Sync Azure AD Group with Kiosk Config Profile

10. July 202210. July 2022 jannikreinhard

I have already described in a previous blog how to deploy a device as a kiosk device using Intune. This actually works really well. There is only one small thing that is really inconvenient. If Azure AD user or group is selected as logon type (only specific users are allowed to logon on this devices), this policy must not only be assigned to a group, but also the allowed user must be defined in the profile. The option also allows to add AAD users and groups and the SIDs of these objects are also written to the local group but Windows cannot resolve the AAD groups (bug or feature?). The resolution of whether the user who is trying to log in is in one of the groups is done by Windows via Graph when MFA is disabled. it will also work. But if MFA is enabled windows fails to get the token. In this blog I want to show you how you can easily work around this by syncing an Azure AD group with this configuration profile.

Intune Tool Box – Rebuild of Intune in PowerShell

7. July 202215. July 2022 jannikreinhard16 Comments

I think everyone who works with Intune on a daily basis knows the situation that they would like to have a simple feature that would simplify their daily work. In order to close exactly this gaps I decide to code my own tool with many small features that would make the life for Intune admins easier. This was the birth of the Intune Tool Box. This tool is a WPF application that is written in PowerShell. The app has the same design as Intune but offers small helpers for the daily work. The good thing is that this app is built in such a way that it can be easily extended at any time. If you have any features in your mind that you are missing in Intune console but is possible to solve this via graph so let me know that I can add this to the app. My plan is to develop the app step by step and bring in new cool features.

Applicability Rule: Gone but still there

3. July 20222. August 2022 jannikreinhard1 Comment

With the introduction of Assignments filter, the value of Applicability rules has diminished. With Applicability rules you could define on which OS versions a Configuration Profile should work. Unfortunately, the ability to configure or delete applicability rules for some configuration profile types from the console has also been removed. It is to be expected that this can happen piece by piece also for further types. In this blog I want to show you how you can easily remove all applicability rules to switch to filters as soon as possible.

Migrate an AAD User group to a Device group and vice versa

3. July 20222. August 2022 jannikreinhard1 Comment

In your environment you have multiple groups to create assignments of an app or a configuration profile. If you later realize it would be better if this was not a device group but a user group, it is hard to change this without the user having an impact or you have big efforts. I have written a script that you can convert a user group into a device group or a device group into a user group based on the user assigned to a device or based on the devices assigned to the user.

Copy Intune Discovered Apps in Log Analytics Workspace

1. July 20221. July 2022 jannikreinhard1 Comment

Intune offers the possibility to show per device not only the apps installed via Intune but also the apps discovered on the device (Control Panel apps). Since this view is relatively static and you only have a per device view here, it is difficult to make analyses of the complete environment, e.g. to see which app is missing in the portfolio, since this is often installed by users themselves. Why don’t we use log analytics to have more options to work with this information’s? In this blog I want to show you how you can do this easily with a script.

Get an daily device report via email or teams with logic apps – Step by Step guide

24. June 202224. June 2022 jannikreinhard

For an Intune admin it is always helpful to get an overview of the current status of his tenant and an overview of the count of devices in the field. In this blog I would like to explain how you can use Logic apps to send you a detailed daily report.

Configuration of Windows Update reboot notifications

18. June 2022 jannikreinhard

In one of my blog posts (Delay Windows Update pending reboot with toast notification) I have already described how to give the user more flexibility in deciding when he wants to reboot his device but still remind him regularly. In this blog I want to explain you how to configure the system notification of Windows Update for business. The reason for this blog is a question in the Microsoft tech community.

How to update Quick assist with Intune

17. June 202218. June 2022 jannikreinhard

Quick assist was a cool windows out of the box tool that can get or provide PC support via a remote connection. Because Quick Assist is a pre-installed app in Windows, it can also be used to provide support during setup via e.g. Autopilot. The experience for the user was really easy. You have to only read out a 6 character code from the client and type in on the quick assist app on the supporter site.

But this will be changed quick assist will not be longer a build-in tool in windows. Microsoft posted on April 27, 2022 in the Windows Insider blog that Quick assist will only be available via the Windows Store in the future and that support for the old client will end. So, if you want to continue using Quick assist in the future, you will have to install it from the Windows Store.

However, there are several problems here. The first problem is that the installation of Quick assist from the Windows Store requires admin rights. This is not always the case in a professionally managed business environment where users also have admin rights on their PC. The second problem is that if you are using Windows LTSC there is no Windows Store to get quick assist from. And user getting a error messages about missing WebView2 runtimes.

How you can solve this problem I will show you today in this blog.

List all Intune assignments of an Azure AD Group

12. June 20222. August 2022 jannikreinhard5 Comments

All assignments in Intune are based on Azure AD groups. I think you also already had the problem that you wanted to find out to which Intune Object a certain AAD group in already assigned, but there is no way in the portal to find this out. To solve this problem I have written a script that gives you exactly this output.

Use Endpoint Analytics to find slow internet breakouts

11. June 202216. June 2022 jannikreinhard

Users always complain that the network is slow. This can also be measured centrally using various network monitoring tools. However, this monitoring can only provide complete insight if the user is actually onsite in the corporate network. If the user is sitting in the home office and is connected to the internet via his own router, this is not always so easy. But there are also many other reasons why a user has a slow connection. It is not always due to the network. In this block I want to show you how you can test the speed of all clients regularly with a simple remediation script and upload it to a log analytics workspace to do some analysis.