🎙️Podcast: Microsoft Ignite E03
🎙️#Podcast: Microsoft Ignite E03 I had an incredible time chatting with @liorbela.bsky.social in my latest #MSignite podcast episode, where we delved into key highlights from Microsoft Ignite 2024 and exciting developments in the Intune world #msintune Youtube: https://youtu.be/mnxHRLz3EMg?si=pab6wByZpQ2tnf5P
Get-MgBetaDeviceManagementDeviceConfiguration fails
I’m trying to fetch all Intune configuration policies using Get-MgBetaDeviceManagementDeviceConfiguration (the Get-MgDeviceManagementDeviceConfiguration cmdlet is even worse), but it fails to retrieve certain policy types like Administrative Templates and Settings Catalog. How can I fetch all policy types?
Get List of Apps from single devices (Powershell)
Hello everyone, i'm currently looking for a way to use msgraph to run a query in Intune to determine which apps are assigned to a device. The idea is that when a device is changed, all the apps used can be made available to the user on the new device. A large proportion are of course assigned via groups, but there are also many company-specific applications that cannot be assigned in this way. The most promising post so far has been the following article "https://practical365.com/using-powershell-to-install-apps-on-endpoints/", but this initially records all apps and then sorts them to the devices. Does anyone have an alternative to this? Many thanks in advance for any tips and advice.Microsoft Intune Management - Connect securely to Intune with Microsoft Graph and PowerShell!
Dear Microsoft Intune friends, In this article I will show you how to create a "secure" connection to Microsoft Intune with Microsoft Graph and PowerShell! In this example, we use an app registration in Microsoft Entra ID and a certificate created on the local machine. Create and export the certificate. I use Visual Studio Code and PowerShell 7. $certName = 'IntuneGraphAppCert' $cert = New-SelfSignedCertificate -Subject "CN=$certName" -CertStoreLocation "Cert:\CurrentUser\My" -KeyExportPolicy Exportable -KeySpec Signature -KeyLength 2048 -KeyAlgorithm RSA -HashAlgorithm SHA256 -NotAfter (get-date).AddYears(1) Export-Certificate -Cert $cert -FilePath "C:\certs\$certName.cer" Note: The certificate is created in the local certificate store and exported to the folder C:\certs. The certificate is valid for one year. Create an app registration in Microsoft Azure AD. 1. Go to the Azure portal and create a new app registration in Azure AD. 2. Give the app a name and notice the following. 4. Go to the API permissions and add the following permissions (These serve only as an example). 5. Do not forget to grant admin consent. 6. Go to the certificate and secrets and upload the certificate. Back inVisual Studio Code and PowerShell! 1. Install the Microsoft.Graph. Install-Module -Name Microsoft.Graph -Verbose -Force -AllowClobber 2. Import the Microsoft.Graph module. Import-Module Microsoft.Graph 3. Create some variables. $TenantId = '77e01716-a6a2-4f99-b864-xxxxxxxxxxxx' $AppId = '5c14b994-2290-4f84-9069-xxxxxxxxxxxx' $certName = 'IntuneGraphAppCert' $Cert = Get-ChildItem -Path 'Cert:\CurrentUser\My' | Where-Object { $_.Subject -eq "CN=$CertName" } 4. Connect to Microsoft Graph. Connect-MgGraph -TenantId $TenantId -ClientId $AppId -Certificate $Cert 5. We check the permissions. (Get-MgContext).Scopes HAPPY CONNECTING!! I am fully aware that this is only as good as the physical machine is secured. However, I would like to share my experiences with you. Thank you for taking the time to read the article. Best regards, Tom Wechsler P.S. All scripts (#PowerShell, Azure CLI, #Terraform, #ARM) that I use can be found on GitHub! https://github.com/tomwechslerMicrosoft Graph Command Line Tools Blocked by CA
Hi All I hope you are well. Anyway, I recently turned ON a Conditional Access Policy Template, "Require MDM-enrolled and compliant device to access cloud apps for all users (Preview)" this seems to work fine until our IT Admins try to use the AutoPilot script which gets blocked based on: Microsoft Graph Command Line Tools Any ideas on how to allow AutoPilot /Microsoft Graph Command Line Tools through CA? Info appreciatedMonitor low disk space for computers
Hi All, We have a requirement to monitor low disk space, particularly on devices with less than 1GB of available space. We were considering creating a custom compliance policy, but this would lead to blocking access to company resources as soon as the device becomes non-compliant. Therefore, we were wondering if there are any other automated methods we could use to monitor the logical disk space (primarily the C drive) using Intune or Microsoft Graph. Thanks in advance, Dilan[NEW] Podcast06: Setup MAM for Windows In Intune
Podcast06: Setup MAM for Windows In Intune. Upcoming Podcast joines me Joery Van den Bosch to focus MAM on securing and managing mobile applications within an organization. Through MAM, organizations can control app configurations, protect data, manage access, and ensure apps are updated. This approach is especially valuable for securing corporate data on personal devices, without requiring full device enrollment. Key Benefits of MAM: Enhanced Data Security Increased Flexibility App Protection Policy Levels: Level 1 – Basic Data Protection. Level 2 – Enhanced Protection. Level 3 – High Data Protection. Youtube: https://youtube.com/shorts/GNWsX1B_Io8?si=I7EySot5pTgVBXa6Removing Outdated App Installation Errors in Microsoft Intune
Hello everyone, I'm experiencing an issue with my Microsoft Intune dashboard. It continues to show app installation errors for users who no longer exist on the Windows 11 devices, as they have been removed. These error messages relate to both Win32 apps and Microsoft Store apps and seem outdated, cluttering the dashboard. Is there a way to remove or clean up these outdated error messages? Is it possible to delete these error messages directly on the device or initiate a complete re-evaluation? For example, the Company Portal app was deployed as a Microsoft Store app for Windows 11 devices. The following image shows the existing installation error: Any tips or solutions would be greatly appreciated. Thank you in advance!Issue with Commit Upload for Win32 App in Intune via PowerShell Runbook
Hello everyone, I'm encountering an issue while trying to upload a Win32 app to Intune. The app is an .exe installer that I converted to an IntuneWin file before attempting the upload using a PowerShell runbook. Everything goes well until I try to invoke the commit. At that point, I consistently receive an error from the API, stating that the commit file upload failed. I'm also uncertain about the encryption parameters for the upload file and how to correctly set them, which might be contributing to the issue. I haven't found sufficient documentation to resolve this. Has anyone successfully navigated this, or could offer advice on the correct encryption parameters and other troubleshooting steps? Your help would be greatly appreciated. Thank you!
