AVD DrainMode dependent on Compliance

An AVD deployment is often joined to Intune. This results in a compliance state in Intune used in Conditional Access for access to Microsoft 365 applications. We don’t want users logging onto AVD machines that aren’t compliant hence the DrainMode dependent on Compliance. Also, AVD deployments are often Hybrid Entra Joined. That comes with the … Read more

Windows Autopatch – Deployment Cadence Scheduled install

There is a new feature within Windows Autopatch called Deployment Cadence with scheduled install. I have waited for feature for a long time. I wrote another blog about Windows Autopatch called notes from the field. Read about it here: This blog states that one of the things that I run into with Windows Autopatch that … Read more

Winget Packager in Azure DevOps Pipeline

A couple of months ago a fellow MVP Stephan van Rooij wrote an application called Winget Intune, when I saw this I immediately wanted to use this as a packager in an Azure DevOps Pipeline. So, the idea is to enter a winget package ID and the application is grabbed from winget, packaged, and uploaded … Read more

Install Applications after ESP (Enrollment Status Page)

A customer wanted to install applications after the ESP (Enrollment Status Page) phase. This application configures a BitLocker PIN which, obviously, needs interaction with the user. This is not possible in the ESP phase because of, well, the ESP. So, I needed a solution for that. I have configured Olivier Kieselbach’s BitLocker PIN solution. It’s … Read more

Remove OneDrive Personal Icon

This is a quick blog about how to remove the OneDrive Personal Icon from Windows 10. Some users find seeing multiple OneDrive icons in their file browser confusing. So, I created a script to remove this. The script logs to the “C:\ProgramData\Microsoft\IntuneManagementExtension\Logs\” folder so you can pick it up with the “collect diagnostics” button in … Read more

Windows LAPS user via Remediations

This blog is about creating the Windows LAPS user via (Proactive) Remediations. The user that you want to manage via Windows LAPS is not created automatically. This blog and script help you do that. Prerequisites You have already configured the Windows LAPS policy. This is an example by Joost Gelijsteen. Proper licensing The scripts The … Read more

Deploy SCEP Certificate Connector Intune

This blog is about how to deploy a SCEP certificate connector for Microsoft Intune. The example shows the SCEP connector and the SCEP profile to deploy certificates. This blog is based on this blog from Saurabh Sarkar. I have used his blog to build my variant on the implementation and I want to share this … Read more

Discover specific apps on Intune Windows Devices

This blog is about how to discover specific apps on Intune-managed Windows devices. I needed to check whether TikTok was installed. The Dutch government advises not to install this app because of the security reasons involved. Of course, I used a Powershell script to do so and want to share this with you. Prerequisites There … Read more