Intune scope tags and role-based access control explained

For larger Intune environments a solid role-based access implementation becomes crucial to ensure a secure administration. But how does Intune role-based access control (RBAC) work in combination with scope tags and how to get started? This post gets you covered with explanations and practical examples. Role-based access control within the Microsoft 365 ecosystem Within the Microsoft 365 ecosystem, Microsoft provides Azure AD administrative roles to administrate services like Exchange (Exchange administrator), SharePoint (SharePoint administrator), Intune (Intune administrator) and so on....

August 3, 2020 · 7 min · 1307 words · Nicola Suter

Managing the new Microsoft Edge Browser with Intune

With the availability of the new Edge browser based on chromium I gained the first experiences about configuring the browser in an enterprise environment. Of course I want to share those with you. This post hopefully helps you to roll-out and configure the new Edge Browser with Microsoft Intune. Install the new Edge Chromium with Intune The installation of Edge is not the main topic of this post. The Edge browser is available in Intune as built-in app type like the Office 365 suite....

February 3, 2020 · 7 min · 1348 words · Nicola Suter

Prevent Intune devices from getting the Microsoft search (Bing) plugin

Microsoft recently announced to install a Bing extension on new and existing Office 365 ProPlus installations which will set Bing as the default search engine starting with the first Office 365 ProPlus release in 2020 - not appreciated Microsoft and definitely not what customers want! The extension will be shipped for new Office installations and existing clients with Office 365 ProPlus installed when they update. Update 11.02.2020: “ The Microsoft Search in Bing browser extension will not be automatically deployed with Office 365 ProPlus....

January 24, 2020 · 3 min · 493 words · Nicola Suter

Deploy fonts to Intune managed Windows 10 devices

Recently a customer using Microsoft Intune requested to deploy a TrueType font required by one of their line of business apps. Because Intune does not offer a native solution to deploy fonts it was quite clear that a PowerShell script or Intune Win32 app should do the trick. Note that the mentioned PowerShell scripts can also be used for app deployments with Configuration Manager (MEMCM). How to install a font programmatically?...

January 19, 2020 · 2 min · 403 words · Nicola Suter

Monitor Apple token expiration in Intune

Apple tokens for Mobile Device Management like APNS certificates, DEP and VPP tokens need a renewal every 365 days. When an APNS certificate has expired you are forced to re-enroll all of your MDM managed apple devices. To avoid any headaches I put together a few lines of PowerShell which monitor the expiration with Azure automation and send a notification to Microsoft teams or email. Script The script is intended to run recurring on Azure automation....

January 4, 2020 · 2 min · 389 words · Nicola Suter

Have you already started with Intune automation and Microsoft Graph?

This post has the intention to give you an overview and starting point to automate things with the Microsoft Graph API and PowerShell. While having the focus on Intune and EM+S but the basics are also valid for other Microsoft services. The world is changing and so are you? When talking about automation most people only think about some PowerShell code and scheduled tasks running on whatever box in an environment....

December 19, 2019 · 5 min · 1011 words · Nicola Suter

Application based authentication with the Intune PowerShell SDK using a certificate

As you might have noticed I have been doing quite a lot of automation stuff with Microsoft Graph for Intune and Azure AD. My preferred way to run PowerShell scripts which need to run on a regular basis is to use Azure automation. Unfortunately the official “Intune-PowerShell-SDK” does not support authentication with a client certificate. Therefore I updated the module and will show you how to use it with Azure automation....

December 10, 2019 · 4 min · 678 words · Nicola Suter

Bulk update Windows Autopilot groupTags

Recently I needed to change a couple of groupTags on existing Windows Autopilot devices. Because Windows Autopilot profiles have been assigned based on the groupTag. Of course I could have done this with the portal (check out the devicemanagement.microsoft.com portal if not done yet!) but I am definitely an automation fan when I need to do repetitive work. Portal view and property mapping In the Intune portal the Group Tag field on an Autopilot device maps to the Azure AD device property “OrderID”....

December 1, 2019 · 2 min · 215 words · Nicola Suter

Intune export uploaded PowerShell scripts

After you have uploaded a PowerShell script to the Intune portal you won’t be able to view the script or its content. Therefore things become complicated when an Intune tenant is managed by multiple admins and someone wants to update or review a script. In addition to the unknown script content things can go from bad to worse if you can’t find the script anymore. Fortunately we can recollect our PowerShell scripts directly from the Microsoft Graph API....

October 9, 2019 · 1 min · 149 words · Nicola Suter

Windows Autopilot failed to delete device records

Recently I needed to delete a desktop machine from the Windows Autopilot service in order to use the machine in another tenant. But the problem was that the Intune and Azure AD device objects were already deleted. All attempts taken within the Microsoft 365 Device Management and Intune Portal were unsuccessful. Issue Usually the autopilot device shows the associated Azure AD and Intune objects but here they were shown as N/A (not available) because they were already deleted....

September 29, 2019 · 1 min · 181 words · Nicola Suter