Soluții

How to perform a clean boot on Win 10

  1. Sign in to the computer as an administrator. If you don’t have an administrator account, see Manage user accounts in Windows to learn how to create one.
  2. In the Search box  on the taskbar, type msconfig and select System Configuration from the list of results.Search result - System Configuration

    Important: If the computer is connected to a network, network policy settings might prevent you from following these steps. Only use the System Configuration utility to change the advanced boot options on the computer with guidance from a Microsoft support engineer.  Using the System Configuration utility might make the computer unusable.

  3. On the Services tab of System Configuration, select Hide all Microsoft services, and then select Disable all. Select Apply.System Configuration - Services tab - Hide all Microsoft services check box checked - Disable all
  4. On the Startup tab of System Configuration, select Open Task Manager.System Configuration - Startup tab - Open Task Manager button
  5. On the Startup tab in Task Manager, for each Enabled startup item, select the item and then select Disable. (Keep track of which items have been Disabled. You will need to know this later)
  6. Close Task Manager.
  7. On the Startup tab of System Configuration, select OK. When you restart the computer, it will be in a clean boot environment. You can now try to troubleshoot your problem by trying the troubleshooting steps in the section, install, uninstall, or run application.

    Warning: Your computer might temporarily lose some functionality while in a clean boot environment.

[mai mult...]

How to perform a clean boot on Win 11

  1. Sign in to the computer as an administrator. See Manage user accounts in Windows to learn more about configuring a user account as an administrator.
  2. Select Search, type msconfig, and then select System Configuration from the list of results.The search box in Windows 11.

    Important: If the computer is connected to a network, network policy settings might prevent you from following these steps. Only use the System Configuration utility to change the advanced boot options on the computer with guidance from a Microsoft support engineer.  Using the System Configuration utility might make the computer unusable.

  3. On the Services tab of System Configuration, select Hide all Microsoft services, and then select Disable all. Select Apply.The Services tab in System Configuration in Windows 11.
  4. On the Startup tab of System Configuration, select Open Task Manager.The Startup tab in System Configuration in Windows 11.
  5. On the Startup apps tab in Task Manager, for each Enabled startup item, select the item and then select Disable. (Keep track of which items have been Disabled. You will need to know this later.)
  6. Close Task Manager.
  7. On the Startup tab of System Configuration, select OK. When you restart the computer, it will be in a clean boot environment. You can now try to troubleshoot your problem by trying the troubleshooting steps in the section,install, uninstall, or run on application

    Warning: Your computer might temporarily lose some functionality while in a clean boot environment.

  8. Once you are done troubleshooting your problem and want to return your computer to a normal startup, follow the steps in the section, Reset the computer after the clean boot.
[mai mult...]

Azure AD vs Entra ID: what’s changed in 2025 for Small Businesses?

Microsoft Entra is now an umbrella identity platform that includes:

  • Entra ID (formerly Azure AD)

  • Entra Permissions Management

  • Entra Verified ID

  • Entra ID Governance (enterprise-level)

For most SMBs, Entra ID is the primary concern — the backbone of user authentication for Microsoft 365, Teams, Intune, and even third-party apps.

 Free vs Paid Plans: 2025 Breakdown

Feature Free Entra ID P1 Entra ID P2
Single Sign-On (SSO) ✅ ✅ ✅
User/Group Management ✅ ✅ ✅
Security Defaults (MFA on all users) ✅ ✅ ✅
Conditional Access Policies ❌ ✅ ✅
Self-Service Password Reset (SSPR) ✅ (for cloud-only) ✅ ✅
Hybrid Join (on-prem AD) ❌ ✅ ✅
Identity Protection (risk-based MFA) ❌ ❌ ✅
Privileged Identity Management (PIM) ❌ ❌ ✅
Access Reviews ❌ ❌ ✅
Pricing (2025 est.) Free ~6 USD/user/month ~9 USD/user/month

The Free plan is still surprisingly useful for small teams using Microsoft 365:

  • Cloud-based user accounts

  • Basic MFA via Security Defaults

  • Integration with up to 10 third-party SSO apps

  • Admin portal with user logs

However, it lacks Conditional Access, so you can’t enforce more granular policies like:

“Block access unless user is in Romania and on a compliant device.”

Entra ID P1 is often the sweet spot for SMBs in 2025. It unlocks:

  • Conditional Access policies (location, device, risk)

  • Hybrid AD Join (sync on-prem Active Directory)

  • Self-service group management

  • Intune + Entra integration for device compliance

 Example use case: An SMB wants to allow Teams logins only from managed mobile devices — P1 is required.

This tier is usually overkill for SMBs, unless:

  • You manage multiple administrators and need PIM (just-in-time access)

  • You require Identity Protection to detect risky sign-ins and automate blocking

  • You need Access Reviews for compliance (ISO 27001, HIPAA)

It’s most useful for MSPs or SMBs working in finance, healthcare, or government sectors.

Licensing Notes (April 2025)

  • Microsoft 365 Business Premium now includes Entra ID P1

  • Microsoft is testing per-group conditional access licensing, expected late 2025

  • A new SMB-specific bundle (with Defender for Endpoint and Intune) is in preview.

[mai mult...]

Windows 11 24H1: what IT Admins need to know

24H1 is the first half-yearly feature update of 2025, building on the previous 23H2 release with enhancements focused on:

  • AI-powered workflows

  • Security hardening

  • User experience refinements

  • Integration with Microsoft 365 and Entra ID (formerly Azure AD)

This update is available to both Home and Pro editions, but enterprise environments using Windows 11 Enterprise and Education should expect additional features via their servicing channels.

1. New Group Policies

Microsoft has introduced and deprecated several GPO settings:

New:

  • EnableCopilotChat – Allows or blocks AI assistant Copilot per user/device

  • ForceWindowsUpdatesAIRecommendations – Enable AI-powered update suggestions

  • HideMicrosoftAccountRequirement – (for Pro) optional control over OOBE flow

 Deprecated:

  • DoNotShowWelcomeExperience is now replaced with a new onboarding flow

  • Older Edge GPOs for legacy InPrivate restrictions

 Tip: Use the latest Administrative Templates (ADMX) to reflect these changes in your GPMC.

2. Changes to Out-of-Box Experience (OOBE)

Microsoft continues its push toward cloud-based accounts and AI onboarding.
The default OOBE flow now requires an internet connection and pushes for Microsoft accounts — even on Windows 11 Pro.

Workaround: Use tools like Rufus to pre-modify the ISO or use unattend XML scripts with local account presets for enterprise imaging.

3. File Explorer & Taskbar Behavior

  • New File Explorer with tab grouping and context-aware previews

  • Taskbar now integrates Copilot by default, unless disabled via GPO

  • Recent bug reports indicate slow navigation on systems with mapped network drives — a known issue being patched in KB5037543

4. New Security Defaults

  • Smart App Control is now enabled by default on clean installs

  • Support for Pluton Security Processor (on new laptops)

  • Improved credential isolation via LSA Protection auto-enabled

Be prepared to adjust hardening policies in organizations using legacy apps or unsigned drivers.

Compatibility Notes

Many legacy tools and monitoring agents might not behave well with new AI APIs and Copilot overlays. Common issues have been reported with:

  • Older endpoint security tools

  • Custom automation scripts that rely on deprecated Shell hooks

  • RDP clients using TLS 1.0 (which is now blocked)

Recommendation: Run a pilot deployment on non-critical endpoints before full rollout.

Deployment & Update Best Practices

  • WSUS/SCCM: 24H1 is available as Feature Update via WSUS

  • Intune: Compatible with Intune version 2403+. Enables AI settings at deployment

  • Media Creation Tool: Use only for non-domain endpoints or manual testing.

[mai mult...]