Endpoint Management with Microsoft Intune

Introduction This post is recommended for any reader who is new to Intune or would like to get a high-level overview of the Intune product family. It will contain the product, feature and service names and a description of their purpose, as well as references to my dedicated blog posts

This blog is mostly about Intune Endpoint Management. Modern Workplace and Mobile Device Management (MDM), with a special focus on security. This post will treat a high-level introduction to Microsoft Intune. The audience are people that are new to specifically Intune. You don’t need to have a high…

IntroductionHere we go - the full Microsoft Intune Suite is released in February 2024 🥳 We now got Microsoft Cloud PKI, Advanced Analytics and Enterprise Application Management in the portfolio. This blog post shows a first look at the features, their benefits and how to get started. These features…

Ever wondered what Autopilot or Intune is? Read here more about this topic!

Introduction This post is a summary of brief descriptions to technical Intune best practices. To deliver a true modern workplace these topics may be considered. You may also be interested in one of my other posts: Tranisition to modern Endpoint Management Intune challenges A full series on everythi…

This is an updated post, here you will find information about: Endpoint Management design (legacy vs. modern) Reasons for Hybrid or Cloud-only Configuration challenges and approaches Security aspects This post is intended to give an engineering overview on the journey to Modern Endpoint Management…

Introduction Every modern Windows (10/11) device can be setup and managed through Intune and enabled for organizational use. There are two types of ownership, one is personal and the other corporate. If a device is fully corporate-owned, the hard- and software should be registered for an organizatio…

Introduction There is currently a lot going on in the app deployment of Windows management with Intune. The new Microsoft Store came up, together with an integration to Intune. Simultaneously the Windows Packager Manager (winget) starts to find more establishment with these topics. This is a write-…

Introduction I have already created a post about Autopilot Troubleshooting nearly 2 years ago, but I wanted to update it and make it a little more structured and straight-forward. What is Microsoft Intune Endpoint Management? Essentially Microsoft Intune uses the capability of Windows Autopilot to…

Introduction This post aims to explain a standard procedure when investigating for unexpected behavior or errors between Intune and an endpoint. This means, when the IT admin configures anything in the Intune admin portal and the device should apply the setting, but encounters issues. Things could g…

Introduction Intune role-based access control allows administrators to control the level of access to the Intune portal and its resources. It works by assigning roles to users or groups of users. Each role defines a set of permissions throughout Intune or device management such as Device configurat…

Introduction This post is the part 2 of my initial writing on RBAC in Intune. My intention is to explain a real world example on RBAC design with Intune and Azure AD, since device operations can be made on the Intune device object, but also on the Azure AD device

This script was made as an addition to “Get-WindowsAutoPilotInfo” for registering the individual hardware hash id from a device into a Microsoft 365 Intune tenant for device enrollment to be super simple & reusable.

💡Learn about how to align organizational operations, to deliver technology with excellence!Introduction Im my daily work as engineer and consultant I accompany organizations from several industries on their way to modern endpoint management with Microsoft Intune. Beside the technical challenges, I…

Introduction Most organizations have compliance requirements for dozens of topics, spanning both technical and non-technical domains, as they are in a complex landscape of regulations, standards, and best practices to ensure the integrity, security, and conduct of their operations. This post is jus…

💡Microsoft announced “cloud certification management” capabilities for the Intune suite to come in the second half of 2023. This could significantly simplify Intune certificate management.Introduction Authentication with certificates is considered as very secure and seamless for the user. Simply pu…

Introduction This post is intended to give a technical concept guidance with a focus on security about certificate deployment with Intune (cloud-only/Azure AD only clients) and NDES + SCEP. (not PFX) This scenario is applicable, if you run an internal certificate authority in your domain and want t…

Introduction This post is a brief summary of establishing network connection (wired or wireless network) on Intune managed devices, from my experience. Challenges -Azure AD only joined devices are not present in Active Directory and therefore certificates can not be issued by the PKI, resulting tha…

Introduction Windows update is seen on all Windows operating systems (OS) so that endpoints stay up to date with the newest features, run high-performing, without bugs and stay secure. This post aims to clarify different update methods, release channels, update types, support durations and focus on…

Introduction So, Windows Update for Business houses a lot of components, including: Receive update services: Windows end device Configuration: through GPO, CSP or Graph API and PowerShell SDK Reporting: Windows Update for Business reports (now generall available) - what this post is about, along wi…

Introduction Here it is! Windows driver and firmware updates with Intune 🥳 This post will be a brief kick-off and concept summary of this new feature. Previously, Windows Update for Business only allowed for a all-or-nothing setting. Driver updates could be blocked or allowed. Now we have the capa…

Introduction This post is a straightforward tutorial to enable Defender for Endpoint with Intune. These two products live in the Microsoft ecosystem and can be natively integrated. It is a major advantage to connect your endpoint management product (Intune) with your XDR and security product (Defend…

Introduction Windows is an open platform that allows users to install applications, customize settings and work on files of several different types. At the same time there are some use cases where a limited or restricted app or Windows platform environment is needed. These are called single-use, Kio…

Learn about Microsoft’s cloud security high-level concepts to secure your organization with Microsoft 365 and Azure built-in products and features. The way to secure your digital assets such as identities, infrastructures, platforms, apps and data. These are the official Microsoft security sources.…

ℹ️This is not a pure security post, it is focusing on high-level topics around endpoint security and baselines. Please be aware that security configuration and operation should be performed on the highest level of professionality.Introduction In my blog posts I often mention the Microsoft Security B…

Windows Hello for Business (WHfB) is a modern attempt to go passwordless, reinforce security and increase end user usability. It leverages Windows account authentication services to get access to resources, or in the simplest scenario: login to your device. Key facts WHfB is an authentication metho…

Introduction Most operating system know two levels of user interactions. Standard or elevated, also known as administrator. For Windows in the enterprise segment, the users most often work with standard permissions. The IT has access to administrator accounts that can modify the system, install appl…

Introduction This post features Windows LAPS with its most important specifications and what you need to know high-level. Both Active Directory and Azure AD scenarios are described. Overview Windows LAPS is now in public preview! The Local Administrator Password Solution is a familiar Microsoft pr…

IntroductionMicrosoft Endpoint Privilege Management (EPM) is a part of the Intune Suite offering. It allows standard users to run applications with privilege rights, without the need to be local administrators. This is a massive security improvement and supports your zero-trust strategy. At core, wi…

Introduction This post will walk you through Device Control with Microsoft Intune. It is all about controlling access to certain devices or peripherals of Windows. Background Device Control can bring the benefit for these requirements: Security: Peripherals connected to your device and operating s…

Introduction The Microsoft Graph Microsoft Graph enables you to access all your data and intelligence in Microsoft 365, Windows, and Enterprise Mobility + Security. Available under one single endpoint: https://graph.microsoft.com you can call Microsoft Graph from your REST APIs or SDKs. Through Grap…

Introduction Nowadays and with Azure, many resources interact with each other and therefore need some type of authentication. As credentials through passwords is no longer considered as safe, we need other secrets to provide authorized access. This is where Managed Identities come to play - they al…

Introduction In this post we are going to delve into automation for Endpoint Management with Intune. The idea is to give you a powerful and secure tool that you can then use to develop solutions for any use case. Make sure to understand Graph API and Managed Identity in advance

Introduction In my last post I talked about Intune automation enlightenment with Azure Logic Apps. This time we will take a look on event based triggering to notify for alerting purposes or run Logic apps or other automation tools. Components Azure Log Analytics Workspace provides the ability to st…

What is it? Intune offers a variety of configurations and functionalities, namely talking about configuration profiles, applications, scripts and also operational tasks like managing a device. (enroll, sync, delete etc.) It can be quite a challenge to keep track of all the changes and operations, a…

What to expect I wanted to hear from you on Reddit and Twitter about which challenges you are facing with Intune. This post concentrates on a summary writeup on the most intense challenges and I want to bring in some of my advice and experience. This post was written in