Gpresult Like Tool For Intune
Hi, Jonas here! Or as we say in the north of Germany: "Moin Moin!" I had to troubleshoot a lot of Intune policies lately and I used a variety of tools for that. At the end, I built my own script to have a result which looks similar to what “GPresult /h” creates for on-premises group polices. The script is inspired by the following article: https://doitpshway.com/get-a-better-intune-policy-report-part-2 by Ondrej Sebela. It follows a similar approach, but without any module dependencies and fewer output options, as my script only generates an HTML page. What started as a script is now a module which might have more functions in the future. Feel free to read any of my other articles here: https://aka.ms/JonasOhmsenBlogs How to get the module The PowerShell module is called: "IntuneDebug" and can be installed or downloaded from the PowerShell Gallery. Install the module by running the following command: Install-Module -Name IntuneDebug The module repository can be found here https://aka.ms/IntuneDebug in case you want to download the module manually or want to contribute to it. The command to get the report is called: “Get-MDMPolicyReport” How to use Get-MDMPolicyReport The function can run without administrative permissions and without any parameters on a windows machine. But you can also start the function with administrative permissions to get more data about Intune Win32Apps and their install status. Use parameter “-MDMDiagReportPath” to load MDM report data captured on a remote machine. But more on that in section “How to use parameter -MDMDiagReportPath“ So, in summary, the function can run locally to output information specific to that device, or it can parse already captured data via the “-MDMDiagReportPath” parameter. It cannot gather data remotely, though. The function output As mentioned earlier, the only output of the function is an HTML file which will automatically open in Edge. The output is grouped into sections to make the report easier to read. The page looks like this when all sections are collapsed: Section: "DeviceInfo <Devicename>" DeviceInfo shows general information about the device and the Intune sync status: Section: "PolicyScope: Device" This section shows all the settings applied to the device grouped by area/product. Note: If you’re coming from ConfigMgr you might expect a policy ID in the report. While an Intune policy has an ID, the ID is not stored on the device. That’s by-design and that’s the reason why we just see the settings that apply to a device in this report. The following example shows some basic Defender and Delivery Optimization settings grouped together. You can also see the system's default value if there is one and the winning settings provider. This should typically be the MDM provider like Intune, but it could also be a different provider for some settings depending on the setup. Section: "PolicyScope: <SID> <UPN>" This section shows all the policies applied to a user. The user’s SID and UPN (UPN only when run locally) are visible in the policy-scope header. If there are multiple users working on a machine, each user will have their own section in the report. Section: "PolicyScope: EnterpriseDesktopAppManagement" This section shows all MSI installation policies from Intune. NOTE: Win32 and store apps are visible in the “Win32Apps” section. The application name is not available, instead I show the MSI filename to give an indication of what type of app that is. Section: "PolicyScope: Resources" Under resources we will see policies which typically contain some sort of payload. Like a certificate or Defender firewall rule. I tried to make each section as readable as possible. So, the output varies by type. Certificates for example, are shown in a different format as Defender firewall rules. NOTE: If the function runs without the parameter “-MDMDiagReportPath” it will try to enrich the policy info with as much data as possible. This is not possible when working with captured MDM-reports from a remote machine. The output might be limited in that case. Section: "PolicyScope: Local Admin Password Solution (LAPS)" This section shows all the settings applied to the device coming from a LAPS policy as well as some local settings. Section: "PolicyScope: Win32Apps" This section shows all available Win32App policies. Those apps can be installed already or just assigned as available. If you need more information about the installation status, you need to run the function with administrative permission. This only works locally and cannot be used with parameter “-MDMDiagReportPath” since the extra data is coming from the local registry. If a script is used for the detection or requirement, the script will be parsed and shown as it is. Use the copy button to copy the script and test it locally if needed. When the script is run as administrator locally, it will try to get more information about the actual installation status of an application: Section: "PolicyScope: Intune Scripts" Intune Scripts will show script policies and their current state. The example below shows a remediation script with the detection output string "Found". It does not have an remediation action and therefore no data for the related properties. Unfortunately, the script name is not part of the policy and cannot be shown here. But you can use Graph Explorer https://aka.ms/ge and use the following endpoint to get the script name by entering the script ID of your script: "https://graph.microsoft.com/beta/deviceManagement/deviceHealthScripts/<ScriptID>?$select=id,displayName" Where the data comes from The function will use the following command to generate an MDM report: MdmDiagnosticsTool.exe -out “C:\Users\PUBLIC\Documents\MDMDiagnostics\<DateTime>” NOTE: The tool MdmDiagnosticsTool.exe is part of the Windows operating system. More about it can be found HERE The tool will export the data to C:\Users\PUBLIC\Documents\MDMDiagnostics to a folder in the following format: "yyyy-MM-dd_HH-mm-ss" The function will then parse the following two files to extract the required data without administrative privileges: MDMDiagReport.html MDMDiagReport.xml Some data is directly read from the registry to enrich the output and in some cases administrator permissions are required. The Win32Apps and Intune script policy data is coming from the Intune Management Extension logfiles: C:\ProgramData\Microsoft\IntuneManagementExtension\Logs\AppWorkload*.log C:\ProgramData\Microsoft\IntuneManagementExtension\Logs\HealthScripts*.log NOTE: The folders under “C:\Users\PUBLIC\Documents\MDMDiagnostics” will be deleted when the creation time is older than one day. This can be changed with parameter “-CleanUpDays” set to a higher value than one day. How to use parameter “-MDMDiagReportPath” Simply generate MDM report data, either with the MdmDiagnosticsTool.exe, via the settings app or via Intune. Then copy the files to a system with the IntuneDebug module on it and unpack the report data. You can now run the function with the parameter “-MDMDiagReportPath” and point it to the unpacked report data. NOTE: The report header will contain the following when the parameter was used: “Generated from captured MDM Diagnostics Report” MdmDiagnosticsTool.exe example: mdmdiagnosticstool.exe -area "DeviceEnrollment;DeviceProvisioning;Autopilot" -zip C:\temp\MDMDiagnosticsData.zip Settings app example: Intune Example: I hope you find this tool helpful. In case of any issues or suggestions, head over to GitHub via https://aka.ms/IntuneDebug and create an issue or pull request. Stay safe! Jonas Ohmsen Code disclaimer This sample script is not supported under any Microsoft standard support program or service. This sample script is provided AS IS without warranty of any kind. Microsoft further disclaims all implied warranties including, without limitation, any implied warranties of merchantability or of fitness for a particular purpose. The entire risk arising out of the use or performance of this sample script and documentation remains with you. In no event shall Microsoft, its authors, or anyone else involved in the creation, production, or delivery of this script be liable for any damages whatsoever (including, without limitation, damages for loss of business profits, business interruption, loss of business information, or other pecuniary loss) arising out of the use of or inability to use this sample script or documentation, even if Microsoft has been advised of the possibility of such damages.Microsoft Teams COVID-19 Response Bot
Microsoft Teams COVID-19 Response Bot Using an Information BOT to enable companies to build out a knowledge base and FAQ to interact and communicate to their employees. Target Audience: COVID-19 Company Response Teams Every group who is reacting to an unforeseen situation like: Communications, Help Desk, Human Resources, and Operations teams. Technical Requirements: Azure subscription; QnA Maker account; No experience with coding required. The Problem: Many companies have been struggling to provide communications and resources in an automated way. Microsoft Teams COVID-19 Response Bot adds value! In a pandemic situation, many companies that have not completed or started their digital transformation tend to struggle with high volume of inquiries being directed to their front line response teams. Azure Web Bot services can help reduce the overhead of the front-line response teams by inserting an automated layer and interactive for employees to engage your resources. We will show you below how to create a COVID-19 response bot and connect it to Microsoft Teams, a website (Intranet / Internet), and as an email responder in 12 easy steps that does not require any previous coding experience. Microsoft Teams: Employees want an interactive experience to communicate in a chat and ask questions about company resources and frequently asked questions. Intranet / Internet Communication: Employees are expecting crisis communication and interaction on the home page of the intranet to feel connected. Providing a real-time chat bot to allow employees to get company-specific information immediately. Bot used as an Email Responder: Companies can create a mailbox for crisis communication that provides valuable and relevant automated responses. Deploy Microsoft Teams COVID-19 Response Bot: Open Edge and navigate to https://qnamaker.ai on the top right corner click “Sign in” and sign in using your Microsoft Account. Once you have signed into your account, click on “Create a knowledge base” from the top menu. Once you clicked on Create a knowledge base, you will be required to create a QnA service in Microsoft Azure, click on the blue button that says “Create a QnA service". This will redirect you to your Azure portal and directly into Cognitive Services (QnA Maker). Fill the form and click on “Create” at the bottom: Once your deployment has been successfully implemented, go back to QnA Maker portal and click on “Refresh” and select the correct Azure QnA service from the drop downs. It is time to select a name for your Knowledge Base. Now it is time for us to populate the content for our bot, we will choose the URL for the FAQ the CDC has available (https://www.cdc.gov/coronavirus/2019-ncov/faq.html) and we will enable multi-turn, which will allow to present multiple potential matches for a single question, and for personality we will choose professional. Once you have the form filled, click on “Create your KB” this will take few minutes to parse all the questions on your FAQ URL or files (if you uploaded any). Once you are redirected to your knowledge base, click on “PUBLISH” to continue creating the bot A New page will be displayed, you will need to click on “Publish” at the bottom to be able to use this knowledge base to your bot in Azure. Once this task is completed, it will redirect you to the last page we need in QnAMaker.ai, which has a button to “Create bot”, this will redirect you to your Azure Portal again to create a bot. On the Web App Bot section of Azure, verify all the information has been filled and click “Create”, once the task is completed, your bot is live and ready to be used by deploying it on the channel of your preference (Teams, Email, Facebook, GroupMe, Kik, LINE, Skype, Slack, Telegram, Twilio, Cortana, Web Chat, and Direct Line). Deploying your bot on Microsoft Teams Go to your bot and click on "Channels". Click on the Microsoft Teams icon in the center of the page. Click Save and your bot will be ready to be used on Teams. Deploying your bot on a web site Go to your bot and click on "Channels". By default Web Chat is always enabled, click on "Edit" on the far right side. Copy the HTML code into the page you are going to implement the bot by clicking “Copy” in the “Embed code” section, and your bot will be available in the URL you pasted the code. Deploying your bot on an email: Go to your bot and click on "Channels". Click on "Email". Enter your Office 365 email credentials for the mailbox the bot is going to use and hit "Save", and your bot will be able to respond email messages that arrive to that specific mailbox. Bot Solutions Going Forward: HR Benefits, Help Desk, Office 365 Journey Advisor, Adoption Projects, Company branding materials, On-boarding mentor, and more. Contributors: Michelle Gilbert michellegilbert Daniel Lopez DanLopezMicrosoft Teams COVID-19 Response Bot
Microsoft Teams COVID-19 Response Bot Using an Information BOT to enable companies to build out a knowledge base and FAQ to interact and communicate to their employees. Target Audience: COVID-19 Company Response Teams Every group who is reacting to an unforeseen situation like: Communications, Help Desk, Human Resources, and Operations teams. Technical Requirements: Azure subscription; QnA Maker account; No experience with coding required. The Problem: Many companies have been struggling to provide communications and resources in an automated way. Microsoft Teams COVID-19 Response Bot adds value! In a pandemic situation, many companies that have not completed or started their digital transformation tend to struggle with high volume of inquiries being directed to their front line response teams. Azure Web Bot services can help reduce the overhead of the front-line response teams by inserting an automated layer and interactive for employees to engage your resources. We will show you below how to create a COVID-19 response bot and connect it to Microsoft Teams, a website (Intranet / Internet), and as an email responder in 12 easy steps that does not require any previous coding experience. Microsoft Teams: Employees want an interactive experience to communicate in a chat and ask questions about company resources and frequently asked questions. Intranet / Internet Communication: Employees are expecting crisis communication and interaction on the home page of the intranet to feel connected. Providing a real-time chat bot to allow employees to get company-specific information immediately. Bot used as an Email Responder: Companies can create a mailbox for crisis communication that provides valuable and relevant automated responses. Deploy Microsoft Teams COVID-19 Response Bot: Open Edge and navigate to https://qnamaker.ai on the top right corner click “Sign in” and sign in using your Microsoft Account. Once you have signed into your account, click on “Create a knowledge base” from the top menu. Once you clicked on Create a knowledge base, you will be required to create a QnA service in Microsoft Azure, click on the blue button that says “Create a QnA service". This will redirect you to your Azure portal and directly into Cognitive Services (QnA Maker). Fill the form and click on “Create” at the bottom: Once your deployment has been successfully implemented, go back to QnA Maker portal and click on “Refresh” and select the correct Azure QnA service from the drop downs. It is time to select a name for your Knowledge Base. Now it is time for us to populate the content for our bot, we will choose the URL for the FAQ the CDC has available (https://www.cdc.gov/coronavirus/2019-ncov/faq.html) and we will enable multi-turn, which will allow to present multiple potential matches for a single question, and for personality we will choose professional. Once you have the form filled, click on “Create your KB” this will take few minutes to parse all the questions on your FAQ URL or files (if you uploaded any). Once you are redirected to your knowledge base, click on “PUBLISH” to continue creating the bot A New page will be displayed, you will need to click on “Publish” at the bottom to be able to use this knowledge base to your bot in Azure. Once this task is completed, it will redirect you to the last page we need in QnAMaker.ai, which has a button to “Create bot”, this will redirect you to your Azure Portal again to create a bot. On the Web App Bot section of Azure, verify all the information has been filled and click “Create”, once the task is completed, your bot is live and ready to be used by deploying it on the channel of your preference (Teams, Email, Facebook, GroupMe, Kik, LINE, Skype, Slack, Telegram, Twilio, Cortana, Web Chat, and Direct Line). Deploying your bot on Microsoft Teams Go to your bot and click on "Channels". Click on the Microsoft Teams icon in the center of the page. Click Save and your bot will be ready to be used on Teams. Deploying your bot on a web site Go to your bot and click on "Channels". By default Web Chat is always enabled, click on "Edit" on the far right side. Copy the HTML code into the page you are going to implement the bot by clicking “Copy” in the “Embed code” section, and your bot will be available in the URL you pasted the code. Deploying your bot on an email: Go to your bot and click on "Channels". Click on "Email". Enter your Office 365 email credentials for the mailbox the bot is going to use and hit "Save", and your bot will be able to respond email messages that arrive to that specific mailbox. Bot Solutions Going Forward: HR Benefits, Help Desk, Office 365 Journey Advisor, Adoption Projects, Company branding materials, On-boarding mentor, and more. Contributors: Michelle Gilbert michellegilbert Daniel Lopez DanLopezUnable to directly Edit html in the browser in SharePoint Online
From yesterday onwards, am Unable to directly Edit html in the browser in SharePoint Online env. i have created a folder called htmfiles in my siteassets librray on my SPO site, and i have a html file that has css, js, and html content. When i tried to edit the html file, am getting a message, " its just a preview". Did MSFF make any changes in this behavior for the last few days?
