Deep dive of SCEP certificate request/renewal on Intune-managed Windows clients

Today we are going to look under the hood of certificate requests or renewals on an MDM (Intune) managed Windows client. The environment is simple and uses a Windows client and SCEPman as the Cloud CA, which is easily set up and nothing more than an Azure App Service. It is especially interesting, as this…

Read More

How to completely change Windows 10 language with Intune

In this article we dive into a way to completely switch the language of Windows 10 in a scripted way with the help of Intune and without the need for explicit language cab files. The new language setting will include the Welcome screen and New user defaults as well. This approach is beneficial for further…

Read More

Delivery Optimization with Intune and Microsoft Connected Cache (MCC)

Intune managed devices must be configured to leverage Delivery Optimization (DO) to reduce the overall internet bandwidth usage. It is a distributed cache solution using peer to peer transfers for content downloads. It is a very well designed solution especially for the cloud era. The latest addition to that concept is the so called Microsoft…

Read More

Intune Policy Processing on Windows 10 explained

In this post I will dive into the Intune policy processing on a MDM managed Windows 10 client. Intune is an MDM system and has the ability to deploy so called device configuration profiles to managed Windows 10 endpoints. We will have a look at the architecture, the settings, and the actual processing including the…

Read More

On-demand Windows Diagnostic Logs via Intune

How-to gather on-demand diagnostic data from Windows 10 1903+ by utilizing the DiagnosticLog CSP via a MDM service like Intune.

Read More

Enabling BitLocker on non-HSTI devices with Intune

This is a post about enabling BitLocker on non-HSTI devices with Windows 10 version 1809 and standard user permissions. First of all a little background on HSTI. HSTI is a Hardware Security Testability Interface. It is an interface to report the results of security-related self-tests. Its purpose is to provide high assurance validation of proper security configuration.…

Read More

Deep dive Microsoft Intune Management Extension – PowerShell Scripts

Microsoft made a big step forward in the Modern Management field. Limitations like custom configurations or even Win32 App installs can be addressed now. Microsoft developed an EMS agent (aka SideCar) and released it as a new Intune feature called Intune Management Extension. This agent is able to manage and execute PowerShell scripts on Windows 10…

Read More