GIA - Get Intune Assignments Application
Hello Everyone, Some time ago I was struggling to get all Assignments Intune for a Specific Azure AD Group. This option does not exist at console, and we need to run a lot of queries at MS Graph and/or use PowerShell to retrieve. So, to help the community I started to create PowerShell scripts to help to query some of the Assignments but, still, I had a lot of scripts each one to retrieve a specific type of items (like profiles, conditional access, apps, etc). After a while I decide to develop a C# .NET Application to facilitate the process. Today I want to share with all you my GIA App (Get Intune Assignments). It's available on my gitHub page: https://github.com/sibranda/GetIntuneAssignments I hope this app can help you guys the same way is helping me and my customers. Regards
Built-in Device Compliance Policy - is active - Not Compliant
I have an enrolled windows device (we are using Azure AD, no hybrid), where I changed the primary user. The compliance policy and the build-in device compliance policy for the new primary user is showing compliant. But the build-in compliance policy for the user, who has enrolled the device is showing "not compliant" see screenshots Do you have any ideas how to solve this?How to "bypass" an Exchange Retention Policy Preservation Lock
I have a scenario with a complete Exchange Retention policy with a preservation lock. As you already know, once a preservation lock is in place, nobody can turn off the policy, delete the policy, or make it less restrictive, ( neither the Global Admin ). Now we need to modify it for a couple of mailboxes, but as those mailboxes, ( like all the mailboxes ), are included in the locked retention policy, there's "no way" to do it. Well, I figured out one chance... 😉 Here starts to play the principles of retention. As the mentioned retention policy is applied to the whole Exchange environment, and as per the principles of retention explicit wins over implicit for deletions, we can create a new policy that applies to the required specific mailboxes in order to delete the content sooner. " If a retention policy for a location uses an adaptive scope or a static scope that includes specific instances (such as specific users for Exchange email) that retention policy takes precedence over a static scope that is configured for all instances for the same location ". https://learn.microsoft.com/en-us/microsoft-365/compliance/retention?view=o365-worldwide That should solve the issue "bypassing" the locked policy. But note that this principle only takes advatage in the case of deletions. For only retention, that wins always over deletions. Maybe not the best solution, but people should be aware about such kind of things before locking a retention policy. Feel free to let me know your thoughts.
Device is marked non-compliant after implementing a password policy
I just created a windows 10 compliance policy with a password requirement and it is marking my device as non compliance even though the password is within the parameters. The exact policy causing the compliance issue is "password complexity". I currently have it set to alphanumeric with Upper/lowercase, numbers, and special character. I have made sure my password fits the parameters (password set for microsoft account which is used to log in). I also am using biometrics and pin. Does the policy require me to disable pin and biometrics and require password only?
