Enterprise Mobility and the Microsoft Cloud
In enterprise environments, we have to deal with a lot of requirements when it comes to app management. One of the common challenges is to control the installation moment during enrollment. We already have some basic controls in place. If the Enrollment Status Page (ESP) is configured during the enrollment all device targeted apps are…
Read More
Today we are going to look under the hood of certificate requests or renewals on an MDM (Intune) managed Windows client. The environment is simple and uses a Windows client and SCEPman as the Cloud CA, which is easily set up and nothing more than an Azure App Service. It is especially interesting, as this…
Read More
One of my blog readers kindly asked if I can provide a similar script like the one downloading all Intune PowerShell scripts for the Proactive Remediation Scripts. I’m happy to provide a modified version of my script to do exactly this. It uses the same technique as I used in my old script. There are…
Read More
Today I’m going to show how we can achieve user device affinity with Intune application deployment as known from ConfigMgr. When we are going to deploy applications to users, we are independent of the user’s devices. The application belongs to a user and it can be installed or it gets automatically installed on all his…
Read More
In a lot of Microsoft Intune environments there is often the requirement to monitor configuration changes and taking action based on changes. The most simple and common action is to send someone or a group of people an email that a policy was modified. These monitoring requirements are often given for special purpose devices like…
Read More
Three years ago, I coded a small utility to decode Intune Win32 Apps and wrote a blog post about it – How to decode Intune Win32 App Packages. In addition to the small Decoder utility, I wrote a short PowerShell script to parse the Intune Management Extension (IME) log file to extract the necessary decryption…
Read More
A year ago, I released the Autopilot Manager to support Autopilot hash imports during Windows OOBE via an approval process (if not already familiar with Autopilot Manager, please read here Introducing Autopilot Manager first) and the solution is used by a lot of companies in the meanwhile. This is quite some time to discuss about…
Read More
Microsoft Intune is great when it comes to managing Windows devices and for sure it doesn’t need to hide when it comes to mobile phones like Android phones or Apple phones. Most companies I engage with do have the majority of devices running Windows, but there is always a certain amount of percentage running macOS.…
Read More
Ignite 2021 is almost over and most of the content I was hunting after is also available as on-demand sessions. So, a good time to start a blog about my impressions. In this post I will go over my highlights I captured for the Windows and Modern Management with Microsoft Endpoint Manager area. As I…
Read More
If you deliver a concept of a modern managed Windows 10 desktop managed with Intune, you take care of security settings and necessary Windows configurations. One part of the important configurations, beside security settings, are the small corporate identity things like corporate logon screen or corporate wallpaper. I’m totally okay with the option in Intune…
Read More
This is a very small follow up post for my article about language change How to completely change Windows 10 language with Intune. I mentioned the Company Portal and the issue that it sometimes got stuck at a language. During that time I didn’t realized something very simple :-). Actually the Windows Settings are telling the…
Read More
I thought it might be nice to end the year 2020 with a short collection of my most viewed blog articles in 2020. For me the number one is not a real surprise, measured on the feedback it is a real helper for many out there. My own guess would have predicted some other posts…
Read More
Autopilot Manager simplifies Windows Autopilot imports by using a small client program and an Azure app service. It provides end user feedback during import and has several modes to operate at. A self-service mode or an help desk approval mode.
Read More
A lot of people waited for this enhancement a long time, it is a rather small enhancement, but with a fairly big impact in user experience. So, I thought that it is worth a small blog post :-). In the past if you installed the new Edge on Chromium basis and started it for the…
Read More
During some recent automations I got the question about triggering Intune Management Extension (IME) somehow. The typical action I take in my lab environment is to restart the IME service: Of course this will re-initialize everything and also start a new Sync, but I thought there must also be a way to accomplish the Sync…
Read More
Everyone working with Microsoft Endpoint Manager (MEM) and using the Intune Management Extension (IME) has seen these log files: Here we find all relevant information about the processing of the Intune Windows Agent. We get deeper understanding what the agent is actually doing and it is the location to start troubleshooting Intune related error regarding…
Read More
A year ago I explained the policy processing in Windows 10 with Intune with the following article: Intune Policy Processing on Windows 10 explained At the time of writing the behavior of most Configuration Service Providers (CSPs) followed a tattooing model. Meaning once a setting got applied it wouldn’t change until you explicitly set a new…
Read More
In this article we dive into a way to completely switch the language of Windows 10 in a scripted way with the help of Intune and without the need for explicit language cab files. The new language setting will include the Welcome screen and New user defaults as well. This approach is beneficial for further…
Read More
Intune managed devices must be configured to leverage Delivery Optimization (DO) to reduce the overall internet bandwidth usage. It is a distributed cache solution using peer to peer transfers for content downloads. It is a very well designed solution especially for the cloud era. The latest addition to that concept is the so called Microsoft…
Read More
If you are running an environment with a modern management strategy where your clients are highly mobile and managed by cloud services, your built-in direct connection based tools like RDP or Remote Assistance are limited in usability for supporting your devices. In general with the mobile workforce nowadays we can’t rely on solutions needing a…
Read More
In this article we will dive into the basics of Windows 10 application assignments (Win32 apps) in Intune and the various differences depending on the situation (single user associated device, shared devices, non-primary devices). Microsoft Intune differentiates between the install intent based on the app assignment (required install, available for enrolled devices, or uninstall). Actually…
Read More
In this very short post I will show how you get your uploaded Intune PowerShell scripts again. If you work with Intune and especially with Intune PowerShell scripts to configure Windows 10 devices you probably looked at this dialog and wondered why you are not able to edit or download your already uploaded script again.…
Read More
How to cleanup Windows Autopilot device registrations via PowerShell script and Microsoft Graph.
Read More
Do you ever wanted to know what is going on behind the curtain when clicking MDM Sync on Windows 10? Gaining insights how the SyncML representation protocol is used during device management of Windows 10 clients? With SyncML Viewer you have the chance to easily get deep insights now. I’ve written a small tool to…
Read More
This guide will demonstrate how to enable the BitLocker startup PIN for pre-boot authentication on Windows 10 with Microsoft Intune. I will walk through how to accomplish this in a nearly fully automatic way. Let’s start with some facts around BitLocker to understand the technology more precisely. In fact, I think a pre-boot startup PIN…
Read More
Modern IT - Cloud - Workplace 