Windows device-management tutorials and guides by Microsoft MVP Jannik Reinhard — Windows 10 and Windows 11 management with Microsoft Intune: Autopilot, Settings Catalog, security baselines, and PowerShell automation.
You plan to migrate to Intune? Then do this Cloud Native! Use the chance and get rid of your on-premises environment, maintenance of the infrastructure and move this responsibility to Microsoft. In this blog I want to explain what cloud native is and what Intune provides you to make your journey to a success. If you want to validate the provisioning part first, start with a Windows Autopilot test lab.
This is the second guest post from my partner Recast Software.
Imagine reducing 90% of critical security vulnerabilities with a single change to your IT policy. Removing local admin rights can achieve this. IT departments face a constant influx of tickets and issues to manage. Many of these result from a need to elevate permissions, perhaps to update a piece of software or access a resource. The old way of getting around this issue was to give end users local admin permissions on their device. I know many of you are cringing just reading that—so am I. There are many, many reasons not to give end-users local admin permissions. The risks associated with local admin rights greatly outweigh the benefit of fewer tickets from end-users.
Enrolled Intune devices occasionally face trust issues due to MDM or Microsoft Azure certificate problems, among other factors. While wiping and re-enrolling is a standard fix, it’s straightforward for regular devices, with minimal data loss thanks to services like OneDrive. However, this process is more complex for specialized field devices, particularly those with custom configurations and vendor-installed software, especially if the vendor no longer exists. Creative strategies are essential in these cases. This blog post delves into an experimental approach to seamlessly bring such devices back under management.
You know there are regular changes and updates on the Intune Management Extension (IME). Sometimes it can be the cause of issues, or it is also interesting to see what was changed. To detect these changes I wrote a script which notifies you in case of a change and will let you know what was changed.
Do you know that you can deploy configurations to devices without enrolling them to Intune? No, then follow this blog how to enroll devices to Microsoft Defender for Endpoint (MDE).
In this blog I want to show you how you can onboard your devices in MDE. In the next blog I will show you what are the capabilities and features in the MDE Admin center.
This post introduces the new and Updated Intune Group Assignment Script. The original was useful but limited; the New version of the Intune Group Assignment Script supports dynamic groups, scope tags, exclusion assignments, and a much cleaner CLI for use in pipelines.
A few months ago I released a script which lists you all assignments of a Microsoft Entra ID group in intune. With this blog post I will release a new version of this script which includes more configuration objects and improves a lot of the code parts.
It is a feature that many customers have been waiting for a long time. Now it is here. The possibility to uninstall apps from the company portal. In this short blog post, we want to have a look at how you can configure this and what the user flow looks like.
This is a quick start guide to Intune driver update management — the policy class that finally gives endpoint admins a controllable, transparent way to roll driver updates across a fleet of Windows devices. From profile creation to ring-based deployment, in under 30 minutes.
Many Intune admins have been waiting for the Intune driver update management feature. Now it is here. In this blog post I want to describe what’s behind this feature, how it works, and how you can get started with it.
To reduce the security risk of the end devices and to protect them from data loss or malicious devices, it makes sense to also deal with the management of peripherals. Intune also has an answer for this with attack surface reduction policies. We would like to take a closer look at this topic in this blog post.
In today’s blog, I will address a question from one of our community members, who is looking to create a report for tracking Windows 11 upgrades via Azure Automation Runbook and Microsoft Intune. He has tried to gather enrolled devices details using a runbook but hasn’t found a solution yet. In this post, we will demonstrate how to generate a report on Windows 11 upgrade tracking with Intune and Azure Automation.
