MEM
Microsoft Endpoint Manager
Importing Group Policy Objects into Intune
Katy Nicholson, 23 April, 2022
This has to be one of the most requested features for Intune - importing Group Policy Objects. It's now a feature! Currently in public preview, so should be available on most tenants. The way this works is that you export your GPOs from Group Policy Management Console, import them into the Group Policy Analytics and it will determine whether they will work as Intune configuration profiles - by trying to map the GPO settings to the corresponding Configuration Service Provier (CSP) setting, if one exists. You'll be shown a report detailing how much of your policies will be transferable, and which individual settings will or won't work.
Intune Remote Help
Katy Nicholson, 21 February, 2022
Remote Help is a new feature of Intune which allows you to remotely help a user. It is based on the Quick Assist tool found in Windows 10 and 11, but with several improvements - both parties need to be logged in with an Azure AD account in your tenant, and the helper can run elevated commands. There is also a RBAC role for controlling what level of access helpers have - e.g. view only or full control, whether they can interact with elevated windows.
MEM: Bypassing iOS activation lock on supervised devices
Katy Nicholson, 6 January, 2022
Occasionally while working with MDM and iOS devices you'll reset a device and discover the user left an activation lock. I look at how to bypass that for devices which have, at one point in their life, been attached to MDM.
MEM: Setting Client Registry Keys
Katy Nicholson, 9 December, 2021
Traditionally you would use something like Group Policy Preferences or use Config Mgr to set registry keys on a client device. In this post I look at a way to do this using Intune.
MEM: Updating to Windows 11
Katy Nicholson, 4 December, 2021
A look at how we can force our devices to update to Windows 11 using Intune.
MEM: Managing Android Devices
Katy Nicholson, 31 October, 2021
Love them or hate them, you will probably have to manage Android devices at some point. In this post I look at the enrolment profile types for Anrdoid devices on Intune.
Intune: 802.1x Wi-Fi, NPS and user PKCS certificates
Katy Nicholson, 23 September, 2021
It's annoying having to enter your credentials whenever you connect to an 802.1x wireless network. We can use Intune to push out certificates to enable password-free network connection. This post looks at Intune managed Azure AD joined devices, an 802.1x wireless network using NPS for authentication, and Active Directory Certificate Services to issue the certificates to the users.
Windows 365 Cloud PC
Katy Nicholson, 4 August, 2021
Windows 365 Cloud PC is an exciting new product from Microsoft. Split into two SKUs, Business and Enterprise, I have a look at the differences and how to configure Windows 365.
Windows Update for Business (WUfB) and Update Compliance
Katy Nicholson, 23 June, 2021
Windows Update for Business (WUfB) is a free service which allows you a level of control over Windows Update on certain SKU of Windows 10 - Pro/Enterprise/Education/Pro for Workstation - basically everything except Home edition. You can select which types of updates you would like - Feature updates, Quality (security) updates, Driver updates and Microsoft Product updates. Product updates are for other Microsoft products, but not Office if you used the Click-to-Run installer.
Intune: Introducing Filters
Katy Nicholson, 9 June, 2021
Endpoint Manager/Intune Filters is a new feature which gives you advanced targeting for things like compliance policies, configuration profiles and app assignment by adding filters.
Endpoint Analytics
Katy Nicholson, 19 May, 2021
Endpoint Analytics is a component of Intune and is used to provide you with insights as to how your devices are performing. Which take forever to log on? Which apps crash frequently? You can also run proactive remediation scripts to enforce settings or fix issues.
Intune: Manage non-DEP iOS devices via AC2 DEP enrolment
Katy Nicholson, 31 March, 2021
Sometimes you may be given iOS devices which have been purchased by another department - or ad-hoc - and thus you do not have the details to have the supplier add these to DEP/Apple School/Business Manager. In this post I look at how we can add these devices using Apple Configurator 2, and pull these into Intune.
Intune: Windows Hello for Business
Katy Nicholson, 12 March, 2021
Windows Hello is Windows 10's biometric authentication system which allows users to sign into their device using facial recognition (if the device has an IR camera), fingerprint (if the device has a fingerprint reader) and PIN. The data for these is stored on the device itself rather than transmitted to the authentication provider (i.e. Azure AD) so is more secure than a password as an attacker would need the device as well as the face/finger/PIN of the person they are trying to impersonate. In this case a PIN is more like a password, as we can define the minimum and maximum length, and allow/forbid/require lower case, upper case and special characters. The default setting permits numbers, lower and upper case letters but does not allow special characters.
Intune: Endpoint Protection
Katy Nicholson, 26 February, 2021
Whilst Endpoint Protection can be suitably managed for traditional Active Directory-joined devices using Group Policies, you'll need an alternative to protect your Azure AD joined devices. Luckily Intune can do this for us by way of a device configuration profile.
MEM: iOS Wireless Profile with embedded credentials
Katy Nicholson, 5 February, 2021
Sometimes you have no option but to use a wireless network with a username and password, which you want to set on devices with a Configuration Profile. While there is no option to do this with the built in Wi-Fi profile, you can create a custom one on Apple Configurator 2 and import this into Intune.
Intune: Managing iOS devices
Katy Nicholson, 13 January, 2021
In this part of the Intune series of posts I'm looking at getting iPads enrolled and managed, and deploying apps. In my case I'm looking to migrate some iPads from an existing MDM into Intune, so I'm assuming you already have an Apple ID set up to create the push certificates and already have Apple School Manager (or Business Manager) set up.
Intune: Deploying Applications
Katy Nicholson, 6 January, 2021
In this post I cover deploying applications to devices through Intune - Microsoft 365 Apps, Microsoft Store apps, Web Apps and Win32 Applications.
Intune: Getting Started with Autopilot
Katy Nicholson, 20 December, 2020
In this post I take a first look at Intune and Autopilot and go through importing devices, creating enrolment profiles, configuration profiles and deploying the device.