What could be better than working on a project together with others. Andrew Taylor, Joey Verlinden, Florian Salzmann and I have created a community proactive remediation script repository where we have written and added as many scripts as possible ready to use scripts for you. In this blog post I want to give you more insights in endpoint analytics proactive remediation scripts and explain how you can integrate these scripts into your environment.
This is Intune Suite Part 1: Easy start with Remote Help — the first deep-dive in my series on the Microsoft Intune Suite add-on. Remote Help is the lowest-friction Intune Suite component to deploy, so it is a useful starting point for any tenant evaluating the Suite licence.
Welcome to my Intune Suite series. In this series I will go over the features that are part of the Intune suite piece by piece. We will start with remote help. Every good device management tool has a remote support solution. To meet this use case Microsoft has introduced remote help. In this post I want to show you how to implement and use this tool.
Compliance policies are essential for ensuring that devices meet all the necessary requirements set by the company, such as a minimum OS version. Previously, Microsoft provided predefined policies that could be used, but with the service release 2208, support for custom compliance checks was added, enabling the freedom to query everything on the device what you want. In this blog post, we will focus on how to create custom compliance policies for Windows.
How do you distribute configuration profile, apps or other configurations in Intune today? In this blog I want to explain and provide a script how you can easily roll out objects in Intune using waves. Here I will help you to create groups defined by you that will pack a specified percentage of your devices into the groups so that you can perform a slow rollout and thus guarantee the quality. The current script describes how you can create device groups. When you validate these rollout waves, it can also be helpful to get assignments of a device via PowerShell. If you are also interested in how to apply this to user groups or how to create a automation for the assignment, check out my new version of the Intune group assignment script.
Most have heard the term Microsoft Graph API before. Ms Graph is an interface from MS for accessing and controlling a variety of Microsoft cloud services. In this blog post I will go into more detail on how you can use Graph in conjunction with Intune, what your options are and how it all works. I’ll also give you script examples in this blog that you can use directly.
Welcome to my first blog as a Microsoft MVP! This blog will focus on a script I created in response to a request from a member of the community who asked how to efficiently export all errors in Intune. Instead of manually sifting through numerous reports to find errors, my script automates the process with just one click, similar to how I used the Graph Report API for Intune mass exports in a previous post. Not only does this make the task much more convenient, but it also allows you to run the script regularly to create a historical record or receive weekly error reports automatically, or use a similar approach like my Teams notification for the Top 5 apps with installation errors. Since this request can be helpful for several people within the community, I decided to create the script and blog about it.
If you’ve ever stared at a misbehaving Intune device and asked yourself “which policies, profiles and apps are actually targeting this thing?”, you know how clunky the admin portal can be. The PowerShell snippet in this post solves exactly that problem: given a Microsoft Entra ID device ID, return every Intune assignment that resolves to it, joining direct device groups, dynamic device groups and user-based assignments through the device’s primary user. It’s the kind of script you’ll keep in your toolbox forever — handy when troubleshooting “why is this policy showing up?” tickets, indispensable when migrating tenants, and a great building block for larger automation.
Via the Intune admin center in the device overview you can see all assignments of a certain device. In the service release 2206 even the function to see the group members of a device was included. But if you want to create automations it is helpful to be able to query this information with PowerShell. I have created a script at the request of a user in the community which returns this information to you.
Intune scope tags allow you to manage a large organization’s IT infrastructure while giving each department/region/sub company/… the flexibility to configure their own settings. Scope tags in Microsoft Intune allow administrators to divide devices in their organization into logical groups. These groups, also known as tags, can be used to make certain settings, applications, and policies available only to specific users or devices. By using Intune scope tags, you can streamline your IT infrastructure, improve security and make your life easier.
When an Intune-managed device misbehaves — a policy doesn’t apply, an app refuses to install, BitLocker silently fails — the truth lives on the client itself. Microsoft’s MDM Diagnostic Report bundles all of that into a single ZIP that contains everything from MDM event logs to current policy values. The problem is that browsing through the raw HTML, EVTX and registry exports is painful, and most admins never make it past the cover page. This post shows the simplest practical workflow I use on real client devices to extract the answers fast, and the few files you should open first to answer 80 % of all support questions.
In this blog I would like to give you a helpful tool how you can analyze the MDM diagnostic log directly on the client with the help of PowerShell and how you can process the content in a simple way to implement remediations or to build a monitoring. In the following sections I will explain step by step how you can use this script.
Remote working is the new normal and this is exactly what has contributed to the spread of Intune. Intune gets a large number of new users/devices every day and is also being developed at a rapid pace. Intune is an extremely good platform to manage devices regardless of their location and offers the great advantage that you no longer have to worry about an infrastructure as with Config Manager. However, this growth brings the challenge that administrators have to get used to a new platform.
In my blog you will find many deep dives or useful tools and solutions how to get the full power out of Intune. In this blog post I want to go back to the beginning. I want to give you a general overview of what Intune is and provide you with a free QuickStart guide for the first steps.
