View API permissions for all Service Principals

New year, new blog! This post is all about how to view API permissions for all Service Principals. It is quite easy to see the permissions for 1 Service Principal but how about all? I created a script that gathers all assigned application permissions and exports them to CSV (or you can use Out-Gridview). A … Read more

Automating cleanup Entra Joined AVD hosts

This post is about automating the cleanup for Entra Joined Azure Virtual Desktop (AVD) hosts. So, what is the problem? The problem is that when you frequently deploy Entra Joined AVD hosts, they are only Entra Joined, and they already exist Entra/Intune. You get this error when running the bicep template: That error is because … Read more

Monitoring AVD with Azure Monitor

This post is about performance monitoring Azure Virtual Desktop (AVD) with Azure monitor. This features the CPU, RAM, Disk utilization, and more. The log analytics agent will be deprecated in 2024: You can check out the Microsoft docs here. This post features the manual configuration via the Azure portal and an automated configuration via Bicep … Read more

Windows Autopatch – Deployment Cadence Scheduled install

There is a new feature within Windows Autopatch called Deployment Cadence with scheduled install. I have waited for feature for a long time. I wrote another blog about Windows Autopatch called notes from the field. Read about it here: This blog states that one of the things that I run into with Windows Autopatch that … Read more

Winget Packager in Azure DevOps Pipeline

A couple of months ago a fellow MVP Stephan van Rooij wrote an application called Winget Intune, when I saw this I immediately wanted to use this as a packager in an Azure DevOps Pipeline. So, the idea is to enter a winget package ID and the application is grabbed from winget, packaged, and uploaded … Read more

Install Applications after ESP (Enrollment Status Page)

A customer wanted to install applications after the ESP (Enrollment Status Page) phase. This application configures a BitLocker PIN which, obviously, needs interaction with the user. This is not possible in the ESP phase because of, well, the ESP. So, I needed a solution for that. I have configured Olivier Kieselbach’s BitLocker PIN solution. It’s … Read more

Remove OneDrive Personal Icon

This is a quick blog about how to remove the OneDrive Personal Icon from Windows 10. Some users find seeing multiple OneDrive icons in their file browser confusing. So, I created a script to remove this. The script logs to the “C:\ProgramData\Microsoft\IntuneManagementExtension\Logs\” folder so you can pick it up with the “collect diagnostics” button in … Read more

Get Installed Language from Domain Computers/Servers

This is a quick short blog about how to get the installed language from domain computers/servers. I wanted to check what languages are installed on my domain computers and servers. To do so I used remote PowerShell. The script looks like this: If you only want to check your Windows Server 2022 machines. Use this … Read more

Windows LAPS user via Remediations

This blog is about creating the Windows LAPS user via (Proactive) Remediations. The user that you want to manage via Windows LAPS is not created automatically. This blog and script help you do that. Prerequisites You have already configured the Windows LAPS policy. This is an example by Joost Gelijsteen. Proper licensing The scripts The … Read more

Deploy SCEP Certificate Connector Intune

This blog is about how to deploy a SCEP certificate connector for Microsoft Intune. The example shows the SCEP connector and the SCEP profile to deploy certificates. This blog is based on this blog from Saurabh Sarkar. I have used his blog to build my variant on the implementation and I want to share this … Read more