Welcome to this coast! On this page you will get useful information about everything regarding Microsoft Intune Endpoint Management. You can follow this like a path.

Manage your Windows and other OS Endpoints with Intune and use the public cloud Azure with all aspects like enrollment, configuration, updating, apps and security. Make your enterprise mobile now! Device management from the cloud.

Introduction, experience and thoughts

A touch on Intune
This blog is mostly about Intune Endpoint Management. Modern Workplace and Mobile Device Management (MDM), with a special focus on security. This post will treat a high-level introduction to Microsoft Intune. The audience are people that are new to specifically Intune. You don’t need to have a high…
What you need to know about Intune
Ever wondered what Autopilot or Intune is? Read here more about this topic!
Intune: experience from the field
Intune is a cloud-based endpoint management solution. Microsoft Intune is capable of many features and let you realise a modern endpoint einvironment. But who does act on the field?
MDM & MAM at a glance with Intune
Enterprise mobility management (EMM) includes Moblie Device Management (MDM) and Mobile Application Management (MAM). It includes: Protection of all Office 365 contents on any device Intune Moblie Device Management and Mobile Application Management Conditional Access to grant or block access Sessio…
Intune best practices
Introduction This post is a summary of brief descriptions to technical Intune best practices. To deliver a true modern workplace these topics may be considered. You may also be interested in one of my other posts: Tranisition to modern Endpoint Management Intune challenges A full series on everythi…
Transition to modern Endpoint Management
This is an updated post, here you will find information about: Endpoint Management design (legacy vs. modern) Reasons for Hybrid or Cloud-only Configuration challenges and approaches Security aspects This post is intended to give an engineering overview on the journey to Modern Endpoint Management…
My take on the future app deployment with Intune
Introduction There is currently a lot going on in the app deployment of Windows management with Intune. The new Microsoft Store came up, together with an integration to Intune. Simultaneously the Windows Packager Manager (winget) starts to find more establishment with these topics. This is a write-…
Autopilot Troubleshooting
Introduction I have already created a post about Autopilot Troubleshooting nearly 2 years ago, but I wanted to update it and make it a little more structured and straight-forward. What is Microsoft Intune Endpoint Management? Essentially Microsoft Intune uses the capability of Windows Autopilot to…

Start of the journey

Get your Tenant ready for Intune device enrollment
Microsoft Intune Azure AD quick start guide.
Upload hardware hash to Intune, made easy
This script was made as an addition to “Get-WindowsAutoPilotInfo” for registering the individual hardware hash id from a device into a Microsoft 365 Intune tenant for device enrollment to be super simple & reusable.

Design and solution concepts

Autopilot White Glove Hybrid AzureAD Join
Autopilot White Glove Hybrid AzureAD Join full technical explanation.
Intune - a reference to Kiosk/shared PC mode
Introduction Windows is an open platform that allows users to install applications, customize settings and work on files of several different types. At the same time there are some use cases where a limited or restricted app or Windows platform environment is needed. These are called single-use, Kio…
Intune NDES & SCEP explained
Introduction This post is intended to give a technical concept guidance with a focus on security about certificate deployment with Intune (cloud-only/Azure AD only clients) and NDES + SCEP. (not PFX) This scenario is applicable, if you run an internal certificate authority in your domain and want t…
Windows Hello for Business - summary and a focus to the modern way
Windows Hello for Business (WHfB) is a modern attempt to go passwordless, reinforce security and increase end user usability. It leverages Windows account authentication services to get access to resources, or in the simplest scenario: login to your device. Key facts WHfB is an authentication metho…
Windows updates - write up
Introduction Windows update is seen on all Windows operating systems (OS) so that endpoints stay up to date with the newest features, run high-performing, without bugs and stay secure. This post aims to clarify different update methods, release channels, update types, support durations and focus on…
Summarized: Windows Update for Business reports (former Update Compliance)
Introduction So, Windows Update for Business houses a lot of components, including: Receive update services: Windows end device Configuration: through GPO, CSP or Graph API and PowerShell SDK Reporting: Windows Update for Business reports (now generall available) - what this post is about, along wi…

Graph API

Get started with Graph API + Explorer and Powershell - how to import/export Intune profiles
Introduction The Microsoft Graph Microsoft Graph enables you to access all your data and intelligence in Microsoft 365, Windows, and Enterprise Mobility + Security. Available under one single endpoint: https://graph.microsoft.com you can call Microsoft Graph from your REST APIs or SDKs. Through Grap…
Azure Managed Identity - access to Graph API and Azure resources
Introduction Nowadays and with Azure, many resources interact with each other and therefore need some type of authentication. As credentials through passwords is no longer considered as safe, we need other secrets to provide authorized access. This is where Managed Identities come to play - they al…
Intune automation enlightenment - Azure Logic App + Graph API + Managed Identity
Introduction In this post we are going to delve into automation for Endpoint Management with Intune. The idea is to give you a powerful and secure tool that you can then use to develop solutions for any use case. Make sure to understand Graph API and Managed Identity in advance
Intune event based automation with alert rules
Introduction In my last post I talked about Intune automation enlightenment with Azure Logic Apps. This time we will take a look on event based triggering to notify for alerting purposes or run Logic apps or other automation tools. Components Azure Log Analytics Workspace provides the ability to st…

Security inputs

Microsoft security concepts V2
Learn about Microsoft’s cloud security high-level concepts to secure your organization with Microsoft 365 and Azure built-in products and features. The way to secure your digital assets such as identities, infrastructures, platforms, apps and data. These are the official Microsoft security sources.…


Intune change tracking (Azure Workbook)
What is it? Intune offers a variety of configurations and functionalities, namely talking about configuration profiles, applications, scripts and also operational tasks like managing a device. (enroll, sync, delete etc.) It can be quite a challenge to keep track of all the changes and operations, a…
Intune challenges (community edition)
What to expect I wanted to hear from you on Reddit and Twitter about which challenges you are facing with Intune. This post concentrates on a summary writeup on the most intense challenges and I want to bring in some of my advice and experience. This post was written in
You’ve successfully subscribed to Oceanleaf
Welcome back! You’ve successfully signed in.
Great! You’ve successfully signed up.
Your link has expired
Success! Check your email for magic link to sign-in.