Dynamic Win 11 Supported Group

Windows 11 Compatibility Screenshot

Dynamic security groups in Azure AD are great, but wouldn’t it be great if a dynamic query existed to add to groups based on Windows 11 compatibility. Until such a query exists, I have put together a script using the metrics from Endpoint Analytics Work from Anywhere report. As usual, the script can be found … Read more

Creating and Using a Microsoft Dev Box

Microsoft Dev Boxes have today entered Preview. If you don’t know anything about them, they are pre-configured machines to deploy to your developers with all of the software they are likely to use (and admin rights if needed). Fully secure and high performance, they meet the needs of developers without IT staff having to worry … Read more

Bulk Assigning Apps and Policies in Intune

Sometimes when working with an Intune environment, I find myself needing to assign all of the policies, apps etc. to a new Entra ID Group (new UAT group, changing from All Users etc.) Currently, this is a VERY manual process, clicking on each in the web portal and then assigning, but thanks to PowerShell and … Read more

Intune Backups – Part 1: Intune Environment

For the next couple of posts I’m going to cover something close to the hearts of us all, backups! Picture the scene, someone has accidentally deleted a reasonably complex Intune policy (worse still, it’s a Custom one) and it’s critical at that. Now, obviously at this point we all fall back to the manual backup … Read more

Creating an Intune Azure AD Device Admins group and assigning the Privileged Identity Management Role via Powershell

This post will cover how to create a new Azure PIM Eligible assignment and link it to an Azure AD group, but all done via Powershell. For Azure AD joined devices, using Privileged Identity Management and the built-in Device Administrators role you can control who has access to be a machine admin and for how … Read more

Creating Entra Conditional Access Policies using Powershell – Intune Compliant Devices

In today’s exciting post, I’m going to create a Conditional Access policy in Entra ID to restrict cloud apps to only Intune compliant devices, using my favourite scripting language, Powershell (and we all know how much I love a good script!) As usual, the script can be found on my ever-growing GitHub here I’ll be … Read more

Monitoring Windows Updates Using Update Compliance

Update: Update Compliance is now EOL, please use Windows Update for Business reports instead: https://techcommunity.microsoft.com/t5/windows-it-pro-blog/now-generally-available-windows-update-for-business-reports/ba-p/3677018 Today’s post is about a Microsoft tool which is completely free and a great way of tracking Windows updates across the estate. Did I mention it’s free? If you want to read up more about it, here is the Microsoft … Read more