Introduction This post is recommended for any reader who is new to Intune or would like to get a high-level overview of the Intune product family. It will contain the product, feature and service names and a description of their purpose, as well as references to my dedicated blog posts

Introduction Here we go - the full Microsoft Intune Suite is released in February 2024 🥳 We now got Microsoft Cloud PKI, Advanced Analytics and Enterprise Application Management in the portfolio. This blog post shows a first look at the features, their benefits and how to get started. These features will

This is an updated post, here you will find information about: * Endpoint Management design (legacy vs. modern) * Reasons for Hybrid or Cloud-only * Configuration challenges and approaches * Security aspects This post is intended to give an engineering overview on the journey to Modern Endpoint Management with Microsoft Intune. I want to

Introduction This post aims to explain a standard procedure when investigating for unexpected behavior or errors between Intune and an endpoint. This means, when the IT admin configures anything in the Intune admin portal and the device should apply the setting, but encounters issues. Things could go wrong with these

One page to troubleshoot all about Autopilot. Common issues and error codes + solutions!

Introduction Every modern Windows (10/11) device can be setup and managed through Intune and enabled for organizational use. There are two types of ownership, one is personal and the other corporate. If a device is fully corporate-owned, the hard- and software should be registered for an organization, specifically in

💡Learn about how to align organizational operations, to deliver technology with excellence! Introduction Im my daily work as engineer and consultant I accompany organizations from several industries on their way to modern endpoint management with Microsoft Intune. Beside the technical challenges, I often see that some topics get a little

Introduction This post is a summary of brief descriptions to technical Intune best practices. To deliver a true modern workplace these topics may be considered. You may also be interested in one of my other posts: * Tranisition to modern Endpoint Management * Intune challenges * A full series on everything about Intune

Introduction Authentication with certificates is considered as very secure and seamless for the user. Simply put, a Certificate Authority (CA) serves as the custodian of trust. To establish their identity as trustworthy, devices and users can request a signed certificate from our CA, which they can then present to other

Introduction Windows update is seen on all Windows operating systems (OS) so that endpoints stay up to date with the newest features, run high-performing, without bugs and stay secure. This post aims to clarify different update methods, release channels, update types, support durations and focus on the modern way to

Introduction So, Windows Update for Business houses a lot of components, including: * Receive update services: Windows end device * Configuration: through GPO, CSP or Graph API and PowerShell SDK * Reporting: Windows Update for Business reports (now generall available) - what this post is about, along with a description, technical implementation, transition

Introduction Here it is! Windows driver and firmware updates with Intune 🥳 This post will be a brief kick-off and concept summary of this new feature. Previously, Windows Update for Business only allowed for a all-or-nothing setting. Driver updates could be blocked or allowed. Now we have the capability to monitor

Introduction Windows is an open platform that allows users to install applications, customize settings and work on files of several different types. At the same time there are some use cases where a limited or restricted app or Windows platform environment is needed. These are called single-use, Kiosk or shared

❗This post is a best-practice and recommendation source without any liability. Please ensure the enterprise grade system security strategy with your CISO and consult other professionals when you want to build up PAWs. Introduction In my blog posts I often mention the Microsoft Security Baselines and the Microsoft Security Configuration

Introduction This post features Windows LAPS with its most important specifications and what you need to know high-level. Both Active Directory and Azure AD scenarios are described. Overview Windows LAPS is now in public preview! The Local Administrator Password Solution is a familiar Microsoft product which is responsible for managing

Introduction Most operating system know two levels of user interactions. Standard or elevated, also known as administrator. For Windows in the enterprise segment, the users most often work with standard permissions. The IT has access to administrator accounts that can modify the system, install applications, make manipulations and changes to

Windows Hello for Business (WHfB) is a modern attempt to go passwordless, reinforce security and increase end user usability. It leverages Windows account authentication services to get access to resources, or in the simplest scenario: login to your device. Key facts * WHfB is an authentication method that replaces username and

Introduction This post is a brief summary of establishing network connection (wired or wireless network) on Intune managed devices, from my experience. Challenges -Azure AD only joined devices are not present in Active Directory and therefore certificates can not be issued by the PKI, resulting that clients can not authenticate

Introduction This post is a straightforward tutorial to enable Defender for Endpoint with Intune. These two products live in the Microsoft ecosystem and can be natively integrated. It is a major advantage to connect your endpoint management product (Intune) with your XDR and security product (Defender for Endpoint). To establish

Introduction This post will walk you through Device Control with Microsoft Intune. It is all about controlling access to certain devices or peripherals of Windows. Background Device Control can bring the benefit for these requirements: * Security: Peripherals connected to your device and operating system can potentially contain malicious software or

Introduction Most organizations have compliance requirements for dozens of topics, spanning both technical and non-technical domains, as they are in a complex landscape of regulations, standards, and best practices to ensure the integrity, security, and conduct of their operations. This post is just picking one technical subject out of it,

Introduction Intune role-based access control allows administrators to control the level of access to the Intune portal and its resources. It works by assigning roles to users or groups of users. Each role defines a set of permissions throughout Intune or device management such as Device configuration, remote tasks, security

Introduction This post is the part 2 of my initial writing on RBAC in Intune. My intention is to explain a real world example on RBAC design with Intune and Entra ID, since device operations can be made on the Intune device object, but also on the Entra ID device

Introduction The Microsoft Graph Microsoft Graph enables you to access all your data and intelligence in Microsoft 365, Windows, and Enterprise Mobility + Security. Available under one single endpoint: https://graph.microsoft.com you can call Microsoft Graph from your REST APIs or SDKs. Through Graph it is possible to build

Introduction In this post we are going to delve into automation for Endpoint Management with Intune. The idea is to give you a powerful and secure tool that you can then use to develop solutions for any use case. Make sure to understand Graph API and Managed Identity in advance

What is it? Intune offers a variety of configurations and functionalities, namely talking about configuration profiles, applications, scripts and also operational tasks like managing a device. (enroll, sync, delete etc.) It can be quite a challenge to keep track of all the changes and operations, and the audit logs don’t

Introduction In my last post I talked about Intune automation enlightenment with Azure Logic Apps. This time we will take a look on event based triggering to notify for alerting purposes or run Logic apps or other automation tools. Components * Azure Log Analytics Workspace provides the ability to store Intune