Tag: Intune

  • Time based Group membership for Entra devices – Part 2

    Time based Group membership for Entra devices – Part 2

    As promised last week, here is part 2 of my time-based group membership. In this part, I will show you, how you can use the backend from part 1 to allow admins to add Intune managed devices to the group using a PowerApp. PowerApp Let’s start with importing the PowerApp: You can find the sources…

  • Time based Group membership for Entra devices

    Time based Group membership for Entra devices

    Who don’t know these annoying assigned device groups in Entra used for example in Intune to exclude assignments for specific policies? Once created and assigned we tend to forget to remove the devices. This can lead to issues and security risks, if for example an excluded security policy needed to install a software, stays excluded…

  • Create App Control for Business Policies in Azure DevOPs – Config as a Code – Part 3(.1)

    Create App Control for Business Policies in Azure DevOPs – Config as a Code – Part 3(.1)

    Last week I wrote a blog post about how you can create a WDAC Policy fully automated from DevOps, knowing there will be the ask, why not use the more modern implementation of App Control for Business in Intune, well now here we are. If you already build the project, you can simply update the…

  • Create WDAC Policy in Azure DevOPs – Config as a Code – Part 3

    Create WDAC Policy in Azure DevOPs – Config as a Code – Part 3

    If you have evaluated WDAC as binary control based on signer rules, you know you have to adjust the policy every time a new application should be allowed. To make this process easier and more reliable, I wanted a fully automated process based on Azure DevOPs to create the policy and deploy it to a…

  • Create or set Registry Keys using Intune Remediation scripts – Part 2

    Create or set Registry Keys using Intune Remediation scripts – Part 2

    Today in Part 2 on how to create or set Registry Keys using Intune Remediation scripts, I want to show you how easy you can modify Regkeys for all users or keys that need additional permissions for the currently logged on User. In Part 1: I covered, how you can set a specific Regkey for…

  • Power Bi – Enterprise Privilege Management – Reporting Series Part 6

    Power Bi – Enterprise Privilege Management – Reporting Series Part 6

    Today I want to show you, how you can export the elevation request data from Intune Enterprise Privilege Management into our Power Bi Reports. With this data, we can for example build reports to see, which EPM Rules are still in use, or which files are requested via support approved, to maybe build a managed…

  • Assign Device Tags in MDE using information from Intune and Entra ID

    Assign Device Tags in MDE using information from Intune and Entra ID

    Today I want to show you, how you can automatically assign Tags in Microsoft Defender for Endpoint based on information from Intune and Entra ID. The goal was to assign Tags containing the Company Name of the user from Entra ID of all Intune managed devices in MDE. If a device that had a Tag…

  • Configure Dell UEFI Settings using Intune Configuration Profiles

    Configure Dell UEFI Settings using Intune Configuration Profiles

    Today I want to show you, that you can now configure Dell UEFI Settings directly in Intune, using the new “BIOS configurations and other settings” Template. Dell provides a really good guide for this: https://www.dell.com/support/kbdoc/en-us/000214308/dell-command-endpoint-configure-for-microsoft-intune Dell Command Configure Before we can deploy the wanted setting changes to our clients, we have to prepare the UEFI…

  • Intune Endpoint Privilege Management

    Intune Endpoint Privilege Management

    Today I want to give you a first look at the Intune Endpoint Privilege Management that is part of Intune Suite for one year with the March 2023 Intune release. Additionally, I want to show you the new support approved flow, which was added recently and allows for example the Helpdesk approving elevation requests for…

  • Update: Autopilot Companion based on Power Apps

    Update: Autopilot Companion based on Power Apps

    Today I want to show you the updated Autopilot Companion Power App. Check out my initial post to learn about the basics of the Companion App, how it works and how it started: https://mikemdm.de/2023/04/08/autopilot-companion-app/ What has changed since the last version? The biggest change is the possibility to pre-assign a user the Autopilot Device. For…

  • First look at Intune Cloud PKI

    First look at Intune Cloud PKI

    With the Service Release 2402, the Intune Suite got one more exciting feature, Cloud PKI. With Cloud PKI, you can now use Client Authentication certificates on all Intune managed devices without needing to deploy your own PKI Infrastructure or having to deploy the Intune SCEP Connector, everything can be managed within Intune. You basically have…

  • Deploy a WPA3 Enterprise Wi-Fi Profile to Windows Endpoints using Intune

    Deploy a WPA3 Enterprise Wi-Fi Profile to Windows Endpoints using Intune

    If you ever tried to deploy a W-Fi Profile that is secured by WPA3 Enterprise to Windows Clients in Intune, you probably noticed, that this is not possible using the built-in Wi-Fi Template. Don’t worry, the solution is really simple, you can configure the Wi-Fi Profile on a Client, export it and then deploy it…

  • Enterprise App catalog now available in Intune Suite

    Enterprise App catalog now available in Intune Suite

    As announced in October last year: Introducing Microsoft Intune Enterprise App Management | Microsoft Intune Blog, the Intune Suite got a really cool new feature today, the Enterprise App catalog. The Enterprise App catalog allows you to search for your desired apps so you can easily add them in Intune. It will also allow you…

  • New Windows 365 Boot Features available for Windows Insiders

    New Windows 365 Boot Features available for Windows Insiders

    Compared to my blog post from last year about Windows 365 Boot: Windows 365 – Boot directly to your CloudPC – Mike’s MDM Blog (mikemdm.de) Windows 365 is now available in two different modes for Windows Insiders. A shared PC mode which is similar to the existing Windows 365 Boot Feature and a new personal…

  • Custom MacOS Client Inventory Data – Reporting Series Part 5

    Custom MacOS Client Inventory Data – Reporting Series Part 5

    Inspired by the cool blog article about collecting custom MacOS inventory data to an Log Analytics Workspace:https://ugurkoc.de/collecting-customized-inventory-data-on-macos-devices-using-intune/I modified his script to upload the data using our Azure Function App from Part 1 of our Reporting Series to our existing Cosmos DB. If you haven’t seen it, check it out now: Part 1 Architecture As a…

  • Audit changes in Intune configs using Azure DevOps – Config as Code Part 1

    Audit changes in Intune configs using Azure DevOps – Config as Code Part 1

    Today I want to show you, how you can monitor changes in Intune configs using Azure DevOps. This will be part one of a multiple part series about Config as a Code with Azure DevOps. Azure DevOps project Let’s start with creating the DevOps project, that we will use for the whole series. I’m assuming…

  • Windows 11 23H2 is finally here

    Windows 11 23H2 is finally here

    Windows 11 finally got its well-deserved annual update 23H2. Windows Update History The update comes with a lot of long-awaited new features, like the new windows explorer user interface or the “never group” option for the taskbar. New features One little new option is the setting to disable the grouping of Apps in the Taskbar,…

  • Windows passwordless experience and Web Sign-in

    Windows passwordless experience and Web Sign-in

    Today I want to show you the new Windows passwordless experience and the new Web sign-in feature, which came with the latest Windows Update for Window 11 22H2. The passwordless experience will hide the password credential provider in the logon screen, to make it easier for the user to select a passwordless logon provider like…

  • Enhance PowerBi Report with UEFI / BIOS Settings – Part 4

    Enhance PowerBi Report with UEFI / BIOS Settings – Part 4

    Today I want to show you, how you can enhance our Inventory data that we created in our reporting series with UEFI Setting for Dell, HP and Lenovo Client devices. If you haven’t seen the reporting series, check it out here: Part 1, Part 2, Part 3 Cosmos DB First thing we do, is to…

  • Intune Remediation to verify BitLocker keys are uploaded to Entra ID

    Intune Remediation to verify BitLocker keys are uploaded to Entra ID

    Today I want to show you how you can check if the BitLocker Key Backup to Entra ID (AzureAD) was successfully done. We have configured BitLocker encryption in Intune to silently encrypt the system drive and automatically upload the recovery key. Usually these Settings should ensure, that the device is only encrypted if the Recovery…

  • Windows 365 – Boot directly to your CloudPC

    Windows 365 – Boot directly to your CloudPC

    Today I want to talk about a cool new feature that Microsoft recently released as public preview, Windows 365 Boot. With Windows 365 Boot, you can convert every Windows 11 Client into a Thin Client like experience, that let you access your Windows 365 CloudPC super easy. Prerequisites Configuring the Guided scenario in Intune To…

  • Using Intune driver and firmware management to update your devices

    Using Intune driver and firmware management to update your devices

    Today I want to talk about a really cool feature, which came with Intune Release 2306, driver and firmware management in Intune. While the backend service using Windows Update for Business Deployment Services (WUfB-DS) was available earlier, you had to create the policy’s manually via Graph API. Now with the seamless integration in Intune, it’s…

  • Run Applications in Intune Company Portal on Demand

    Run Applications in Intune Company Portal on Demand

    Have you ever wondered, if you can run an application or script on Demand with Intune Company Portal, like you could do in SCCM / ConfigMgr when choosing Packages instead of Applications? Currently this is not possible out of the Box with Intune, but today I want to show you, what you can do to…

  • Organizational messages in Microsoft Intune and custom messages via Powershell

    Organizational messages in Microsoft Intune and custom messages via Powershell

    Today I want to talk about Organizational messages in Microsoft Intune, what you can do with them and what you can do, if you need a more customizable notification area message, than what is currently possible in Intune. Organizational messages Let’s start with what are Organizational messages. They are a really cool new feature, that…

  • Deploy a basic WDAC Policy with Intune as managed Installer

    Deploy a basic WDAC Policy with Intune as managed Installer

    Today I want to show you, how you can deploy a basic WDAC (Windows Defender Application Control) Policy that uses the Intune Management Extension (IME) as managed Installer to allow only Apps that are deployed via Intune. WDAC Policy At first we start creating a basic WDAC Policy, using the officia WDAC Wizard from: https://webapp-wdac-wizard.azurewebsites.netWe…

  • Create or set Registry Keys in Intune using (Proactive) Remediations

    Create or set Registry Keys in Intune using (Proactive) Remediations

    Today I will show you, how you can create or set Registry Keys using Intune (Proactive) Remediations. For (Hybrid) Domain joined Clients we used Group Policy Preferences to set these RegKeys, but as there is no such thing for Azure AD joined Clients, we will use a small remediation script for this. As an example,…

  • Verify and replace Files with Proactive Remediations in Intune

    Verify and replace Files with Proactive Remediations in Intune

    Today I will show you how you can verify (small) files like configuration files with (Proactive) Remediations in Microsoft Intune. We can use this to replace Group Policy Preferences File rules, as long as the files are smaller then 200KB, if they are bigger i would suggest to wrap it in a Win32 Application, then…

  • Update Intune Win32 Apps using Applicability Rules

    Update Intune Win32 Apps using Applicability Rules

    today I want to show you how to update Win32 Apps using Applicability Rules in Intune. Let’s pretend all Apps are brought to the User as an Available assignment via Company Portal. This way every user can install all Apps that he needs by himself and still has only the Apps installed that he wants.…

  • PowerBi Report for Intune and Client Data – Part 3

    PowerBi Report for Intune and Client Data – Part 3

    In the final Part 3 of the Reporting Series, I will show you a sample Power Bi Report, that uses the collected Data from Part 1 and 2. We will start by importing the Template File, that I uploaded to my GitHub: Scripts/Inventory Report.pbit at main · mmeierm/Scripts · GitHub At the first Import, you…

  • Enhance PowerBi Report with Intune Inventory Data – Part 2

    Enhance PowerBi Report with Intune Inventory Data – Part 2

    In Part 2 of the Reporting Series, we will add Intune and AAD User Data to our Cosmos DB created in Part 1 PowerBi Reports for Advanced Windows Client Inventory Data – Part 1 – Mike’s MDM Blog (mikemdm.de) Architecture In Part 2 we will go into details in the lower half of the Architecture,…

  • PowerBi Reports for Advanced Windows Client Inventory Data – Part 1

    PowerBi Reports for Advanced Windows Client Inventory Data – Part 1

    Today I will show you my solution to build PowerBi Reports for Intune Data combined with advanced Inventory Data directly from Windows Clients based on a Azure Cosmos DB. The advanced Inventroy Data is inspired from this solution from the guys over at MSEndpointMgr: Enhance Intune Inventory data with Proactive Remediations and Log Analytics –…

  • Kiosk Mode / Digital Signage with Windows 11 Shell Launcher

    Kiosk Mode / Digital Signage with Windows 11 Shell Launcher

    If you have to deploy many devices as Digital Signage or in Kiosk Mode where nearly all devices have to show something, I maybe have a solution for you today. When we were in the same situation that we wanted to use the Shell Launcher v2 part of Assigned Access: Use Shell Launcher to create…

  • Use Microsoft Connected Cache for your own downloads

    Use Microsoft Connected Cache for your own downloads

    A while ago i posted an article, that showed, how you can add custom URLs to your Microsoft Connected Cache Server, but I never showed you, why you would want to do something like this: Add Custom Sources Microsoft Connected Cache – Mike’s MDM Blog (mikemdm.de) DO-Downloader Today I will show you, what you can…

  • Autopilot Companion based on Power Apps

    Autopilot Companion based on Power Apps

    A few years ago, when we started to use Windows Autopilot to enroll our first devices, we quickly saw the need for a Companion App to handle GroupTags for our different Enrollment types like “normal” user-driven enrollments or different Pre-provisioning scenarios (formerly White Glove). So we started with the official App from Michael Niehaus: microsoft/WindowsAutopilotCompanion:…

  • User driven Device Group Membership

    User driven Device Group Membership

    Today I want you present my solution to allow your end-users to add their device to an AzureAD Group on their own. We are using something like this, to allow our users to select which devices should for example receive the Windows 11 Upgrade earlier then others, but I think there are way more possible…

  • Install Win32 Apps visible via Intune

    Install Win32 Apps visible via Intune

    Have you ever wondered if it is possible to install Apps as system interactively like it is possible in SCCM / MECM with the “Allow users to view and interact with the program installation” Option enabled? Unfortunately this is no possible with built-in methods, but there is a really easy solution for this in the…

  • Convert AzureAD Registered “Personal” Devices to “Corporate”

    Convert AzureAD Registered “Personal” Devices to “Corporate”

    In our environment we had a lot AzureAD Registered Devices that were corporate owned, but couldn’t be AzureAD Joined or Hybrid AzureAD Joined due to some technical limitations One issue with this setup are the limitations that come with a device tagged as “Personal” in Intune like the missing App Inventory of these devices. But…

  • Automatically set Intune Primary User based on the logged on User

    Automatically set Intune Primary User based on the logged on User

    Searching for an easy solution to set the Intune Primary User automatically for a subset of devices? We have a simply solution for you. In our case we needed a solution to automatically set the Primary User for our Intune managed VDI. The VMs were all automatically AzureAD Joined via a Windows Configuration Designer PPKG,…

  • Set Intune Device ScopeTags based on User Locations

    Set Intune Device ScopeTags based on User Locations

    Want to use Scope Tags in Intune to allow different sites to only see their devices? I want to show you our solution to automatically tag devices based on the location of the “Enrolled by” User in Intune. We needed a solution for Windows / iOS and Android Devices to automatically assign Scope Tags based…

  • Add Custom Sources Microsoft Connected Cache

    Add Custom Sources Microsoft Connected Cache

    Ever wondered if it is possible to add custom sources to a SCCM based Microsoft Connected Cache? It is absolutely possible as long as we talk about HTTP and not HTTPS, we can simply add the additional Server URL as a ServerFarm to IIS and add the needed URL Rewrite Rule Lets start with the…

  • Custom ADMX Templates in Intune

    Custom ADMX Templates in Intune

    Ever wondered, if and how you can set a Registry Key via Intune without having to deploy a PowerShell Script? You totally can do this now relatively easy via ADMX Ingestion like described here: Import custom and third party partner ADMX templates in Microsoft Intune | Microsoft Learn In my example I wanted to set…