Windows 10 and later
Automating Endpoint Privilege Management Policies with PowerShell
·
loading
Intune
Security
Windows 10 and later
Settings Catalog
Endpoint Privilege Management
Graph API
PowerShell
So you’re interested in Endpoint Privilege Management in Microsoft Intune, you’ve found, begged for, borrowed or stolen the money for shiny new Intune Suite or EPM licenses, and in you’re excitement you’ve gone and deployed a new policy to audit using the Reporting Scope options, all elevations across your managed Windows 10 and later devices.
Detailed Compliance for Non-Microsoft Antivirus Solutions
·
loading
Intune
Windows 10 and later
Compliance
Security
Antivirus
Graph API
PowerShell
So what happens when you’re not using Windows Defender on your Windows 10 and later Microsoft Intune enrolled devices, and you’re not happy with the basic compliance checks for Third-Party Antivirus products?
Microsoft have come to the rescue with their Custom Compliance Settings, so let’s utilise this detect and check policy, and leverage it to detect and report on Non-Microsoft Antivirus products, their real time protection status, as well as whether the definitions are up to date.
Co-Managing Windows Autopilot Hybrid Join Devices
·
loading
Intune
Configuration Manager
Windows Autopilot
Remediation
Windows 10 and later
PowerShell
As both Microsoft Intune and Configuration Manager are a match made in heaven, there are many reasons to still utilise both, either using Co-Management or just plain old Tenant Attach, so imagine my joy when Microsoft released Co-Management Authority in Intune, and I thought the days of packaging the Configuration Manager Client were over.
Proactively Renaming Hybrid Azure AD Joined Devices
·
loading
Intune
Windows 10 and later
Windows Autopilot
Remediation
Hybrid Azure AD
PowerShell
Nothing has really changed in the Hybrid Join Autopilot space when it comes to device names, and we’re still stuck with useless naming conventions for these devices; sometimes a prefix and random characters just isn’t a good enough identification method for Windows devices.
Reinstalling the Configuration Manager Client on Migrated Devices
·
loading
Configuration Manager
Windows 10 and later
Apps
PowerShell
Have you ever had the pleasure of migrating Configuration Manager clients from one domain to another, or maybe between Configuration Manager environments? Tired of manually reinstalling the client from the Console? Wanting a quick and easy way to keep on top of migrated devices?
Updating Defender Antivirus Compliance Settings
·
loading
Intune
Windows 10 and later
Microsoft Defender
Security
Compliance
Updates
Antivirus
Graph API
PowerShell
So one of those rainy days is here, finally, and as I mentioned in a previous post many months ago, I said I’d look at ways to update other update based compliance policies periodically.
That time is now, and although we’re not focussing on other Operating Systems, we’re going to have a look at updating a Microsoft Defender compliance policy with the latest platform update version.
Creating and Assigning App Categories the Smart Way
·
loading
Intune
Android
Apple
Windows 10 and later
iOS/iPadOS
macOS
Apps
Graph API
PowerShell
Everyone likes managing clients apps in Microsoft Intune, the grind of packing Windows apps, the chore of selecting Managed Google Play apps, the joy of assigning Apple VPP app licenses in Apple Business Manager…all good fun.
What about assigning App Categories, do you want to be manually updating hundreds of Apps with categories?
Converting Configuration Manager Direct Membership Collections
·
loading
Configuration Manager
Windows 10 and later
Collections
PowerShell
You may be using Direct Membership Rules in your Microsoft Configuration Manager environment, but should you really for critical production collections?
No is the answer, there I said it. Mainly because they require actual effort and overhead to maintain, and secondly because there have been times where these memberships just plain disappear, for many different reasons, but primarily if the ConfigMgr Client is reinstalled on the device.
Configuring Dell BIOS Settings with Microsoft Intune
·
loading
Intune
Windows 10 and later
Dell
Apps
BIOS
Hardware
PowerShell
What if you’ve only got Microsoft Intune to configure your Dell BIOS settings and not the glory that is Configuration Manager? How much do you like PowerShell, Win32 Apps and passwords in plain text?
Well you’re in luck, I’ve thrown together something that can help you out based on a need to ensure that Secure Boot is configured for Dell laptops when it was discovered via the Windows health attestation report that around 80% of the Windows devices had it turned off.