AI, Intune & Azure Engineering

I build, write and speak about practical Microsoft cloud engineering: AI agents, Microsoft Intune, endpoint automation and Azure solutions that are meant for real production environments.

Read the blogAbout & SpeakingContact / book me
LinkedInXYouTubeGitHub
Jannik Reinhard speaking about AI, Intune and Microsoft Foundry
Jannik Reinhard AI Cloud Endpoint logoAI and Modern Device ManagementDual Microsoft MVP · Intune & Microsoft Foundry
What I do

Engineering content around AI, Intune and Azure.

AIAI agents and automationHands-on patterns for local models, Microsoft Foundry, Copilot, orchestration and production governance.IntuneEndpoint management at scaleMicrosoft Intune, remediation, analytics, packaging, security baselines and daily admin reality.AzureCloud architecture and integrationAzure AI, Microsoft Graph, identity, automation workflows and pragmatic enterprise implementation.
Projects

Open source, community resources and practical products.

Open SourceEndpoint Analytics Remediation ScriptsThe large community-driven Intune remediation repository with deployable PowerShell packages.MSNuggetShort Microsoft admin tipsFocused one-minute reads for Intune, Entra ID, security, automation and AI.SpeakingSessions, workshops and community eventsInternational speaking profile, MVP recognition, badges and verified Microsoft Learn credentials.Epic FusionModern Workplace, AI and cloud transformationAt Epic Fusion we connect people, organization and Microsoft technology: Modern Workplace, cloud security, adoption and AI solutions for daily business.
Get readyTransformUnleash
Latest blogs

Latest practical notes from the blog.

Recent engineering posts around Microsoft Intune, AI, automation, security and Azure.

All blogsIntuneAIAzure
AI agent runtime protection with Microsoft Defender for Endpoint

Protect AI Agents with Microsoft Defender for Endpoint

Protect AI Agents with Microsoft Defender for Endpoint

jannikreinhardLeave a comment Protect AI Agents with Microsoft Defender for Endpoint

In this blog post I explain how to set up the new AI agent runtime protection in Microsoft Defender for Endpoint. More and more of us run local AI agents on our work machines — coding assistants like Claude Code, GitHub Copilot CLI, and other CLI tools (I wrote before about why CLI tools are winning for AI agents). These agents are powerful, but they run with your user privileges. They can read files, run commands, and call tools. And they act on text from prompts, files, web pages, and tool output without really knowing which part is trustworthy.

That is exactly the problem. A hidden instruction inside a web page or a file can hijack the agent — this is called prompt injection. AI agent runtime protection in Defender for Endpoint inspects the agent at the right moments and can block these attacks before anything bad happens. The feature is in public preview right now, so use it on test devices only. Let me show you how it works and how to turn it on.

Read More » Protect AI Agents with Microsoft Defender for Endpoint
Azure Private Networking, End to End: Service Endpoints, Private Endpoints, VNet Integration, NSG, Firewall & WAF

Azure Private Networking, End to End: Service Endpoints, Private Endpoints, VNet Integration, NSG, Firewall & WAF

Azure Private Networking, End to End: Service Endpoints, Private Endpoints, VNet Integration, NSG, Firewall & WAF

jannikreinhardLeave a comment Azure Private Networking, End to End: Service Endpoints, Private Endpoints, VNet Integration, NSG, Firewall & WAF

If you secure Azure workloads, you have hit this question more than once: should this storage account, SQL database or Key Vault be reached over a Service Endpoint or a Private Endpoint? The two sound similar, they both “make traffic private”, and the Azure portal happily offers both. But they work in very different ways, and picking the wrong one costs you either money or a security gap.

In this blog post I explain Service Endpoints vs Private Endpoints in plain language. I show what each one really does, where VNet Integration fits (people mix it up with private endpoints all the time), and then I add the part most comparison posts skip: how this connects to NSGs, Azure Firewall and a WAF — and when I reach for each. At the end there is a decision tree I actually use. I tried to keep it simple, with a diagram for every concept.

Read More » Azure Private Networking, End to End: Service Endpoints, Private Endpoints, VNet Integration, NSG, Firewall & WAF
The Ultimate Intune Troubleshooting Guide: How It Works and How I Fix It Intune Troubleshooting

The Ultimate Intune Troubleshooting Guide: How It Works and How I Fix It

The Ultimate Intune Troubleshooting Guide: How It Works and How I Fix It

jannikreinhardLeave a comment The Ultimate Intune Troubleshooting Guide: How It Works and How I Fix It

In this blog post I explain how I approach Intune troubleshooting from end to end. This is not a list of error codes you can already find in the docs — it is the full picture: how Intune actually works under the hood, how a device proves who it is, where the logs live, which tools I reach for, and a clear method I follow every time. When you understand how a device talks to Intune, most problems stop being a mystery. You stop guessing and you start reading the right log, which is what real Intune troubleshooting is about.

This is a long one, on purpose. I wanted the single Intune troubleshooting guide I can send to a colleague and say “read this and you can fix most things yourself.” So we go all the way down — including the new MMP-C and Declared Configuration plumbing that almost no admin knows is already running on their devices — and then back up to the errors you hit most.

A note on honesty before we start: a lot of the deepest details here are not in the official Microsoft docs. They were reverse-engineered by people like Rudy Ooms, Oliver Kieselbach and Michael Niehaus. I will say clearly when something is community knowledge rather than documented, because internals like this change between Windows builds. Let us start with the part most guides skip — the mental model.

Read More » The Ultimate Intune Troubleshooting Guide: How It Works and How I Fix It
AI Models in 2026: What I Would Actually Pick AI Models in 2026

AI Models in 2026: What I Would Actually Pick

AI Models in 2026: What I Would Actually Pick

jannikreinhardLeave a comment AI Models in 2026: What I Would Actually Pick

Almost every week someone asks me the same question: “Which AI model should we use?” When I look at the AI models in 2026 I do not do it from a research lab, I look at them the way most of you do — from the outside, with a budget, a compliance team, and real data I am not allowed to leak. In this blog post I go through the latest AI models in 2026 (snapshot June 2026) and sort them by price, capability and use case. I also do something most comparison posts skip: I look at what they mean for European companies and data sovereignty. At the end I tell you plainly what I would choose.

A short warning first: this is the fastest moving topic I have ever written about. Almost every model below was released between April and June 2026. So treat this as a snapshot, not a law. The way of thinking will last longer than the model names.

Read More » AI Models in 2026: What I Would Actually Pick
Foundry Local: Run AI Models Offline on Your Mac

Foundry Local: Run AI Models Offline on Your Mac

Foundry Local: Run AI Models Offline on Your Mac

jannikreinhardLeave a comment Foundry Local: Run AI Models Offline on Your Mac

In this blog post I explain how to run AI models offline on a Mac with Microsoft Foundry Local — completely offline, on your own hardware. No Azure subscription, no API key, no internet connection. Everything runs on your own device.

I made a short video that walks through the whole thing. If you prefer watching over reading, here it is:

Play video

The rest of this post is the written version, so you can copy the commands and follow along.

Read More » Foundry Local: Run AI Models Offline on Your Mac
Intune Advanced Analytics: How It Compares to Other Tools — cover image showing the two device query channels flow on a laptop, with Jannik Reinhard (Microsoft MVP) and jannikreinhard.com

Intune Advanced Analytics: How It Compares to Other Tools

Intune Advanced Analytics: How It Compares to Other Tools

jannikreinhardLeave a comment Intune Advanced Analytics: How It Compares to Other Tools

In this blog post I want to look at Microsoft Intune Advanced Analytics and compare it, in plain words, to the other analytics tools that are out there. This is the topic I know well. Before I started writing blogs and running my own company, I spent years as the tech lead for AIOps in a large enterprise. Part of my job was to evaluate analytics and digital employee experience (DEX) platforms — Nexthink, Aternity, HP’s analytics solution and several more. So this is not a marketing piece. It is what I learned from running these tools at scale, and where I think Microsoft’s approach is genuinely different.

Here is my honest summary up front: most of these platforms cook with water. They are mature and capable, but they largely solve the same problems in the same way. The hard part was never the dashboard — it was building a business case that survived a second look, because every one of them came with its own agent, its own data store, its own portal and its own license. That is exactly the cost that Microsoft Intune Advanced Analytics removes.

Worth knowing before you read on: From July 1, 2026, Microsoft Intune Advanced Analytics is included in Microsoft 365 E3 and Microsoft 365 E5 as part of Microsoft Intune Plan 2. The separate add-on that used to cost around 10 USD per user per month is now part of the plan. Many teams already own this and don’t know it yet.

Read More » Intune Advanced Analytics: How It Compares to Other Tools
Microsoft Build 2026: A Field Guide to the Agentic Stack MS Build

Microsoft Build 2026: A Field Guide to the Agentic Stack

Microsoft Build 2026: A Field Guide to the Agentic Stack

jannikreinhardLeave a comment Microsoft Build 2026: A Field Guide to the Agentic Stack

If you have sat through a Microsoft keynote more than once, you know the pattern: a wall of product names, a couple of demos that feel like magic, and then weeks of work figuring out what is actually shipping versus what is a sizzle reel. Microsoft Build 2026 (San Francisco, June 2–3) was the most agent-dense keynote Microsoft has ever given — seven in-house models, a whole context layer, a brand-new category of agent, a containment story that reaches from silicon to cloud, and a concept for hardware that runs agents instead of apps.

This post is the map I wish I’d had on the morning of June 2. I’ll walk every major announcement from Microsoft Build 2026, explain each one the way I’d explain it to a colleague (not the way the press release phrases it), and — because that’s the job most of us actually have — call out what it means for whoever has to deploy, govern and secure this stuff. It is a round-up, not a feature comparison, and I’ll flag clearly what is generally available, what is preview, and what is still just a slide.

Read More » Microsoft Build 2026: A Field Guide to the Agentic Stack
My New Setup: Why the Oakywood Standing Desk Pro Has Actually Made Me More Productive Template.png.opt

My New Setup: Why the Oakywood Standing Desk Pro Has Actually Made Me More Productive

My New Setup: Why the Oakywood Standing Desk Pro Has Actually Made Me More Productive

jannikreinhardLeave a comment My New Setup: Why the Oakywood Standing Desk Pro Has Actually Made Me More Productive

Advertisement. Oakywood provided the desk and accessories as part of a paid content partnership; this post contains advertising and may include affiliate links. Everything here is still 100% my own experience.

I’ve been using the Oakywood Standing Desk Pro as the centerpiece of my setup daily for several weeks now, and this review collects everything I’ve learned so far.

I’ll be honest: I spend a huge portion of my life at a desk. Coding sessions for Frontier Engine, slide decks for conferences, podcast recordings, writing on this blog,… all of it happens on a surface of roughly 1.4 by 0.7 meters. My old desk was functional, but at some point it hit me: the piece of furniture I spend 70+ hours a week at probably deserves to be more than just “functional.”

That’s where Oakywood came in.

Oakywood Standing Desk Pro as the centerpiece of my home office setup
Read More » My New Setup: Why the Oakywood Standing Desk Pro Has Actually Made Me More Productive
Skills, MCP, CLI, Computer Use: Mapping the AI Tooling Surface in 2026 SkillsMCPCLIComputerUse.png.opt

Skills, MCP, CLI, Computer Use: Mapping the AI Tooling Surface in 2026

Skills, MCP, CLI, Computer Use: Mapping the AI Tooling Surface in 2026

jannikreinhardLeave a comment Skills, MCP, CLI, Computer Use: Mapping the AI Tooling Surface in 2026

If you have built more than one AI tool in the past twelve months, you have noticed the same thing I have: the surface area of “how a model talks to systems” has exploded. Skills, MCP servers, CLI tools, Computer Use, function calling, declarative agents, custom engine agents, apps, actions, extensions, gems — every vendor uses a slightly different word for what looks like the same thing on a marketing slide. This is the AI tooling surface, and they are not the same thing. The trade-offs are real, the choice changes architecture, and picking the wrong part of the AI tooling surface wastes weeks.

This post is the mental model I now apply by default when I sit down to build something agentic and map it onto the AI tooling surface. It is opinionated. It is not a feature comparison. The goal is to help you decide which part of the AI tooling surface to reach for first, not to memorise the spec of each one.

I’ll cover seven surfaces (the original five, plus two that are too important to skip in 2026), map them across Anthropic, OpenAI, Microsoft, and Google terminology, and give you the decision tree I actually use to navigate the AI tooling surface.

Mapping the AI tooling surface in 2026 across Anthropic, OpenAI, Microsoft and Google
Read More » Skills, MCP, CLI, Computer Use: Mapping the AI Tooling Surface in 2026
MICROSOFT 365 AGENTS EXPLAINED: WHA AGENTS 365 MEANS

Microsoft Agent 365 vs. Microsoft 365 Agents: A Field Guide for IT and Architects

Microsoft Agent 365 vs. Microsoft 365 Agents: A Field Guide for IT and Architects

jannikreinhardLeave a comment Microsoft Agent 365 vs. Microsoft 365 Agents: A Field Guide for IT and Architects

Microsoft Agent 365 vs. Microsoft 365 Agents is the field guide distinction for IT teams and architects: one term describes governed agent operations, while the other describes the agents users build and run inside Microsoft 365 experiences.

If you’ve spent the last twelve months in the Microsoft AI ecosystem, you’ve watched the same pattern repeat: every announcement reframes the same thing under a slightly different banner. Copilot. Copilot Studio. Microsoft Foundry. Microsoft Agent Framework. Declarative agents. Custom engine agents. And now, two terms that sound almost identical but mean very different things Microsoft 365 Agents and Microsoft Agent 365.

I keep seeing them used interchangeably, including in serious technical posts. They are not interchangeable. With Agent 365 hitting general availability on May 1, 2026, getting this distinction right is no longer a pedantry exercise it’s a procurement, governance, and architecture decision.

This post is the field guide to Microsoft 365 Agents I would have wanted before I started building.

Microsoft 365 Agents: declarative agents, custom engine agents, and Agent Builder in the Microsoft Copilot host
Read More » Microsoft Agent 365 vs. Microsoft 365 Agents: A Field Guide for IT and Architects