Detect Errors from Intune Assignments: How to Export all Errors

5. February 202321. February 2023 jannikreinhard1 Comment

Welcome to my first blog as a Microsoft MVP! This blog will focus on a script I created in response to a request from a member of the community who asked how to efficiently export all errors in Intune. Instead of manually sifting through numerous reports to find errors, my script automates the process with just one click. Not only does this make the task much more convenient, but it also allows you to run the script regularly to create a historical record or receive weekly error reports automatically. Since this request can be helpful for several people within the community I decided to create the script and blog about it.

Create and Fill AAD Group based on an local attributes

28. August 2022 jannikreinhard9 Comments

There is often the need to create an AAD group based on a local registry key or another attribute to make more specific accesses, to use this group for access rights to an application or many other usecases. How you can do this with the help of endpoint analytics and azure automation I will show you in this blog post. In my blog I show you how to do this with the example of device manufacture for sure we already have this info in Intune but it is an example how this work. Of course you can also do this with anything else you can read out on a client.

Automatically create assignment groups when a app is created

21. July 202221. July 2022 jannikreinhard1 Comment

When creating a new app in MEM and not assigning it to AllUser/AllDevices this is always some work to create own group for available/required and uninstall assignments for each app. You know I love automation. To save time and automate this work I will describe in this blog how you can create a runbook that takes this work completely over.

Sync Azure AD Group with Kiosk Config Profile

10. July 202210. July 2022 jannikreinhard

I have already described in a previous blog how to deploy a device as a kiosk device using Intune. This actually works really well. There is only one small thing that is really inconvenient. If Azure AD user or group is selected as logon type (only specific users are allowed to logon on this devices), this policy must not only be assigned to a group, but also the allowed user must be defined in the profile. The option also allows to add AAD users and groups and the SIDs of these objects are also written to the local group but Windows cannot resolve the AAD groups (bug or feature?). The resolution of whether the user who is trying to log in is in one of the groups is done by Windows via Graph when MFA is disabled. it will also work. But if MFA is enabled windows fails to get the token. In this blog I want to show you how you can easily work around this by syncing an Azure AD group with this configuration profile.

Modern Device Management

Jannik Reinhard

Tag: Runbook

Detect Errors from Intune Assignments: How to Export all Errors

Create and Fill AAD Group based on an local attributes

Automatically create assignment groups when a app is created

Sync Azure AD Group with Kiosk Config Profile