How to activate the new options for Passwordless authentication

The best password is the password that is not needed. Statistics show that the more often you have to change the password, the more insecure it becomes. Users write down the password or simply count it up. How about a possibility that is secure but does not require a password. In this blog I want to show you how easy it is to enable passwordless authentication for your organization.

Read More »

Create and Fill AAD Group based on an local attributes

There is often the need to create an AAD group based on a local registry key or another attribute to make more specific accesses, to use this group for access rights to an application or many other usecases. How you can do this with the help of endpoint analytics and azure automation I will show you in this blog post. In my blog I show you how to do this with the example of device manufacture for sure we already have this info in Intune but it is an example how this work. Of course you can also do this with anything else you can read out on a client.

Read More »

Detect anomalies in your Intune environment with Azure Cognitive Services – Part 1 Device Compliance

It is hard to keep track of your Intune environment. With the help of log events you can build static monitoring via Azure automation or logic apps. This is possible if you are only interested in a specific event or if you can express this via static code. However, if you want to detect anomalies, e.g. a strong increase or decrease of the device count or how many devices are compliant, it is difficult to implement this without machine learning and to set static values. In this blog series I would like to show you how you can use Azure cognitive services to build a monitoring system and send you messages based on abnormal deviations. So let’s get started.

Read More »

Sync Azure AD Group with Kiosk Config Profile

I have already described in a previous blog how to deploy a device as a kiosk device using Intune. This actually works really well. There is only one small thing that is really inconvenient. If Azure AD user or group is selected as logon type (only specific users are allowed to logon on this devices), this policy must not only be assigned to a group, but also the allowed user must be defined in the profile. The option also allows to add AAD users and groups and the SIDs of these objects are also written to the local group but Windows cannot resolve the AAD groups (bug or feature?). The resolution of whether the user who is trying to log in is in one of the groups is done by Windows via Graph when MFA is disabled. it will also work. But if MFA is enabled windows fails to get the token. In this blog I want to show you how you can easily work around this by syncing an Azure AD group with this configuration profile.

Read More »

How to write from a Toast Notification in Log Analytics Workspace

It is useful after triggering a remediation action or for simply getting feedback from the user/customer to have a kind of survey. Contacting them by mail usually results in very poor response rates. It is much better to contact him directly via a popup. How you can implement this with the help of a Remediation script and write the response in a Log Analytics workspace I will explain in this blog post.

Read More »

The ultimate MEM tour part 4 – Reports

After we have looked at the three categories of Device Management, Application Management and Endpoint Security, this blog will follow with the Reporting section of MEM. Thanks to everyone who read the preceding blogs and gave me feedback. But it’s not over with very powerful and helpful features in MEM. Also in the reporting section you will find features that can make your daily work easier as an administrator and with which you can greatly increase the user experience. With Endpoint Analytics there is a very powerful feature which is continuously developed and improved. But let’s take a closer look at it below.

Read More »

Setup a Windows Autopilot test lab

Many companies have a cloud-first strategy and are trying to move more and more on prem infrastructure to the cloud. This also includes the device management. With Covid 19, remote working was the new normal and many companies are facing the challenge of how to manage devices secure and comfortable in the home office.

With Intune, Microsoft has a very powerful solution to manage devices via the internet. In my blogs I would like to give insights into cloud device management and provide you helpful scripts and tools.

In this blog post I will start with a basic topic, it’s about how to set up Windows Autopilot Device from scratch. I explain how you can set up a test environment to gain experience with Windows 10 Autopilot or to test different things.

Read More »