Configuration Profiles - Jannik Reinhard

Reenrol devices without wipe

29. January 20245. May 2026 jannikreinhard1 Comment

Enrolled Intune devices occasionally face trust issues due to MDM or Microsoft Azure certificate problems, among other factors. While wiping and re-enrolling is a standard fix, it’s straightforward for regular devices, with minimal data loss thanks to services like OneDrive. However, this process is more complex for specialized field devices, particularly those with custom configurations and vendor-installed software, especially if the vendor no longer exists. Creative strategies are essential in these cases. This blog post delves into an experimental approach to seamlessly bring such devices back under management.

Microsoft Defender for Endpoint: Setup and Best Practices

7. December 20235. May 2026 jannikreinhard

After some weeks, here is the second part of my series on Microsoft Defender for Endpoint. In this part, we delve into essential insights and best practices for Microsoft Defender for Endpoint. I will guide you through important configurations and strategies to enhance your organization’s security.

Part 1 (How to enroll device to Microsoft Defender for Endpoint and how does it work)

How to Onboard Devices to Microsoft Defender for Endpoint

8. October 20235. May 2026 jannikreinhard3 Comments

Do you know that you can deploy configurations to devices without enrolling them to Intune? No, then follow this blog how to enroll devices to Microsoft Defender for Endpoint (MDE).

In this blog I want to show you how you can onboard your devices in MDE. In the next blog I will show you what are the capabilities and features in the MDE Admin center.

Microsoft Defender for Endpoint device enrollment infographic

GPT Intune Device Troubleshooter: AI-Powered Admin Help

10. September 20235. May 2026 jannikreinhard19 Comments

I am more than happy to release my new tool the GPT Intune Device Troubleshooter. Wouldn’t it be awesome if you had an assistant to whom you could explain what you want to do in Intune, and they would do the job for you? This dream will now become reality with the GPT Intune Device Troubleshooter.

Management of external devices (peripherals) with Intune

11. June 20235. May 2026 jannikreinhard2 Comments

To reduce the security risk of the end devices and to protect them from data loss or malicious devices, it makes sense to also deal with the management of peripherals. Intune also has an answer for this with attack surface reduction policies. We would like to take a closer look at this topic in this blog post.

V2 – Get an daily device report via email or teams with logic apps – Step by Step guide

V2 – Get a Daily Device Report via Email or Teams with Logic Apps (Step by Step)

28. May 20235. May 2026 jannikreinhard9 Comments

I have already written a blog about how to send a message using Logic apps to generate a regular device report. After a presentation about automation with Intune and Graph I got good feedback if I can do a variant with Co Managed devices. So I decided to write a V2 of this blog and also update the authentication with Managed Identity. If you are interested in more blogs around the topic of logic apps, let me know and I will be happy to do a deep dive on logic apps.

Creating and Configuring Bash Scripts for Ubuntu Devices in Intune

16. April 20235. May 2026 jannikreinhard1 Comment

In one of my previous blog posts, I demonstrated how to enroll an Ubuntu device in Intune. In this blog post, I will walk you through creating and configuring custom Bash scripts for your Ubuntu devices using Microsoft Intune. With the service release 2023, Intune now supports running Bash scripts on Linux devices, offering a powerful way to manage and configure your Linux devices.

Intune Wave Deployment: Create Smart Device Groups

19. February 20235. May 2026 jannikreinhard12 Comments

How do you distribute configuration profile, apps or other configurations in Intune today? In this blog I want to explain and provide a script how you can easily roll out objects in Intune using waves. Here I will help you to create groups defined by you that will pack a specified percentage of your devices into the groups so that you can perform a slow rollout and thus guarantee the quality. The current script describes how you can create device groups. When you validate these rollout waves, it can also be helpful to get assignments of a device via PowerShell. If you are also interested in how to apply this to user groups or how to create a automation for the assignment, check out my new version of the Intune group assignment script.

Intune device groups for phased configuration deployment

Get assignments of an device via Powershell

Get Assignments of a Device via PowerShell

29. January 20235. May 2026 jannikreinhard2 Comments

If you’ve ever stared at a misbehaving Intune device and asked yourself “which policies, profiles and apps are actually targeting this thing?”, you know how clunky the admin portal can be. The PowerShell snippet in this post solves exactly that problem: given a Microsoft Entra ID device ID, return every Intune assignment that resolves to it, joining direct device groups, dynamic device groups and user-based assignments through the device’s primary user. It’s the kind of script you’ll keep in your toolbox forever — handy when troubleshooting “why is this policy showing up?” tickets, indispensable when migrating tenants, and a great building block for larger automation.

Via the Intune admin center in the device overview you can see all assignments of a certain device. In the service release 2206 even the function to see the group members of a device was included. But if you want to create automations it is helpful to be able to query this information with PowerShell. I have created a script at the request of a user in the community which returns this information to you.

Easy way to analyse MDM Diagnostic data on the client

15. January 20235. May 2026 jannikreinhard

When an Intune-managed device misbehaves — a policy doesn’t apply, an app refuses to install, BitLocker silently fails — the truth lives on the client itself. Microsoft’s MDM Diagnostic Report bundles all of that into a single ZIP that contains everything from MDM event logs to current policy values. The problem is that browsing through the raw HTML, EVTX and registry exports is painful, and most admins never make it past the cover page. This post shows the simplest practical workflow I use on real client devices to extract the answers fast, and the few files you should open first to answer 80 % of all support questions.

In this blog I would like to give you a helpful tool how you can analyze the MDM diagnostic log directly on the client with the help of PowerShell and how you can process the content in a simple way to implement remediations or to build a monitoring. In the following sections I will explain step by step how you can use this script.

Microsoft Intune & AI Insights

Configuration Profiles — Articles by Jannik Reinhard