Compliance — Articles by Jannik Reinhard

Microsoft Intune Mac Management: A Complete Guide

Microsoft Intune Mac Management: A Complete Guide

Microsoft Intune Mac Management: A Complete Guide

jannikreinhard

This post is the Complete Guide to Mac management with Microsoft Intune I wish existed when I started managing macOS endpoints in a Microsoft-first environment. From enrollment via Apple Business Manager to compliance, configuration profiles, and security policies — the workflows here are the patterns I deploy in real tenants.

Managing a fleet of devices in today’s workplace isn’t just about Windows management anymore — Mac devices are becoming increasingly common. As more employees choose Macs for their performance, design, and reliability, you also have to deal with the right ways to manage and secure them. With Microsoft Intune, you have a powerful platform to manage macOS devices alongside other platforms. This post shows you how Mac management with Microsoft Intune works and explains why integrating Macs into your corporate infrastructure is a smart move.

Mac management with Microsoft Intune dashboard on a MacBook
Read More » Microsoft Intune Mac Management: A Complete Guide
How to enroll a ubuntu device in intune

How to Enroll an Ubuntu Device in Intune

How to Enroll an Ubuntu Device in Intune

jannikreinhard4 Comments How to Enroll an Ubuntu Device in Intune

Since a few weeks there is a new icon in the Intune console and this is linux. The linux support is a very long awaited feature and there was good feedback from the community. Currently the feature set is still a bit limited, there is currently only the possibility to determine the compliance of the devices and apply conditional access policies.

But this is just the beginning I am sure that in the next months we will see more and more features and also config profiles, updates,… for Linux. But let’s take a look at how to enroll a Ubuntu device in Intune step by step. In this guide you will learn exactly how to enroll a Ubuntu device in Intune, from installing the OS to creating a compliance policy.

Why does this matter in practice? Even though Linux config profiles are not available yet, the compliance and Conditional Access support already lets you treat Ubuntu workstations like any other managed endpoint. That means a developer laptop running Ubuntu can be required to have disk encryption and a minimum OS version before it is allowed to reach Microsoft 365, Azure, or your internal apps. For mixed fleets this closes a real gap, because Linux machines used to sit completely outside your conditional access perimeter.

How to enroll a Ubuntu device in Intune - Intune Linux device overview
Read More » How to Enroll an Ubuntu Device in Intune
Using MacOS custom attributes in Intune

Using MacOS custom attributes in Intune

Using MacOS custom attributes in Intune

jannikreinhard

This post is a practical guide to using MacOS custom attributes in Intune. MacOS custom attributes in Intune let you collect arbitrary signals from your Macs — anything a shell script can return — and surface them as device properties for compliance, dynamic groups and reporting.

Microsoft Intune’s macOS custom attributes are one of the most underrated features in the platform — a thin slice of “managed Jamf Extension Attributes” that lets you collect arbitrary signals from your Macs (anything you can return from a shell script: hardware identifiers, configuration state, installed apps, security posture) and surface them as device properties for compliance, dynamic groups and reporting. This post walks through the end-to-end workflow: how to write a robust custom-attribute shell script, deploy it via Intune, and consume the result in compliance policies and Microsoft Graph queries.

Intune already has a basic inventory of MacOS devices. On the one hand, there is a hardware inventory in which you have everything from the serial number to the free memory, but also os information. In addition, you can see in the discovered apps which applications are installed on the device. But if you want to collect more information about the devices, Intune offers a really cool feature here. The feature I am talking about is called custom attribute. This is basically a shell script that is executed on the devices and the return value is stored as a custom attribute.

Read More » Using MacOS custom attributes in Intune
Detect anomalies in your Intune environment with Azure Cognitive Services – Part 1 Device Compliance

Detect anomalies in your Intune environment with Azure Cognitive Services – Part 1 Device Compliance

Detect anomalies in your Intune environment with Azure Cognitive Services – Part 1 Device Compliance

jannikreinhard5 Comments Detect anomalies in your Intune environment with Azure Cognitive Services – Part 1 Device Compliance

It is hard to keep track of your Intune environment. In this guide you will learn how to detect anomalies in your Intune environment with the help of log events, where you can build static monitoring via Azure automation or logic apps. This is possible if you are only interested in a specific event or if you can express this via static code. However, if you want to detect anomalies in your Intune environment, e.g.

a strong increase or decrease of the device count or how many devices are compliant, it is difficult to implement this without machine learning and to set static values. In this blog series I would like to show you how you can use Azure Cognitive Services (now Azure AI Services) to build a monitoring system and send you messages based on abnormal deviations. So let’s get started.

Detect anomalies in your Intune environment with Azure Cognitive Services dashboard
Read More » Detect anomalies in your Intune environment with Azure Cognitive Services – Part 1 Device Compliance
Get Microsoft Intune Status Reports with PowerShell

Get Microsoft Intune Status Reports with PowerShell

Get Microsoft Intune Status Reports with PowerShell

jannikreinhard

This post is a hands-on guide to generating Intune status with PowerShell — pulling a Microsoft Intune status report without ever opening the Intune admin centre. The script queries Microsoft Graph, builds a structured snapshot of devices, compliance, apps, and assignments, and outputs it as a CSV/JSON ready for further analysis or your own dashboard.

As an administrator, it is always good to keep an eye on your Intune status. In this blog I would like to show you how you can display the current Intune status with PowerShell using a small PowerShell script. The data comes straight from Microsoft Graph, so everything you see in the portal is also available programmatically.

Intune status with PowerShell output shown in a PowerShell window
Read More » Get Microsoft Intune Status Reports with PowerShell
Microsoft Endpoint Manager Reporting: Ultimate MEM Tour Part 4

Ultimate MEM Tour Part 4: Microsoft Intune Reporting

Ultimate MEM Tour Part 4: Microsoft Intune Reporting

jannikreinhard4 Comments Ultimate MEM Tour Part 4: Microsoft Intune Reporting

After we have looked at the three categories of Device Management, Application Management and Endpoint Security, this blog continues with Intune Reporting, the reporting section of Microsoft Intune. Thanks to everyone who read the preceding blogs and gave me feedback. But it’s not over with very powerful and helpful features in Intune. Also in the Intune Reporting section you will find features that can make your daily work easier as an administrator and with which you can greatly increase the user experience. With Endpoint Analytics there is a very powerful Intune Reporting feature which is continuously developed and improved. But let’s take a closer look at it below.

Read More » Ultimate MEM Tour Part 4: Microsoft Intune Reporting
Microsoft Endpoint Manager Devices: Complete MEM Tour

Ultimate MEM Tour Part 1: Microsoft Intune Devices

Ultimate MEM Tour Part 1: Microsoft Intune Devices

jannikreinhard4 Comments Ultimate MEM Tour Part 1: Microsoft Intune Devices

According to the Gartner quadrant published on August 16, Microsoft is by far the leader in the area of unified endpoint management tools, and managing Microsoft Intune Devices sits at the heart of that success. Microsoft Intune has played a major role in achieving this clear ranking. Intune has grown more and more in recent years and has received more and more new functions. According to rumors, we can soon expect support for Chrome OS (source: twitter).

This blog is the first blog of a whole blog series. In this blog series, I want to give you a tour of all the features that Microsoft Intune has to offer, starting with everything around Microsoft Intune Devices.

Read More » Ultimate MEM Tour Part 1: Microsoft Intune Devices
Microsoft Intune Policy Sets: Group and Assign Policies

Microsoft Intune Policy Sets: Group and Assign Policies

Microsoft Intune Policy Sets: Group and Assign Policies

jannikreinhard2 Comments Microsoft Intune Policy Sets: Group and Assign Policies

Many companies have not only a standard service, where not all PCs have the same configuration profiles, standard apps,… have. Specialized services are often needed to meet the needs of different business areas. You can copy the configuration profiles and give them the name of the service so you know which policy belongs to which service, or you can use policy sets to build your own services. In this guide you will learn exactly how this feature works, what it can contain, and how to assign them so your Intune environment stays clean and predictable.

Read More » Microsoft Intune Policy Sets: Group and Assign Policies