Install Software With WinGet As System (UPDATE 2024)

Install Software With WinGet As System (UPDATE 2024)
Background Back in 2022, after a lot of testing, I developed a way to install any machine wide installer in SYSTEM context using WinGet . For the most part this worked great, however I noticed that if I deployed an application targeted to a device group, the application would not reliable install during autopilot / OOBE. This is because the DesktopAppInstaller UWP appxpacakage needs to be installed under a user account before WinGet is available to use.
Read more →

The New Microsoft Store Experience in Intune

The New Microsoft Store Experience in Intune
Microsoft relecently released the new Microsoft Store integration for Intune . The new integration allows admins to easily search the store and deploy traditional APPX/UWP packages as well as a limited number of new Win32 app packages. WinGet (the Windows package manager) is the technology behind this new experience. This new experience greatly simplifies application deployment through Intune and is intended to replace the Microsoft Store for Business which will be retired in the first half of next year.
Read more →

Introducing the M365 Report Tools PowerShell Module

The Why I often find the need to gather and extract data from various areas M365 for auditing or for project planning. I had the idea of putting together a PowerShell module containing wrapper functions for some of the most common reports I and colleagues ask for. I wanted to make the commands easy to discover and easy to use. I would like to introduce the M365.Report.Tools PowerShell module! What can it do?
Read more →

Introducing the M365 Report Tools PowerShell Module

Introducing the M365 Report Tools PowerShell Module
The Why I often find the need to gather and extract data from various areas M365 for auditing or for project planning. I had the idea of putting together a PowerShell module containing wrapper functions for some of the most common reports I and colleagues ask for. I wanted to make the commands easy to discover and easy to use. I would like to introduce the M365.Report.Tools PowerShell module! What can it do?
Read more →

Intune Endpoint Tools PowerShell Module

Intune Endpoint Tools PowerShell Module
I am proud to introduce the PowerShell module IntuneEndpointTools. This is the first PS module I have published to the PowerShell gallery. IntuneEndpointTools contains a set of tools for managing and diagnosing Intune MDM on Windows endpoints designed with Intune support staff in mind. Easily perform diagnostic/troubleshooting operations such as getting the MDM diagnostic report, full diagnostic package, forcing a full sync to Intune, forcing reprocessing of assigned applications, and more!
Read more →

Keep Applications Updated with WinGet and Proactive Remediations

Keep Applications Updated with WinGet and Proactive Remediations
The Why In a previous article , I demonstrated how to deploy applications to Intune using WinGet . I recieved a request to demonstrate how to use WinGet to update applications, and more importantly, how to run this on a schedule to keep applications updated. Since then, I found a really handy PowerShell wrapper module for WinGet called WinGetTools by Jeffrey Hicks . I made a small contribution to this module to allow it to work running under SYSTEM context.
Read more →

Update Business Voice to Teams Phone Licenses

Update Business Voice to Teams Phone Licenses
Microsoft has announced the retirement of Business Voice licensing . If your tenant is still using Business Voice with Calling Plan or Business Voice without Calling Plan, you will need to switch to the new equivalent Teams Phone plan. If you take a look at the Microsoft doc linked above, there are examples for how to update the licenses on bulk, however it is baffling Microsoft chose to demonstrate using the Azure AD PowerShell module, when the licensing portion of that module is slated to be retired as of today (6/30).
Read more →

AAD Token Broker Issues

AAD Token Broker Issues
Problem signs Outlook refuses to load, or a sign in window loops, opening and closing quickly. Outlook refuses to connect or send / recieve mail. The Windows store refuses to open. These are the initial symptoms I have seen when the AAD token broker ‘breaks’ for lack of a better term. Event ID 1098 will be logged repeatedly in the Microsoft-Windows-AAD/Operational event log. The fix Microsoft has a couple troubleshooting articles on event 1098 Event 1098 Cannot Create New Profiles and Event 1098 Error 0xcaa5001c .
Read more →

KB5014754 Certificate Authentication Woes with NDES/SCEP and Intune

KB5014754 Certificate Authentication Woes with NDES/SCEP and Intune
About 2 years ago, I configured NDES and SCEP for a client that was moving all of their workstations to AzureAD join only. NDES and SCEP work together to provide certificate enrollment for AzureAD only joined devices for authentication with Wi-Fi / VPN etc. This was the Microsoft techcommunity article I followed to get this configued. Fast foward to May 2022, in typical Microsoft fashion, a patch was released to fix a security vulnerability to “address an elevation of privilege vulnerability that can occur when the Kerberos Distribution Center (KDC) is servicing a certificate-based authentication request.
Read more →

O365 License Report With Friendly Names Using The Microsoft Graph

O365 License Report With Friendly Names Using The Microsoft Graph
In a previous article , I demonstrated how to export a license report for all users withe the ‘friendly’ license names using the AzureAD PowerShell module. Since then, Microsoft has announced the coming retirement of the AzureAD API (and assocaiated PowerShell modules). You should be migrating all scripts over to using the Microsoft Graph PowerShell SDK Here I will provide a sample script to demonstrate how to export a license report for all users in Azure AD utilizing the Microsoft Graph.
Read more →

Get Data from workstations and send to an Excel Table for free

Get Data from workstations and send to an Excel Table for free
Premise There are times when I encounter a situation where I want to gather some data from workstations and store it in a spreadsheet / table ect. for tracking purposes. Recently I was working with a client to deploy a cloud printing solution. The on prem print environment was somewhat complex with multiple shared printers some of which were locked down to AD security groups. I needed a way to get a pre-deployment printer inventory for each workstation, then compare a post deployment inventory.
Read more →

Working with the Microsoft Graph PowerShell SDK

Working with the Microsoft Graph PowerShell SDK
What is an API anyway? API stands for “Application Interface”. In simplest terms, APIs are services that bridge and allow two systems to interact. When we are talking about web services, such as those in M365, API usually refer to a REST API. I like this explanation from AWS: API architecture is usually explained in terms of client and server. The application sending the request is called the client, and the application sending the response is called the server.
Read more →

Helpful macOS Resources

Read more →

Intune for macOS Part 2 - Setup BYOD enrollment and Configure macOS Profiles

Intune for macOS Part 2 - Setup BYOD enrollment and Configure macOS Profiles
Setup BYOD Enrollment In part 1 , we explored how to setup a macOS virtual machine for testing. Now lets look at actually configuring Intune. The first thing we need to do is get an Apple MDM push certificate. Navigate to endpoint.microsoft.com < Devices < Enroll Devices < Apple Enrollment. Download the CSR. Follow the link “Create your MDM Push Certificate” Sign into your Apple ID (or create one if you do not have one) Click create certificate.
Read more →

Intune Deploy Software with WinGet

Intune Deploy Software with WinGet
Ever since the WinGet package manager was announced, I wanted to find ways to leverage the package manager to simplify deploying software to endpoints. After doing some research and testing, I found that WinGet was unfortunately not designed to be run in SYSTEM context. It was designed to be run under a user account. There is an open issue on GitHub currently and many admins, myself included, would really like WinGet to be designed with enterprise use in mind.
Read more →

Configuring Intune for macOS part 1 - Setup a macOS VM

Configuring Intune for macOS part 1 - Setup a macOS VM
Premise One of my clients has an Apple only environment. The client was previously managed with Jamf. Jamf is a great MDM platform for Apple devices and works really well however there are some downsides. First, the cost of Jamf is quite high, also while Jamf does support M365 condtional access and SSO with M365, it requires a bit more configuration than Intune does. My client was already paying for Enterprise mobility and Security licensing through M365 with Defender ATP for Endpoint so why not take advantage of the included Intune licensing?
Read more →

Collect data in an Azure Table with Power Automate and PowerShell

If there is one thing I love it is automation. If you are a systems administrator, you have probably at some point needed to create some reports using PowerShell. Usually you would do this manually and export this to a CSV them hand off the report in an email or through SharePoint ect. But how can we automate this process? While you could run PowerShell scripts as a scheduled task to fire off an email which is quick and dirty.
Read more →