Intune

A feature fresh into Public Preview, Application Control using either a GUI for standard settings, or you can upload a custom WDAC XML. I’m not going to go into how to configure it because that is well described here: https://learn.microsoft.com/en-us/mem/intune/protect/endpoint-security-app-control-policy For creating your XML, WDAC Wizard is your friend: https://learn.microsoft.com/en-us/windows/security/threat-protection/windows-defender-application-control/wdac-wizard … Read more

Whilst Microsoft have fixed the official script and module, unlike a lot of their scripts and documents, it does not seem to live anywhere public so we cannot make changes for review. Version 2.0 just released with new parameters:-wipe (Sends an Intune wipe to Intune managed devices, such as if … Read more

As I am sure you have noticed, the Get-WindowsAutoPilotInfo script and associated WindowsAutoPilotIntune module have been updated and whether you are using the official one, or my forked version, the authentication method has changed to the Microsoft.Graph SDK. In this post we will look at the two different authentication methods … Read more

Update 14/06/2023 – I have created a Community version and added it to the PowerShell gallery so we can all add fixes, improvements and updates as a community effort. Read more here or download them with the commands below The Get-WindowsAutopilot script is in the toolbox or every Intune administrator, … Read more

Moving to a fully managed Intune/Autopilot/AzureAD setup is not an overnight task, it needs careful planning and migration, no-one is expecting you to wipe every device and instantly move to Autopilot, that simply isn’t realistic for larger organisations. That’s not to say give up now and don’t bother, especially with … Read more

With the exciting release of Windows 365 Frontline, you might now find yourself juggling multiple different SKUs. Fortunately now we can nest groups in Azure AD, we can create groups for each SKU and then nest them into central groups for management (in this post I’m using one for Frontline … Read more

With the release of Intune release 2304 there have been some (welcome) new additions to Windows Autopatch including Autopatch groups and policy checks. Autopatch Groups For some of you Autopatch is a click, set and forget service, but for those in larger organizations, you may want more granular control over … Read more

I’m not writing a post covering Windows LAPS or how to set it up, there are many excellent articles out there which have you covered. For this one, you can automate the setup, not only of the LAPS policy, but also creating a new local administrator on the device to … Read more

If you’re starting on your device management journey, considering moving from Config Manager to Intune or switching from another platform, here is an article I have written looking at the two platforms and how they compare from a purely application perspective: Hopefully you find this a useful read!

We’ve all been there, you created that Bitlocker policy (other policies are available) years ago, it’s working fine, but you can’t remember which section you created it in. You could click around in the portal until you find it, or you could run my latest script: Also available on Github … Read more