Tag: Intune

  • Enable RemoteFX USB Redirection for AVD or Windows 365 using Intune

    Enable RemoteFX USB Redirection for AVD or Windows 365 using Intune

    If you need to redirect USB device to your AVD or Windows 365 Machines like a 3D Mouse or similar devices, that are not just a flash drive, you will need to enable RemoteFX USB Redirection. While the AVD / W365 side is easy in Intune, the client side is actually not so easy… But…

  • Intune finally supports Ubuntu 24.04 LTS

    Intune finally supports Ubuntu 24.04 LTS

    Now that Ubuntu 24.04 LTS is a supported version, I want to take the chance to show you how you can install and enroll such a device step by step. OS Installation Let’s start with the installation itself, I will use Hyper-V as a basis. Once you booted from the iso image, you will be…

  • Intune hardware inventory is now available

    Intune hardware inventory is now available

    As announced at Microsoft Ignite this year, Intune now comes with an advanced hardware inventory. This new feature is available in Intune Core (P1) and does not need any addon as Intune Suite. The rollout to all tenants seems to have been started a few days ago as I see it arriving on out tenants.…

  • Update: Audit changes in Intune configs using Azure DevOps – Config as Code Part 1

    Update: Audit changes in Intune configs using Azure DevOps – Config as Code Part 1

    Today I want to show you some updates, that I made to the Azure DevOps Project for Config as a Code for Intune since publishing the initial blog post: Audit changes in Intune configs using Azure DevOps – Config as Code Part 1 – Mike’s MDM Blog You will find the Updated Version on GitHub:…

  • Intune custom compliance scripts

    Intune custom compliance scripts

    Did you know that you can leverage custom PowerShell scripts in Intune to determine if a device should be considered as compliant or not? You can use custom compliance scripts to check for a lot of cool things, like is your company vpn software actually installed and running, or block access of devices that have…

  • Standalone Microsoft Connected Cache available in preview

    Standalone Microsoft Connected Cache available in preview

    Finally, after years of waiting the standalone version of the Microsoft Connected Cache (MCC) is now finally available in public preview. This means, we no longer need to deploy MECM / SCCM Distribution Points if we only need the Connected Cache part of it since we are already cloud native. Let’s start with what the…

  • Enroll Ubuntu Linux devices in Intune

    Enroll Ubuntu Linux devices in Intune

    Did you know that you can also manage Linux devices in Intune? Currently Intune supports the following distributions: Check out the official docs for the most up to date information: aka.ms/enrollmylinux Let’s start Since I have no access to REHL, we will use Ubuntu 22.04.5 desktop for the demo. Let’s start by installing Ubuntu as…

  • Windows 11 24H2 is finally available

    Windows 11 24H2 is finally available

    This week Microsoft finally announced Windows 11 24H2 is now available for all, not just Copilot+ PCs, so let’s have a look at what’s new. Microsoft added a lot of new feature, explained in this IT Pro Blog: Windows 11, version 24H2: What’s new for IT pros – Windows IT Pro Blog (microsoft.com) Windows LAPS…

  • Using LGPO.exe to apply GPOs to test clients easily OnDemand via Intune

    Using LGPO.exe to apply GPOs to test clients easily OnDemand via Intune

    From time to time, I wanted to have a way to set Policies (GPOs) on my test clients in a non-enforced way, which allows me to locally modify the settings to troubleshoot something, while still having an easy way to re-apply the settings. While this is definitely an edge case and does not apply to…

  • Troubleshooting Intune Endpoint Privilege Management

    Troubleshooting Intune Endpoint Privilege Management

    Today I want to show you how you can troubleshoot issues with Intune Endpoint Privilege Management (EPM) and will try a little deep dive in how it works. Policies Let’s start with the basics, in order to get Intune EPM started, we need to assign at least an EPM Settings policy from Intune to the…

  • Intune Endpoint Privilege Management Companion

    Intune Endpoint Privilege Management Companion

    Today I want to introduce you to my Intune EPM Companion Power App. In my first blog post about Intune EPM (Intune Endpoint Privilege Management – Mike’s MDM Blog (mikemdm.de)), I showed you how the then new support approved flow allows your users and admins to get admin rights for a specific application on demand…

  • Automatically assign Intune Scope Tags based on User location using Entra ID Groups

    Automatically assign Intune Scope Tags based on User location using Entra ID Groups

    A while ago I wrote a blog post, about how you can automatically assign Intune Scope Tags based on Entra ID User information: Set Intune Device ScopeTags based on User Locations – Mike’s MDM Blog (mikemdm.de) This script directly assigned the Scope Tag to the Intune object. While this script worked flawlessly for us for…

  • New Autopilot Companion App for Corporate Identifiers

    New Autopilot Companion App for Corporate Identifiers

    If you played with the new Autopilot V2 Autopilot device preparation profiles in Intune, you pretty fast noticed there is no “registration” with a hardware hash or similar is needed, and it just works with all devices. If you want to limit it, to only allow corporate owned devices using enrollment restrictions, you can now…

  • Collect local logfiles using an Azure Storage Account and Remediations in Intune

    Collect local logfiles using an Azure Storage Account and Remediations in Intune

    Intune has an integrated function to collect Logs that can really be helpful to troubleshoot issues on Windows Clients, but what to do, if the desired log is not part of this? Well, we can collect them pretty easily our self, using a custom OnDemand Remediation script in Intune and an Azure Blob Storage to…

  • Power Bi – Intune Endpoint Analytics – Reporting Series Part 7

    Power Bi – Intune Endpoint Analytics – Reporting Series Part 7

    The new advanced endpoint analytics, available as add-on to Intune or available in Intune Suite allows us to get a really deep dive into the health of our devices with a lot of fresh data. However, the visual representation in the portal is in my opinion currently a little bit limited and can be enhanced…

  • Automatically set Intune Device Categories based on Inventory data

    Automatically set Intune Device Categories based on Inventory data

    Today I want to show you, how you can automatically set Intune Device Categories based on data already available in Intune / Entra, like Device Name, Device Model, Enrollment Profile Name, Join Type, etc. I found a few articles that will try to do similar, but most of what I found did not scale well…

  • Time based Group membership for Entra devices – Part 2

    Time based Group membership for Entra devices – Part 2

    As promised last week, here is part 2 of my time-based group membership. In this part, I will show you, how you can use the backend from part 1 to allow admins to add Intune managed devices to the group using a PowerApp. PowerApp Let’s start with importing the PowerApp: You can find the sources…

  • Time based Group membership for Entra devices

    Time based Group membership for Entra devices

    Who don’t know these annoying assigned device groups in Entra used for example in Intune to exclude assignments for specific policies? Once created and assigned we tend to forget to remove the devices. This can lead to issues and security risks, if for example an excluded security policy needed to install a software, stays excluded…

  • Create App Control for Business Policies in Azure DevOPs – Config as a Code – Part 3(.1)

    Create App Control for Business Policies in Azure DevOPs – Config as a Code – Part 3(.1)

    Last week I wrote a blog post about how you can create a WDAC Policy fully automated from DevOps, knowing there will be the ask, why not use the more modern implementation of App Control for Business in Intune, well now here we are. If you already build the project, you can simply update the…

  • Create WDAC Policy in Azure DevOPs – Config as a Code – Part 3

    Create WDAC Policy in Azure DevOPs – Config as a Code – Part 3

    If you have evaluated WDAC as binary control based on signer rules, you know you have to adjust the policy every time a new application should be allowed. To make this process easier and more reliable, I wanted a fully automated process based on Azure DevOPs to create the policy and deploy it to a…

  • Create or set Registry Keys using Intune Remediation scripts – Part 2

    Create or set Registry Keys using Intune Remediation scripts – Part 2

    Today in Part 2 on how to create or set Registry Keys using Intune Remediation scripts, I want to show you how easy you can modify Regkeys for all users or keys that need additional permissions for the currently logged on User. In Part 1: I covered, how you can set a specific Regkey for…

  • Power Bi – Enterprise Privilege Management – Reporting Series Part 6

    Power Bi – Enterprise Privilege Management – Reporting Series Part 6

    Today I want to show you, how you can export the elevation request data from Intune Enterprise Privilege Management into our Power Bi Reports. With this data, we can for example build reports to see, which EPM Rules are still in use, or which files are requested via support approved, to maybe build a managed…

  • Assign Device Tags in MDE using information from Intune and Entra ID

    Assign Device Tags in MDE using information from Intune and Entra ID

    Today I want to show you, how you can automatically assign Tags in Microsoft Defender for Endpoint based on information from Intune and Entra ID. The goal was to assign Tags containing the Company Name of the user from Entra ID of all Intune managed devices in MDE. If a device that had a Tag…

  • Configure Dell UEFI Settings using Intune Configuration Profiles

    Configure Dell UEFI Settings using Intune Configuration Profiles

    Today I want to show you, that you can now configure Dell UEFI Settings directly in Intune, using the new “BIOS configurations and other settings” Template. Dell provides a really good guide for this: https://www.dell.com/support/kbdoc/en-us/000214308/dell-command-endpoint-configure-for-microsoft-intune Dell Command Configure Before we can deploy the wanted setting changes to our clients, we have to prepare the UEFI…

  • Intune Endpoint Privilege Management

    Intune Endpoint Privilege Management

    Today I want to give you a first look at the Intune Endpoint Privilege Management that is part of Intune Suite for one year with the March 2023 Intune release. Additionally, I want to show you the new support approved flow, which was added recently and allows for example the Helpdesk approving elevation requests for…

  • Update: Autopilot Companion based on Power Apps

    Update: Autopilot Companion based on Power Apps

    Today I want to show you the updated Autopilot Companion Power App. Check out my initial post to learn about the basics of the Companion App, how it works and how it started: https://mikemdm.de/2023/04/08/autopilot-companion-app/ What has changed since the last version? The biggest change is the possibility to pre-assign a user the Autopilot Device. For…

  • First look at Intune Cloud PKI

    First look at Intune Cloud PKI

    With the Service Release 2402, the Intune Suite got one more exciting feature, Cloud PKI. With Cloud PKI, you can now use Client Authentication certificates on all Intune managed devices without needing to deploy your own PKI Infrastructure or having to deploy the Intune SCEP Connector, everything can be managed within Intune. You basically have…

  • Deploy a WPA3 Enterprise Wi-Fi Profile to Windows Endpoints using Intune

    Deploy a WPA3 Enterprise Wi-Fi Profile to Windows Endpoints using Intune

    If you ever tried to deploy a W-Fi Profile that is secured by WPA3 Enterprise to Windows Clients in Intune, you probably noticed, that this is not possible using the built-in Wi-Fi Template. Don’t worry, the solution is really simple, you can configure the Wi-Fi Profile on a Client, export it and then deploy it…

  • Enterprise App catalog now available in Intune Suite

    Enterprise App catalog now available in Intune Suite

    As announced in October last year: Introducing Microsoft Intune Enterprise App Management | Microsoft Intune Blog, the Intune Suite got a really cool new feature today, the Enterprise App catalog. The Enterprise App catalog allows you to search for your desired apps so you can easily add them in Intune. It will also allow you…

  • New Windows 365 Boot Features available for Windows Insiders

    New Windows 365 Boot Features available for Windows Insiders

    Compared to my blog post from last year about Windows 365 Boot: Windows 365 – Boot directly to your CloudPC – Mike’s MDM Blog (mikemdm.de) Windows 365 is now available in two different modes for Windows Insiders. A shared PC mode which is similar to the existing Windows 365 Boot Feature and a new personal…

  • Custom MacOS Client Inventory Data – Reporting Series Part 5

    Custom MacOS Client Inventory Data – Reporting Series Part 5

    Inspired by the cool blog article about collecting custom MacOS inventory data to an Log Analytics Workspace:https://ugurkoc.de/collecting-customized-inventory-data-on-macos-devices-using-intune/I modified his script to upload the data using our Azure Function App from Part 1 of our Reporting Series to our existing Cosmos DB. If you haven’t seen it, check it out now: Part 1 Architecture As a…

  • Audit changes in Intune configs using Azure DevOps – Config as Code Part 1

    Audit changes in Intune configs using Azure DevOps – Config as Code Part 1

    Today I want to show you, how you can monitor changes in Intune configs using Azure DevOps. This will be part one of a multiple part series about Config as a Code with Azure DevOps. Azure DevOps project Let’s start with creating the DevOps project, that we will use for the whole series. I’m assuming…

  • Windows 11 23H2 is finally here

    Windows 11 23H2 is finally here

    Windows 11 finally got its well-deserved annual update 23H2. Windows Update History The update comes with a lot of long-awaited new features, like the new windows explorer user interface or the “never group” option for the taskbar. New features One little new option is the setting to disable the grouping of Apps in the Taskbar,…

  • Windows passwordless experience and Web Sign-in

    Windows passwordless experience and Web Sign-in

    Today I want to show you the new Windows passwordless experience and the new Web sign-in feature, which came with the latest Windows Update for Window 11 22H2. The passwordless experience will hide the password credential provider in the logon screen, to make it easier for the user to select a passwordless logon provider like…

  • Enhance PowerBi Report with UEFI / BIOS Settings – Part 4

    Enhance PowerBi Report with UEFI / BIOS Settings – Part 4

    Today I want to show you, how you can enhance our Inventory data that we created in our reporting series with UEFI Setting for Dell, HP and Lenovo Client devices. If you haven’t seen the reporting series, check it out here: Part 1, Part 2, Part 3 Cosmos DB First thing we do, is to…

  • Intune Remediation to verify BitLocker keys are uploaded to Entra ID

    Intune Remediation to verify BitLocker keys are uploaded to Entra ID

    Today I want to show you how you can check if the BitLocker Key Backup to Entra ID (AzureAD) was successfully done. We have configured BitLocker encryption in Intune to silently encrypt the system drive and automatically upload the recovery key. Usually these Settings should ensure, that the device is only encrypted if the Recovery…

  • Windows 365 – Boot directly to your CloudPC

    Windows 365 – Boot directly to your CloudPC

    Today I want to talk about a cool new feature that Microsoft recently released as public preview, Windows 365 Boot. With Windows 365 Boot, you can convert every Windows 11 Client into a Thin Client like experience, that let you access your Windows 365 CloudPC super easy. Prerequisites Configuring the Guided scenario in Intune To…

  • Using Intune driver and firmware management to update your devices

    Using Intune driver and firmware management to update your devices

    Today I want to talk about a really cool feature, which came with Intune Release 2306, driver and firmware management in Intune. While the backend service using Windows Update for Business Deployment Services (WUfB-DS) was available earlier, you had to create the policy’s manually via Graph API. Now with the seamless integration in Intune, it’s…

  • Run Applications in Intune Company Portal on Demand

    Run Applications in Intune Company Portal on Demand

    Have you ever wondered, if you can run an application or script on Demand with Intune Company Portal, like you could do in SCCM / ConfigMgr when choosing Packages instead of Applications? Currently this is not possible out of the Box with Intune, but today I want to show you, what you can do to…

  • Organizational messages in Microsoft Intune and custom messages via Powershell

    Organizational messages in Microsoft Intune and custom messages via Powershell

    Today I want to talk about Organizational messages in Microsoft Intune, what you can do with them and what you can do, if you need a more customizable notification area message, than what is currently possible in Intune. Organizational messages Let’s start with what are Organizational messages. They are a really cool new feature, that…

  • Deploy a basic WDAC Policy with Intune as managed Installer

    Deploy a basic WDAC Policy with Intune as managed Installer

    Today I want to show you, how you can deploy a basic WDAC (Windows Defender Application Control) Policy that uses the Intune Management Extension (IME) as managed Installer to allow only Apps that are deployed via Intune. WDAC Policy At first we start creating a basic WDAC Policy, using the officia WDAC Wizard from: https://webapp-wdac-wizard.azurewebsites.netWe…

  • Create or set Registry Keys in Intune using (Proactive) Remediations

    Create or set Registry Keys in Intune using (Proactive) Remediations

    Today I will show you, how you can create or set Registry Keys using Intune (Proactive) Remediations. For (Hybrid) Domain joined Clients we used Group Policy Preferences to set these RegKeys, but as there is no such thing for Azure AD joined Clients, we will use a small remediation script for this. As an example,…

  • Verify and replace Files with Proactive Remediations in Intune

    Verify and replace Files with Proactive Remediations in Intune

    Today I will show you how you can verify (small) files like configuration files with (Proactive) Remediations in Microsoft Intune. We can use this to replace Group Policy Preferences File rules, as long as the files are smaller then 200KB, if they are bigger i would suggest to wrap it in a Win32 Application, then…

  • Update Intune Win32 Apps using Applicability Rules

    Update Intune Win32 Apps using Applicability Rules

    today I want to show you how to update Win32 Apps using Applicability Rules in Intune. Let’s pretend all Apps are brought to the User as an Available assignment via Company Portal. This way every user can install all Apps that he needs by himself and still has only the Apps installed that he wants.…

  • PowerBi Report for Intune and Client Data – Part 3

    PowerBi Report for Intune and Client Data – Part 3

    In the final Part 3 of the Reporting Series, I will show you a sample Power Bi Report, that uses the collected Data from Part 1 and 2. We will start by importing the Template File, that I uploaded to my GitHub: Scripts/Inventory Report.pbit at main · mmeierm/Scripts · GitHub At the first Import, you…

  • Enhance PowerBi Report with Intune Inventory Data – Part 2

    Enhance PowerBi Report with Intune Inventory Data – Part 2

    In Part 2 of the Reporting Series, we will add Intune and AAD User Data to our Cosmos DB created in Part 1 PowerBi Reports for Advanced Windows Client Inventory Data – Part 1 – Mike’s MDM Blog (mikemdm.de) Architecture In Part 2 we will go into details in the lower half of the Architecture,…

  • PowerBi Reports for Advanced Windows Client Inventory Data – Part 1

    PowerBi Reports for Advanced Windows Client Inventory Data – Part 1

    Today I will show you my solution to build PowerBi Reports for Intune Data combined with advanced Inventory Data directly from Windows Clients based on a Azure Cosmos DB. The advanced Inventroy Data is inspired from this solution from the guys over at MSEndpointMgr: Enhance Intune Inventory data with Proactive Remediations and Log Analytics –…

  • Kiosk Mode / Digital Signage with Windows 11 Shell Launcher

    Kiosk Mode / Digital Signage with Windows 11 Shell Launcher

    If you have to deploy many devices as Digital Signage or in Kiosk Mode where nearly all devices have to show something, I maybe have a solution for you today. When we were in the same situation that we wanted to use the Shell Launcher v2 part of Assigned Access: Use Shell Launcher to create…

  • Use Microsoft Connected Cache for your own downloads

    Use Microsoft Connected Cache for your own downloads

    A while ago i posted an article, that showed, how you can add custom URLs to your Microsoft Connected Cache Server, but I never showed you, why you would want to do something like this: Add Custom Sources Microsoft Connected Cache – Mike’s MDM Blog (mikemdm.de) DO-Downloader Today I will show you, what you can…

  • Autopilot Companion based on Power Apps

    Autopilot Companion based on Power Apps

    A few years ago, when we started to use Windows Autopilot to enroll our first devices, we quickly saw the need for a Companion App to handle GroupTags for our different Enrollment types like “normal” user-driven enrollments or different Pre-provisioning scenarios (formerly White Glove). So we started with the official App from Michael Niehaus: microsoft/WindowsAutopilotCompanion:…