Managing Admin Access with Azure AD Joined devices

Greetings one and all. For this post I’m going to review the various options available today for managing Azure AD Joined devices with admin rights. This isn’t looking at it from the users perspective, I don’t believe there are any circumstances where a user requires admin access on a corporate device, I’m looking at this … Read more

Demystifying Intune Custom App Detection Scripts

I’m sure everyone reading this has deployed many applications within Intune using the win32 format and most likely used an MSI code or a file/registry detection method to monitor for a completed install (and why wouldn’t you, they work perfectly) Sometimes however, you might come across an application which is more tricky to detect, or … Read more

Bulk Assigning Apps and Policies in Intune

Sometimes when working with an Intune environment, I find myself needing to assign all of the policies, apps etc. to a new Entra ID Group (new UAT group, changing from All Users etc.) Currently, this is a VERY manual process, clicking on each in the web portal and then assigning, but thanks to PowerShell and … Read more

Intune Backups – Part 2: User Data

Following on from the previous post on environment backup, how we’re going to look at the users own data. I’m sure we’re all following the 3-2-1 rule for our infrastructure, but what about user data on the device. We now have wonderfully cloud managed devices which can be remotely rebuilt to users in the comfort … Read more

Intune Backups – Part 1: Intune Environment

For the next couple of posts I’m going to cover something close to the hearts of us all, backups! Picture the scene, someone has accidentally deleted a reasonably complex Intune policy (worse still, it’s a Custom one) and it’s critical at that. Now, obviously at this point we all fall back to the manual backup … Read more

Creating an Intune Azure AD Device Admins group and assigning the Privileged Identity Management Role via Powershell

This post will cover how to create a new Azure PIM Eligible assignment and link it to an Azure AD group, but all done via Powershell. For Azure AD joined devices, using Privileged Identity Management and the built-in Device Administrators role you can control who has access to be a machine admin and for how … Read more