AVD DrainMode dependent on Compliance

An AVD deployment is often joined to Intune. This results in a compliance state in Intune used in Conditional Access for access to Microsoft 365 applications. We don’t want users logging onto AVD machines that aren’t compliant hence the DrainMode dependent on Compliance. Also, AVD deployments are often Hybrid Entra Joined. That comes with the … Read more

Automating cleanup Entra Joined AVD hosts

This post is about automating the cleanup for Entra Joined Azure Virtual Desktop (AVD) hosts. So, what is the problem? The problem is that when you frequently deploy Entra Joined AVD hosts, they are only Entra Joined, and they already exist Entra/Intune. You get this error when running the bicep template: That error is because … Read more

Install Applications after ESP (Enrollment Status Page)

A customer wanted to install applications after the ESP (Enrollment Status Page) phase. This application configures a BitLocker PIN which, obviously, needs interaction with the user. This is not possible in the ESP phase because of, well, the ESP. So, I needed a solution for that. I have configured Olivier Kieselbach’s BitLocker PIN solution. It’s … Read more

Get Installed Language from Domain Computers/Servers

This is a quick short blog about how to get the installed language from domain computers/servers. I wanted to check what languages are installed on my domain computers and servers. To do so I used remote PowerShell. The script looks like this: If you only want to check your Windows Server 2022 machines. Use this … Read more

Windows LAPS user via Remediations

This blog is about creating the Windows LAPS user via (Proactive) Remediations. The user that you want to manage via Windows LAPS is not created automatically. This blog and script help you do that. Prerequisites You have already configured the Windows LAPS policy. This is an example by Joost Gelijsteen. Proper licensing The scripts The … Read more

Discover specific apps on Intune Windows Devices

This blog is about how to discover specific apps on Intune-managed Windows devices. I needed to check whether TikTok was installed. The Dutch government advises not to install this app because of the security reasons involved. Of course, I used a Powershell script to do so and want to share this with you. Prerequisites There … Read more

Notification about untagged Autopilot devices

This post is about getting a notification about untagged Autopilot devices. Just like if your licenses run out, when you have an untagged autopilot device, you want to know! I wrote a script that does that and I want to share it with you! I run this script in an Azure automation account with a … Read more

Reprovision/Restore Windows 365 Devices

This blog is about showing another example of our Powershell module called PSCloudPC. The example is about Reprovision/Restore Windows 365 devices. My other post is about deploying Windows 365 via Powershell. Firstly, download and install the module. You can do so using the following command: After that, import the module: We are now ready to … Read more