You may have noticed that, an autopilot hash looks a little different every time you create it. In this blog I want to show you how to encode an autopilot hash and display the content of it.
Read More »
Category: Intune
How to create a Windows 11 Hyper-V VM
With windows 11, the hardware requirements have been increased. It is no longer possible to start a Windows 11 machine in Hyper V without additional settings. What you need to do to run Windows 11 in a VM I explain in this blog post.
Read More »
Adding a Certificate to Trusted Publishers using Intune
Microsoft has described in a blog post (Adding a Certificate to Trusted Publishers using Intune) how to create a custom config profile to get a certificate into the trusted publisher store. Since there are several manual steps to read the thumbprint from the certificate and encode it to a base64 string I wrote a script that does all this for you and automatically creates a new configuration policy.
Read More »
Delay Windows Update pending reboot with toast notification
Who does not know the situation when you come back from vacation and the computer wants to reboot after an update installation. However, it is extremely important from a security point of view that the system is always up to date. How about a solution that updates are always installed directly, but gives the user a little more time to read emails and reboot the device only when it fits for him. Another example is when a measurement or other process is running on the computer for several hours or days. Also here it would be really bad if a reboot interrupts this measurement. In this blog I show how you can delay the reboot after an update installation but still remind the user of the reboot and give him the chance to do it when it suits him.
How to write from a Toast Notification in Log Analytics Workspace
It is useful after triggering a remediation action or for simply getting feedback from the user/customer to have a kind of survey. Contacting them by mail usually results in very poor response rates. It is much better to contact him directly via a popup. How you can implement this with the help of a Remediation script and write the response in a Log Analytics workspace I will explain in this blog post.
How to restrict the login to dedicated users with intune – Part 2
Hello everyone, after several months of inactivity I would like to post regularly new content here on my blog. I start here with a topic which I have already blogged last year. This post is about how to restrict who can log on to on windows via Intune. Intune has a cool new feature that allows you to manage the members of local groups. In my previous blog I did this restriction with a configuration profile and put a AAD user into the local group via a custom profile and an OMA-URI. Now Microsoft has added a new CSP that allows you to do this in an much more elegant way. How to use this I explain now in this blog post.
Read More »
Remove Windows 11 build-in teams app with Intune
A build in teams client is shipped with Windows 11. This client can only be used with a personal Microsoft account. This client is usually not welcome in corporate environments. How to remove this build-in client with the help of Intune I will show you in this blog post.
Read More »
Install Windows 11 without TPM
With Windows 11, microsoft take the decision that a TPM 2.0 (Trusted Platform Module) is mandatory to run windows 11. Due to this prerequisite, Windows 11 cannot be installed or upgraded on many computers. In this blog, we’ll look at what a TPM is, how to check if you have a TPM 2.0, and how to install Windows anyway.
Read More »
The ultimate MEM tour part 5 – User and Groups
In the previous blogs we have looked at all the features Intune offers for device management, application management, endpoint security and reporting. Now we will look at the User and Groups menu. This blog will be the last blog in this series.
Read More »
Remove the primary user from Intune devices with powershell (Switch to shared device)
If an Intune device is not enrolled as a shared device or kiosk device, it always has a primary user. This creates a relation between the device and the user. This user is also used to license the device. This user only has the possibility to see this device in the company portal / company portal website and trigger certain self service actions. Also, while troubleshooting, an Intune admin can select this user in the Troubleshooting + support menu in Intune and directly see their devices.
The primary user is automatically added after the the enrollment of an intune managed device. It is possible to change the user to an other or remove this user to switch the device into a shared device.
Read More »
jannikreinhard.com 