Groups - Jannik Reinhard

Intune Wave Deployment: Create Smart Device Groups

19. February 20235. May 2026 jannikreinhard12 Comments

How do you distribute configuration profile, apps or other configurations in Intune today? In this blog I want to explain and provide a script how you can easily roll out objects in Intune using waves. Here I will help you to create groups defined by you that will pack a specified percentage of your devices into the groups so that you can perform a slow rollout and thus guarantee the quality. The current script describes how you can create device groups. When you validate these rollout waves, it can also be helpful to get assignments of a device via PowerShell. If you are also interested in how to apply this to user groups or how to create a automation for the assignment, check out my new version of the Intune group assignment script.

Intune device groups for phased configuration deployment

Introduction of the Intune Device Troubleshooter

31. July 20225. May 2026 jannikreinhard10 Comments

If you follow my blog, you know that there are two things I really like: helping people with their problems, and automating or simplifying processes. In this blog, I want to introduce you to my new tool, the Intune Device Troubleshooter. This is a PowerShell UI application that will help you to check the status of your devices, as well as help you trigger remediation scripts to fix issues ad-hoc on single devices. It also provides you with intelligent recommendations on what to check on a single device to determine any possible issues. So let’s get started and look at the features of the tool.

Automate Intune App Assignment Groups with Azure Runbooks

21. July 20225. May 2026 jannikreinhard

Automatic assignment groups are useful when app deployment should stay consistent without manually creating a new Microsoft Entra group every time an Intune app is added. The pattern works best when group names, app names, and assignment intent follow the same convention.

In production tenants I recommend validating the group creation flow with one pilot application first. Check the created group, verify the Intune assignment, and document the naming rule before you let automation create groups for a larger application catalogue.

When creating a new app in the Intune admin center and not assigning it to AllUsers/AllDevices, this is always some work to create your own group for available/required and uninstall assignments for each app. You know I love automation. To save time and automate this work I will describe in this blog how you can create a runbook that takes this work completely over.

Microsoft Intune app overview with assignment groups

List all Intune assignments of an Azure AD Group

List All Intune Assignments of an Entra ID Group

12. June 20225. May 2026 jannikreinhard5 Comments

All assignments in Intune are based on Microsoft Entra ID (formerly Azure AD) groups. I think you also already had the problem that you wanted to find out to which Intune object a certain Microsoft Entra ID group is already assigned, but there is no way in the portal to find this out. To solve this problem I have written a script that gives you exactly this output.

How to Restrict the Login to Dedicated Users with Intune – Part 2

22. May 20225. May 2026 jannikreinhard

This is Part 2 of How to Restrict the Login to Dedicated Users with Microsoft Intune. Where Part 1 covered the standard CSP-based approach, Part 2 walks through the more advanced configurations — including dynamic group filtering, Conditional Access integration, and the gotchas you only discover after rolling out to a thousand devices.

Hello everyone, after several months of inactivity I would like to post regularly new content here on my blog. I start here with a topic which I have already blogged last year. This post is about how to restrict who can log on to Windows via Intune. Intune has a cool new feature that allows you to manage the members of local groups. In how to restrict the login to dedicated users with intune I did this restriction with a configuration profile and put a Microsoft Entra ID user into the local group via a custom profile and an OMA-URI. Now Microsoft has added a new CSP that allows you to do this in a much more elegant way. How to use this I explain now in this blog post.

Microsoft Intune Users and Groups Management Guide

10. October 20215. May 2026 jannikreinhard

In the previous blogs we have looked at all the features Intune offers for device management, application management, endpoint security and reporting. Now we will look at the User and Groups menu. This blog will be the last blog in this series.

Remove the primary user from Intune devices with powershell (Switch to shared device)

Remove the Primary User from Intune Devices with PowerShell (Shared Device)

9. October 20215. May 2026 jannikreinhard11 Comments

If an Intune device is not enrolled as a shared device or kiosk device, it always has a primary user. This creates a relation between the device and the user. This user is also used to license the device. This user only has the possibility to see this device in the company portal / company portal website and trigger certain self service actions. Also, while troubleshooting, an Intune admin can select this user in the Troubleshooting + support menu in Intune and directly see their devices.

The primary user is automatically added after the enrollment of an Intune managed device. It is possible to change the user to an other or remove this user to switch the device to a shared device.

Add Azure AD Users and Groups to Local Groups with Intune

Add Microsoft Entra ID Users and Groups to Local Groups with Intune

25. September 20215. May 2026 jannikreinhard

In this blog we will look at how you can add Microsoft Entra ID (formerly Azure AD) groups or users to a local group using Intune and custom profiles.

Group Windows 11 Devices with Intune

21. September 20215. May 2026 jannikreinhard

Once you start treating Windows 11 as a different deployment ring than Windows 10, you’ll need a clean way to scope policies, applications and Conditional Access to “all Windows 11 devices in the tenant” — without manually maintaining a static group. The good news is that Entra ID supports dynamic device groups with rich rule syntax, and you can target Windows 11 by OS version, build number or device-category attribute with a single line of dynamic-membership rule. This post lays out the membership rules I use in production tenants, with examples for Windows 11 21H2 through 23H2 and beyond.

With Windows 11 widely deployed across enterprise estates, you might want to test configurations or apps specifically on Windows 11 devices. For that testing you need a group in Microsoft Entra ID. In this blog I want to show you how to create a dynamic group that contains all Windows 11 devices. I also want to show you how to create a device filter for Windows 11.

Microsoft Intune App Management: Ultimate MEM Tour Part 2

19. September 20215. May 2026 jannikreinhard

In this blog series, I’ll give you a tour through the features that Microsoft Intune offers us. In my first blog we looked at the Device Management features. In this blog I want to cover all the features around Application Management. Good apps are one of the foundations of a successful company. With Intune, you can ensure that end users have access to the apps they need to do their jobs.

Microsoft Intune & AI Insights

Groups — Articles by Jannik Reinhard