PowerShell
Converting AppLocker Policies to Intune Profiles
·
loading
Microsoft Intune
Windows 10 and later
AppLocker
Security
PowerShell
Custom Profiles
Graph API
We know that there is no native configuration for AppLocker in Intune, and we should be looking at App Control for Business already, but there is still a place for AppLocker, and I haven’t got time to manually do anything, so let’s use PowerShell to create out AppLocker policies from exported XML files.
Scheduling macOS Defender Antivirus Scans in Intune
·
loading
Microsoft Intune
macOS
Configuration
Custom Profiles
PowerShell
Security
Jamf
You’d think creating Defender antivirus scan schedules should be pretty easy, even if the devices you’re working with are running macOS. Why are we having to create mobileconfig files for this in Microsoft Intune? Surely we can make this a little better?
Installing the Configuration Manager Client on Orphaned Internet Devices
·
loading
Microsoft Intune
Microsoft Configuration Manager
Windows 10 and later
PowerShell
Apps
Co-management
You’ve just implemented a Cloud Management Gateway to help your hybrid joined Windows devices communicate to Configuration Manager over the internet, but what if they’re orphaned and unable to communicate to Configuration Manager to get the new Client Settings?
Patching Gaps in the CIS Windows 11 Benchmark - Level 2 Windows 11
·
loading
Microsoft Intune
Windows 10 and later
Security
Center for Internet Security (CIS)
Custom Profiles
Settings Catalog
Remediation Scripts
PowerShell
This is the last part in the series around the CIS (Center for Internet Security) benchmark for Windows 11, and we’d like to say that we’ve saved the best post for last, but we’d be lying. Surely the Level 2 settings can’t be worse than the Level 1?
Microsoft Intune and the Curious Case of the Converting Firewall Rule Policy
·
loading
Microsoft Intune
Windows 10 and later
Settings Catalog
Security
Firewall
Endpoint Security
PowerShell
When did Microsoft go all covert ops (maybe don’t answer that question) and start making changes to your very own Firewall Rule policies in Microsoft Intune without letting anyone know? Or did they?
Patching Gaps in the CIS Windows 11 Benchmark - Level 1 Windows 11
·
loading
Microsoft Intune
Windows 10 and later
Security
Center for Internet Security (CIS)
Endpoint Security
Remediation Scripts
PowerShell
Settings Catalog
Custom Profiles
The impact of the CIS settings on BitLocker and Windows Autopilot now done and dusted, we should broaden our horizons and start to look at what other problems the CIS level 1 benchmark brings to Windows 11 as a whole. Are there any? Will it be smooth sailing? Yeah, no.
Patching Gaps in the CIS Windows 11 Benchmark - Level 1 Windows Autopilot
·
loading
Microsoft Intune
Windows 10 and later
Security
Center for Internet Security (CIS)
Windows Autopilot
Windows Hello
Settings Catalog
PowerShell
With the CIS BitLocker and associated DMA settings reviewed and updated, now is time to delve into the Windows 11 specific settings that exist in the CIS Level 1 benchmark. What issues do they bring to Windows Autopilot, what solutions can we find? Honestly, who knows.
Risk Based Windows 11 Feature Update Deployment - Automation
·
loading
Microsoft Intune
Windows 10 and later
Software Updates
Dynamic Groups
PowerShell
Graph API
Automation
The final part in this series looks at how to bring everything together under a single, repeatable script, allowing for the capture of readiness state, the tagging of devices to support the distribution of Windows 11 23H2.
Risk Based Windows 11 Feature Update Deployment - Feature Updates
·
loading
Microsoft Intune
Windows 10 and later
Software Updates
Dynamic Groups
PowerShell
Graph API
Using the data captured from a Windows 11 Feature Update Readiness report to successfully tag device attributes to device objects, and group them based on risk, we now look at how to deploy Feature Updates to these devices in a controlled manner.