MEM

Microsoft Endpoint Manager

Importing Group Policy Objects into Intune

Katy Nicholson, 23 April, 2022

This has to be one of the most requested features for Intune - importing Group Policy Objects. It's now a feature! Currently in public preview, so should be available on most tenants. The way this works is that you export your GPOs from Group Policy Management Console, import them into the Group Policy Analytics and it will determine whether they will work as Intune configuration profiles - by trying to map the GPO settings to the corresponding Configuration Service Provier (CSP) setting, if one exists. You'll be shown a report detailing how much of your policies will be transferable, and which individual settings will or won't work.

Intune Remote Help

Katy Nicholson, 21 February, 2022

Remote Help is a new feature of Intune which allows you to remotely help a user. It is based on the Quick Assist tool found in Windows 10 and 11, but with several improvements - both parties need to be logged in with an Azure AD account in your tenant, and the helper can run elevated commands. There is also a RBAC role for controlling what level of access helpers have - e.g. view only or full control, whether they can interact with elevated windows.

MEM: Bypassing iOS activation lock on supervised devices

Katy Nicholson, 6 January, 2022

Occasionally while working with MDM and iOS devices you'll reset a device and discover the user left an activation lock. I look at how to bypass that for devices which have, at one point in their life, been attached to MDM.

MEM: Setting Client Registry Keys

Katy Nicholson, 9 December, 2021

Traditionally you would use something like Group Policy Preferences or use Config Mgr to set registry keys on a client device. In this post I look at a way to do this using Intune.

MEM: Updating to Windows 11

Katy Nicholson, 4 December, 2021

A look at how we can force our devices to update to Windows 11 using Intune.

MEM: Managing Android Devices

Katy Nicholson, 31 October, 2021

Love them or hate them, you will probably have to manage Android devices at some point. In this post I look at the enrolment profile types for Anrdoid devices on Intune.

Intune: 802.1x Wi-Fi, NPS and user PKCS certificates

Katy Nicholson, 23 September, 2021

It's annoying having to enter your credentials whenever you connect to an 802.1x wireless network. We can use Intune to push out certificates to enable password-free network connection. This post looks at Intune managed Azure AD joined devices, an 802.1x wireless network using NPS for authentication, and Active Directory Certificate Services to issue the certificates to the users.

Windows 365 Cloud PC

Katy Nicholson, 4 August, 2021

Windows 365 Cloud PC is an exciting new product from Microsoft. Split into two SKUs, Business and Enterprise, I have a look at the differences and how to configure Windows 365.

Windows Update for Business (WUfB) and Update Compliance

Katy Nicholson, 23 June, 2021

Windows Update for Business (WUfB) is a free service which allows you a level of control over Windows Update on certain SKU of Windows 10 - Pro/Enterprise/Education/Pro for Workstation - basically everything except Home edition. You can select which types of updates you would like - Feature updates, Quality (security) updates, Driver updates and Microsoft Product updates. Product updates are for other Microsoft products, but not Office if you used the Click-to-Run installer.

Intune: Introducing Filters

Katy Nicholson, 9 June, 2021

Endpoint Manager/Intune Filters is a new feature which gives you advanced targeting for things like compliance policies, configuration profiles and app assignment by adding filters.

Endpoint Analytics

Katy Nicholson, 19 May, 2021

Endpoint Analytics is a component of Intune and is used to provide you with insights as to how your devices are performing. Which take forever to log on? Which apps crash frequently? You can also run proactive remediation scripts to enforce settings or fix issues.

Intune: Manage non-DEP iOS devices via AC2 DEP enrolment

Katy Nicholson, 31 March, 2021

Sometimes you may be given iOS devices which have been purchased by another department - or ad-hoc - and thus you do not have the details to have the supplier add these to DEP/Apple School/Business Manager. In this post I look at how we can add these devices using Apple Configurator 2, and pull these into Intune.

Intune: Windows Hello for Business

Katy Nicholson, 12 March, 2021

Windows Hello is Windows 10's biometric authentication system which allows users to sign into their device using facial recognition (if the device has an IR camera), fingerprint (if the device has a fingerprint reader) and PIN. The data for these is stored on the device itself rather than transmitted to the authentication provider (i.e. Azure AD) so is more secure than a password as an attacker would need the device as well as the face/finger/PIN of the person they are trying to impersonate. In this case a PIN is more like a password, as we can define the minimum and maximum length, and allow/forbid/require lower case, upper case and special characters. The default setting permits numbers, lower and upper case letters but does not allow special characters.

Intune: Endpoint Protection

Katy Nicholson, 26 February, 2021

Whilst Endpoint Protection can be suitably managed for traditional Active Directory-joined devices using Group Policies, you'll need an alternative to protect your Azure AD joined devices. Luckily Intune can do this for us by way of a device configuration profile.

MEM: iOS Wireless Profile with embedded credentials

Katy Nicholson, 5 February, 2021

Sometimes you have no option but to use a wireless network with a username and password, which you want to set on devices with a Configuration Profile. While there is no option to do this with the built in Wi-Fi profile, you can create a custom one on Apple Configurator 2 and import this into Intune.

Intune: Managing iOS devices

Katy Nicholson, 13 January, 2021

In this part of the Intune series of posts I'm looking at getting iPads enrolled and managed, and deploying apps. In my case I'm looking to migrate some iPads from an existing MDM into Intune, so I'm assuming you already have an Apple ID set up to create the push certificates and already have Apple School Manager (or Business Manager) set up.

Intune: Deploying Applications

Katy Nicholson, 6 January, 2021

In this post I cover deploying applications to devices through Intune - Microsoft 365 Apps, Microsoft Store apps, Web Apps and Win32 Applications.

Intune: Getting Started with Autopilot

Katy Nicholson, 20 December, 2020

In this post I take a first look at Intune and Autopilot and go through importing devices, creating enrolment profiles, configuration profiles and deploying the device.