An account in your Azure Active Directory got deleted and you want to examine who initiated the delete action? Sounds very simple but if you do not want to search your logs manually things become a little bit trickier. The challenge When a user gets deleted and you only remember it’s userPrincipalName you wont be able to to search for a match. And I doubt that you memorized the Azure AD object id of that user. ...
With the availability of the new Edge browser based on chromium I gained the first experiences about configuring the browser in an enterprise environment. Of course I want to share those with you. This post hopefully helps you to roll-out and configure the new Edge Browser with Microsoft Intune. Install the new Edge Chromium with Intune The installation of Edge is not the main topic of this post. The Edge browser is available in Intune as built-in app type like the Office 365 suite. More information about the installation process is available here. ...
Microsoft recently announced to install a Bing extension on new and existing Office 365 ProPlus installations which will set Bing as the default search engine starting with the first Office 365 ProPlus release in 2020 - not appreciated Microsoft and definitely not what customers want! The extension will be shipped for new Office installations and existing clients with Office 365 ProPlus installed when they update. Update 11.02.2020: “ The Microsoft Search in Bing browser extension will not be automatically deployed with Office 365 ProPlus.” - I will keep this post for the archives. ...
Recently a customer using Microsoft Intune requested to deploy a TrueType font required by one of their line of business apps. Because Intune does not offer a native solution to deploy fonts it was quite clear that a PowerShell script or Intune Win32 app should do the trick. Note that the mentioned PowerShell scripts can also be used for app deployments with Configuration Manager (MEMCM). How to install a font programmatically? There seem to be multiple options depending on the operating system version. I’ve tested this with Windows 10 1909. And broke it down to the following steps: ...
If you manage multiple Intune tenants with your Azure AD account (invited as guest in the foreign tenant) we need a way to specify the tenant id we want to connect. Otherwise you will land in your home-tenant every time. This posts shows you how to accomplish that with the Intune PowerShell SDK. If we have a look at the default Graph settings in a PowerShell session with the Intune PowerShell SDK you will notice that all authentication requests will land on the /common endpoint. ...
Apple tokens for Mobile Device Management like APNS certificates, DEP and VPP tokens need a renewal every 365 days. When an APNS certificate has expired you are forced to re-enroll all of your MDM managed apple devices. To avoid any headaches I put together a few lines of PowerShell which monitor the expiration with Azure automation and send a notification to Microsoft teams or email. Script The script is intended to run recurring on Azure automation. And I recommend to setup a schedule which runs the script once a week. The script checks the following apple tokens and triggers the teams notification if it expires in less than the configured number of days: ...
Most of the people out there blogging have recently published numbers and figures about 2019. Starting the new decade I also want to publish some figures about 2019 and wish you a happy and successful start into 2020. Blog On my blog I tried to focus mainly on Enterprise Mobility + Security topics and shared some experiences and how-to’s about the modern workplace. 28 blog posts published 101'074 page visits 04:08 (mm:ss) is the average time users spent on my site Tools I published two open source tools in 2019, both are available on GitHub and both of them support your Microsoft 365 based workplace: ...
This post has the intention to give you an overview and starting point to automate things with the Microsoft Graph API and PowerShell. While having the focus on Intune and EM+S but the basics are also valid for other Microsoft services. The world is changing and so are you? When talking about automation most people only think about some PowerShell code and scheduled tasks running on whatever box in an environment. But technology regarding Microsoft services and it’s automation possibilities have definitely evolved quickly. Automation can now be done with basically any scripting or programming language because Microsoft offers us the Microsoft Graph API. Although API (application program interface) sounds more like a developer term engineers should better get used to consuming API’s. As more and more services can be consumed as SaaS API’s are mostly offered for further data processing and automation. ...
As you might have noticed I have been doing quite a lot of automation stuff with Microsoft Graph for Intune and Azure AD. My preferred way to run PowerShell scripts which need to run on a regular basis is to use Azure automation. Unfortunately the official “Intune-PowerShell-SDK” does not support authentication with a client certificate. Therefore I updated the module and will show you how to use it with Azure automation. ...
Recently I needed to assign a lot of Microsoft licenses to different Azure AD groups. Unfortunately Microsoft does currently not offer a solution to do this (yet). Instead of giving up on this I decided to analyze what actually happens when you assign a license to a group in the Azure portal and found some actions going on within the hidden portal API. As an outcome I built a PowerShell module to manage Azure AD group based licensing assignments. ...