I currently attend at the MMS Fort Lauderdale conference, where an attendee asked a good question: Is it possible to convert device groups to user groups, and vice versa? The answer is both yes and no. While there’s no out-of-the-box functionality in Intune to turn device groups to user groups directly, it is possible by leveraging the Microsoft Graph API.
Looking to reenrol devices without wipe? Enrolled Intune devices occasionally face trust issues due to MDM or Microsoft Azure certificate problems, among other factors. While wiping and re-enrolling is a standard fix, it’s straightforward for regular devices, with minimal data loss thanks to services like OneDrive. However, this process is more complex for specialized field devices, particularly those with custom configurations and vendor-installed software, especially if the vendor no longer exists. Creative strategies are essential in these cases. This blog post delves into an experimental approach to seamlessly bring such devices back under management.
In the third part of this Intune Suite series, I want to give you more insights into advanced endpoint analytics. Advanced Endpoint Analytics brings machine learning and anomaly detection directly into Intune, and I am really happy that Intune has gone in this direction. I blogged about these topics a few months ago, discussing how to analyze Intune data with the help of cognitive service anomaly detection. It’s awesome that Intune now includes this out-of-the-box in the tool. Unfortunately, I can’t test this feature in my own tenant because Endpoint analytics requires at least 10 devices, and this is not possible in my test tenant. However, I will cover all elements of the feature in this blog.
Source: https://learn.microsoft.com/en-us/intune/advanced-analytics/
Read More »
If you’ve ever stared at a misbehaving Intune device and asked yourself “which policies, profiles and apps are actually targeting this thing?”, you know how clunky the admin portal can be. Learning to pull the assignments of a device via PowerShell solves exactly that problem: given a Microsoft Entra ID device ID, the script returns every Intune assignment that resolves to it, joining direct device groups, dynamic device groups and user-based assignments through the device’s primary user. It’s the kind of script you’ll keep in your toolbox forever — handy when troubleshooting “why is this policy showing up?” tickets, indispensable when migrating tenants, and a great building block for larger automation.
Via the Intune admin center in the device overview you can see all assignments of a certain device. In the service release 2206 even the function to see the group members of a device was included. But if you want to create automations it is helpful to be able to query this information with PowerShell. I have created a script at the request of a user in the community which returns this information to you, so you can read the assignments of a device via PowerShell in seconds instead of clicking through blade after blade.
Intune scope tags allow you to manage a large organization’s IT infrastructure while giving each department/region/sub company/… the flexibility to configure their own settings. Scope tags in Microsoft Intune allow administrators to divide devices in their organization into logical groups. These groups, also known as tags, can be used to make certain settings, applications, and policies available only to specific users or devices. By using Intune scope tags, you can streamline your IT infrastructure, improve security and make your life easier.
In this practical, step-by-step guide we will look at how Intune scope tags work in the real world and why they are essential for delegated administration. If you run a distributed environment, Intune scope tags give you a clean, secure way to separate responsibilities without spinning up multiple tenants. You can read more background on tenant strategy in my other posts on jannikreinhard.com, and the official documentation is available on Microsoft Learn.
Remote working is the new normal and this is exactly what has contributed to the spread of Intune. This Intune Quick Start Guide is here to help, because Intune gets a large number of new users/devices every day and is also being developed at a rapid pace. Intune is an extremely good platform to manage devices regardless of their location and offers the great advantage that you no longer have to worry about an infrastructure as with Config Manager. However, this growth brings the challenge that administrators have to get used to a new platform.
In my blog you will find many deep dives or useful tools and solutions how to get the full power out of Intune. In this blog post I want to go back to the beginning. This Intune Quick Start Guide gives you a general overview of what Intune is and provides you with a free first-steps walkthrough.
Anyone who has been working in the area of device management for a while knows that a good inventory is a very important prerequisite for good device management. With the Intune Device Inventory UI you finally get a custom inventory directly inside Intune that you can keep working with across your processes.
A very desired feature from you is to have a custom inventory directly in Intune with which you can then continue to work in certain processes. This is exactly what Florian Salzmann and I have taken up and developed a solution for you that solves exactly this problem. The Intune Device Inventory UI sits on top of the Intune Custom Inventory feature, which you can read more about in the official Microsoft Learn documentation.
Every month there is a new service release of Intune with new features and bug fixes. With this blog I would like to start a new series and take a closer look at the new features in new Intune releases. The release that was published on Thursday is Microsoft Intune 2209, and these are the features I would like to walk through. If you manage endpoints, Microsoft Intune 2209 brings several improvements worth knowing about.
This post is a practical guide to using MacOS custom attributes in Intune. MacOS custom attributes in Intune let you collect arbitrary signals from your Macs — anything a shell script can return — and surface them as device properties for compliance, dynamic groups and reporting.
Microsoft Intune’s macOS custom attributes are one of the most underrated features in the platform — a thin slice of “managed Jamf Extension Attributes” that lets you collect arbitrary signals from your Macs (anything you can return from a shell script: hardware identifiers, configuration state, installed apps, security posture) and surface them as device properties for compliance, dynamic groups and reporting. This post walks through the end-to-end workflow: how to write a robust custom-attribute shell script, deploy it via Intune, and consume the result in compliance policies and Microsoft Graph queries.
Intune already has a basic inventory of MacOS devices. On the one hand, there is a hardware inventory in which you have everything from the serial number to the free memory, but also os information. In addition, you can see in the discovered apps which applications are installed on the device. But if you want to collect more information about the devices, Intune offers a really cool feature here. The feature I am talking about is called custom attribute. This is basically a shell script that is executed on the devices and the return value is stored as a custom attribute.
Read More »
This post introduces the Intune Tool Box — my open-source attempt at Rebuilding Intune in PowerShell. It is a modular collection of PowerShell scripts that wrap the most common Intune admin operations (devices, apps, policies, assignments) so you can run them from your terminal instead of clicking through the admin centre.
I think everyone who works with Intune on a daily basis knows the situation that they would like to have a simple feature that would simplify their daily work. In order to close exactly these gaps I decided to code my own tool with many small features that would make the life for Intune admins easier. This was the birth of the Intune Tool Box. This tool is a WPF application that is written in PowerShell. The app has the same design as Intune but offers small helpers for the daily work.
The good thing is that this app is built in such a way that it can be easily extended at any time. If you have any features in your mind that you are missing in Intune console but is possible to solve this via graph so let me know that I can add this to the app. My plan is to develop the app step by step and bring in new cool features.
