AI, Intune & Azure Engineering

I build, write and speak about practical Microsoft cloud engineering: AI agents, Microsoft Intune, endpoint automation and Azure solutions that are meant for real production environments.

Jannik Reinhard speaking about AI, Intune and Microsoft Foundry
Jannik Reinhard AI Cloud Endpoint logoAI and Modern Device ManagementDual Microsoft MVP · Intune & Microsoft Foundry
What I do

Engineering content around AI, Intune and Azure.

Projects

Open source, community resources and practical products.

Latest blogs

Latest practical notes from the blog.

Recent engineering posts around Microsoft Intune, AI, automation, security and Azure.

Secure Microsoft Foundry: Network, Identity and Guardrails

Secure Microsoft Foundry: Network, Identity and Guardrails

Secure Microsoft Foundry: Network, Identity and Guardrails

AI agents in production are a security topic, not only an AI topic. An agent has an identity, network paths, data at rest and a behavior that you need to control. In this blog post I explain how I secure Microsoft Foundry end to end, from the IT admin perspective: network isolation, agent identities, RBAC, encryption and guardrails. This is the checklist I would hand to any team that wants to move a Foundry agent from playground to production.

I think about it in four layers, and I will walk through them in this order.

Secure Microsoft Foundry in four layers: network, identity, data and guardrails
Read More » Secure Microsoft Foundry: Network, Identity and Guardrails
Microsoft Foundry vs Copilot Studio: Which Agent Platform?

Microsoft Foundry vs Copilot Studio: Which Agent Platform?

Microsoft Foundry vs Copilot Studio: Which Agent Platform?

Many companies want to build AI agents right now, and the first question I get is always the same: Foundry vs Copilot Studio — which one should we use? In this blog post I explain how both platforms work under the hood, compare models, hosting, pricing, and governance, and I am honest about quality — because that is where many Copilot Studio projects struggle. I also explain why, in the age of AI-assisted coding, the “full code” platform Foundry is often the faster way to a working agent. At the end you should know which platform fits your scenario — or if you should use both together.

Note: Azure AI Foundry was renamed to Microsoft Foundry at Ignite 2025, and the new Foundry Agent Service reached general availability on March 16, 2026. In this post I always mean the new Microsoft Foundry.

Read More » Microsoft Foundry vs Copilot Studio: Which Agent Platform?
Admin By Request Unboxed: My Full EPM Walkthrough Template

Admin By Request Unboxed: My Full EPM Walkthrough

Admin By Request Unboxed: My Full EPM Walkthrough

Advertisement: This post is the first episode of my unboxing series in partnership with Admin By Request. As always, the walkthrough, the opinions and the experiences are 100% my own.

Welcome to the first episode of my unboxing series! In this series I look at the products of Admin By Request in detail — and I start with the product the company is best known for: Endpoint Privilege Management (EPM). In this blog post I explain what Admin By Request is, how the solution removes standing local admin rights without blocking people from doing their work, and what I would configure first. If you prefer watching over reading, the full video episode is here:

Play video
Read More » Admin By Request Unboxed: My Full EPM Walkthrough
How to Evaluate AI Agents in Microsoft Foundry Step by Step

How to Evaluate AI Agents in Microsoft Foundry Step by Step

How to Evaluate AI Agents in Microsoft Foundry Step by Step

Many companies are building their first AI agents right now. Most of them test the agent by chatting with it a few times in the playground and then call it done. In this blog post I explain how to evaluate AI agents in Microsoft Foundry (formerly Azure AI Foundry) in a structured way. At the end you can run an evaluation in the portal or with the SDK, read the results, and set up continuous evaluation for production. If you do not have an agent yet, start with my post about building your first agent in Microsoft Foundry and come back here.

Read More » How to Evaluate AI Agents in Microsoft Foundry Step by Step
Agent Skills Explained: How to Build Your First Skill

Agent Skills Explained: How to Build Your First Skill

Agent Skills Explained: How to Build Your First Skill

Every AI agent is only as good as the knowledge you give it. For a long time the common answer was to stuff everything into one giant system prompt. This does not scale. Agent Skills solve this problem in a much cleaner way. In this blog post I explain what Agent Skills are, why they beat the big system prompt, and how you can build your first skill step by step. At the end you will have a small working skill that runs in Claude Code and in many other AI tools.

Read More » Agent Skills Explained: How to Build Your First Skill
Build Your First AI Agent in Microsoft Foundry Step by Step

Build Your First AI Agent in Microsoft Foundry Step by Step

Build Your First AI Agent in Microsoft Foundry Step by Step

AI agents are everywhere right now, and many IT pros ask me where they should start. In this blog post I show you how to build your first Microsoft Foundry agent. We go step by step: create a project in the portal, deploy a model, create the agent with instructions and tools, test it in the playground, and finally call it from Python code. You do not need to be a developer to follow along. At the end you have a working Microsoft Foundry agent that you can extend for your own use cases.

Read More » Build Your First AI Agent in Microsoft Foundry Step by Step
AI agent runtime protection with Microsoft Defender for Endpoint

Protect AI Agents with Microsoft Defender for Endpoint

Protect AI Agents with Microsoft Defender for Endpoint

In this blog post I explain how to set up the new AI agent runtime protection in Microsoft Defender for Endpoint. More and more of us run local AI agents on our work machines — coding assistants like Claude Code, GitHub Copilot CLI, and other CLI tools (I wrote before about why CLI tools are winning for AI agents). These agents are powerful, but they run with your user privileges. They can read files, run commands, and call tools. And they act on text from prompts, files, web pages, and tool output without really knowing which part is trustworthy.

That is exactly the problem. A hidden instruction inside a web page or a file can hijack the agent — this is called prompt injection. AI agent runtime protection in Defender for Endpoint inspects the agent at the right moments and can protect the agent by blocking these attacks before anything bad happens. The feature is in public preview right now, so use it on test devices only. Let me show you how it works and how to turn it on.

Read More » Protect AI Agents with Microsoft Defender for Endpoint
Azure Private Networking, End to End: Service Endpoints, Private Endpoints, VNet Integration, NSG, Firewall & WAF

Azure Private Networking, End to End: Service Endpoints, Private Endpoints, VNet Integration, NSG, Firewall & WAF

Azure Private Networking, End to End: Service Endpoints, Private Endpoints, VNet Integration, NSG, Firewall & WAF

If you secure Azure workloads, you have hit this question more than once: should this storage account, SQL database or Key Vault be reached over a Service Endpoint or a Private Endpoint? The two sound similar, they both “make traffic private”, and the Azure portal happily offers both. But they work in very different ways, and picking the wrong one costs you either money or a security gap.

In this blog post I explain Service Endpoints vs Private Endpoints in plain language. I show what each one really does, where VNet Integration fits (people mix it up with private endpoints all the time), and then I add the part most comparison posts skip: how this connects to NSGs, Azure Firewall and a WAF — and when I reach for each. At the end there is a decision tree I actually use. I tried to keep it simple, with a diagram for every concept.

Read More » Azure Private Networking, End to End: Service Endpoints, Private Endpoints, VNet Integration, NSG, Firewall & WAF
The Ultimate Intune Troubleshooting Guide: How It Works and How I Fix It Intune Troubleshooting

The Ultimate Intune Troubleshooting Guide: How It Works and How I Fix It

The Ultimate Intune Troubleshooting Guide: How It Works and How I Fix It

In this blog post I explain how I approach Intune troubleshooting from end to end. This is not a list of error codes you can already find in the docs — it is my ultimate reference, the full picture: how Intune actually works under the hood, how a device proves who it is, where the logs live, which tools I reach for, and a clear method I follow every time. When you understand how a device talks to Intune, most problems stop being a mystery. You stop guessing and you start reading the right log, which is what real Intune troubleshooting is about.

This is a long one, on purpose. I wanted the single Intune troubleshooting guide I can send to a colleague and say “read this and you can fix most things yourself.” So we go all the way down — including the new MMP-C and Declared Configuration plumbing that almost no admin knows is already running on their devices — and then back up to the errors you hit most.

A note on honesty before we start: a lot of the deepest details here are not in the official Microsoft docs. They were reverse-engineered by people like Rudy Ooms, Oliver Kieselbach and Michael Niehaus. I will say clearly when something is community knowledge rather than documented, because internals like this change between Windows builds. Let us start with the part most guides skip — the mental model.

Read More » The Ultimate Intune Troubleshooting Guide: How It Works and How I Fix It
AI Models in 2026: What I Would Actually Pick AI Models in 2026

AI Models in 2026: What I Would Actually Pick

AI Models in 2026: What I Would Actually Pick

Almost every week someone asks me the same question: “Which AI model should we use?” When I look at the AI models in 2026 I do not do it from a research lab, I look at them the way most of you do — from the outside, with a budget, a compliance team, and real data I am not allowed to leak. In this blog post I go through the latest AI models in 2026 (snapshot June 2026) and sort them by price, capability and use case. I also do something most comparison posts skip: I look at what they mean for European companies and data sovereignty. At the end I tell you plainly what I would choose.

A short warning first: this is the fastest moving topic I have ever written about. Almost every model below was released between April and June 2026. So treat this as a snapshot, not a law. The way of thinking will last longer than the model names.

Read More » AI Models in 2026: What I Would Actually Pick