Endpoint Management with Microsoft Intune
Welcome to this coast! On this page you will get useful information about everything regarding Microsoft Intune Endpoint Management. You can follow this like a path.
excerpt
Manage your Windows and other OS Endpoints with Intune and use the public cloud Azure with all aspects like enrollment, configuration, updating, apps and security. Make your enterprise mobile now! Device management from the cloud.
Introduction, experience and thoughts
Introduction to the Microsoft Intune product family
Introduction This post is recommended for any reader who is new to Intune or would like to get a high-level overview of the Intune product family. It will contain the product, feature and service names and a description of their purpose, as well as references to my dedicated blog posts

A touch on Intune
This blog is mostly about Intune Endpoint Management. Modern Workplace and Mobile Device Management (MDM), with a special focus on security. This post will treat a high-level introduction to Microsoft Intune. The audience are people that are new to specifically Intune. You don’t need to have a high…

What you need to know about Intune
Ever wondered what Autopilot or Intune is? Read here more about this topic!

Intune: experience from the field
Intune is a cloud-based endpoint management solution. Microsoft Intune is capable of many features and let you realise a modern endpoint einvironment. But who does act on the field?

MDM & MAM at a glance with Intune
Enterprise mobility management (EMM) includes Moblie Device Management (MDM) and Mobile Application Management (MAM). It includes: Protection of all Office 365 contents on any device Intune Moblie Device Management and Mobile Application Management Conditional Access to grant or block access Sessio…

Intune best practices
Introduction This post is a summary of brief descriptions to technical Intune best practices. To deliver a true modern workplace these topics may be considered. You may also be interested in one of my other posts: Tranisition to modern Endpoint Management Intune challenges A full series on everythi…

Transition to modern Endpoint Management
This is an updated post, here you will find information about: Endpoint Management design (legacy vs. modern) Reasons for Hybrid or Cloud-only Configuration challenges and approaches Security aspects This post is intended to give an engineering overview on the journey to Modern Endpoint Management…

Autopilot identities and assignments
Introduction Every modern Windows (10/11) device can be setup and managed through Intune and enabled for organizational use. There are two types of ownership, one is personal and the other corporate. If a device is fully corporate-owned, the hard- and software should be registered for an organizatio…

My take on the future app deployment with Intune
Introduction There is currently a lot going on in the app deployment of Windows management with Intune. The new Microsoft Store came up, together with an integration to Intune. Simultaneously the Windows Packager Manager (winget) starts to find more establishment with these topics. This is a write-…

Autopilot Troubleshooting
Introduction I have already created a post about Autopilot Troubleshooting nearly 2 years ago, but I wanted to update it and make it a little more structured and straight-forward. What is Microsoft Intune Endpoint Management? Essentially Microsoft Intune uses the capability of Windows Autopilot to…

Troubleshooting Intune policies and apps
Introduction This post aims to explain a standard procedure when investigating for unexpected behavior or errors between Intune and an endpoint. This means, when the IT admin configures anything in the Intune admin portal and the device should apply the setting, but encounters issues. Things could g…

Intune RBAC permissions
Introduction Intune role-based access control allows administrators to control the level of access to the Intune portal and its resources. It works by assigning roles to users or groups of users. Each role defines a set of permissions throughout Intune or device management such as Device configurat…

Start of the journey
Get your Tenant ready for Intune device enrollment
Microsoft Intune Azure AD quick start guide.

Upload hardware hash to Intune, made easy
This script was made as an addition to “Get-WindowsAutoPilotInfo” for registering the individual hardware hash id from a device into a Microsoft 365 Intune tenant for device enrollment to be super simple & reusable.

Design and solution concepts
Autopilot White Glove Hybrid AzureAD Join
Autopilot White Glove Hybrid AzureAD Join full technical explanation.

Intune - a reference to Kiosk/shared PC mode
Introduction Windows is an open platform that allows users to install applications, customize settings and work on files of several different types. At the same time there are some use cases where a limited or restricted app or Windows platform environment is needed. These are called single-use, Kio…

Intune NDES & SCEP explained
Introduction This post is intended to give a technical concept guidance with a focus on security about certificate deployment with Intune (cloud-only/Azure AD only clients) and NDES + SCEP. (not PFX) This scenario is applicable, if you run an internal certificate authority in your domain and want t…

Windows updates - write up
Introduction Windows update is seen on all Windows operating systems (OS) so that endpoints stay up to date with the newest features, run high-performing, without bugs and stay secure. This post aims to clarify different update methods, release channels, update types, support durations and focus on…

Summarized: Windows Update for Business reports (former Update Compliance)
Introduction So, Windows Update for Business houses a lot of components, including: Receive update services: Windows end device Configuration: through GPO, CSP or Graph API and PowerShell SDK Reporting: Windows Update for Business reports (now generall available) - what this post is about, along wi…

The bridge from Intune to Defender for Endpoint
Introduction This post is a straightforward tutorial to enable Defender for Endpoint with Intune. These two products live in the Microsoft ecosystem and can be natively integrated. It is a major advantage to connect your endpoint management product (Intune) with your XDR and security product (Defend…

Security inputs
Microsoft security concepts V2
Learn about Microsoft’s cloud security high-level concepts to secure your organization with Microsoft 365 and Azure built-in products and features. The way to secure your digital assets such as identities, infrastructures, platforms, apps and data. These are the official Microsoft security sources.…

Windows Hello for Business - summary and a focus to the modern way
Windows Hello for Business (WHfB) is a modern attempt to go passwordless, reinforce security and increase end user usability. It leverages Windows account authentication services to get access to resources, or in the simplest scenario: login to your device. Key facts WHfB is an authentication metho…

Local admin/privilege management with Intune
Introduction Most operating system know two levels of user interactions. Standard or elevated, also known as administrator. For Windows in the enterprise segment, the users most often work with standard permissions. The IT has access to administrator accounts that can modify the system, install appl…

Windows LAPS: the comprehensive guide
Introduction This post features Windows LAPS with its most important specifications and what you need to know high-level. Both Active Directory and Azure AD scenarios are described. Overview Windows LAPS is now in public preview! The Local Administrator Password Solution is a familiar Microsoft pr…

Device Control with Intune
Introduction This post will walk you through Device Control with Microsoft Intune. It is all about controlling access to certain devices or peripherals of Windows. Background Device Control can bring the benefit for these requirements: Security: Peripherals connected to your device and operating s…

Graph API
Get started with Graph API + Explorer and Powershell - how to import/export Intune profiles
Introduction The Microsoft Graph Microsoft Graph enables you to access all your data and intelligence in Microsoft 365, Windows, and Enterprise Mobility + Security. Available under one single endpoint: https://graph.microsoft.com you can call Microsoft Graph from your REST APIs or SDKs. Through Grap…

Azure Managed Identity - access to Graph API and Azure resources
Introduction Nowadays and with Azure, many resources interact with each other and therefore need some type of authentication. As credentials through passwords is no longer considered as safe, we need other secrets to provide authorized access. This is where Managed Identities come to play - they al…

Intune automation enlightenment - Azure Logic App + Graph API + Managed Identity
Introduction In this post we are going to delve into automation for Endpoint Management with Intune. The idea is to give you a powerful and secure tool that you can then use to develop solutions for any use case. Make sure to understand Graph API and Managed Identity in advance

Intune event based automation with alert rules
Introduction In my last post I talked about Intune automation enlightenment with Azure Logic Apps. This time we will take a look on event based triggering to notify for alerting purposes or run Logic apps or other automation tools. Components Azure Log Analytics Workspace provides the ability to st…

Miscellaneous
Intune change tracking (Azure Workbook)
What is it? Intune offers a variety of configurations and functionalities, namely talking about configuration profiles, applications, scripts and also operational tasks like managing a device. (enroll, sync, delete etc.) It can be quite a challenge to keep track of all the changes and operations, a…

Intune challenges (community edition)
What to expect I wanted to hear from you on Reddit and Twitter about which challenges you are facing with Intune. This post concentrates on a summary writeup on the most intense challenges and I want to bring in some of my advice and experience. This post was written in
