Automating Local Admin Rights Removal w/ Privilege Manager

29. March 2024 jannikreinhardLeave a comment

This is the second guest post from my partner Recast Software.
Imagine reducing 90% of critical security vulnerabilities with a single change to your IT policy. Removing local admin rights can achieve this. IT departments face a constant influx of tickets and issues to manage. Many of these result from a need to elevate permissions, perhaps to update a piece of software or access a resource. The old way of getting around this issue was to give end users local admin permissions on their device. I know many of you are cringing just reading that—so am I. There are many, many reasons not to give end-users local admin permissions. The risks associated with local admin rights greatly outweigh the benefit of fewer tickets from end-users.

Reenrol devices without wipe

29. January 202429. January 2024 jannikreinhard3 Comments

Enrolled Intune devices occasionally face trust issues due to MDM or Microsoft Azure certificate problems, among other factors. While wiping and re-enrolling is a standard fix, it’s straightforward for regular devices, with minimal data loss thanks to services like OneDrive. However, this process is more complex for specialized field devices, particularly those with custom configurations and vendor-installed software, especially if the vendor not longer exists. Creative strategies are essential in these cases. This blog post delves into an experimental approach to seamlessly bring such devices back under management.

Detect new Intune Management Extension Updates

12. November 202312. November 2023 jannikreinhard1 Comment

You know there are regular changes and updates on the Intune Management Extension (IME). Sometimes it can be the cause of an issues or it is also interesting to see what was changed. To detect this changes I wrote an script which notifies you in case of an change and will let you know what was changes.

How to enroll device to Microsoft Defender for Endpoint and how does it work (1/2)?

8. October 2023 jannikreinhard5 Comments

Do you know that you can deploy configurations to devices without enrolling them to Intune? No than follow this blog how to enroll devices to Microsoft Defender for Endpoint (MDE).

In this blog I want to show you how you can onboard your devices in MDE. In the next blog I will show you what are the cababilities and features in the MDE Admin center.

New Version of the intune group assignment script

13. August 202316. December 2023 jannikreinhard3 Comments

Some month ago I relesed an script which lists you all assignments of an aad group in intune. With this blog post I will release a new version of this script which includes more configuration objects and improves a lot of the code parts.

How to activate the uninstallation feature in the Company Portal

6. August 202319. February 2024 jannikreinhard1 Comment

It is a feature where a lot customer waiting since a long time. Now it is here. The possibility to uninstall apps from the company portal. In this short blog post we want to have an look how you can configure this and how the user flow looks like.

Get started with Intune driver update management

23. July 2023 jannikreinhard1 Comment

A lot of Intune admins waited for the feature Intune driver update management. Now it is here. In this blog post I want to describe whats behind this feature, how it works and how you can start with.

Management of external devices (peripherals) with Intune

11. June 202311. June 2023 jannikreinhard3 Comments

To reduce the security risk of the end devices and to protect them from data loss or malicious devices, it makes sense to also deal with the management of peripherals. Intune also has an answer for this with attack surface reduction policies. We would like to take a closer look at this topic in this blog post.

Tracking Windows 11 Upgrades with Azure Automation and Intune

30. April 202313. May 2023 jannikreinhard12 Comments

In today’s blog, I will address a question from one of our community members, who is looking to create a report for tracking Windows 11 upgrades via Azure Automation Runbook and Microsoft Intune. He has tried to gather enrolled devices details using a runbook but hasn’t found a solution yet. In this post, we will demonstrate how to generate a report on Windows 11 upgrade tracking with Intune and Azure Automation.

Intune Suite Part 3: Advanced Endpoint Analytics

2. April 2023 jannikreinhard1 Comment

In the third part of this Intune Suite series, I want to give you more insights into advanced endpoint analytics. I am really happy that Intune has gone in the direction of machine learning and anomaly detection. I blogged about these topics a few months ago, discussing how to analyze Intune data with the help of cognitive service anomaly detection. It’s awesome that Intune now includes this out-of-the-box in the tool. Unfortunately, I can’t test this feature in my own tenant because Endpoint analytics requires at least 10 devices, and this is not possible in my test tenant. However, I will cover all elements of the feature in this blog.