AI agent runtime protection with Microsoft Defender for Endpoint

Protect AI Agents with Microsoft Defender for Endpoint

Protect AI Agents with Microsoft Defender for Endpoint

In this blog post I explain how to set up the new AI agent runtime protection in Microsoft Defender for Endpoint. More and more of us run local AI agents on our work machines — coding assistants like Claude Code, GitHub Copilot CLI, and other CLI tools (I wrote before about why CLI tools are winning for AI agents). These agents are powerful, but they run with your user privileges. They can read files, run commands, and call tools. And they act on text from prompts, files, web pages, and tool output without really knowing which part is trustworthy.

That is exactly the problem. A hidden instruction inside a web page or a file can hijack the agent — this is called prompt injection. AI agent runtime protection in Defender for Endpoint inspects the agent at the right moments and can protect the agent by blocking these attacks before anything bad happens. The feature is in public preview right now, so use it on test devices only. Let me show you how it works and how to turn it on.

Read More » Protect AI Agents with Microsoft Defender for Endpoint
Intune Advanced Analytics: How It Compares to Other Tools — cover image showing the two device query channels flow on a laptop, with Jannik Reinhard (Microsoft MVP) and jannikreinhard.com

Intune Advanced Analytics: How It Compares to Other Tools

Intune Advanced Analytics: How It Compares to Other Tools

In this blog post I want to look at Microsoft Intune Advanced Analytics and compare it, in plain words, to the other analytics tools that are out there. This is the topic I know well. Before I started writing blogs and running my own company, I spent years as the tech lead for AIOps in a large enterprise. Part of my job was to evaluate analytics and digital employee experience (DEX) platforms — Nexthink, Aternity, HP’s analytics solution and several more. So this is not a marketing piece. It is what I learned from running these tools at scale, and where I think Microsoft’s approach is genuinely different.

Here is my honest summary up front: most of these platforms cook with water. They are mature and capable, but they largely solve the same problems in the same way. The hard part was never the dashboard — it was building a business case that survived a second look, because every one of them came with its own agent, its own data store, its own portal and its own license. That is exactly the cost that Microsoft Intune Advanced Analytics removes.

Worth knowing before you read on: From July 1, 2026, Microsoft Intune Advanced Analytics is included in Microsoft 365 E3 and Microsoft 365 E5 as part of Microsoft Intune Plan 2. The separate add-on that used to cost around 10 USD per user per month is now part of the plan. Many teams already own this and don’t know it yet.

Read More » Intune Advanced Analytics: How It Compares to Other Tools
Intune Policy Manager AI-powered policy descriptions and conflict analysis dashboard.

AI-Powered Intune Policy Documentation and Conflict Analysis

AI-Powered Intune Policy Documentation and Conflict Analysis

If you manage Microsoft Intune at scale, you know the pain: hundreds of policies, most of them with empty or outdated descriptions, and zero visibility into which settings overlap or even contradict each other across policies. I’ve seen this in pretty much every tenant I’ve worked with and honestly, it’s one of the most underestimated operational risks in modern endpoint management. This is where AI-powered Intune policy documentation and conflict analysis comes in.

So I built a tool to fix it. It builds on the same idea I explored in Create your own Intune Co Pilot using Azure OpenAi Studio, but takes it further with automated Intune policy documentation and conflict analysis. Let me walk you through it.

Intune policy documentation tool showing conflict analysis dashboard
Read More » AI-Powered Intune Policy Documentation and Conflict Analysis
Build a Microsoft Intune AI Agent with Foundry

Build a Microsoft Intune AI Agent with Foundry

Build a Microsoft Intune AI Agent with Foundry

We’ve all built PowerShell scripts to query Intune, wrapped them in some automation, and called it a day. It works. But with Azure OpenAI Service and models like GPT-4.1 and GPT-5.2 optimized for tool calling, there’s a more interesting approach—building an actual Intune agent that can talk to your Intune environment in plain language.

Instead of writing a script for every query, you build one Intune agent that understands natural language and calls the Graph API on your behalf. Ask it “which Windows devices are non-compliant?” and it figures out the right API call, executes it, and summarizes the results. It’s not magic—it’s function calling with a nice interface.

In this post, I’ll walk you through two different approaches to building this Intune agent: the classic direct SDK approach and the newer Microsoft Agent Framework. Both use the same underlying Graph API client, but differ in how they orchestrate the AI. Let’s dive in.

Read More » Build a Microsoft Intune AI Agent with Foundry
Right Click Tools for SCCM & Intune: Patch, Report, Elevate

Right Click Tools for SCCM & Intune: Patch, Report, Elevate

Right Click Tools for SCCM & Intune: Patch, Report, Elevate

If your day still looks like this—jumping between consoles, chasing patch gaps, and wrestling with standing local admin—your tools are slowing you down. The New Right Click Tools changes that by bringing patchingreporting/visibility, and privileged access together, built for SCCM/ConfigMgr and Intune realities. In this guide you will see exactly how the new toolkit fits into a real endpoint workflow.

Trusted across 60M+ endpoints, Right Click Tools is designed for modern endpoint management at scale—without adding another portal to learn. If you already manage devices with the Microsoft Configuration Manager console, the toolkit layers right on top of what you already use.

Right Click Tools for SCCM and Intune teams dashboard overview
Read More » Right Click Tools for SCCM & Intune: Patch, Report, Elevate
AI-Driven Endpoint Management: The Future with Intune

AI-Driven Endpoint Management: The Future with Intune

AI-Driven Endpoint Management: The Future with Intune

Endpoint management has come a long way from the days of manual, on-premises processes. In today’s world where employees work from home, on the road, or in branch offices, IT teams need tools that are not only powerful but also flexible and intelligent. Microsoft’s journey from Configuration Manager (SCCM) to Intune, and now toward AI-driven automation, shows how we can bridge legacy systems with cloud innovation to deliver seamless, secure, and proactive device management.

Laptop showing cloud device management dashboard
Read More » AI-Driven Endpoint Management: The Future with Intune
Right Click Tools for Intune: Free Community Edition

Right Click Tools for Intune: Free Community Edition

Right Click Tools for Intune: Free Community Edition

Right Click Tools built its reputation on making endpoint management within Microsoft Configuration Manager (ConfigMgr) simpler and faster. After the success of the free ConfigMgr add-on, Recast Software has now brought the same capabilities to Microsoft Intune with the new Right Click Tools for Intune Community Edition browser extension. If you have ever wished for faster, context-aware actions inside the Intune admin center, this extension finally delivers that experience for free.

Read More » Right Click Tools for Intune: Free Community Edition
Convert Intune Device Groups to User Groups via Graph API

Convert Intune Device Groups to User Groups via Graph API

Convert Intune Device Groups to User Groups via Graph API

I currently attend at the MMS Fort Lauderdale conference, where an attendee asked a good question: Is it possible to convert device groups to user groups, and vice versa? The answer is both yes and no. While there’s no out-of-the-box functionality in Intune to turn device groups to user groups directly, it is possible by leveraging the Microsoft Graph API.

Diagram showing how to convert device groups to user groups with the Microsoft Graph API
Read More » Convert Intune Device Groups to User Groups via Graph API
Robopack A bis Z: Alles, was du wissen musst (Sponsor)

Robopack A bis Z: Alles, was du wissen musst (Sponsor)

Robopack A bis Z: Alles, was du wissen musst (Sponsor)

Anzeige / Werbung. Dies ist ein gesponserter Beitrag in bezahlter Kooperation mit Robopack.

In diesem Robopack A bis Z-Artikel gehe ich Robopack komplett durch — alles, was du wissen musst, um zu entscheiden ob das Tool in deinen Microsoft-Intune-Stack passt. Was leistet Robopack, wo sind die Grenzen, und wie sieht ein realistischer Rollout in einem produktiven Tenant aus?

Application packaging is one of the most thankless jobs in endpoint management — until something goes wrong, nobody notices it, and the moment it does, everyone notices. Robopack entered this space promising a fundamentally different approach: AI-assisted packaging that turns hours of MSI repackaging and silent-install detective work into a guided workflow. In this Robopack A bis Z post I walk through the tool from A to Z — what it actually does, where it fits in a Microsoft Intune tenant, how the pricing maps to a real fleet of devices, and the situations where I would (and would not) reach for it. Sponsored review, but the technical assessment is mine and any limitation I hit is in here too.

In meinem ersten deutschen Blogpost heiße ich dich willkommen zu meiner neuen Robopack-A-bis-Z-Serie! In dieser dreiteiligen Videoserie gehe ich detailliert auf die wichtigsten Funktionen und Einsatzmöglichkeiten von Robopack ein – einem leistungsstarken Tool für dein Application Management.

Read More » Robopack A bis Z: Alles, was du wissen musst (Sponsor)

Graph Batch Endpoint

Graph Batch Endpoint

Graph Batch Endpoint

This is only a small blog post but maybe for most of you very helpful, especially if you work a lot with Microsoft Graph. Often the problem is you want to run multiple calls and then you have to loop through the single items or have a long line of calls. The Microsoft Graph Batch Endpoint solves exactly this by letting you combine many requests into one single HTTP call.

While writing another blog post, I found out that there is a batch endpoint for MS Graph. In this blog, I will show you how you can use the Graph Batch Endpoint and give you also an example script that you can adapt for your own automations.

Graph Batch Endpoint overview diagram
Read More » Graph Batch Endpoint