How to get an report with all new enrolled devices
Keeping track of newly enrolled devices in your organisation can be a challenging task when relying solely on the Intune console. Wouldn’t it be awesome to receive a comprehensive report automatically via email? As you know, I love automating things. In this blog post, we’ll explore a simple and efficient…
Read more…
Endpoint analytics remediation script community repository
What could be better than working on a project together with others. Andrew Taylor, Joey Verlinden, Florian Salzmann and I have created a community proactive remediation script repository where we have written and added as many scripts as possible ready to use scripts for you. In this blog post I…
Read more…
Intune Suite Part 1: Easy start with Remote Help
Welcome to my Intune Suite series. In this series I will go over the features that are part of the Intune suite piece by piece. We will start with remote help. Every good device management tool has a remote support solution. To meet this use case microsoft has introduced remote…
Read more…
How to use Custom Compliance Script + Example script
Compliance policies are essential for ensuring that devices meet all the necessary requirements set by the company, such as a minimum OS version. Previously, Microsoft provided predefined policies that could be used, but with the service release 2208, support for custom compliance checks was added, enabling the freedom to query…
Read more…
Create Smart Groups for Wave Deployment of Configurations in Intune
How do you distribute configuration profile, apps or other configurations in Intune today? In this blog I want to explain and provide a script how you can easily roll out objects in Intune using waves. Here I will help you to create groups defined by you that will pack a…
Read more…
How to create PowerShell script to automate tasks in Intune
Most have heard the term Microsoft Graph API before. Ms Graph is an interface from MS for accessing and controlling a variety of Microsoft cloud services. In this blog post I will go into more detail on how you can use Graph in conjunction with Intune, what your options are…
Read more…
Detect Errors from Intune Assignments: How to Export all Errors
Welcome to my first blog as a Microsoft MVP! This blog will focus on a script I created in response to a request from a member of the community who asked how to efficiently export all errors in Intune. Instead of manually sifting through numerous reports to find errors, my…
Read more…
Get assignments of an device via Powershell
Via the MEM UI in the device overview you can see all assignments of a certain device. In the service release Service release 2206 even the function to see the group members of a device was included. But if you want to create automations it is helpful to be able…
Read more…
Do you already know Intune scope tags?
Intune scope tags allow you to manage a large organisations IT infrastructure while giving each department/region/sub company/… the flexibility to configure their own settings. Scope tags in Microsoft Intune allow administrators to divide devices in their organization into logical groups. These groups, also known as tags, can be used to…
Read more…
Easy way to analyse MDM Diagnostic data on the client
In this blog I would like to give you a helpful tool how you can analyze the MDM diagnostic log directly on the client with the help of PowerShell and how you can process the content in a simple way to implement remediations or to build a monitoring. In the…
Read more…
Intune Quick Start Guide
Remote working is the new normal and this is exactly what has contributed to the spread of intune. Intune gets a large number of new users/devices every day and is also being developed at a rapid pace. Intune is an extremely good platform to manage devices regardless of their location…
Read more…
System Information and Self Service Tool
In this blog I would like to introduce you to my new System Information Tool. The System Information Tool is a software that displays various system information, such as the serial number, IP address, username and logged-in user, and many more. It also provides functions for troubleshooting and analysing problems…
Read more…
The new multiple administrative approvals (MAAs)
Are you looking to add an extra layer of security to your device configurations in Microsoft Intune? The new multiple administrative approvals (MAAs) feature, introduced in the November 2211 service release, may be just what you need. In this blog post, we’ll walk you through the process of setting up…
Read more…
Deploy Windows Store Apps via Intune
This blog post is my take about how to install Windows Store Application via Intune. this feature makes it much easier to deploy apps via Intune. Intune provides all apps that are available in the winget repository and you can easily select them via a very large software catalog in…
Read more…
Intune mass export with the Graph Report API
There are many ways to export information from Intune. For example, you can use Log Analytics, the Data Warehouse or the Graph API. But if you want to export several thousand devices or apps via Graph, it can happen that Graph has a paging. Paging means that you only get…
Read more…
How to setup Organizational messages
With the service release 2211, microsoft has brought a cool new feature called organizational message. These are different ways to contact users via different good looking messages to improve end-user communication and experience. This offers additional possibilities to the existing Notification Bar messages from Windows 10 and older.These messages can…
Read more…
Intune Device Inventory UI
Anyone who has been working in the area of device management for a while knows that a good inventory is a very important prerequisite for good device management. A very desired feature from you is to have a custom inventory directly in Intune with which you can then continue to…
Read more…
How to enroll a ubuntu device in intune
Since a few weeks there is a new icon in the Intune console and this is linux. The linux support is a very long awaited feature and there was good feedback from the ommunity. Currently the feature set is still a bit limited, there is currently only the possibility to…
Read more…
Overview of Analytics capabilities in Intune
A lot has changed from the traditional on premise managed workplace to the modern workplace managed via cloud power. You no longer have to worry about infrastructure, you can work securely from anywhere and you save money. But where do we go from here? The topic of analytics and user…
Read more…
Whats new in 2210
Glad to publish today my second installment of my Intune Whats new series. This month was ignite and what you need to know that during this time very many are busy internally at microsoft through the Ignite. Nevertheless, the changes in the new service release are very noteworthy. In this…
Read more…
Intune DevOps Tools – Move objects from Dev to Prod Tenant
The more clients are managed in your tenant and the more people have contributor rights in your tenant, the more important it becomes to have good release management processes. In this blog post I would like to introduce you to my Intune CI pipeline that allows you to transfer configurations…
Read more…
Recap Ignite 2022 – New Intune related announcements
Like every year the Ignite of Microsoft takes place. This is an event where Microsoft presents news in their products but also general strategic topics on which they will work within the next few months. This year the ignite was a hybrid event both as live stream and on site…
Read more…
Deep Dive into delivery optimization
You can imagine that when a new Windows patch or a new version of a software is released and has to be installed on every Devices and many PCs start to download the content at the same time from a destination outside the corporate network, the Internet break outs are…
Read more…
How to skip the ESP for a single app installation
Unfortunately, there is no setting in Intune with which you can determine whether an app should be installed during ESP (Enrollment Status Page) or only after ESP. Of course, it is a huge advantage to install as many apps as possible during the ESP or even better during the white…
Read more…
Whats new in 2209
Every month there is a new service release of Intune with new features and bug fixes. With this blog I would like to start a new series and take a closer look at the new features in new Intune releases. The release that was released on Thursday was the 2209…
Read more…
Deep dive into the IME Health check
In one of my last posts we took a closer look at how the Intune Management extension works and even looked behind the scenes directly into the code. In this post I have already mentioned the ClientHealthEval.exe and I would like to take a closer look into this.
Read more…
Collect connected Hardware with Endpoint Analytics
To see which devices are using a particular monitor or keyboard, it can be very helpful if you can collect this information. In this blog I will show you how to do this with the help of Endpoint Analytics. You can then use this information to assign a driver to…
Read more…
Show user dialog with Endpoint Analytics (Smartphone Replacement Tool)
It is not always easy to reach users via email or other channels. When there are projects running to exchange e.g. smartphones or migrations from files from a network drive to an SharePoint it is hard reach the users and get an answer. Intune provides with Endpoint Analytics a very…
Read more…
How to activate the new options for Passwordless authentication
The best password is the password that is not needed. Statistics show that the more often you have to change the password, the more insecure it becomes. Users write down the password or simply count it up. How about a possibility that is secure but does not require a password.…
Read more…
How to start with creating blog content about MEM
I started blogging about various mem topics some time ago. What I can say after this time is that this was the best decision I made. By creating blog posts I have been able to expand my knowledge a lot, I have met a lot of amazing people and the…
Read more…
Create and Fill AAD Group based on an local attributes
There is often the need to create an AAD group based on a local registry key or another attribute to make more specific accesses, to use this group for access rights to an application or many other usecases. How you can do this with the help of endpoint analytics and…
Read more…
Check Autopilot enrollment prerequisite
Everyone who has enrolled a few devices with autopilot in his life and has encountered errors knows the problem that it can quickly be very cumbersome to find the problem why an enrolment fails. Especially when it comes to network endpoints that are not reachable it can be very time…
Read more…
Get teams notification for the Top5 apps with installation errors
It is always important as an Intune admin to have an overview of the environment. Intune offers a lot of reports but as we all know you don’t look into them every day. Isn’t it easier to get a daily or weekly message in Teams and see the top failed…
Read more…
How to import custom ADMX/ADML into Intune
With the Intune service release 2208 there is a really nice feature that provides the support to import ADMX and ADML templates very easy into MEM. This helps to create configurations for e.g. 3rd party products. How this work I will explain based on a Firefox.
Read more…
Activate Mac FileVault using Intune
Encrypting the disk of a workspace is one of the basic settings that every managed device should have. Everyone who manages Windows PCs knows BitLocker. The solution that is integrated in MacOS to encrypt disks is called FileVault. In this blog I want to explain you how to configure this…
Read more…
Detect anomalies in your Intune environment with Azure Cognitive Services – Part 3 Bluescreen of death detection
Welcome to the third part of my series in which I describe ways to get proactive notifications when something in your environment has a problem / error. So that this monitoring does not work with static values I use Microsoft Cognitive services to detect anomalies via machine learning. In this…
Read more…
Change Windows 11 Context Menu with Intune
Windows 11 has brought some changes to the Windows Explorer, including the way the context menu looks. By default, the context menu is reduced to the really necessary functions. This is sufficient for most users. However, if you often need functions that are not in the reduced view, then this…
Read more…
Introduction of the Intune App Creator with help of Chocolatey
Anyone who has worked with Intune and deployed an app knows that this is a bit of work. You have to download the sources, create the IntuneWin file, create the app in Intune. To simplify this I have created the Intune App Creator. With this application you can search within…
Read more…
Introduction of the Intune Device Troubleshooter
If you follow my blog, you know that there are two things I really like: helping people with their problems, and automating or simplifying processes. In this blog, I want to introduce you to my new tool, the Intune Device Troubleshooter. This is a PowerShell UI application that will help…
Read more…
Summary of the Intune Management Extension
If you’ve been following my blog, you know that I mention the Intune Management Extension (IME) in several of them. The IME is a powerful tool that help you to manage your devices. In this blog, I’d like to go into more detail and take a look behind the scenes…
Read more…
The further development of the Company Portal System Tray Icon
A few weeks ago I released the Company Portal System Tray tool. The posts have a very good feedback and the tool was tested by some and also used productively. I have been working on developing the tool further and integrating more useful functions that can help with troubleshooting. The…
Read more…
Detect anomalies in your Intune environment with Azure Cognitive Services – Part 2 Application Installations
In one of my previous blog posts I explained how you can use Azure Automation and Azure Cognitive service to monitor the compliance state of your environment and notify you if there are major deviations today. In this part of the series I want to show you how you can…
Read more…
Using MacOS custom attributes in Intune
Intune already has a basic inventory of MacOS devices. On the one hand, there is a hardware inventory in which you have everything from the serial number to the free memory, but also os information. In addition, you can see in the discovered apps which applications are installed on the…
Read more…
Automatically create assignment groups when a app is created
When creating a new app in MEM and not assigning it to AllUser/AllDevices this is always some work to create own group for available/required and uninstall assignments for each app. You know I love automation. To save time and automate this work I will describe in this blog how you…
Read more…
Use Endpoint Analytics to clean up the disk
I have already written several blog posts about endpoint analytics. In the Microsoft Tech Community the question came up how to clean up the disk using Intune. This is a question that is difficult to answer generically as it is always very specific. Through more and more applications and data…
Read more…
A default set on assignment Filter
In one of my posts I have explain how you can create an apply assignment filters. Is a very powerful feature to refine the assignment of group. For example, you can assign a config profile to all devices and apply a filter to apply the config profile only on Windows…
Read more…
Detect anomalies in your Intune environment with Azure Cognitive Services – Part 1 Device Compliance
It is hard to keep track of your Intune environment. With the help of log events you can build static monitoring via Azure automation or logic apps. This is possible if you are only interested in a specific event or if you can express this via static code. However, if…
Read more…
Build PowerBi Dashboard based on Intune Data Warehouse
The Intune Data warehouse provides some data that is very useful for creating reports. In this blog I will show you how to access this data with PowerBi and also provide you with a example dashboard.
Read more…
Sync Azure AD Group with Kiosk Config Profile
I have already described in a previous blog how to deploy a device as a kiosk device using Intune. This actually works really well. There is only one small thing that is really inconvenient. If Azure AD user or group is selected as logon type (only specific users are allowed…
Read more…
Intune Tool Box – Rebuild of Intune in PowerShell
I think everyone who works with Intune on a daily basis knows the situation that they would like to have a simple feature that would simplify their daily work. In order to close exactly this gaps I decide to code my own tool with many small features that would make…
Read more…
Applicability Rule: Gone but still there
With the introduction of Assignments filter, the value of Applicability rules has diminished. With Applicability rules you could define on which OS versions a Configuration Profile should work. Unfortunately, the ability to configure or delete applicability rules for some configuration profile types from the console has also been removed. It…
Read more…
Migrate an AAD User group to a Device group and vice versa
In your environment you have multiple groups to create assignments of an app or a configuration profile. If you later realize it would be better if this was not a device group but a user group, it is hard to change this without the user having an impact or you…
Read more…
Copy Intune Discovered Apps in Log Analytics Workspace
Intune offers the possibility to show per device not only the apps installed via Intune but also the apps discovered on the device (Control Panel apps). Since this view is relatively static and you only have a per device view here, it is difficult to make analyses of the complete…
Read more…
Get an daily device report via email or teams with logic apps – Step by Step guide
For an Intune admin it is always helpful to get an overview of the current status of his tenant and an overview of the count of devices in the field. In this blog I would like to explain how you can use Logic apps to send you a detailed daily…
Read more…
Configuration of Windows Update reboot notifications
In one of my blog posts (Delay Windows Update pending reboot with toast notification) I have already described how to give the user more flexibility in deciding when he wants to reboot his device but still remind him regularly. In this blog I want to explain you how to configure the…
Read more…
Getting Started with Mac Management in Microsoft Intune
I have already described in one of my first blogs how you can set up an Endpoint Manager development environment and enroll Windows devices via Autopilot and manage them. Apart from Windows, you can also manage iOS, Android and MacOS very well with Intune. Apple offers a good interface (MDM…
Read more…
How to update Quick assist with Intune
Quick assist was a cool windows out of the box tool that can get or provide PC support via a remote connection. Because Quick Assist is a pre-installed app in Windows, it can also be used to provide support during setup via e.g. Autopilot. The experience for the user was…
Read more…
List all Intune assignments of an Azure AD Group
All assignments in Intune are based on Azure AD groups. I think you also already had the problem that you wanted to find out to which Intune Object a certain AAD group in already assigned, but there is no way in the portal to find this out. To solve this…
Read more…
Use Endpoint Analytics to find slow internet breakouts
Users always complain that the network is slow. This can also be measured centrally using various network monitoring tools. However, this monitoring can only provide complete insight if the user is actually onsite in the corporate network. If the user is sitting in the home office and is connected to…
Read more…
Get an detailed Intune Status via PowerShell script
As an administrator, it is always good to keep an eye on your Intune status. In this blog I would like to show you how you can display the current status with the help of a small PowerShell script.
Read more…
Clean up Windows 11: Hide task view, widgets and search with Intune
The taskbar became fuller with Windows 11. In a previous blog I explained how to remove the teams icon or delete it completely. In this blog I want to explain how to hide the task view, widgets and search with the help of a remediation script. Bevor: After:
Read more…
Dive deeper into the IME log with a simple change of the log level
For troubleshooting purposes it is helpful to change the log level of the Intune Management Extension. Since this has to be done in an XML config file of the IME and this can affect the function of the IME when inserting a wrong value. I wrote a script which make…
Read more…
Company Portal System Tray Icon
It is difficult for support engineers to guide users to the company portal because the company portal is called differently depending on the system language. In german, for example, the Company Portal is called “Unternehmensportal”. To simplify this and make access faster I have written a small system tray icon.…
Read more…
How to encode an Autopilot hash
You may have noticed that, an autopilot hash looks a little different every time you create it. In this blog I want to show you how to encode an autopilot hash and display the content of it.
Read more…
How to create a Windows 11 Hyper-V VM
With windows 11, the hardware requirements have been increased. It is no longer possible to start a Windows 11 machine in Hyper V without additional settings. What you need to do to run Windows 11 in a VM I explain in this blog post.
Read more…
Adding a Certificate to Trusted Publishers using Intune
Microsoft has described in a blog post (Adding a Certificate to Trusted Publishers using Intune) how to create a custom config profile to get a certificate into the trusted publisher store. Since there are several manual steps to read the thumbprint from the certificate and encode it to a base64…
Read more…
Delay Windows Update pending reboot with toast notification
Who does not know the situation when you come back from vacation and the computer wants to reboot after an update installation. However, it is extremely important from a security point of view that the system is always up to date. How about a solution that updates are always installed…
Read more…
How to write from a Toast Notification in Log Analytics Workspace
It is useful after triggering a remediation action or for simply getting feedback from the user/customer to have a kind of survey. Contacting them by mail usually results in very poor response rates. It is much better to contact him directly via a popup. How you can implement this with…
Read more…
How to backup and restore the Registry
When I try something out or develop something new I don’t always do this in a VM, I use directly my productive system (I wouldn’t recommend it but I do it anyway). But by changes in the registry you can bring the PC in such a state that you have…
Read more…
How to restrict the login to dedicated users with intune – Part 2
Hello everyone, after several months of inactivity I would like to post regularly new content here on my blog. I start here with a topic which I have already blogged last year. This post is about how to restrict who can log on to on windows via Intune. Intune has…
Read more…
Remove Windows 11 build-in teams app with Intune
A build in teams client is shipped with Windows 11. This client can only be used with a personal Microsoft account. This client is usually not welcome in corporate environments. How to remove this build-in client with the help of Intune I will show you in this blog post.
Read more…
Install Windows 11 without TPM
With Windows 11, microsoft take the decision that a TPM 2.0 (Trusted Platform Module) is mandatory to run windows 11. Due to this prerequisite, Windows 11 cannot be installed or upgraded on many computers. In this blog, we’ll look at what a TPM is, how to check if you have…
Read more…
The ultimate MEM tour part 5 – User and Groups
In the previous blogs we have looked at all the features Intune offers for device management, application management, endpoint security and reporting. Now we will look at the User and Groups menu. This blog will be the last blog in this series.
Read more…
Remove the primary user from Intune devices with powershell (Switch to shared device)
If an Intune device is not enrolled as a shared device or kiosk device, it always has a primary user. This creates a relation between the device and the user. This user is also used to license the device. This user only has the possibility to see this device in…
Read more…
The ultimate MEM tour part 4 – Reports
After we have looked at the three categories of Device Management, Application Management and Endpoint Security, this blog will follow with the Reporting section of MEM. Thanks to everyone who read the preceding blogs and gave me feedback. But it’s not over with very powerful and helpful features in MEM.…
Read more…
The ultimate MEM tour part 3 – Endpoint Security
Welcome to the third part of my blog series. In this blog series, I’ll give you a tour through the features that Microsoft Endpoint Manager offers us. In the last two blogs, we looked at the topics of device and application management. Today we would like to take a look…
Read more…
Add Azure AD user and group into a local group
In this blog we will look at how you can add an azure ad groups or users to a local group using Intune and custom profiles.
Read more…
How to restrict the login to dedicated users with intune – Part 1
In the Active directory it was possible to allow a user to log in only to certain computers. This is no longer so easy with Azure AD and Intune. In this blog we would like to look at how you can realize this with the help of a custom profile.
Read more…
Group Windows 11 Devices with Intune
The launch of Windows 11 is coming and you might want to test configurations or apps on Windows 11 devices right now. But for the testing you need a group in Azure AD. In this blog I want to show you how to create a dynamic group where all Windows…
Read more…
The ultimate MEM tour part 2 – Applications
In this blog series, I’ll give you a tour through the features that Microsoft Endpoint Manager offers us. In my first blog we looked at the Device Management features. In this blog I want to cover all the features around Application Management. Good apps are one of the foundations of…
Read more…
The ultimate MEM tour part 1 – Devices
According to the Gardner quadrant published on August 16, Microsoft is by far the leader in the area of unified endpoint management tools. Microsoft Endpoint Manager (MEM) has played a major role in achieving this clear ranking. MEM has grown more and more in recent years and has received more…
Read more…
How to deploy the Web Company Portal
In one of my last posts I explained how to create a desktop shortcut using a Win32 app. Now I want to show you a way how you can deploy a web shortcut for the Web Company Portal.
Read more…
Map an Networkdrive with Intune
In this blog I will show you a very simple way how to map a network drive with Intune.
Read more…
Creating a web page shortcut on the desktop using intune
In this blog I want to explain how you can create a shortcut to a website on the desktop with the help of Intune. You can use this for example to make the opening of your company’s intranet site or web application faster and easier for the users.
Read more…
Align the Windows 11 taskbar to the left with help of Intune
For many users, the centered taskbar in Windows 11 is unfamiliar. To make the transition a bit easier for users, we’ll take a look at whether there’s a way to align the taskbar to the left like in Windows 10.
Read more…
Use assignment filter for the update ring assignment
With the Assignment Filter a possibility was added to intune to make assignments more comfortable. This feature was first available for configuration profiles and then for apps. With the service release 2107 Intune has enabled the assignment filters also for update rings. What are assignment filters and how can you…
Read more…
Enable Tab groups in MS Edge Chromium
Tab groups are a useful feature in the Edge browser that I have become very accustomed to and that makes my work much easier. Unfortunately, this feature is not yet active as default and is located in the ExpermientelIen features of the Edge browser. In this blog I explain how…
Read more…
Policy sets – a cool feature
Many companies have not only a standard service, where not all PCs have the same configuration profiles, standard apps,… have. Specialized services are often needed to meet the needs of different business areas. You can copy the configuration profiles and give them the name of the service so you know…
Read more…
Set the Windows 10 background picture
With Intune it is very easy to change the backround picture of your devices. In this blog I explain how you can do this.
Read more…
Deploy a Win32 App with Intune (Cmtrace)
In this blog post I explain how to deploy a Win32 app via Intune. I have choos CMtracert because this tool is useful for troubleshooting and analyzing Intune logs. W32 applications must always be uploaded as .intunewin package. It is not possible to simply upload an .exe file. How to…
Read more…
Setup an Modern Kiosk PC
In this blog post I want to explain how to set up a Modern Kiosk PC. There are many use cases in companies where you don’t want to give the user complete access to Windows. Only one or selected applications should be allowed. Typical use cases would be: a device…
Read more…
Get the Application User Model ID (AUMID)
The AUMID is an ID which is assigned for each appliication installed on a device. It is used e.g. in the Kiosk multi app mode to select apps. Which possibilities exist to get this AUMID I want to explain you in this blog.
Read more…
Duplicate Device Configuration Profiles
There is often the use case that you want to duplicate device profiles to adjust this for a certain device group / use case or just to have a separation of the name for different device classes. There has been a user voice with over 1200 votes since 2017, unfortunately…
Read more…
Configure device categories
To group devices of certain departments or areas, Intune provides a function called Device Categories. These deivce categories have been available in Intune for a long time but are not really known by many. In this blog post we will take a closer look whats behind this function and what…
Read more…
Setup a Windows Autopilot test lab
Many companies have a cloud-first strategy and are trying to move more and more on prem infrastructure to the cloud. This also includes the device management. With Covid 19, remote working was the new normal and many companies are facing the challenge of how to manage devices secure and comfortable…
Read more…
Welcome!!
Hey, my name is Jannik Reinhard and I have been working in the IT department of a large chemical company for several years. I am a solution architect in the area of mobile device management and AIOPS (AI of IT Operation). Since IT is not only my profession but also…
Read more…
Modern Device Management 