ralpheckhard.com

Using Windows 365 Cloud PC's for your PAW Needs

Author — Sat, 28 Mar 2026 00:00:00 +0000

Windows 365 is your workplace from the cloud - a Windows machine running in a Microsoft datacenter, that you can acccess from everywhere, anytime. And as it’s Intune-managed, you can configure it anyway you like.

That brings some cool possibilities. What if you need a PAW - a Priviliged Access Workstation - that you can use to do all your administrative tasks in a secure way?

PAW Principles

A Privileged Access Workstation is built around several core security principles that protect administrative credentials and operations:

Understanding Windows 365 Connectivity: From TCP Gateways to STUN, TURN, and RDP Shortpath

Author — Sat, 14 Mar 2026 00:00:00 +0000

Optimizing your Windows 365 experience: A deep dive into connectivity options

Running a Cloud PC is one thing. Making sure the connection you have to it, is another. In this post, we will explore how Windows 365 establishes connectivity, the different transport options it uses, and how to optimize for the best possible experience.

Windows 365 Connectivity: The Basics

When you connect to a Windows 365 Cloud PC, your device needs to establish a connection to the virtual machine running in Microsoft’s datacenters. This connection is critical for performance, responsiveness, and overall user experience. Various factors can influence the quality of this connection, including network configuration, firewall rules, and the presence of NAT (Network Address Translation). Let’s have a look at the different connection types and how Windows 365 handles them.

Stream apps from Windows 365

Author — Sun, 18 Jan 2026 00:00:00 +0000

One of the latest additions to Windows 365 is a long awaited one: the ability to ‘stream’ applications, as opposed to an entire desktop, to end users. Windows 365 Cloud Apps wil give you the ability to deliver indiviudal apps, without the hassle of maintinging images or application installs, all because of the power of Intune.

In this blogpost, I will walk you to the setup proces of Windows 365 Cloud Apps, so you can start streaming your apps within no time.

The Facilitator Agent in Microsoft Teams: Turning Meetings into Structured Work

Author — Thu, 18 Dec 2025 00:00:00 +0000

Meetings are still where most decisions get made. They’re also where context gets lost, actions fade away, and follow-ups become someone else’s problem. Hybrid work didn’t create bad meetings — it just made their weaknesses more visible. People join late, leave early, miss sessions entirely, or juggle three meetings at once. The result is familiar: “What did I miss?”, “Was that actually decided?”, and “Who was going to follow up on that?” Microsoft’s Facilitator agent in Teams is designed to address exactly that problem. Not by adding more process, but by adding structure at the right moments — before, during, and after the meeting.

Biometrics in Teams: Why you should let Teams hear your voice

Author — Mon, 08 Sep 2025 00:00:00 +0000

In Teams, you have the option to do a ‘Voice and Face Enrollment’. But what is this feature? What’s in it for you? And what are the administrative implications? Let’s dive in!

What is Voice and Face Enrollment in Teams?

With this feature in Teams, you can enroll your voice and face. Sounds cool, right? It basically ’learns’ Teams how you sound and what you look like, so Teams can use it in your advantage. For example, it can help with background noise suppression, or even help you find your way in a meeting by recognizing your voice and face.

Custom Compliance policy for local admins

Author — Sat, 26 Jul 2025 00:00:00 +0000

My current gig is about replacing the current workplace, based on Windows 10, on-prem Active Directory and SCCM, with a ‘Cloud Managed Workplace’: Windows 11, Entra ID Joined devices, Intune Management and autopilot deployment.

One of the main security risks in the current workplace is the vast amount of users with local administrator rights on their devices. Time to change that!

Revoking local admin rights

Revoking local admin rights isn’t that hard, technically. You just take away the rights, or don’t give new local admin rights when replacing devices. The greatest challenges comes with user behaviour and politics. Those local admin rights are there for a reason, and people seem to really get attached to having those rights. So, communication is key.

Add holidays to Teams Phone in an automated way

Author — Tue, 16 Jul 2024 00:00:00 +0000

Adding holidays to Teams in an automated way

A quick blogpost today, leveraging some PowerShell goodness.

In a recent project, I was setting up Teams Phone System. One of the regular maintenance tasks in day to day operation, is making sure the opening hours set in the callflows (with your Auto Attendants) match the actual working hours of your business. One of the features here is the use of ‘holidays’, to specify days on which the Auto Attendant will not follow the regular opening hours, but will use a seperately defined schedule in stead.

BIO Compliancy in M365

Author — Thu, 04 Jul 2024 00:00:00 +0000

Recently, Microsoft published some tooling to check the BIO Compliancy of your M365 tenant. As BIO is a Dutch thing, this blogpost will be in Dutch :)

BIO voor de overheid

De Baseline Informatiebeveiiging Overheid (kortweg BIO) is het ‘basisnormenkader’ voor informatiebeveiliging binnen alle overheidslagen. Voorheen had elke overheidslaag (Rijksoverheid, uitvoeringsinstanties, gemeentes, etc.) zijn of haar eigen baseline, inmiddels is er dus één BIO voor alle overheden. Deze BIO is in December 2018 vastgesteld door de ministerraad. Vanaf 1 janauri 2019 is er daadwerkelijk gestart met de implementatie. Hoewel er dus één baseline is, zorgen alle overheidslagen zelf voor de eigen implementatie.

Secure your admin account with conditional access

Author — Sun, 25 Feb 2024 00:00:00 +0000

Authentication Strengths in Condtional Access are a fun thing. You can use them to provide some extra security where it’s needed. In this blogpost, we’ll look at using authentication strengths in Condtional Access to make sign-ins with your admin accounts extra secure.

What are authentication strengths

Authentication strengths are esactly what you would expect by the name: they define how strong your authentication is. This has mainly to do with extra forms of authentication besides the password, so Multi-Factor Authentication, and if this MFA can be ‘stolen’ somewhere in the authentication process.

Conditional Access Demistified

Author — Wed, 31 Jan 2024 00:00:00 +0000

Conditional Access is one of the most important security features in Entra ID. It ties all the security components of your modern workplace together and you can build all the rules you need to match your security requirements. But with great strength, comes…. Well, confusion. In the trainings I deliver is a MCT, I see a lot of students that are confused with all the posibilities within Conditonal Access. In this blogpost, I’ll try to help you understand all the posibilities so you can get started building your own policies.