Via the MEM UI in the device overview you can see all assignments of a certain device. In the service release Service release 2206 even the function to see the group members of a device was included. But if you want to create automations it is helpful to be able to query this information with PowerShell. I have created a script at the request of a user in the community which returns this information to you.
Intune scope tags allow you to manage a large organisations IT infrastructure while giving each department/region/sub company/… the flexibility to configure their own settings. Scope tags in Microsoft Intune allow administrators to divide devices in their organization into logical groups. These groups, also known as tags, can be used to make certain settings, applications, and policies available only to specific users or devices. By using Intune scope tags, you can streamline your IT infrastructure, improve security and make your life easier.
In this blog I would like to give you a helpful tool how you can analyze the MDM diagnostic log directly on the client with the help of PowerShell and how you can process the content in a simple way to implement remediations or to build a monitoring. In the following sections I will explain step by step how you can use this script.
Remote working is the new normal and this is exactly what has contributed to the spread of intune. Intune gets a large number of new users/devices every day and is also being developed at a rapid pace. Intune is an extremely good platform to manage devices regardless of their location and offers the great advantage that you no longer have to worry about an infrastructure as with Config Manager. However, this growth brings the challenge that administrators have to get used to a new platform.
In my blog you will find many deep dives or useful tools and solutions how to get the full power out of Intune. In this blog post I want to go back to the beginning. I want to give you a general overview of what Intune is and provide you with a free QuickStart guide for the first steps.
Are you looking to add an extra layer of security to your device configurations in Microsoft Intune? The new multiple administrative approvals (MAAs) feature, introduced in the November 2211 service release, may be just what you need. In this blog post, we’ll walk you through the process of setting up and using MAAs to protect specific configurations like apps or scripts for devices. Multiple administrative approval (MAA) helps to protect in large environments with many administrators by requiring a second administrative account to approve changes before they are applied.
Currently in public preview, you can try out this new feature in your Intune tenant and provide feedback to Microsoft. Keep an eye out for updates on the general availability of MAAs, which will be announced by Microsoft in the near future.
This blog post is my take about how to install Windows Store Application via Intune. this feature makes it much easier to deploy apps via Intune. Intune provides all apps that are available in the winget repository and you can easily select them via a very large software catalog in Intune. This saves the cumbersome packaging of apps. In this blob post we will have an look how you can use this nice feature.
There are many ways to export information from Intune. For example, you can use Log Analytics, the Data Warehouse or the Graph API. But if you want to export several thousand devices or apps via Graph, it can happen that Graph has a paging. Paging means that you only get a certain number of entries with one call and then you have to make another call for the next range. This means for you that you have to write a script that loops through the pages.
Another problem if you want to export e.g. all Discovered apps you have to loop through all devices because this attribute is not shared in List calls. But if you have several 10k or 100k devices this takes a long time.
But there is a Graph Report API that is designed to export large amounts of data and provide it to you as a CSV on a really easy way. How you can use it I will explain in this blog.
With the service release 2211, microsoft has brought a cool new feature called organizational message. These are different ways to contact users via different good looking messages to improve end-user communication and experience. This offers additional possibilities to the existing Notification Bar messages from Windows 10 and older.
These messages can be delivered as a popup above the taskbar, in the notification area or in the Get Started app.
A small disadvantage is that this feature is currently only supported only for Windows 11 devices.
Since a few weeks there is a new icon in the Intune console and this is linux. The linux support is a very long awaited feature and there was good feedback from the ommunity. Currently the feature set is still a bit limited, there is currently only the possibility to determine the complaince of the devices and apply conditioanl access policies. But this is just the beginning I am sure that in the next months we will see more and more features and also config profiles, updates,… for Linux. But let’s take a look at how to enroll an Ubuntu device in intune.
The more clients are managed in your tenant and the more people have contributor rights in your tenant, the more important it becomes to have good release management processes. In this blog post I would like to introduce you to my Intune CI pipeline that allows you to transfer configurations from one tenant to another. This offers the possibility that only a small number of administrators have access in the Prod tenant and all others create configurations in a Dev tenant and these are then transferred to the Prod tenant via a DevOps pipeline.
Modern Device Management 