As an Intune MVP, I frequently need to test various setups on a dedicated test machine. The easiest way to do this is by using virtual machines (VMs). However, running a Windows VM on a MacBook Pro with Apple Silicon (M3) can be a bit tricky. In this blog post, I’ll guide you through the steps to successfully run a Windows VM on macOS with Apple Silicon.
You plan to migrate to Intune? Then do this Cloud Native! Use the chance and get rid of your on-premises environment, maintenance of the infrastructure and move this responsibility to Microsoft. In this blog I want to explain what cloud native is and what Intune provides you to make your journey to a success. If you want to validate the provisioning part first, start with a Windows Autopilot test lab.
Enrolled Intune devices occasionally face trust issues due to MDM or Microsoft Azure certificate problems, among other factors. While wiping and re-enrolling is a standard fix, it’s straightforward for regular devices, with minimal data loss thanks to services like OneDrive. However, this process is more complex for specialized field devices, particularly those with custom configurations and vendor-installed software, especially if the vendor no longer exists. Creative strategies are essential in these cases. This blog post delves into an experimental approach to seamlessly bring such devices back under management.
You know there are regular changes and updates on the Intune Management Extension (IME). Sometimes it can be the cause of issues, or it is also interesting to see what was changed. To detect these changes I wrote a script which notifies you in case of a change and will let you know what was changed.
Most have heard the term Microsoft Graph API before. Ms Graph is an interface from MS for accessing and controlling a variety of Microsoft cloud services. In this blog post I will go into more detail on how you can use Graph in conjunction with Intune, what your options are and how it all works. I’ll also give you script examples in this blog that you can use directly.
If you’ve ever stared at a misbehaving Intune device and asked yourself “which policies, profiles and apps are actually targeting this thing?”, you know how clunky the admin portal can be. The PowerShell snippet in this post solves exactly that problem: given a Microsoft Entra ID device ID, return every Intune assignment that resolves to it, joining direct device groups, dynamic device groups and user-based assignments through the device’s primary user. It’s the kind of script you’ll keep in your toolbox forever — handy when troubleshooting “why is this policy showing up?” tickets, indispensable when migrating tenants, and a great building block for larger automation.
Via the Intune admin center in the device overview you can see all assignments of a certain device. In the service release 2206 even the function to see the group members of a device was included. But if you want to create automations it is helpful to be able to query this information with PowerShell. I have created a script at the request of a user in the community which returns this information to you.
When an Intune-managed device misbehaves — a policy doesn’t apply, an app refuses to install, BitLocker silently fails — the truth lives on the client itself. Microsoft’s MDM Diagnostic Report bundles all of that into a single ZIP that contains everything from MDM event logs to current policy values. The problem is that browsing through the raw HTML, EVTX and registry exports is painful, and most admins never make it past the cover page. This post shows the simplest practical workflow I use on real client devices to extract the answers fast, and the few files you should open first to answer 80 % of all support questions.
In this blog I would like to give you a helpful tool how you can analyze the MDM diagnostic log directly on the client with the help of PowerShell and how you can process the content in a simple way to implement remediations or to build a monitoring. In the following sections I will explain step by step how you can use this script.
Unfortunately, there is no setting in Intune with which you can determine whether an app should be installed during ESP (Enrollment Status Page) or only after ESP. Of course, it is a huge advantage to install as many apps as possible during the ESP or even better during the white glove phase so that you have a ready to use device after enrollment. But there are cases where it can make sense to install an app after the ESP, for example if the installation routine requires an interaction. How you can skip the installation of an app in the ESP I will explain now.
Everyone who has enrolled a few devices with autopilot in his life and has encountered errors knows the problem that it can quickly be very cumbersome to find the problem why an enrolment fails. Especially when it comes to network endpoints that are not reachable it can be very time consuming to find them. To enroll a device with autopilot there are also some prerequisites that have to be fulfilled. To check this before the enrollment I have created a script that helps you to check these requirements.
The Intune Data warehouse provides some data that is very useful for creating reports. In this blog I will show you how to access this data with PowerBi and also provide you with a example dashboard.
