Using a custom connector for device management actions in Microsoft Intune

This week is again all about the powerful combination of Microsoft Power Apps and Microsoft Power Automate with Microsoft Intune (and Microsoft Graph). In my previous post about introducing a mobile device manager app for Microsoft Intune, I relied on the standard available functionalities within the different products to show how easy it is to get started and to create your own app in Power Apps. Because of that starting point, I relied on providing application API permissions when accessing the Graph API. In that post, I also mentioned that there is another method available by using delegated API permissions when accessing the Graph API. Also, to be really honest, when an app in Power Apps is working with a signed-in user, it also makes …

Read more

Introducing a simple remote device manager app for Microsoft Intune

This new year starts with something completely new. That means, some technology that hasn’t been part of any of the posts on my blog before. Inspired by some posts of Courtenay Bernier, I took some time to dive into the world of Microsoft Power Apps and Microsoft Power Automate, in combination with Microsoft Intune (and Microsoft Graph). This post will cover how I’ve used those technologies – with almost no custom code – to create a simple remote device manager app for Microsoft Intune. I’ll also hope that this post will show the power of this combination and inspire more readers to dive into that world. Basic knowledge of the mentioned technologies is required, as this post won’t be completely step-by-step and won’t provide a …

Read more

Easily exporting Intune reports using Microsoft Graph

This week a short blog post about Intune reports and more specifically about exporting Intune reports by using Microsoft Graph. Since recently, all reports that are available in the (new) Intune reporting infrastructure are available for export. That export can be achieved from a single top-level export API. Simply use Microsoft Graph API to make the required HTTP call(s). The result of the HTTP call(s) will be a downloadable ZIP-file that contains a CSV-file. That CSV-file contains an export of the latest real-time information and can be imported in EXCEL for some simple data analyses, or in Power BI for more advanced data analyses and visualizations. In this post I’ll show how to use Microsoft Graph to export Intune reports and I’ll show the results …

Read more

Installing applications by using Windows Package Manager

This week is all about installing applications via Microsoft Intune by using Windows Package Manager. A few years ago I wrote a post about something similar by using Chocolatey. That time the idea was to simply leverage the PowerShell script functionality that was just introduced. This time the idea is to leverage the Win32 app functionality together with the Windows Package Manager that is just introduced. Leveraging the Win32 app functionality provides me with a few advantages above simply leveraging the PowerShell script functionality. In my opinion the main advantages are the flexibility of the Win32 app model (think about requirements, detection rules, dependencies and notifications) and the ability to use Win32 apps during the Enrollment Status Page (ESP). Creating the Win32 app would cost …

Read more

Quick tip: Allow access to unlicensed admins

This week a quick extra blog post about a small nice new feature that became available in Microsoft Intune. That feature is the setting to allow access to Microsoft Intune for unlicensed admins. That setting enables an organization to toggle a tenant-wide setting that removes the Intune license requirement for administrators when accessing the Microsoft Endpoint Manager admin console (and Microsoft Graph). Once toggled it can never be reinstated. The following two steps walk through the process of allowing access to unlicensed admins Open the Microsoft Endpoint Manager admin center portal and navigate to Tenant administration > Roles > Administrator Licensing to open the Intune roles | Administrator Licensing page On the Intune roles | Administrator Licensing page, click Allow access to unlicensed admins On the Allow access to unlicensed admins verification window, click Yes After following …

Read more

Configuring eSIM profiles on Windows devices

This week is all about configuring eSIM profiles on Windows 10 devices by using Microsoft Intune. An eSIM is an embedded digital version of a SIM card that enables the user to connect to the mobile network provider, without an actual physical SIM card. It can be programmed to the mobile network provider and data plan of choice. That can provide an Internet connection over a cellular data connection on an eSIM-capable device. Even though the eSIM functionality is available for most platforms, Microsoft Intune currently only supports the configuration of eSIM profiles on Windows 10 devices. In this post I’ll start with a short introduction, followed by the steps to import and assign eSIM profiles. I’ll end this post by having a look at …

Read more

Pushing notifications to users on iOS and Android devices

This week is all about the different options in Microsoft Intune to send push notifications to users on iOS (and iPadOS) and Android devices. The trigger of this post is the option to send push notifications as an action for noncompliance, which was introduced with the 2005 service release of Microsoft Intune. Besides that, it was already possible to send custom notifications to a single device, to the devices of a group of users, or as a bulk action to multiple devices. In this post I want to go through the different options for sending push notifications, followed by showing the end-user experience. Send custom notifications Custom notifications can be used to push a notification to the users of managed iOS (including iPadOS) and Android …

Read more

Simplifying management of the Google Chrome browser

This week is all about simplifying the management of the Google Chrome browser. I’ve done my fair share of posts about different methods for managing settings for the Google Chrome browser, by using Microsoft Intune, like for example by using ADMX-files or by using PowerShell, but it can be easier. It can also be achieved by using Chrome Browser Cloud Management. Chrome Browser Cloud Management is a cloud-based solution that enables the management of the Google Chrome browser across Windows, Mac and Linux devices. In this post I’ll start with a short introduction about Chrome Browser Cloud Management, followed by the steps to enrol Windows devices by using Microsoft Intune. I’ll end this post by looking at the end-user experience. Note: Keep in mind that …

Read more

Simplifying the migration of Android device administrator to Android Enterprise work profile management

This week is all about a recently introduced feature that will help organizations with their move away from Android device administrator managed devices to Android Enterprise work profile management. That is a very welcome feature as Google is decreasing device administrator support in new Android releases, which makes difficult for Microsoft Intune (and any other MDM-solution) to adequately manage Android device administrator managed devices starting with Android 10. The feature in Microsoft Intune that will help with moving away from Android device administrator managed devices is a compliance setting that will enable organizations to block devices in a structured manner and to provide a direct migration path to Android Enterprise work profile management. In this post I’ll show how to create and configure a device …

Read more

Changing the primary user of Windows devices

This week is all about the primary user of a Windows device. More specifically about the recently introduced functionality to change or remove the primary user of a Windows device. The primary user is used within Microsoft Intune to map a licensed user to a device. Changing the primary user enables the administrator to switch the primary user of a device from one user to another user, or to switch a device without an assigned primary user (shared device) to a specific user. Besides that, removing the primary user enables the administrator to switch a device from a specific user to a shared device. In this post I’ll start with a short introduction about the primary user (and shared devices), followed by actually changing the …

Read more