Blog about Microsoft Intune, Windows and Co.
-
Run Applications in Intune Company Portal on Demand
Have you ever wondered, if you can run an application or script on Demand with Intune Company Portal, like you could do in SCCM / ConfigMgr when choosing Packages instead of Applications? Currently this is not possible out of the Box with Intune, but today I want to show you, what you can do to…
-
Organizational messages in Microsoft Intune and custom messages via Powershell
Today I want to talk about Organizational messages in Microsoft Intune, what you can do with them and what you can do, if you need a more customizable notification area message, than what is currently possible in Intune. Organizational messages Let’s start with what are Organizational messages. They are a really cool new feature, that…
-
Deploy a basic WDAC Policy with Intune as managed Installer
Today I want to show you, how you can deploy a basic WDAC (Windows Defender Application Control) Policy that uses the Intune Management Extension (IME) as managed Installer to allow only Apps that are deployed via Intune. WDAC Policy At first we start creating a basic WDAC Policy, using the officia WDAC Wizard from: https://webapp-wdac-wizard.azurewebsites.netWe…
-
Create or set Registry Keys in Intune using (Proactive) Remediations
Today I will show you, how you can create or set Registry Keys using Intune (Proactive) Remediations. For (Hybrid) Domain joined Clients we used Group Policy Preferences to set these RegKeys, but as there is no such thing for Azure AD joined Clients, we will use a small remediation script for this. As an example,…
-
Verify and replace Files with Proactive Remediations in Intune
Today I will show you how you can verify (small) files like configuration files with (Proactive) Remediations in Microsoft Intune. We can use this to replace Group Policy Preferences File rules, as long as the files are smaller then 200KB, if they are bigger i would suggest to wrap it in a Win32 Application, then…
-
Update Intune Win32 Apps using Applicability Rules
today I want to show you how to update Win32 Apps using Applicability Rules in Intune. Let’s pretend all Apps are brought to the User as an Available assignment via Company Portal. This way every user can install all Apps that he needs by himself and still has only the Apps installed that he wants.…
-
PowerBi Report for Intune and Client Data – Part 3
In the final Part 3 of the Reporting Series, I will show you a sample Power Bi Report, that uses the collected Data from Part 1 and 2. We will start by importing the Template File, that I uploaded to my GitHub: Scripts/Inventory Report.pbit at main · mmeierm/Scripts · GitHub At the first Import, you…
-
Enhance PowerBi Report with Intune Inventory Data – Part 2
In Part 2 of the Reporting Series, we will add Intune and AAD User Data to our Cosmos DB created in Part 1 PowerBi Reports for Advanced Windows Client Inventory Data – Part 1 – Mike’s MDM Blog (mikemdm.de) Architecture In Part 2 we will go into details in the lower half of the Architecture,…
-
PowerBi Reports for Advanced Windows Client Inventory Data – Part 1
Today I will show you my solution to build PowerBi Reports for Intune Data combined with advanced Inventory Data directly from Windows Clients based on a Azure Cosmos DB. The advanced Inventroy Data is inspired from this solution from the guys over at MSEndpointMgr: Enhance Intune Inventory data with Proactive Remediations and Log Analytics –…
-
Kiosk Mode / Digital Signage with Windows 11 Shell Launcher
If you have to deploy many devices as Digital Signage or in Kiosk Mode where nearly all devices have to show something, I maybe have a solution for you today. When we were in the same situation that we wanted to use the Shell Launcher v2 part of Assigned Access: Use Shell Launcher to create…
-
Use Microsoft Connected Cache for your own downloads
A while ago i posted an article, that showed, how you can add custom URLs to your Microsoft Connected Cache Server, but I never showed you, why you would want to do something like this: Add Custom Sources Microsoft Connected Cache – Mike’s MDM Blog (mikemdm.de) DO-Downloader Today I will show you, what you can…
-
Autopilot Companion based on Power Apps
A few years ago, when we started to use Windows Autopilot to enroll our first devices, we quickly saw the need for a Companion App to handle GroupTags for our different Enrollment types like “normal” user-driven enrollments or different Pre-provisioning scenarios (formerly White Glove). So we started with the official App from Michael Niehaus: microsoft/WindowsAutopilotCompanion:…
-
User driven Device Group Membership
Today I want you present my solution to allow your end-users to add their device to an AzureAD Group on their own. We are using something like this, to allow our users to select which devices should for example receive the Windows 11 Upgrade earlier then others, but I think there are way more possible…
-
Install Win32 Apps visible via Intune
Have you ever wondered if it is possible to install Apps as system interactively like it is possible in SCCM / MECM with the “Allow users to view and interact with the program installation” Option enabled? Unfortunately this is no possible with built-in methods, but there is a really easy solution for this in the…
-
Convert AzureAD Registered “Personal” Devices to “Corporate”
In our environment we had a lot AzureAD Registered Devices that were corporate owned, but couldn’t be AzureAD Joined or Hybrid AzureAD Joined due to some technical limitations One issue with this setup are the limitations that come with a device tagged as “Personal” in Intune like the missing App Inventory of these devices. But…
-
Automatically set Intune Primary User based on the logged on User
Searching for an easy solution to set the Intune Primary User automatically for a subset of devices? We have a simply solution for you. In our case we needed a solution to automatically set the Primary User for our Intune managed VDI. The VMs were all automatically AzureAD Joined via a Windows Configuration Designer PPKG,…
-
Set Intune Device ScopeTags based on User Locations
UPDATE 2024_08_11: I have cerated a newer version of this script, that no longer assigns the Scope Tags directly, but via Entra ID Groups: Automatically assign Intune Scope Tags based on User location using Entra ID Groups – Mike’s MDM Blog (mikemdm.de)You can still use this version if you want, but I would recommend to…
-
Add Custom Sources Microsoft Connected Cache
Ever wondered if it is possible to add custom sources to a SCCM based Microsoft Connected Cache? It is absolutely possible as long as we talk about HTTP and not HTTPS, we can simply add the additional Server URL as a ServerFarm to IIS and add the needed URL Rewrite Rule Lets start with the…
-
Automate Autopilot Uploads with Azure Automation Runbooks
Based on an old Article from Oliver Kieselbach about automating Autopilot Uploads, I wanted to share you my solution to this, slightly modified and improved: Automation of gathering and importing Windows Autopilot information – Modern IT – Cloud – Workplace (oliverkieselbach.com) In his Article he described a way, where the Hash was collected in form…
-
Custom ADMX Templates in Intune
Ever wondered, if and how you can set a Registry Key via Intune without having to deploy a PowerShell Script? You totally can do this now relatively easy via ADMX Ingestion like described here: Import custom and third party partner ADMX templates in Microsoft Intune | Microsoft Learn In my example I wanted to set…
-
Can you create a Autopilot Hash from WinPE? Yes!
Have you ever wondered if you can harvest the Windows Autopilot Hardware 4k Hash from WinPE like used in MDT/SCCM or similar Deployment Systems? Yes, it is absolutely possible, when you keep an eye on a few details that i will describe here. First thing that you may notice, you can’t use the official Microsoft…