In your environment you have multiple groups to create assignments of an app or a configuration profile. If you later realize it would be better if this was not a device group but a user group, it is hard to change this without the user having an impact or you have big efforts. I have written a script that you can convert a user group into a device group or a device group into a user group based on the user assigned to a device or based on the devices assigned to the user.
Once you start treating Windows 11 as a different deployment ring than Windows 10, you’ll need a clean way to scope policies, applications and Conditional Access to “all Windows 11 devices in the tenant” — without manually maintaining a static group. The good news is that Entra ID supports dynamic device groups with rich rule syntax, and you can target Windows 11 by OS version, build number or device-category attribute with a single line of dynamic-membership rule. This post lays out the membership rules I use in production tenants, with examples for Windows 11 21H2 through 23H2 and beyond.
With Windows 11 widely deployed across enterprise estates, you might want to test configurations or apps specifically on Windows 11 devices. For that testing you need a group in Microsoft Entra ID. In this blog I want to show you how to create a dynamic group that contains all Windows 11 devices. I also want to show you how to create a device filter for Windows 11.
Read More »
With the Assignment Filter a possibility was added to Intune to make assignments more comfortable. This feature was first available for configuration profiles and then for apps. With the service release 2107 Intune has enabled the assignment filters also for update rings.
What are assignment filters and how can you use them for the update ring assignments I will show you in this blog.
Read More »
In this blog post I want to explain how to set up a modern Kiosk PC. There are many use cases in companies where you don’t want to give the user complete access to Windows. Only one or selected applications should be allowed. Typical use cases would be:
and many more…
Read More »
To group devices of certain departments or areas, Intune provides a function called Device Categories. These device categories have been available in Intune for a long time but are not really known by many. In this blog post we will take a closer look whats behind this function and what possibilities it offers.
The device categories function can be found in Microsoft Intune in the Devices menu. In the screenshot you can see 3 sample entries that I created for our tests. For the creation of a category only a name and optionally a description is needed.
Read More »
Many companies have a cloud-first strategy and are trying to move more and more on prem infrastructure to the cloud. This also includes the device management. With Covid 19, remote working was the new normal and many companies are facing the challenge of how to manage devices secure and comfortable in the home office.
With Intune, Microsoft has a very powerful solution to manage devices via the internet. In my blogs I would like to give insights into cloud device management and provide you helpful scripts and tools.
In this blog post I will start with a basic topic, it’s about how to set up Windows Autopilot Device from scratch. I explain how you can set up a test environment to gain experience with Windows 10 Autopilot or to test different things.
Read More »