With the end of Windows Information Protection (and with it App Protection for Windows devices), I wanted to take a look at the best way of securing data on a BYOD machine with the tools currently available (at the time of writing this article). For the tests, I used a freshly imaged Win11 22H2 device … Read more
Dynamic security groups in Azure AD are great, but wouldn’t it be great if a dynamic query existed to add to groups based on Windows 11 compatibility. Until such a query exists, I have put together a script using the metrics from Endpoint Analytics Work from Anywhere report. As usual, the script can be found … Read more
A change from my normal Intune, PowerShell script fun, I’ve been making a start on my exam renewals so thought I would share my experiences, hints and tips for anyone taking exams for the first time, or renewing current ones. Studying Exams Video Content Room Setup Reading Material Technical Setup Hands-On Labs Taking the Exam … Read more
I like to think of Azure AD as the front door to a house. Whilst you can have a perfectly secure wireless network configured with filtering and all of the other fun bits, if you leave the front door open, they’ll just steal your computer! This is why securing Azure AD should be the first … Read more
Microsoft Dev Boxes have today entered Preview. If you don’t know anything about them, they are pre-configured machines to deploy to your developers with all of the software they are likely to use (and admin rights if needed). Fully secure and high performance, they meet the needs of developers without IT staff having to worry … Read more
Sometimes when working with an Intune environment, I find myself needing to assign all of the policies, apps etc. to a new Entra ID Group (new UAT group, changing from All Users etc.) Currently, this is a VERY manual process, clicking on each in the web portal and then assigning, but thanks to PowerShell and … Read more
For the next couple of posts I’m going to cover something close to the hearts of us all, backups! Picture the scene, someone has accidentally deleted a reasonably complex Intune policy (worse still, it’s a Custom one) and it’s critical at that. Now, obviously at this point we all fall back to the manual backup … Read more
This post will cover how to create a new Azure PIM Eligible assignment and link it to an Azure AD group, but all done via Powershell. For Azure AD joined devices, using Privileged Identity Management and the built-in Device Administrators role you can control who has access to be a machine admin and for how … Read more
In today’s exciting post, I’m going to create a Conditional Access policy in Entra ID to restrict cloud apps to only Intune compliant devices, using my favourite scripting language, Powershell (and we all know how much I love a good script!) As usual, the script can be found on my ever-growing GitHub here I’ll be … Read more
Update: Update Compliance is now EOL, please use Windows Update for Business reports instead: https://techcommunity.microsoft.com/t5/windows-it-pro-blog/now-generally-available-windows-update-for-business-reports/ba-p/3677018 Today’s post is about a Microsoft tool which is completely free and a great way of tracking Windows updates across the estate. Did I mention it’s free? If you want to read up more about it, here is the Microsoft … Read more
