Detect anomalies in your Intune environment with Azure Cognitive Services – Part 2 Application Installations

In one of my previous blog posts I explained how you can use Azure Automation and Azure Cognitive service to monitor the compliance state of your environment and notify you if there are major deviations today. In this part of the series I want to show you how you can apply this to the deployment of your applications and also get notified if the installation of an application suddenly fails abnormally often.

Read More »

Use Endpoint Analytics to clean up the disk

I have already written several blog posts about endpoint analytics. In the Microsoft Tech Community the question came up how to clean up the disk using Intune. This is a question that is difficult to answer generically as it is always very specific. Through more and more applications and data moving to the cloud and the storage is also becoming cheaper and cheaper, the amount of storage needed on a workplace devices and the problems with full hard disks are no longer as present as in the past.

In this blog I will show you how to free up disk space on your clients with an high disk usage. So let’s get started.

Read More »

A default set on assignment Filter

In one of my posts I have explain how you can create an apply assignment filters. Is a very powerful feature to refine the assignment of group. For example, you can assign a config profile to all devices and apply a filter to apply the config profile only on Windows 11 devices within the group. To make it easier for you to start with filters I wrote a script which creates a default set of filters.

Read More »

Sync Azure AD Group with Kiosk Config Profile

I have already described in a previous blog how to deploy a device as a kiosk device using Intune. This actually works really well. There is only one small thing that is really inconvenient. If Azure AD user or group is selected as logon type (only specific users are allowed to logon on this devices), this policy must not only be assigned to a group, but also the allowed user must be defined in the profile. The option also allows to add AAD users and groups and the SIDs of these objects are also written to the local group but Windows cannot resolve the AAD groups (bug or feature?). The resolution of whether the user who is trying to log in is in one of the groups is done by Windows via Graph when MFA is disabled. it will also work. But if MFA is enabled windows fails to get the token. In this blog I want to show you how you can easily work around this by syncing an Azure AD group with this configuration profile.

Read More »

Intune Tool Box – Rebuild of Intune in PowerShell

I think everyone who works with Intune on a daily basis knows the situation that they would like to have a simple feature that would simplify their daily work. In order to close exactly this gaps I decide to code my own tool with many small features that would make the life for Intune admins easier. This was the birth of the Intune Tool Box. This tool is a WPF application that is written in PowerShell. The app has the same design as Intune but offers small helpers for the daily work. The good thing is that this app is built in such a way that it can be easily extended at any time. If you have any features in your mind that you are missing in Intune console but is possible to solve this via graph so let me know that I can add this to the app. My plan is to develop the app step by step and bring in new cool features.

Read More »

Applicability Rule: Gone but still there

With the introduction of Assignments filter, the value of Applicability rules has diminished. With Applicability rules you could define on which OS versions a Configuration Profile should work. Unfortunately, the ability to configure or delete applicability rules for some configuration profile types from the console has also been removed. It is to be expected that this can happen piece by piece also for further types. In this blog I want to show you how you can easily remove all applicability rules to switch to filters as soon as possible.

Read More »

Migrate an AAD User group to a Device group and vice versa

In your environment you have multiple groups to create assignments of an app or a configuration profile. If you later realize it would be better if this was not a device group but a user group, it is hard to change this without the user having an impact or you have big efforts. I have written a script that you can convert a user group into a device group or a device group into a user group based on the user assigned to a device or based on the devices assigned to the user.

Read More »

Copy Intune Discovered Apps in Log Analytics Workspace

Intune offers the possibility to show per device not only the apps installed via Intune but also the apps discovered on the device (Control Panel apps). Since this view is relatively static and you only have a per device view here, it is difficult to make analyses of the complete environment, e.g. to see which app is missing in the portfolio, since this is often installed by users themselves. Why don’t we use log analytics to have more options to work with this information’s? In this blog I want to show you how you can do this easily with a script.

Read More »