A blog about End User Computing (EUC)
An AVD deployment is often joined to Intune. This results in a compliance state in Intune used in Conditional Access for access to Microsoft 365 applications. We don’t want users logging onto AVD machines that aren’t compliant hence the DrainMode dependent on Compliance. Also, AVD deployments are often Hybrid Entra Joined. That comes with the … Read more
This is a blog post about how to schedule a PowerShell script via Intune. Of course, we would like this to be built-in within Microsoft Intune but we are not there yet. Hopefully, this will be an option in the future. We would like to schedule app installs and scripts via Microsoft Intune directly. We … Read more
There is a new feature within Windows Autopatch called Deployment Cadence with scheduled install. I have waited for feature for a long time. I wrote another blog about Windows Autopatch called notes from the field. Read about it here: This blog states that one of the things that I run into with Windows Autopatch that … Read more
A couple of months ago a fellow MVP Stephan van Rooij wrote an application called Winget Intune, when I saw this I immediately wanted to use this as a packager in an Azure DevOps Pipeline. So, the idea is to enter a winget package ID and the application is grabbed from winget, packaged, and uploaded … Read more
A customer wanted to install applications after the ESP (Enrollment Status Page) phase. This application configures a BitLocker PIN which, obviously, needs interaction with the user. This is not possible in the ESP phase because of, well, the ESP. So, I needed a solution for that. I have configured Olivier Kieselbach’s BitLocker PIN solution. It’s … Read more
This is a quick blog about how to remove the OneDrive Personal Icon from Windows 10. Some users find seeing multiple OneDrive icons in their file browser confusing. So, I created a script to remove this. The script logs to the “C:\ProgramData\Microsoft\IntuneManagementExtension\Logs\” folder so you can pick it up with the “collect diagnostics” button in … Read more
This blog is about creating the Windows LAPS user via (Proactive) Remediations. The user that you want to manage via Windows LAPS is not created automatically. This blog and script help you do that. Prerequisites You have already configured the Windows LAPS policy. This is an example by Joost Gelijsteen. Proper licensing The scripts The … Read more
This blog is about how to deploy a SCEP certificate connector for Microsoft Intune. The example shows the SCEP connector and the SCEP profile to deploy certificates. This blog is based on this blog from Saurabh Sarkar. I have used his blog to build my variant on the implementation and I want to share this … Read more
This blog is about how to discover specific apps on Intune-managed Windows devices. I needed to check whether TikTok was installed. The Dutch government advises not to install this app because of the security reasons involved. Of course, I used a Powershell script to do so and want to share this with you. Prerequisites There … Read more
This post is about getting a notification about untagged Autopilot devices. Just like if your licenses run out, when you have an untagged autopilot device, you want to know! I wrote a script that does that and I want to share it with you! I run this script in an Azure automation account with a … Read more