I am proud to introduce the PowerShell module IntuneEndpointTools. This is the first PS module I have published to the PowerShell gallery . IntuneEndpointTools contains a set of tools for managing and diagnosing Intune MDM on Windows endpoints designed with Intune support staff in mind. Easily perform diagnostic / troubleshooting operations such as get the MDM diagnostic report, full diagnostic package, force a full sync to Intune, force reprocessing of assigned applications and more!

They Why In a previous article , I demonstrated how to deploy applications to Intune using WinGet . I recieved a request to demonstrate how to use WinGet to update applications, and more importantly, how to run this on a schedule to keep applications updated. Since then, I found a really handy PowerShell wrapper module for WinGet called WinGetTools by Jeffrey Hicks . I made a small contribution to this module to allow it to work running under SYSTEM context.

About 2 years ago, I configured NDES and SCEP for a client that was moving all of their workstations to AzureAD join only. NDES and SCEP work together to provide certificate enrollment for AzureAD only joined devices for authentication with Wi-Fi / VPN etc. This was the Microsoft techcommunity article I followed to get this configued. Fast foward to May 2022, in typical Microsoft fashion, a patch was released to fix a security vulnerability to “address an elevation of privilege vulnerability that can occur when the Kerberos Distribution Center (KDC) is servicing a certificate-based authentication request.

Premise There are times when I encounter a situation where I want to gather some data from workstations and store it in a spreadsheet / table ect. for tracking purposes. Recently I was working with a client to deploy a cloud printing solution. The on prem print environment was somewhat complex with multiple shared printers some of which were locked down to AD security groups. I needed a way to get a pre-deployment printer inventory for each workstation, then compare a post deployment inventory.

Setup BYOD Enrollment In part 1 , we explored how to setup a macOS virtual machine for testing. Now lets look at actually configuring Intune. The first thing we need to do is get an Apple MDM push certificate. Navigate to endpoint.microsoft.com < Devices < Enroll Devices < Apple Enrollment. Download the CSR. Follow the link “Create your MDM Push Certificate” Sign into your Apple ID (or create one if you do not have one) Click create certificate.

Ever since the WinGet package manager was announced, I wanted to find ways to leverage the package manager to simplify deploying software to endpoints. After doing some research and testing, I found that WinGet was unfortunately not designed to be run in SYSTEM context. It was designed to be run under a user account. There is an open issue on GitHub currently and many admins, myself included, would really like WinGet to be designed with enterprise use in mind.

Premise One of my clients has an Apple only environment. The client was previously managed with Jamf. Jamf is a great MDM platform for Apple devices and works really well however there are some downsides. First, the cost of Jamf is quite high, also while Jamf does support M365 condtional access and SSO with M365, it requires a bit more configuration than Intune does. My client was already paying for Enterprise mobility and Security licensing through M365 with Defender ATP for Endpoint so why not take advantage of the included Intune licensing?

I was recently tasked with exporting a report for a client that detailed all users, their location and license assignment in Office 365. I knew the best way to get the job done was by writing a PowerShell script. I did a quick search online and found lots of examples, however all the examples I found were using the deprecated “Microsoft Online” / MSOL PS module. I wanted to use the Azure AD module instead so I played around a bit to get the output I wanted.

If there is one thing I love it is automation. If you are a systems administrator, you have probably at some point needed to create some reports using PowerShell. Usually you would do this manually and export this to a CSV them hand off the report in an email or through SharePoint ect. But how can we automate this process? While you could run PowerShell scripts as a scheduled task to fire off an email which is quick and dirty.

In today’s world of COVID with so many people working from home, more and more organizations are moving to cloud services for file storage. It used to be quite a common practice, at least in my experience to enable folder redirection for users on-prem. Trying to dismantle folder redirection, especially when our users are working remotely can prove to be a challenge. If you have ever attempted to remove a folder redirection GPO, you have undoubtedly discovered folder redirection policies only apply (and remove) at startup/user logon.

The Problem So you want to move your files to SharePoint, great! But your users don’t understand sharepoint, don’t wanna learn sharepoint and just want their file explorer experience. There are a few ways we can go about syncing libraries for our users. We can set a group policy or Intune configuration to automatically sync a SharePoint library however there are some big caveats with this such as a 250~ url character limit.