jannikreinhard - Jannik Reinhard

Detect Connected Hardware with Intune Endpoint Analytics

14. September 20225. May 2026 jannikreinhard2 Comments

Modern endpoint estates contain a lot more than the laptop itself: docking stations, external monitors, headsets, USB peripherals, and a long tail of business-specific gear. Microsoft Endpoint Analytics gives you the foundation to capture all of that with a custom data-collection script and feed it into Log Analytics, where you can correlate peripheral inventory with users, locations and refresh cycles. This post walks through the pattern I use to detect connected hardware: a PowerShell collector that reads CIM classes, normalises the result, and posts it into a custom Log Analytics table — ready for Power BI and procurement reporting.

To see which devices are using a particular monitor or keyboard, it can be very helpful if you can collect this information. In this blog I will show you how to do this with the help of Endpoint Analytics. You can then use this information to assign a driver to these devices or to trigger a hardware replacement. How you can automatically populate a group based on the output of an endpoint analytics script I explained in create and fill Microsoft Entra ID group based on local attributes.

Endpoint Analytics script package creation screen

Show user dialog with Endpoint Analytics (Smartphone Replacement Tool)

11. September 20225. May 2026 jannikreinhard

Sometimes the most underrated way to drive change in a fleet is to just talk to the user. Endpoint Analytics surfaces all kinds of useful insights — battery health, boot performance, application reliability — but those signals only become action when they reach the right person at the right moment. The Smartphone Replacement Tool is a small wrapper I built around that idea: trigger a clean, branded dialog on the user’s PC the next time they log on, with a contextual message and a clear next step. The technical scaffolding is intentionally simple: a Win32-deployed tool with a WPF frontend, an Intune Proactive Remediation that decides who sees the dialog, and an Endpoint Analytics-driven trigger.

It is not always easy to reach users via email or other channels. When there are projects running to exchange e.g. smartphones or migrations of files from a network drive to a SharePoint it is hard to reach the users and get an answer. Intune provides with Endpoint Analytics a very good on board tool to easily reach users via a user dialog. In this blog I will show how you can use this with the example of a smartphone exchange. The dialog and the method can be adapted to many other use cases.

Enable Passwordless Authentication with Microsoft Authenticator

4. September 20225. May 2026 jannikreinhard

The best password is the password that is not needed. Statistics show that the more often you have to change the password, the more insecure it becomes. Users write down the password or simply increment it. How about a possibility that is secure but does not require a password, as one part of a broader Ultimate MEM Tour endpoint security guide strategy. In this blog I want to show you how easy it is to enable passwordless authentication for your organization.

Microsoft Authenticator passwordless sign-in settings in Azure AD

How to start with creating blog content about MEM

How to Start Blogging about Microsoft Intune (MEM)

31. August 20225. May 2026 jannikreinhard

I started blogging about various mem topics some time ago. What I can say after this time is that this was the best decision I made. By creating blog posts I have been able to expand my knowledge a lot, I have met a lot of amazing people and the best of all I could share my knowledge with others and help them. With this blog post I want to explain what you need to start blogging about mem topics and encourage you to do so. You will not regret it.

Create and Fill AAD Group based on an local attributes

Create and Fill an Entra ID Group based on Local Attributes

28. August 20225. May 2026 jannikreinhard5 Comments

There is often the need to create a Microsoft Entra ID (formerly Azure AD) group based on a local registry key or another attribute to make more specific access decisions, to use this group for access rights to an application or many other use cases. In this blog post I will show you how to do this with the help of Endpoint Analytics and Azure Automation. In my blog I show you how to do this with the example of device manufacturer; of course we already have this info in Intune, but it is just an example of how this works. Of course you can also do this with anything else you can read out on a client.

Check Autopilot enrollment prerequisite

24. August 20225. May 2026 jannikreinhard5 Comments

Everyone who has enrolled a few devices with autopilot in his life and has encountered errors knows the problem that it can quickly be very cumbersome to find the problem why an enrolment fails. Especially when it comes to network endpoints that are not reachable it can be very time consuming to find them. To enroll a device with autopilot there are also some prerequisites that have to be fulfilled. To check this before the enrollment I have created a script that helps you to check these requirements.

Send Teams Alerts for Top 5 Intune App Install Errors

21. August 20225. May 2026 jannikreinhard

It is always important as an Intune admin to have an overview of the environment. Intune offers a lot of reports but as we all know you don’t look into them every day. Isn’t it easier to get a daily or weekly message in Teams and see the top failed app installations. I have already released some blogs with the topic of detecting anomalies in Intune with the help of cognitive services. In this blog I want to show you how to send a report that is already available in Intune to Teams using Azure Automation.

Teams notification showing top five app installation errors

How to import custom ADMX/ADML into Intune

19. August 20225. May 2026 jannikreinhard

A useful validation step after importing custom ADMX settings is to export the resulting Intune profile and compare it with the vendor documentation. This confirms that the setting name, supported Windows version, and value format match the template you intended to use.

If a policy does not apply, review the device event logs and the MDM diagnostics report before changing the template. Most failures are caused by assignment scope, unsupported OS builds, or value formatting rather than the ADMX import itself.

Custom ADMX and ADML imports are helpful when a required Windows policy is not yet available as a native Intune setting. Treat every import like configuration source code: keep the original vendor files, document the version, and test the policy in a separate device group first.

After importing the templates, verify that the settings appear in the expected Intune category and that the generated policy writes the correct registry values on a test device. This avoids troubleshooting confusion later when multiple custom templates exist in the same tenant.

Most of the policies you’ll ever need are already exposed in Intune’s Settings Catalog — but every IT environment has at least one app whose admins still ship a custom ADMX/ADML template from the on-prem Group Policy days. Adobe Reader, FortiClient, custom in-house tools, and a long tail of vendor utilities all use this format, and Intune supports it natively as long as you know the slightly hidden import workflow. This post walks through importing a custom ADMX/ADML pair into Microsoft Intune end-to-end — where to grab the template files, how to upload them, how to assign the resulting profile, and what to expect on the client. Plus the debugging steps for the most common import failures.

With the Intune service release 2208 there is a really nice feature that provides the support to import ADMX and ADML templates very easy into Intune. This helps you create configurations for e.g. third-party products. I will explain how this works based on Firefox.

Activate Mac FileVault using Intune

17. August 20225. May 2026 jannikreinhard

Encrypting the disk of a workspace is one of the basic settings that every managed device should have. Everyone who manages Windows PCs knows BitLocker. The solution that is integrated in macOS to encrypt disks is called FileVault. In this blog I want to explain you how to configure this for macOS devices.

Detect anomalies in your Intune environment with Azure Cognitive Services – Part 3 Bluescreen of death detection

3. August 20225. May 2026 jannikreinhard

Welcome to the third part of my series in which I describe ways to get proactive notifications when something in your environment has a problem / error. So that this monitoring does not work with static values, I use Azure Cognitive Services (now Azure AI Services) to detect anomalies via machine learning. In this blog we will take a look at the Endpoint Analytics Startup performance bluescreen detection. Here we want to be notified when an unusual number of devices report a blue screen or problem during detection.

Microsoft Intune & AI Insights

Author: jannikreinhard