Access Policy Setup Go to Entra Admin Center. Navigate to Protection → Conditional Access. Access Security Defaults and toggle off the option to disable security defaults. (Image-2: Disabling Security Defaults from Conditional Access Policy Setup) Step 2: Enable Microsoft’s Default Conditional Access Policies for MFA Once Security Defaults are disabled, you can use Microsoft’s default Conditional Access policy templates to quickly set up MFA across your organization. The four default policies available are: Block Legacy Authentication: Prevents access using outdated protocols that don’t support MFA, reducing security risks. Multi-Factor Authentication for Azure Management: Enforces MFA for users managing Azure resources to protect critical administrative actions. Multi-Factor Authentication for Admins: Applies MFA to admin accounts to secure these highly privileged roles. Multi-Factor Authentication for All Users: Enforces MFA for all users in the organization to secure general access. How to Enable Default Policy Templates In Conditional Access, while disabling Security Defaults, an additional option will appear: replace Security Defaults by enabling Conditional Access policies. Make sure to select this option, as it will enable all four of Microsoft’s default policy templates for MFA. (Image-3: Enabling Microsoft’s Default Conditional Access Policy Templates) Important: Ensure you select the option to replace Security Defaults with Conditional Access policies. This option will allow you to use Microsoft’s pre-configured policy templates effectively. Now, we have successfully enabled Microsoft’s four Conditional Access policy templates. (Image-4: Successfully Enabled the Four MFA Policies through Conditional Access) Step 3: Exclude Global Admin Account to Prevent Lockouts After enabling the Conditional Access policies, make sure to exclude your Global Admin account from MFA requirements within these policies. Excluding the Global Admin account is essential to prevent potential lockouts during login. To do this: Go to each policy you’ve enabled and select Assignments. In Users and groups, select Exclude and choose your Global Admin account. (Image-5: Configuring Exclusions for Global Admin Account in Conditional Access Policy) Conclusion Congratulations! You have successfully enabled Conditional Access policies in Azure Entra and enforced MFA for added security. With these policies in place, your organization is better protected against unauthorized access. Remember to periodically review and update your policies as your security needs evolve. By following this guide, you’re taking important steps toward a Zero Trust security model, ensuring that only verified and compliant users can access sensitive resources. Suggested Posts Use Case Scenario: Adding Multiple Users to Calendar Access How to Configure OneDrive Files On-Demand Sync: Mastering Configuration for Intune Administrators Easily Copy Group Memberships Between Users in Microsoft 365 Using PowerShell These posts can further enhance your understanding of tools and methods that improve productivity in your organization.

Getting Started with Conditional Access Policies in Azure Entra: Enable MFA with Microsoft’s Default Policies Read More »

Use Case Scenario: Adding Multiple Users to Calendar Access

Leave a Comment / Calendar, Collaboration, Outlook, Powershell, Sharing /

In today’s collaborative work environment, sharing calendar access efficiently can streamline communication and scheduling. Recently, I implemented a script to add multiple users to a shared calendar in my real-time environment, enhancing our team’s collaboration. Calendar Access Permissions When adding users to your calendar, it’s important to consider the level of access they need. Here are the available permissions in Outlook (Windows, Mac, and OWA) Here’s a quick overview of the permissions you can set: Permission Level Description Can view when I’m busy Shows the times of items on your calendar without any other details. Can view titles and locations Shows the time, subject, and location of events. Can view all details Shows the time, subject, location, and other details of all calendar items. Can Edit Allows users to edit your calendar as well as view all details of calendar items. Delegate Can edit your calendar, view full details, and send/accept meeting requests on your behalf. None or Not shared No permissions to view the calendar. How to Share Your Calendar in Outlook on the Web Sharing your Outlook calendar is simple with these easy steps: Open Outlook: Access Outlook on the web. Go to Calendar: Click the ‘Calendar’ icon at the top left. Select Calendar: In ‘My Calendars’, right-click the calendar you want to share and choose ‘Sharing and permissions’. (Image 1: Navigating to “Sharing and permissions”) Enter the Email: Type in the email addresses of the people you want to share with. (Image 2: Enter the email) Add People: Click ‘Share’ at the top right and enter the email addresses. Set Permissions: Send Invitation: Click ‘Send’ to share the calendar. Recipients will receive an email invitation. (Image 3: Choosing permissions) Script Example Here’s a simplified PowerShell script I used to add users to our shared calendar # Connect to Exchange OnlineConnect-ExchangeOnline $users = @( “User One”, “User Two”, “User Three”, “[email protected]”, “[email protected]” ) foreach ($user in $users) { Add-MailboxFolderPermission -Identity “[email protected]:Calendar” -User $user -AccessRights Editor } # Disconnect from Exchange Online Disconnect-ExchangeOnline -Confirm:$false Benefits of This Script Executing this script significantly simplified the process of sharing calendar access with a large number of users in our environment. By automating the permissions setup, I was able to ensure that everyone had the necessary access to collaborate effectively. Confirm Sharing: Once recipients accept, they can access your calendar according to the permissions you set. (User Will get the Invite) Conclusion Implementing this script was incredibly helpful in my environment, allowing me to efficiently share calendar access with multiple users. If you’re looking to improve collaboration and streamline scheduling, consider using this approach. Suggested Posts How to Silently Synchronize SharePoint Site Library to File Explorer using Intune How to Configure OneDrive Files On-Demand Sync: Mastering Configuration for Intune Administrators Easily Copy Group Memberships Between Users in Microsoft 365 Using PowerShell These posts can further enhance your understanding of tools and methods that improve productivity in your organization.

Use Case Scenario: Adding Multiple Users to Calendar Access Read More »

How to Silently Synchronize SharePoint Site Library to File Explorer using Intune

Leave a Comment / Intune, SharePoint /

In this step-by-step guide, we’ll walk you through the process of silently synchronizing a SharePoint site library to File Explorer using Microsoft Intune. Whether you’re an IT admin managing multiple users or want a streamlined workflow, these steps will help you achieve this effortlessly. Why Sync SharePoint Libraries to File Explorer? Synchronizing SharePoint libraries with File Explorer provides numerous benefits: Ease of Access: Access files as if they were on your local drive. Offline Availability: Work on files even when offline; they sync back when connected to the internet. Improved Collaboration: Ensure that your team always has the latest file version. Familiar Interface: Users are more comfortable with File Explorer than SharePoint’s web interface. Pre-Requisites Before we begin, ensure the following: Microsoft Intune Subscription: A valid Microsoft Intune license is required to deploy configurations to devices. OneDrive Sync Client: Ensure the OneDrive Sync Client is installed on the devices, as SharePoint libraries sync through OneDrive. SharePoint Online Plan: Your organization must use SharePoint Online for the libraries you intend to sync. Step 1: Set Up the SharePoint Library To begin, access your SharePoint site and configure it for automatic sync. Navigate to your SharePoint Online site. Open the Document Library you want to sync. At the top-right corner, select the Sync button. This will trigger a prompt to open OneDrive on the user’s machine. (Refer to Image 1) (Image-1. This shows where to click the “Sync” button on the SharePoint document library page.) When prompted to open via browser, cancel the action. You will then see a popup—copy the Library ID from there. (Refer to Image 2) (Image-2. This shows the prompt where you copy the SharePoint Library ID.) Open PowerShell in admin mode and run the following command to decode the library ID: [uri]::UnescapeDataString(“Copied String”) Use the output as your library ID. (Refer to Images 3 & 4) (Image-3. This shows the PowerShell window where the command is run to decode the Library ID.) (Image-4. This displays the decoded SharePoint Library ID in PowerShell.) Step 2: Configure OneDrive Sync in Microsoft Intune Now, let’s configure Microsoft Intune to automatically sync the SharePoint library for users. 2.1. Create a Configuration Profile in Intune Log in to the Microsoft Intune Admin Center. Navigate to Devices > Configuration Profiles. Click + Create profile. 2.2. Select the Platform and Profile Type Under Platform, select Windows 10 and later. Choose Settings Catalog under Profile type. Click Create. (Refer to Image 5) (Image-5. This shows the Intune Admin Center screen where a new configuration profile is created.) 2.3. Configure OneDrive Settings Provide a name and description for the profile. (Refer to Image 6) (Image-6. This shows the form where the name and description for the profile are entered.) Add the setting for OneDrive Sync. In the Settings picker, search for “OneDrive” and select Configure team site libraries to sync automatically (for users). (Refer to Image 7) (Image-7. This displays the Settings Picker in Intune where “Configure team site libraries to sync automatically” is selected.) This setting specifies SharePoint libraries to sync automatically when users sign in to the OneDrive app. Ensure OneDrive Files On-Demand is enabled. 2.4. Add the SharePoint Library ID The URL structure for the SharePoint document library, which includes: PowerShell [uri]::UnescapeDataString(“Copied String”) 1.  Enter the data in this format: Example below tenantId=7762b0ae-0469-4c2f-8c9d-600ca093f92c&siteId={a0fd35c9-b3d0-4419-9a20-80350d156920}&webId={d11f7ba8-3e27-49dd-bb8e-5c181fb42ceb}&listId=0d851de8-f52f-45af-acf6-d45c9c0cf400&webUrl=https://nifanliveco.sharepoint.com/sites/Office-Doc&version=1 2. Click Save. (Refer to Image 8) (Image-8. This shows the structure of the URL required for setting the SharePoint library sync in Intune.) Step 3: Assign the Profile After configuring the profile, assign it to the appropriate Azure AD groups or devices. Navigate to the Assignments section, and click Add groups/all users/devices. (Refer to Images 9 & 10) Choose the desired group and click Create. When users sign in to their Windows devices managed by Intune, the designated SharePoint library will automatically sync to their File Explorer under OneDrive. (Image-9. This shows the process of assigning the sync profile to all users in Intune.) (Image-10. This shows where groups or devices are selected for the profile assignment in Intune.) Step 4: Verifying the Synchronization To verify that the library has synced: Open File Explorer. In the left-hand pane under the OneDrive section, you should see the SharePoint library. Users can interact with the files as if they were locally stored. (Refer to Image 11) (Image-11. This shows the File Explorer window where the synced SharePoint library appears under Directory.) Step 5: Troubleshooting Common Issues If users are facing issues with the synchronization, here are some common problems and solutions: OneDrive Not Installed: Ensure that the OneDrive Sync Client is installed on the user’s device. Wrong Library ID: Double-check the library ID configuration in Intune. Ensure the URLs are correct. Permissions Issues: Verify that users have the correct permissions to access the SharePoint library. Important Notes about the OneDrive Sync Setting:The “Configure team site libraries to sync automatically” setting allows you to automatically sync SharePoint libraries when users sign in to OneDrive (OneDrive.exe). However, it may take up to 8 hours after sign-in for the sync to begin. Make sure that OneDrive Files On-Demand is enabled, as this setting is compatible only with Windows 10 (1709) Fall Creators Update or later. Avoid syncing libraries to more than 1,000 devices or large libraries to ensure smooth performance. Also, this feature does not support on-premises SharePoint sites. Once enabled, users cannot stop syncing the library. Suggested Articles Configuring OneDrive Files On-Demand Sync through Microsoft Intune: This article covers how to enable OneDrive Files On-Demand Sync, allowing users to manage their files efficiently while saving local storage space. Reference Microsoft Documentation: Configure team site libraries to sync automatically

How to Silently Synchronize SharePoint Site Library to File Explorer using Intune Read More »

How to Configure OneDrive Files On-Demand Sync: Mastering Configuration for Intune Administrators

Leave a Comment / Intune, OneDrive /

In this guide, we’ll cover the step-by-step process of configuring OneDrive Files On-Demand Sync through Microsoft Intune using the Settings Catalog. Whether you’re an IT admin or someone managing devices across an organization, enabling Files On-Demand will help users manage their files efficiently while saving local storage space. Why Use OneDrive Files On-Demand Sync? OneDrive Files On-Demand is a powerful feature that allows users to access all their files stored in OneDrive or SharePoint Online without downloading them fully to their device. This feature helps save disk space, providing users with the flexibility to mark files as “online-only” or download them for offline access as needed. Key Benefits: Saves Storage: Files appear without consuming local disk space. On-Demand Access: Files are downloaded only when accessed, minimizing storage usage. Seamless Integration: Files can be managed in File Explorer as if they are stored locally. Prerequisites Before we start, make sure you meet the following prerequisites: Microsoft Intune Subscription: An active Intune license is required. OneDrive Sync Client: The OneDrive Sync Client must be installed on user devices. Windows 10 (1709) or Later: Files On-Demand is available starting with Windows 10 Fall Creators Update (1709). Step 1: Log in to Microsoft Intune Admin Center Go to the Microsoft Intune Admin Center. Log in with the appropriate admin credentials. Step 2: Create a New Configuration Profile Navigate to Devices > Configuration profiles. Click + Create profile. Choose Windows 10 and later as the platform. Under Profile type, select Settings catalog. Click Create to proceed. (Refer to Image 1 for visual aid.) (1. Image 1: Creating a New Configuration Profile in Intune – This image should display the step of selecting “Create profile” in Intune’s admin center with Windows 10 and Settings Catalog.) Step 3: Name and Describe the Profile Provide a name for the profile, such as “Enable OneDrive Files On-Demand”. Optionally, add a description to clarify its purpose. (Refer to Image 2 for visual aid.) (2. Image 2: Naming and Describing the Profile – Show the screen where you name the profile (e.g., “Enable OneDrive Files On-Demand”) and provide a description.) Step 4: Add OneDrive Files On-Demand Setting In the Configuration settings section, click Add settings. Use the Settings picker to search for “OneDrive”. Find and select Enable OneDrive Files On-Demand under OneDrive settings. Check the box to add this option to your configuration. This setting will enable Files On-Demand on all assigned devices, allowing users to access their OneDrive files without consuming local storage. (Refer to Image 3 for visual aid.) (3. Image 3: Adding OneDrive Files On-Demand Setting – Visual of the Settings picker where “Enable OneDrive Files On-Demand” is selected under OneDrive settings.) Step 5: Configure Additional OneDrive Options (Optional) You can also configure other OneDrive-related settings in Intune. Some useful settings include: Silently sign in users to OneDrive with Windows credentials: Automatically sign users into OneDrive using their Windows credentials without additional login steps. (Refer to Image 4 for visual aid.) (4. Image 4: Configuring Additional OneDrive Settings – Display the optional settings like “Silently sign in users to OneDrive with Windows credentials.”) Step 6: Assign the Profile to Devices or Users Once your profile is ready, assign it to specific groups or users: In the Assignments section, click Add groups. Select the groups or users (e.g., All users) that should receive the policy. Click Next, then Create to finalize the profile. (Refer to Image 5 and 6 for visual aid.) (5. Image 5: Assigning the Profile to Users or Devices – An image showing the Assignments section where you select target groups or users.) (6. Image 6: Create Profile) Step 7: Verify OneDrive Files On-Demand Sync To verify that Files On-Demand is working, follow these steps on a device where the policy has been applied: Open File Explorer. Navigate to the OneDrive folder in the left pane. (Refer to Image 7 and 8 for visual aid.) (Image-7. Before Policy Applied) (Image-8. After Policy Applied) Troubleshooting OneDrive Files On-Demand Sync Issues If you encounter issues with OneDrive Files On-Demand, try these troubleshooting steps: OneDrive Sync Client Not Installed: Ensure the sync client is installed and running. Windows Version: Verify that the device is running Windows 10 version 1709 or later. Network Issues: Check for network connectivity problems preventing sync. Disk Space: Make sure there is enough available space for downloaded files. Conclusion Configuring OneDrive Files On-Demand in Microsoft Intune using the Settings Catalog is a powerful way to improve file management for your users while saving storage space. This step-by-step guide helps ensure a smooth deployment process, enabling users to access their files without using up valuable local disk space. By following these steps, you can start benefiting from the full potential of OneDrive Files On-Demand in your organization.  Reference Reference: https://support.microsoft.com/en-au/office/sync-files-with-onedrive-files-on-demand-62e8d748-7877-420f-b600-24b56562aa70 Reference: https://learn.microsoft.com/en-us/sharepoint/use-silent-account-configuration#enable-silent-configuration Suggested Articles To further enhance your understanding and skills in Microsoft Intune and file management, consider checking out these articles: Easily Copy Group Memberships Between Users in Microsoft 365 Using PowerShell –Streamline user management by learning how to efficiently copy group memberships with PowerShell. How to Setup Windows Autopilot V1 in Microsoft Intune – Understand how to configure Windows Autopilot for seamless device provisioning in your organization.

How to Configure OneDrive Files On-Demand Sync: Mastering Configuration for Intune Administrators Read More »

Easily Copy Group Memberships Between Users in Microsoft 365 Using PowerShell

Leave a Comment / Automation, Azure, Entra, Exchange, M365, Powershell /

 Managing users and their group memberships is a critical task in any IT environment. In Microsoft 365 (M365), this often involves Azure Active Directory (Azure AD) and Exchange Online. Admins frequently need to copy group memberships from one user to another. While this task is relatively simple in traditional on-premises Active Directory, the process in M365, particularly for Azure AD and Exchange distribution lists, requires more steps. This blog will introduce a PowerShell script that automates the process of copying Azure AD group memberships and Exchange distribution lists from one user to another. Whether you’re onboarding a new employee, handling a role change, or transferring permissions, this script will save time and reduce errors. (Image-1: for the line that needs to change) Why Would You Need to Copy Group Memberships? In various scenarios, copying a user’s group memberships becomes a vital part of user management: Onboarding and Role Transition: When a new user joins or an existing employee changes roles, they may need to inherit group memberships from another user. User Offboarding: Transferring permissions and group memberships to another user ensures continued access to resources without manual intervention. Standardization: Assigning consistent permissions and access rights by copying group memberships from a template user to new users can standardize access across the organization. In on-premises Active Directory, copying group memberships between users can be easily done through PowerShell or even GUI-based tools. However, in the cloud-based M365 environment, this becomes more complex as it involves Azure AD and Exchange Online, which manage both security groups and distribution lists. Why Not Use GUI Tools? While Microsoft 365 Admin Center provides tools for managing users and groups, there is no out-of-the-box feature to easily copy group memberships between users. The process becomes tedious if you manually go through each group for one user, especially when dealing with a large number of groups or distribution lists. Using a PowerShell script helps streamline the process, making it faster, more accurate, and more repeatable. Plus, it can log each action taken, providing admins with visibility into what’s been done. Introducing the PowerShell Script This PowerShell script is designed to: Copy all Azure AD security group memberships from one user to another. Copy all Exchange Online distribution lists from the source user to the target user. Log the results (both successes and failures) to a CSV file for easy review. By the end of this process, the target user will have the same group memberships as the source user, ensuring consistent access across Azure AD and Exchange Online environments. Pre-requisites: Before running the script, make sure: You have PowerShell installed on your machine. You have administrative credentials for Azure AD and Exchange Online. You’re familiar with the users whose memberships you need to copy. Customization: Based on your requirements, update the following lines in the script: Line 23: Connect-ExchangeOnline -UserPrincipalName [email protected] – Replace with the admin email you use for Exchange Online. Lines 26-27: sourceUser and targetUser – Replace these with the email addresses of the users you’re working with. You can change these variables to suit your needs and copy memberships between any users in your tenant. For more clarification check the Image-1 above  The Script: Here’s the full PowerShell script for copying group memberships from a source user to a target user, along with logging and module checks: # Script created by Nifan for copying Azure AD and Exchange Online group memberships # This script connects to Azure AD and Exchange Online, copying group memberships # and logging the results. # Check and install the AzureAD module if not already installed if (-not (Get-Module -ListAvailable -Name AzureAD)) { Install-Module -Name AzureAD -Force -AllowClobber } # Check and install the Exchange Online module if not already installed if (-not (Get-Module -ListAvailable -Name ExchangeOnlineManagement)) { Install-Module -Name ExchangeOnlineManagement -Force -AllowClobber } # Import the installed modules Import-Module AzureAD Import-Module ExchangeOnlineManagement # Connect to Azure AD (will prompt for credentials) Connect-AzureAD # Connect to Exchange Online (will prompt for credentials again) Connect-ExchangeOnline -UserPrincipalName [email protected] # Enter your admin user for Exchange Online # Define the source and target users $sourceUser = “[email protected]” $targetUser = “[email protected]” # Output file for logging results $logFile = “C:GroupCopyResults.csv” # Initialize the log file with headers and credit “Created by: Nifan`nGroup Name,Type,Status” | Out-File $logFile # Step 1: Get the Azure AD group memberships of the source user $groups = Get-AzureADUserMembership -ObjectId (Get-AzureADUser -ObjectId $sourceUser).ObjectId # Add the target user to each of the Azure AD groups the source user is a member of foreach ($group in $groups) { try { # Add the target user to the Azure AD group Add-AzureADGroupMember -ObjectId $group.ObjectId -RefObjectId (Get-AzureADUser -ObjectId $targetUser).ObjectId # Log success “$($group.DisplayName),Azure AD Group,Success” | Out-File $logFile -Append } catch { # Log failure with error message “$($group.DisplayName),Azure AD Group,Failed – $($_.Exception.Message)” | Out-File $logFile -Append } } # Step 2: Now handle distribution lists (DLs) in Exchange Online # Get the list of distribution groups the source user is a member of $dlGroups = Get-DistributionGroup | Where-Object { (Get-DistributionGroupMember -Identity $_.Identity).PrimarySmtpAddress -contains $sourceUser } # Add the target user to each distribution list foreach ($dl in $dlGroups) { try { # Add the target user to the distribution list Add-DistributionGroupMember -Identity $dl.Identity -Member $targetUser # Log success “$($dl.DisplayName),Distribution List,Success” | Out-File $logFile -Append } catch { # Log failure with error message “$($dl.DisplayName),Distribution List,Failed – $($_.Exception.Message)” | Out-File $logFile -Append } } # Notify the user where the results are saved Write-Host “Results saved to $logFile” # Disconnect from Azure AD and Exchange Online Disconnect-AzureAD Disconnect-ExchangeOnline -Confirm:$false # Use -Confirm:$false to suppress confirmation prompt Key Components of the Script Azure AD Group Membership: This part of the script copies Azure AD security groups using the Get-AzureADUserMembership and Add-AzureADGroupMember cmdlets. The source user’s groups are fetched and the target user is added to each group. Exchange Distribution Groups: Exchange Online’s distribution groups are handled using the Get-DistributionGroup and Add-DistributionGroupMember cmdlets. The script checks if the source user is part of a distribution

Easily Copy Group Memberships Between Users in Microsoft 365 Using PowerShell Read More »

Exploring Windows Admin Center (WAC v2) Public Preview: Key Features and Installation Guide

Leave a Comment / Admin, Central, Server, Windows /

Discover the exciting new features in the Windows Admin Center (WAC) v2 Public Preview, how to download it, and a detailed guide on installing the updated version. Introduction to Windows Admin Center (v2) Public Preview The release of Windows Admin Center (WAC) v2 Public Preview brings a range of powerful new features designed to streamline the management of Windows servers and infrastructures. Whether you’re a seasoned admin or new to WAC, this update promises better performance, enhanced security, and improved tools. Let’s explore what’s new, where to download it, and how to install this new version. What’s New in Windows Admin Center (v2) Public Preview 1. Upgrade to .NET Core 8 One of the most notable improvements in WAC v2 is the upgrade from .NET Core 6 to .NET Core 8. This upgrade brings significant performance boosts, enhanced security through better cryptography, and support for HTTP2, which lowers latency and improves responsiveness. These changes directly address one of the major concerns many users had—slow performance in previous versions of WAC. The front-end of WAC v2 is built on Angular, hosted within Microsoft’s proprietary shell, which manages core services, server management, and extensions. The back-end gateway handles authorization, PowerShell services, and plugins, ensuring smooth and secure management operations. Windows Admin Center Architecture 2. Updated Virtual Machine (VM) Management Tool The VM management tool has received significant updates, aimed at making Hyper-V management more efficient. Key improvements include: Enhanced VM operation handling, reducing the need for full table refreshes. Removal of the runtime pipeline, improving overall system performance. Deferred cluster node checks and other operations until after initial load, reducing delays. Performance optimizations by limiting the number of columns in the default VM view. A revamped Azure Site Recovery integration, offering a more intuitive experience. These updates are a direct response to long-standing frustrations with the legacy Hyper-V management tools, positioning WAC as a more efficient solution. 3. Installer Enhancements The installation process has been revamped, giving admins greater control. New options include configuring network access settings, trusted hosts, and assigning fully qualified domain names (FQDNs) for the gateway server. 4. New Data Migration Process For admins upgrading from previous versions, the new installer simplifies data migration. It automatically transfers most configuration data, requiring manual input for only a few items, such as proxy credentials and Azure registration settings. Future updates promise seamless migration with no further input needed. 5. Updated Settings Interface Microsoft has overhauled the settings interface in WAC v2, making it more intuitive. Notable changes include the removal of certain blades, such as the “Updates and Access” settings, while the “Shared Connections” feature is now available in local gateway installations. Windows Admin Center Settings Screen How to Install Windows Admin Center (v2) Public Preview Follow these steps to download and install the latest WAC version: Step 1: Download the Installer You can download the latest WAC v2 Public Preview here. Once the download is complete, launch the installer. Step 2: Start the Installation Run the installer and click “Next” to begin the installation process. (fig1: windows admin center v2 installation begins) Step 3: Accept the EULA Carefully read and accept the End User License Agreement (EULA). (fig2: Accept the EULA for Windows Admin Center v2 installation) Step 4: Select a TLS Certificate Choose whether to use an existing TLS certificate or generate a new self-signed certificate (valid for 60 days). This certificate is crucial for securing the WAC gateway. (fig3: Select the TLS certificate you want to use and if you want it to generate a new cert) Step 5: Select the TLS Certificate Thumbprint On the next screen, you can select the thumbprint of the TLS certificate you want to use. (Fig4: Select the thumbprint of the TLS certificate you want to use for Windows Admin Center v2 public preview) Step 6: Choose Start Menu Folder Select the start menu folder where you want WAC v2 to be installed. (Fig5: Windows Admin Center v2 preview start menu folder) Step 7: Ready to Install After configuring the necessary settings, click “Install” to begin the installation process. (fig6: Ready to install Windows Admin Center v2 public preview) Step 8: Installation Begins The installer will proceed with setting up Windows Admin Center v2. (fig7: Installation of Windows Admin Center v2 public preview begins) Step 9: Complete the Installation Once the installation is complete, you’ll have the option to launch WAC v2 immediately. Click “Finish” to complete the process. (fig8: Completing Windows Admin Center v2 public preview installation) Final Thoughts The Windows Admin Center (v2) Public Preview offers significant improvements in both performance and usability. With the upgrade to .NET Core 8, optimized VM management tools, and a simplified installation process, Microsoft is addressing the long-standing challenges faced by system administrators. These enhancements position WAC as a powerful, efficient, and secure tool for managing modern Windows environments. As Microsoft continues to refine WAC, these updates will further encourage adoption among IT professionals, especially those managing Hyper-V environments and large server infrastructures. Keep an eye out for more updates as Microsoft fine-tunes this essential tool. (Fig: Viewing the dashboard of the local machine with Windows Admin Center v2 Public Preview) By providing enhanced security, faster performance, and more intuitive management capabilities, Windows Admin Center (v2) Public Preview is set to revolutionize how administrators manage Windows environments in enterprise settings.

Exploring Windows Admin Center (WAC v2) Public Preview: Key Features and Installation Guide Read More »

Deploying Google Chrome via Win32 in Microsoft Intune

Leave a Comment / Chrome, Intune /

In this article, we will go over how to deploy Google Chrome using the Win32 app method in Microsoft Intune. Previously, I demonstrated how to deploy Chrome using Line of Business (LOB) apps. However, based on feedback from a discussion on LinkedIn, I’ve decided to implement it using the Win32 app method for a more efficient approach. Without further delay, let’s begin the demo. Preparing the Win32 Package I’ve already prepared the necessary PowerShell scripts and converted them into a Win32 Intune package. To save you the hassle of going through the conversion process yourself, you can download the pre-converted file (install.intunewin) directly from my GitHub repository. If you want to see the contents of the converted package, I’ve also attached the original scripts within the repository’s zip file. (Refer to Figure 1 for a visual guide) Step 1: Login to Microsoft Intune Go to Microsoft Intune Admin Center. Navigate to Apps > All Apps. Click on +Add. In the right-hand panel, under App type, select Windows app (Win32) from the dropdown list and click Select. (Refer to Figure 2) Step 2: Uploading the Win32 Package On the App package file page, click the Browse button. Select the converted .intunewin file that you downloaded earlier. Click OK to proceed. (Refer to Figure 3) Step 3: Enter Application Details On this page, you’ll need to fill in the necessary information for the application you’re deploying. Here’s what you should provide: Application Name: Enter “Google Chrome” or your preferred name for easy identification. Description: Provide a brief description, such as “Google Chrome Browser Deployment via Win32 in Intune.” Publisher: Enter “Google LLC.” Version (Optional): Enter the version number of the Google Chrome installer you’re deploying (e.g., 115.0.5790.170). Category (Optional): Choose a category, such as “Browsers” or “Productivity,” to help organize your apps. Information URL (Optional): Add a link to additional information or documentation if applicable. Once you’ve filled in all the details, click Next to proceed to the next step. (Refer to Figure 4) Step 4: Configure Installation & Uninstallation: Install Command %SystemRoot%sysnativeWindowsPowerShellv1.0powershell.exe -executionpolicy bypass -command .install.ps1 Uninstall Command %SystemRoot%sysnativeWindowsPowerShellv1.0powershell.exe -executionpolicy bypass -command .uninstall.ps1 Set Device Restart Behavior to No specific action to suppress device restarts after installation. (Refer to Figure 5) Step 5: Set Requirements On the Requirements page, you must specify the mandatory conditions for app installation. These requirements ensure the app is only installed on compatible devices.For example, here are the requirements for this deployment: Operating System Architecture: 64-bit Minimum Operating System: Windows 10 1607 or later (Refer to Figure 6) Step 6: Add Detection Rules I’ve provided detection rules within the GitHub repository that you’ll need to upload at this step. (Refer to Figure 7) Step 7: Assign the App Under Assignments, you can choose to assign the app to All Devices under the Required section to ensure it is deployed across all endpoints. Alternatively, you can specify certain device groups for more targeted deployment. (Refer to Figure 8) Step 8: Review & Create Review your settings on the Review + create page. If everything looks good, click Create to finalize the app deployment. (Refer to Figure 9) Step 9: Monitor the Deployment Once the app has been created, you can monitor its progress in the Notifications area of the Intune Admin Center. (Refer to Figure 10) Step 10: Sync Devices with Intune The app will be installed on the assigned devices the next time they check in with Intune. To speed up the process, you can manually sync the devices. This method allows you to streamline your deployments and ensures that apps are efficiently installed on your managed devices through Microsoft Intune.

Deploying Google Chrome via Win32 in Microsoft Intune Read More »

How to Deploy Google Chrome Using Microsoft Intune | MEM

Leave a Comment / Chrome, Intune /

To begin deploying Google Chrome using Microsoft Intune, follow these streamlined steps. I’ve included images to guide you through each part of the process. Step 1: Download Google Chrome Enterprise First, download the Enterprise version of Google Chrome from the following link: Download Google Chrome Enterprise. Figure 1: Download the Enterprise version of Google Chrome. Step 2: Access Apps in Intune Navigate to the Microsoft Endpoint Manager Admin Center and go to Apps > Windows  Figure 2: Navigate to the Apps section in Intune. Step 3: Add App Type  as a Line of Business App After selecting Add, choose the App type. Select Line of business app from the list and click Select. Figure 3: Choose the Line of Business app type. Step 4: Select the Google Chrome MSI File In the App package file section, click Select file. Choose the downloaded Google Chrome MSI file from your computer. Click OK to upload the file. Figure 4: Select and upload the Google Chrome MSI file. Step 5: Configure App Details Name: Enter a name for the app, such as “Google Chrome.” Publisher: Type “Google.” Version: Specify the version of Chrome you downloaded. Additional fields are optional. Fill them out as needed based on your organization’s requirements.             Figure 5: Configure the app settings. Step 6: Assign the App After uploading the Google Chrome app to Intune, go to the Assignments section. Here, you can target specific groups or select all devices for deployment. Click Next to proceed.          Figure 6: Assign the app to devices or user groups. Step 7: Finalize the Creation Click Create to complete the app creation process.                 Figure 7: Finalize the app creation. Step 8: Deployment The app will be processed and deployed to the assigned devices. This may take some time. Figure 8: Deployment in progress. Final Output Figure 9: Final Output This guide provides a clear and concise overview of how to create and deploy the Google Chrome app in Intune. If you have any questions or need further assistance, don’t hesitate to ask. Your feedback is valuable—please let me know how this guide worked for you or if there are any areas for improvement. Thanks for reading!

How to Deploy Google Chrome Using Microsoft Intune | MEM Read More »

Partner with Us for Comprehensive IT
 

We’re happy to answer any questions you may have and help you determine which of our services best fit your needs.

Whatsapp us at: +94 777 64 62 11
Your benefits:
  • Client-oriented
  • Independent
  • Competent
  • Results-driven
  • Problem-solving
  • Transparent
What happens next?
1

We Schedule a call at your convenience 

2

We do a discovery and consulting meting 

3

We prepare a proposal 

Schedule a Free Consultation

Your Trusted Partner for IT Support, Freelancing, and On-Demand Solutions

Facebook-f X-twitter Linkedin

Service

Managed IT Services

Cloud Solutions

Web Development & Support

Remote IT Support

Useful Links

Terms of Service

Privacy Policy

Disclosures

Colombo, Sri Lanka

[email protected]

+94 76 77 27 137

© 2024 EliteGo IT. All rights reserved.

Get A Quote
Get A Quote