Getting started with filtering and selecting Microsoft Intune data via Microsoft Graph

This week is another week focussed on retrieving data of Microsoft Intune via Microsoft Graph. This week, however, is not focussed on creating a solution, but on providing some guidance on getting started with filtering and selecting specific data. It’s relativly simple to retrieve a bulk of data, but in many cases it might be more efficient and better performing to immediately filter the data and only select specific objects and properties. This post will provide a closer look at the basics of the main query parameters and show how to use them to filter data immediately in the request. The examples provided in this post are using the managedDevice objects as example and are all tested by using Microsoft Graph Explorer. Important: The Microsoft …

Read more

Monitoring Windows Autopilot deployments with Azure Logic Apps and Adaptive Cards for Teams

This week is another follow-up on the last couple of weeks. The last couple of weeks the focus was on monitoring the status of the different connectors, certificates and tokens, while this week the focus is on monitoring deployments. More specifically, on monitoring Windows Autopilot deployments. Especially when dealing with many (remote) Windows Autopilot deployments, it can be useful to retrieve some deployment triggers without constantly having to check the Microsoft Endpoint Manager admin center. That can help with getting a good feeling about the stability and with getting triggered when users deal with failed Windows Autopilot deployments (as not all users call IT about failures). This post walks through the main components that are required to query Windows Autopilot deployment status information in Microsoft …

Read more

Collection of information for monitoring the status of connectors, certificates and tokens

This week is a follow-up on last week. Last week the focus was on providing an example for monitoring the Apple MDM push certificate with Azure Logic Apps and Adaptive Cards for Teams and this week the focus is on providing more endpoints in Microsoft Graph that can be used for monitoring all different connectors, certificates and tokens. This blog post will provide a collection of the different endpoints, the properties to verify and example queries to use. All summarized in tables, including links to the documentation. The following connectors, certificates and tokens are addressed within this post. Note: This list of connectors, certificates and tokens is made based on the information available within Microsoft Endpoint Manager admin center (Tenant administration > Connectors and tokens). …

Read more

Monitoring Apple MDM push certificate with Azure Logic Apps and Adaptive Cards for Teams

This new year starts again with something completely new. That means, some of the technology hasn’t be part of any of the posts on this blog before. This post will provide a look at using Azure Logic Apps for querying Microsoft Intune (via Microsoft Graph) and posting the results in Microsoft Teams. That’s an awesome combination for automating administrative tasks and triggering IT administrators to perform actions. The idea of this post is to show the power of that combination and to show the simplicity to automate administrative tasks. This post provides a simple example that will query status information about the Apple MDM push certificate in Microsoft Intune and posts that information in an adaptive card in a Microsoft Teams chat, when action is …

Read more

Getting started with Remote help for Windows devices

This week is all about getting started with Remote help for Windows devices. Remote help is recently introduced as a new feature in Microsoft Intune that can be used for providing remote assistance to users on Windows devices. It looks a lot like the existing Quick Assist app on Windows, but it has a few big advantages. It integrates with Microsoft Endpoint Manager for providing remote assistance to managed devices, it integrates with Azure Active Directory for providing authentication and compliance information, and it provides a better administrator experience. There are communication options with the user and there is the ability to work with elevated permissions. This post will go through the steps for configuring Remote help in the tenant and through the steps for …

Read more

Working with custom compliance settings

This week is all about the latest capabilities that are available within compliance policies. Those capabilities are custom compliance settings. Custom compliance settings enable the IT administrator to basically check for anything and to use that for the compliance state of the device. The IT administrator can use PowerShell script in the custom compliance setting, to verify the status of anything that is available on the device. The results can be compared to rules and values that are configured in a JSON file. The result of that comparision can be used as part of the compliance policy. This post will proivde a quick introduction to custom compliance settings, followed with the steps to create the require PowerShell script and JSON file. This post will end …

Read more

Different options for upgrading devices to Windows 11

This week is again all about upgrading devices to Windows 11, by using Microsoft Intune. When discussing the upgrade to Windows 11, the first and foremost thing to mention is that managed devices won’t automatically upgrade to Windows 11. There is always an action required by the IT administrator to make sure that managed devices are allowed to upgrade to Windows 11. The options to configure those managed devices, however, were limited when using Microsoft Intune. That has changed with the latest service release (2111) of Microsoft Intune. That service release introduced a few more options for managing and controlling the upgrade to Windows 11. This post will go through those different methods for upgrading devices to Windows 11, followed the configuration options for those …

Read more

Managing Windows Insider Preview Builds within the organization

This week is al around managing Windows Insider Preview Builds. Even though it’s not a new subject, it’s good to at least get a refresher. Especially when mentioning the Windows Insider Preview for Business program, as it’s often still unknown. The fun part, however, is that it’s actually pretty simple to get started. For organizations, the Windows Insider Preview for Business program enables them not having to register each device or user in the program and to easily set important policies around preview builds. The only requirement is to register an Azure AD tenant, so it can be used for authentication.This post walks through that requirement and more, as prequisites for configuring Windows Insider Preview Builds within the organization, followed with the steps for creating …

Read more

Allowing users to opt-in for Windows 11 by using access packages

This week is all about providing users with an easy method to opt-in for using Windows 11. That easy method can be created by using standard functionality that is provided by Azure AD entitlement management – an identity governance feature – and that can be used to automate access request workflows, access assignments, reviews, and expiration. More specifically, entitlement management introduces the concept of an access package and those packages provide an easy method to govern access. In a way, an access package can be used to create a simple automated flow to allow users to opt-in for Windows 11. That can be achieved adding the user to an Azure AD group and using that group for the assignment of a feature update deployment. This …

Read more

Microsoft Tunnel Gateway: A quick overview

This week my post is a few days later, as my post is an extension of my session at the Nordic Virtual Summit Second Edition. At the virtual summit I did a session about Getting access to on-premises resources with Microsoft Tunnel. During that session I shared the information around the architecture of Microsoft Tunnel and I zoomed in on getting up-and-running with Microsoft Tunnel and getting insight in Microsoft Tunnel. This post will provide a quick summary of that session about the different important components of Microsoft Tunnel and how to get connected to Microsoft Tunnel. Most of that information will be summarized in tables and slides. The slides (PDF) of that session are available for download here. Main components of Microsoft Tunnel The Microsoft Tunnel …

Read more