Manuals
How to setup Windows 11 kiosk Multi-App mode with Edge and the Windows App – The XML Struggle
Hi Community, Some time ago a customer asked me if I could help them with the setup of a Windows 11 multi-app kiosk with Edge and the Windows app. I told them straight away that thas is something I really had very little to no experience with. I knew it was going to...
How to Set Up Intune Multi-Admin Approval with Ease – and a quirk
HI Community, Another day another blog, this time on Multi-Admin approval in Intune. This is not a new feature but Microsoft recently added some more functionality to it and for the better! In this blog i will give you some information on what it is and does, show you...
Introducing – Windows Backup for Organizations with Intune
Windows Backup for Organizations makes it easier for businesses to handle device upgrades and refreshes. It securely saves user settings and Microsoft Store app configurations so that moving from Windows 10 to Windows 11—or rolling out new AI-powered PCs—feels smooth...
Cloud Kerberos trust with Windows Hello for Business and Intune – Need Hybrid for Drive Mappings? Dual Enrollment…. euh what?
Hi all, This post will be all about Cloud Kerberos trust with Windows Hello for Business with Intune and something called Dual Enrollment.... euh what? Additionally, understanding Cloud Kerberos trust is essential for those navigating modern authentication. And...
Introducing Security Copilot Agents – Intune Vulnerability Remediation Agent (Preview)
Hi Community, To build further on the previous posts regarding Security Copilot, which you can find below i would like to introduce Security Copilot Agent and specifically the Intune Vulnerability Remediation Agent. Let's check out how to enable it and what it can do...
Device Query for Multiple Devices – Security Copilot KQL generation
Hi Community, Guess what? Device Query for Multiple Devices is now live, however not on all tenants so it seems. This long awaited feature is an huge step forward and addition to the single device query that has been around for some time now. Check out the Microsoft...
Microsoft Security Copilot with Intune & Defender
Security Copilot is a cloud-based AI platform offering a user-friendly natural language Copilot interface. It aids security professionals across various scenarios such as incident response, threat hunting, and intelligence gathering. For a detailed overview of its...
HyperPilot – Next gen HyperV VM Creation for Autopilot Device Preparation in 3 steps
Hi Community, Are you also creating a bunch of HyperV machines to test out Intune configs, Autopilot enrollments? If the answer is yes to this question i have something cool for you. It is called HyperPilot. This tool is created by Steven Weiner, he is also an Intune...
Security Update – Microsoft Intune Connector for Active Directory
Hi Community, As you might have seen on the socials and on my Linked-In page the Microsoft Intune connector for Active Directory got a security update. The previous version was working with an Intune licensed user with a privileged role. This was a security issue....
Microsoft Enpoint Privileged Management (EPM) – Achieve better notifications
Hi Community Straight from the start i've been complaining on how Microsoft handles the notifications for EPM. This is done with toast notifications for the end user, with this type of notification al lot of stuff can happen that nobody is aware of the approval or...
Microsoft Intune Autopilot Hybrid Entra ID (Azure AD) Join – The Complete Guide
Hi all, Here is a full guide on Microsoft Intune Autopilot Hybrid Entra ID. I know that Microsoft no longer recommends the use of Hybrid EntraID joined devices as stated in this article: Overview for Windows Autopilot user-driven Microsoft Entra hybrid join in Intune...
TAP (Temporary Access Pass), it’s not a dance… and Web Sign-in
Hi Community, Recently I was asked to setup an Autopilot and Device Preparation infra for a customer. All went fine but after a few weeks the customer came back to me stating that they needed the end user's credentials and MFA to enroll them. Of course i said that...
How to control the installation of the “new” Outlook – Different methods to disable this – And yes we can do this with Intune!
Hi Community, Let's start with a question. Do you like the "new" Outlook? If you are like me and your answer is no then i invite you to read further. The "new" Outlook, according to Microsoft, is a native application, based on WebView2. The experience is provided by...
How to setup Enhanced device hardware inventory in Intune
Hi Community, At Ignite, Microsoft anounced an improved device hardware inventory feature for Windows devices in Intune, giving IT teams more detailed and useful information about their devices. This new feature lets organizations gather and analyze a wider variety of...
MacOS Intune Policies – An Easy Guide to Start From
Hi all, Microsoft did some great work on managing MacOS devices with Intune lately. You can almost compare it with the Windows configuration. Some things are still missing but hey, we didn't get all the Windows features overnight. Rome also wasn't build in a day :-)...
How to get the Bundle ID of an iOS app? It’s easy and effortless.
Hi Community, This time a short, but in my humble opinion something nice, about retrieving the bundle id of an iOS app. Let's say you want to use an iOS app protection policy for a custom app in Intune. In this case, you will need the identifier of the app you want to...
Enable Filevault during setup assistant on macOS not working? – It works great, seriously!
Hi Community, Starting from July 2024 there was an issue regarding the enablement of Keyvault during the setup assitant on macOS. You can read the full article here. ...
Manage MacOS with Intune, including Apple Business Manager, Defender Enrollment, Platform SSO, and much more – The Complete Guide Part 1
Manage MacOS with Intune (Including Apple Business Manager) including Platform SSO – The Complete Guide
Easy Identify failed apps during an Autopilot installation (Error 0x81036502 & 0x87D1041C)
Easy Identify failed apps during an Autopilot installation (Error 0x81036502 & 0x87D1041C) When you start an autopilot installation for a device the ESP (Enrollment Status Page) just shows you how many apps are being installed. When an app fails to install...
How to setup MAM (Mobile Application Management) In Intune – The Series – Part 2: Android
Hi Community, This will be the 2nd of 3 guides on how to setup MAM (Mobile Application Management) in Intune. In this 2nd part i will cover Android. We'll explore how to protect company data on unmanaged Android devices using Microsoft Intune. For simplicity, We'll...
How to setup MAM (Mobile Application Management) In Intune – The Series – Part 1: iOS
Hi Community, This will be the 1st of 3 guides on how to setup MAM (Mobile Application Management) in Intune. I will be starting with MAM for iOS. We'll explore how to protect company data on unmanaged iOS and iPadOS devices using Microsoft Intune. For simplicity,...
Microsoft Intune Config Refresh – Setup – In Action – Back-end Basics – Pausing and Event Log
Hi Community, Today a somewhat smaller post in comparison to my last extensive guides, this time about the Microsoft Intune config refresh feature. Config Refresh is a highly sought-after improvement in mobile device management (MDM). This feature ensures the timely...
How to configure Autopilot Device Preparation (APv2) – With a twist….
Hi all, This is my first post as an MVP and i was not planning to do a post on How to configure Autopilot Device Preparation (APv2) because there are a lot of very good posts already available. However during the configuration of Autopilot Device Preparation i ran...
Manage MacOS with Intune, including Apple Business Manager, Defender Enrollment, Platform SSO, and much more – The Complete Guide Part 2
Hi, As promised, in my previous post Manage MacOS with Intune, including Apple Business Manager, Defender Enrollment, Platform SSO, and much more – The Complete Guide Part 1 here is part 2. In this part i will show you some tips and tricks to look out for. I will be...
UPDATE – Endpoint Privilege Management in Intune
After much anticipation, Endpoint Privilege Management has arrived! This post offers my initial impressions of this feature, not delving too deep. For further details on EPM, refer to the official documentation 'Learn about using Endpoint Privilege Management with...
How to get the hardware hash imported into intune without going through the full OOBE for Autopilot
Hi community and welcome to my first post of 2024! With AutoPilot you need to import a machines AutoPilot hash, or hardware ID, to register the device with the Windows AutoPilot deployment service in Azure. Ideally, the process of getting the Auto Pilot hash would be...
Intune Android Enrollment in a loop at “Your Work Checklist” for Corporate-Owned Devices with Work Profile when using afw#setup.
Hey there! I wanted to share a quick piece about a frustrating issue I encountered while doing Intune Android Enrollment, specifically the Corporate Owned with work profile ones. It took me some time to figure out, so I'm hoping this helps anyone else facing a similar...
How to enable insights & Reporting for Conditional Access Policies in report only mode
Many individuals depend on Azure AD Sign-in logs, yet there are valuable additional features to consider for implementation within your tenant. One such feature is the Insights and reporting feature for Conditional Access. This feature allows administrators to analyze...
Configure Local Administrator Password Solution (LAPS) on Entra ID in minutes. (Without OMA-URI & local user group membership policy)
In the dynamic field of IT security and management, safeguarding sensitive information stands as a top priority. Central to this effort is the secure handling of administrator passwords, an area where Windows Local Administrator Password Solution (LAPS) plays a...
How to set the Home page (and new tab) & Managed Bookmarks in Edge, Chrome and Firefox with intune
Hi guys, here are some guidelines to get your company defined home page, and other tabs in Edge, Chrome and Firefox with Microsoft Intune, also i will describe how to set some managed bookmarks for these browsers. Additionally, utilizing Managed Bookmarks can enhance...
How to download the intunewin file from Intune
In this article, I aim to provide tips on how to download the intunewin file from Intune when the source files are no longer available or have been lost. The MEM portal doesn't include a download button for this file type. Instead, I'll guide you through a simple...
How to get the ID of your Intune Policies
Sometimes you need to lookup the ID of your Intune policies. Let's say you have an issue with a specific policy and you have requested a service request to Microsoft for assistance. The Microsoft technician can ask you for the ID of the failing policy. In this article...
Intune Attack Surface Reduction Rules for Windows Server OS
Your organization's attack surface includes all the places where an attacker could compromise your organization's devices or networks. Reducing your attack surface means protecting your organization's devices and network, which leaves attackers with fewer ways to...
How To Setup Break Glass Account (BGA Account) Notifications on Azure with SMS and email
It is important that you prevent being accidentally locked out of your Microsoft Entra organization because you can't sign in or activate another user's account as an administrator. You can mitigate the impact of accidental lack of administrative access by creating...
How to renew the MDM Push Certificate on Intune for Apple devices
An Apple MDM Push certificate is required to manage iOS/iPadOS and macOS devices in Microsoft Intune, and enables devices to enroll via: Apple bulk enrollment methods, such as the Device Enrollment Program, Apple School Manager, and Apple Configurator. The Intune...
