Comprehensive guide to managing macOS with Intune

Microsoft Intune is great when it comes to managing Windows devices and for sure it doesn’t need to hide when it comes to mobile phones like Android phones or Apple phones. Most companies I engage with do have the majority of devices running Windows, but there is always a certain amount of percentage running macOS.…

Read More

Ignite 2021 – Modern Management recap

Ignite 2021 is almost over and most of the content I was hunting after is also available as on-demand sessions. So, a good time to start a blog about my impressions. In this post I will go over my highlights I captured for the Windows and Modern Management with Microsoft Endpoint Manager area. As I…

Read More

Set preference for a suitable wallpaper with Intune

If you deliver a concept of a modern managed Windows 10 desktop managed with Intune, you take care of security settings and necessary Windows configurations. One part of the important configurations, beside security settings, are the small corporate identity things like corporate logon screen or corporate wallpaper. I’m totally okay with the option in Intune…

Read More

Company Portal stuck in a different language?

This is a very small follow up post for my article about language change How to completely change Windows 10 language with Intune. I mentioned the Company Portal and the issue that it sometimes got stuck at a language. During that time I didn’t realized something very simple :-). Actually the Windows Settings are telling the…

Read More

Working with Hyper-V VMs in an Intune Lab environment

As a lot of my blog readers probably know :-), I’m working a lot with Microsoft Endpoint Manager – Intune and testing a lot of things in the Modern Management approach with Windows 10. It is absolutely necessary to have a good lab setup to test all these new features in a save way. For…

Read More

New Edge sync policy in action

A lot of people waited for this enhancement a long time, it is a rather small enhancement, but with a fairly big impact in user experience. So, I thought that it is worth a small blog post :-). In the past if you installed the new Edge on Chromium basis and started it for the…

Read More

Triggering Intune Management Extension (IME) Sync

During some recent automations I got the question about triggering Intune Management Extension (IME) somehow. The typical action I take in my lab environment is to restart the IME service: Of course this will re-initialize everything and also start a new Sync, but I thought there must also be a way to accomplish the Sync…

Read More

Enhance Intune Management Extension (IME) Logging

Everyone working with Microsoft Endpoint Manager (MEM) and using the Intune Management Extension (IME) has seen these log files: Here we find all relevant information about the processing of the Intune Windows Agent. We get deeper understanding what the agent is actually doing and it is the location to start troubleshooting Intune related error regarding…

Read More

Changed Intune Policy Processing Behavior on Windows 10

A year ago I explained the policy processing in Windows 10 with Intune with the following article: Intune Policy Processing on Windows 10 explained At the time of writing the behavior of most Configuration Service Providers (CSPs) followed a tattooing model. Meaning once a setting got applied it wouldn’t change until you explicitly set a new…

Read More

How to completely change Windows 10 language with Intune

In this article we dive into a way to completely switch the language of Windows 10 in a scripted way with the help of Intune and without the need for explicit language cab files. The new language setting will include the Welcome screen and New user defaults as well. This approach is beneficial for further…

Read More

Intune application targeting for Windows 10 Win32 apps explained

In this article we will dive into the basics of Windows 10 application assignments (Win32 apps) in Intune and the various differences depending on the situation (single user associated device, shared devices, non-primary devices). Microsoft Intune differentiates between the install intent based on the app assignment (required install, available for enrolled devices, or uninstall). Actually…

Read More

Get back your Intune PowerShell Scripts

In this very short post I will show how you get your uploaded Intune PowerShell scripts again. If you work with Intune and especially with Intune PowerShell scripts to configure Windows 10 devices you probably looked at this dialog and wondered why you are not able to edit or download your already uploaded script again.…

Read More

Cleanup Windows Autopilot registrations

How to cleanup Windows Autopilot device registrations via PowerShell script and Microsoft Graph.

Read More

Windows 10 MDM client activity monitoring with SyncML Viewer

Do you ever wanted to know what is going on behind the curtain when clicking MDM Sync on Windows 10? Gaining insights how the SyncML representation protocol is used during device management of Windows 10 clients? With SyncML Viewer you have the chance to easily get deep insights now. I’ve written a small tool to…

Read More

How to enable Pre-Boot BitLocker startup PIN on Windows with Intune

This guide will demonstrate how to enable the BitLocker startup PIN for pre-boot authentication on Windows 10 with Microsoft Intune. I will walk through how to accomplish this in a nearly fully automatic way. Let’s start with some facts around BitLocker to understand the technology more precisely. In fact, I think a pre-boot startup PIN…

Read More

Intune Policy Processing on Windows 10 explained

In this post I will dive into the Intune policy processing on a MDM managed Windows 10 client. Intune is an MDM system and has the ability to deploy so called device configuration profiles to managed Windows 10 endpoints. We will have a look at the architecture, the settings, and the actual processing including the…

Read More

The easy way to deploy device certificates with Intune

In this guide I will have a look at an easy way to deploy device certificates to modern cloud managed clients. Even without an Microsoft on-premises PKI your devices will get device certificates. These certificates can be used for Wi-Fi authentication for example. Normally if you want to deploy certificates to mobile devices you are…

Read More

On-demand Windows Diagnostic Logs via Intune

How-to gather on-demand diagnostic data from Windows 10 1903+ by utilizing the DiagnosticLog CSP via a MDM service like Intune.

Read More

Windows Analytics onboarding with Intune

Successful onboarding without the pitfalls to miss devices and analytics data.

Read More

How to decode Intune Win32 App Packages

The new Intune Win32 app management is a great way to deploy Win32 apps with Microsoft Intune. Imagine you have a kind of source share for all the .intunewin files you have created. At some point in time you like to modify a package but you do not have the source files right now, only…

Read More

Deploying Win32 app BGInfo with Intune

Deploying BGInfo to quickly find your test devices or provide easy VM access during trainings with more visibility of the available user permissions.

Read More

Ignite 2018 – My wrap up

First of all, what an amazing experience to attend Microsoft Ignite 2018 in Orlando. All started off with a keynote by Satya Nadella followed by general announcement sessions and technical deep dive sessions. The key message was about “Tech Intensity”. This is described by changing your cultural mindset and your processes. Ultimately leading to a…

Read More

Automation of gathering and importing Windows Autopilot information

Complete process automation of gathering and upload of a device Autopilot information to the Windows Autopilot service with an Azure Automation Runbook.

Read More

Intune Managed Browser (MAM) with Azure AD Application Proxy and Conditional Access

Recently Microsoft enhanced the Intune Managed Browser experience with Mobile Application Management (MAM) and app-based Conditional Access (CA) a lot. It is integrated into the Conditional Access story as an approved app and supports the Azure AD Application Proxy very well now.   What does this allow us to do now? We are now able…

Read More

Process automation for Intune and Azure AD with Azure Automation

Cloud managed environments benefit from the idea of software as a service, you don’t have to think about upgrading or maintenance of the infrastructure itself. But often we need to automate the tools itself. A very good example here is when an employee quits his job, than we need to trigger a lot of processes…

Read More