Mike's MDM Blog

Blog about Microsoft Intune, Windows and Co.

  • Intune Remediation to verify BitLocker keys are uploaded to Entra ID

    Intune Remediation to verify BitLocker keys are uploaded to Entra ID

    Today I want to show you how you can check if the BitLocker Key Backup to Entra ID (AzureAD) was successfully done. We have configured BitLocker encryption in Intune to silently encrypt the system drive and automatically upload the recovery key. Usually these Settings should ensure, that the device is only encrypted if the Recovery…

  • Modern OS Provisioning for Windows Autopilot using OSDCloud

    Modern OS Provisioning for Windows Autopilot using OSDCloud

    Today I want to talk about modern OS Deployment for Windows Autopilot Enrollments using OSDCloud. Also, I will show you where we came from with regards of OS Provisioning and which customizations we made to OSDCloud to make it fit our needs even more. OSD using a SCCM Task Sequence When we started using Windows…

  • Windows 365 – Switch to your CloudPC via TaskView

    Windows 365 – Switch to your CloudPC via TaskView

    Today I want to talk about Windows 365 Switch, which is now available as public preview to Windows Insiders. With Windows 365 Switch you can access your CloudPC just like a second Desktop in Task View. Let’s start with the Prerequisites to start testing and I will go over, how it looks and my personal…

  • Windows 365 – Boot directly to your CloudPC

    Windows 365 – Boot directly to your CloudPC

    Today I want to talk about a cool new feature that Microsoft recently released as public preview, Windows 365 Boot. With Windows 365 Boot, you can convert every Windows 11 Client into a Thin Client like experience, that let you access your Windows 365 CloudPC super easy. Prerequisites Configuring the Guided scenario in Intune To…

  • Using Intune driver and firmware management to update your devices

    Using Intune driver and firmware management to update your devices

    Today I want to talk about a really cool feature, which came with Intune Release 2306, driver and firmware management in Intune. While the backend service using Windows Update for Business Deployment Services (WUfB-DS) was available earlier, you had to create the policy’s manually via Graph API. Now with the seamless integration in Intune, it’s…

  • Run Applications in Intune Company Portal on Demand

    Run Applications in Intune Company Portal on Demand

    Have you ever wondered, if you can run an application or script on Demand with Intune Company Portal, like you could do in SCCM / ConfigMgr when choosing Packages instead of Applications? Currently this is not possible out of the Box with Intune, but today I want to show you, what you can do to…

  • Organizational messages in Microsoft Intune and custom messages via Powershell

    Organizational messages in Microsoft Intune and custom messages via Powershell

    Today I want to talk about Organizational messages in Microsoft Intune, what you can do with them and what you can do, if you need a more customizable notification area message, than what is currently possible in Intune. Organizational messages Let’s start with what are Organizational messages. They are a really cool new feature, that…

  • Deploy a basic WDAC Policy with Intune as managed Installer

    Deploy a basic WDAC Policy with Intune as managed Installer

    Today I want to show you, how you can deploy a basic WDAC (Windows Defender Application Control) Policy that uses the Intune Management Extension (IME) as managed Installer to allow only Apps that are deployed via Intune. WDAC Policy At first we start creating a basic WDAC Policy, using the officia WDAC Wizard from: https://webapp-wdac-wizard.azurewebsites.netWe…

  • Create or set Registry Keys in Intune using (Proactive) Remediations

    Create or set Registry Keys in Intune using (Proactive) Remediations

    Today I will show you, how you can create or set Registry Keys using Intune (Proactive) Remediations. For (Hybrid) Domain joined Clients we used Group Policy Preferences to set these RegKeys, but as there is no such thing for Azure AD joined Clients, we will use a small remediation script for this. As an example,…

  • Verify and replace Files with Proactive Remediations in Intune

    Verify and replace Files with Proactive Remediations in Intune

    Today I will show you how you can verify (small) files like configuration files with (Proactive) Remediations in Microsoft Intune. We can use this to replace Group Policy Preferences File rules, as long as the files are smaller then 200KB, if they are bigger i would suggest to wrap it in a Win32 Application, then…

  • Update Intune Win32 Apps using Applicability Rules

    Update Intune Win32 Apps using Applicability Rules

    today I want to show you how to update Win32 Apps using Applicability Rules in Intune. Let’s pretend all Apps are brought to the User as an Available assignment via Company Portal. This way every user can install all Apps that he needs by himself and still has only the Apps installed that he wants.…

  • PowerBi Report for Intune and Client Data – Part 3

    PowerBi Report for Intune and Client Data – Part 3

    In the final Part 3 of the Reporting Series, I will show you a sample Power Bi Report, that uses the collected Data from Part 1 and 2. We will start by importing the Template File, that I uploaded to my GitHub: Scripts/Inventory Report.pbit at main · mmeierm/Scripts · GitHub At the first Import, you…

  • Enhance PowerBi Report with Intune Inventory Data – Part 2

    Enhance PowerBi Report with Intune Inventory Data – Part 2

    In Part 2 of the Reporting Series, we will add Intune and AAD User Data to our Cosmos DB created in Part 1 PowerBi Reports for Advanced Windows Client Inventory Data – Part 1 – Mike’s MDM Blog (mikemdm.de) Architecture In Part 2 we will go into details in the lower half of the Architecture,…

  • PowerBi Reports for Advanced Windows Client Inventory Data – Part 1

    PowerBi Reports for Advanced Windows Client Inventory Data – Part 1

    Today I will show you my solution to build PowerBi Reports for Intune Data combined with advanced Inventory Data directly from Windows Clients based on a Azure Cosmos DB. The advanced Inventroy Data is inspired from this solution from the guys over at MSEndpointMgr: Enhance Intune Inventory data with Proactive Remediations and Log Analytics –…

  • Kiosk Mode / Digital Signage with Windows 11 Shell Launcher

    Kiosk Mode / Digital Signage with Windows 11 Shell Launcher

    If you have to deploy many devices as Digital Signage or in Kiosk Mode where nearly all devices have to show something, I maybe have a solution for you today. When we were in the same situation that we wanted to use the Shell Launcher v2 part of Assigned Access: Use Shell Launcher to create…

  • Use Microsoft Connected Cache for your own downloads

    Use Microsoft Connected Cache for your own downloads

    A while ago i posted an article, that showed, how you can add custom URLs to your Microsoft Connected Cache Server, but I never showed you, why you would want to do something like this: Add Custom Sources Microsoft Connected Cache – Mike’s MDM Blog (mikemdm.de) DO-Downloader Today I will show you, what you can…

  • Autopilot Companion based on Power Apps

    Autopilot Companion based on Power Apps

    A few years ago, when we started to use Windows Autopilot to enroll our first devices, we quickly saw the need for a Companion App to handle GroupTags for our different Enrollment types like “normal” user-driven enrollments or different Pre-provisioning scenarios (formerly White Glove). So we started with the official App from Michael Niehaus: microsoft/WindowsAutopilotCompanion:…

  • User driven Device Group Membership

    User driven Device Group Membership

    Today I want you present my solution to allow your end-users to add their device to an AzureAD Group on their own. We are using something like this, to allow our users to select which devices should for example receive the Windows 11 Upgrade earlier then others, but I think there are way more possible…

  • Install Win32 Apps visible via Intune

    Install Win32 Apps visible via Intune

    Have you ever wondered if it is possible to install Apps as system interactively like it is possible in SCCM / MECM with the “Allow users to view and interact with the program installation” Option enabled? Unfortunately this is no possible with built-in methods, but there is a really easy solution for this in the…

  • Convert AzureAD Registered “Personal” Devices to “Corporate”

    Convert AzureAD Registered “Personal” Devices to “Corporate”

    In our environment we had a lot AzureAD Registered Devices that were corporate owned, but couldn’t be AzureAD Joined or Hybrid AzureAD Joined due to some technical limitations One issue with this setup are the limitations that come with a device tagged as “Personal” in Intune like the missing App Inventory of these devices. But…

  • Automatically set Intune Primary User based on the logged on User

    Automatically set Intune Primary User based on the logged on User

    Searching for an easy solution to set the Intune Primary User automatically for a subset of devices? We have a simply solution for you. In our case we needed a solution to automatically set the Primary User for our Intune managed VDI. The VMs were all automatically AzureAD Joined via a Windows Configuration Designer PPKG,…

  • Set Intune Device ScopeTags based on User Locations

    Set Intune Device ScopeTags based on User Locations

    Want to use Scope Tags in Intune to allow different sites to only see their devices? I want to show you our solution to automatically tag devices based on the location of the “Enrolled by” User in Intune. We needed a solution for Windows / iOS and Android Devices to automatically assign Scope Tags based…

  • Add Custom Sources Microsoft Connected Cache

    Add Custom Sources Microsoft Connected Cache

    Ever wondered if it is possible to add custom sources to a SCCM based Microsoft Connected Cache? It is absolutely possible as long as we talk about HTTP and not HTTPS, we can simply add the additional Server URL as a ServerFarm to IIS and add the needed URL Rewrite Rule Lets start with the…

  • Automate Autopilot Uploads with Azure Automation Runbooks

    Automate Autopilot Uploads with Azure Automation Runbooks

    Based on an old Article from Oliver Kieselbach about automating Autopilot Uploads, I wanted to share you my solution to this, slightly modified and improved: Automation of gathering and importing Windows Autopilot information – Modern IT – Cloud – Workplace (oliverkieselbach.com) In his Article he described a way, where the Hash was collected in form…

  • Custom ADMX Templates in Intune

    Custom ADMX Templates in Intune

    Ever wondered, if and how you can set a Registry Key via Intune without having to deploy a PowerShell Script? You totally can do this now relatively easy via ADMX Ingestion like described here: Import custom and third party partner ADMX templates in Microsoft Intune | Microsoft Learn In my example I wanted to set…

  • Can you create a Autopilot Hash from WinPE? Yes!

    Can you create a Autopilot Hash from WinPE? Yes!

    Have you ever wondered if you can harvest the Windows Autopilot Hardware 4k Hash from WinPE like used in MDT/SCCM or similar Deployment Systems? Yes, it is absolutely possible, when you keep an eye on a few details that i will describe here. First thing that you may notice, you can’t use the official Microsoft…