How to use Custom Compliance Script + Example script

Compliance policies are essential for ensuring that devices meet all the necessary requirements set by the company, such as a minimum OS version. Previously, Microsoft provided predefined policies that could be used, but with the service release 2208, support for custom compliance checks was added, enabling the freedom to query everything on the device what you want. In this blog post, we will focus on how to create custom compliance policies for Windows.

Read More »

Create Smart Groups for Wave Deployment of Configurations in Intune

How do you distribute configuration profile, apps or other configurations in Intune today? In this blog I want to explain and provide a script how you can easily roll out objects in Intune using waves. Here I will help you to create groups defined by you that will pack a specified percentage of your devices into the groups so that you can perform a slow rollout and thus guarantee the quality. The current script describes how you can create device groups. If you are also interested in how to apply this to user groups or how to create a automation for the assignment then let me know.

Read More »

Detect Errors from Intune Assignments: How to Export all Errors

Welcome to my first blog as a Microsoft MVP! This blog will focus on a script I created in response to a request from a member of the community who asked how to efficiently export all errors in Intune. Instead of manually sifting through numerous reports to find errors, my script automates the process with just one click. Not only does this make the task much more convenient, but it also allows you to run the script regularly to create a historical record or receive weekly error reports automatically. Since this request can be helpful for several people within the community I decided to create the script and blog about it.

Read More »

Get assignments of an device via Powershell

Via the MEM UI in the device overview you can see all assignments of a certain device. In the service release Service release 2206 even the function to see the group members of a device was included. But if you want to create automations it is helpful to be able to query this information with PowerShell. I have created a script at the request of a user in the community which returns this information to you.

Read More »

Do you already know Intune scope tags?

Intune scope tags allow you to manage a large organisations IT infrastructure while giving each department/region/sub company/… the flexibility to configure their own settings. Scope tags in Microsoft Intune allow administrators to divide devices in their organization into logical groups. These groups, also known as tags, can be used to make certain settings, applications, and policies available only to specific users or devices. By using Intune scope tags, you can streamline your IT infrastructure, improve security and make your life easier.

Read More »

Intune Quick Start Guide

Remote working is the new normal and this is exactly what has contributed to the spread of intune. Intune gets a large number of new users/devices every day and is also being developed at a rapid pace. Intune is an extremely good platform to manage devices regardless of their location and offers the great advantage that you no longer have to worry about an infrastructure as with Config Manager. However, this growth brings the challenge that administrators have to get used to a new platform.

In my blog you will find many deep dives or useful tools and solutions how to get the full power out of Intune. In this blog post I want to go back to the beginning. I want to give you a general overview of what Intune is and provide you with a free QuickStart guide for the first steps.

Read More »

The new multiple administrative approvals (MAAs)

Are you looking to add an extra layer of security to your device configurations in Microsoft Intune? The new multiple administrative approvals (MAAs) feature, introduced in the November 2211 service release, may be just what you need. In this blog post, we’ll walk you through the process of setting up and using MAAs to protect specific configurations like apps or scripts for devices. Multiple administrative approval (MAA) helps to protect in large environments with many administrators by requiring a second administrative account to approve changes before they are applied.

Currently in public preview, you can try out this new feature in your Intune tenant and provide feedback to Microsoft. Keep an eye out for updates on the general availability of MAAs, which will be announced by Microsoft in the near future.

Read More »

Deploy Windows Store Apps via Intune

This blog post is my take about how to install Windows Store Application via Intune. this feature makes it much easier to deploy apps via Intune. Intune provides all apps that are available in the winget repository and you can easily select them via a very large software catalog in Intune. This saves the cumbersome packaging of apps. In this blob post we will have an look how you can use this nice feature.

Read More »

Intune mass export with the Graph Report API

There are many ways to export information from Intune. For example, you can use Log Analytics, the Data Warehouse or the Graph API. But if you want to export several thousand devices or apps via Graph, it can happen that Graph has a paging. Paging means that you only get a certain number of entries with one call and then you have to make another call for the next range. This means for you that you have to write a script that loops through the pages.

Another problem if you want to export e.g. all Discovered apps you have to loop through all devices because this attribute is not shared in List calls. But if you have several 10k or 100k devices this takes a long time.

But there is a Graph Report API that is designed to export large amounts of data and provide it to you as a CSV on a really easy way. How you can use it I will explain in this blog.

Read More »