Send sync request to devices

In preparation for an upcoming new release of my Remote Mobile Device Manager tool, this week a short blog post about the Send Sync Request feature. This feature enables the administrator, in a Microsoft Intune hybrid environment, to remotely trigger a synchronization of a device and is available starting with Configuration Manager 1610. In this post I’ll provide some basic information, go through the methods to trigger this action, the Configuration Manager console and PowerShell, and I’ll provide some information about the administrator experience. Information Before showing the methods to use the Send Sync Request feature, it’s good to provide some information about when a device typically checks in. The first thing to keep in mind is that when an app, or policy, is deployed, …

Read more

Use PowerShell and Microsoft Graph to access data in Microsoft Intune

This week a short blog about using PowerShell to access data in Microsoft Intune. This can be achieved by using Microsoft Graph. A couple of weeks ago there was a blog post on the Microsoft Intune Support Team Blog about Using the Microsoft Graph API to access data in Microsoft Intune. That post triggered me to look at the PowerShell possibilities, as the Microsoft Graph has an API and an API can be used with PowerShell. In this blog post I’ll provide the high-level prerequisites for connecting to the Microsoft Graph API and I’ll provide a few examples for querying Microsoft Intune data. Prerequisites This blog post is really focused on the queries to the Microsoft Intune data. However, to successfully connect with the Microsoft …

Read more

Windows 10 MDM and the MDM Bridge WMI Provider

This week another blog post about Windows 10 and OMA-DM, but this week will be short and different. Starting this week I won’t be referring to OMA-DM anymore, instead I’ll be referring to Windows 10 MDM. The main reason for that is change is to align with Microsoft. Also, it simply makes more sense. OMA-DM is the standards based protocol on which the Windows 10 MDM protocol is based. In other words, Windows 10 MDM is not exactly the same as the OMA-DM standards. Technically speaking it’s not wrong to refer to OMA-DM, but it simply makes more sense to refer to Windows 10 MDM. That being said, this blog post will be different for another reason. This week I’ll try to bring Windows 10 …

Read more

New tool: Remote Mobile Device Manager

This blog post will be about a new tool, written in PowerShell, to remotely manage mobile devices. This tool is based on the ConfigMgr SDK and contains all the available options for remotely managing mobile devices. That means it can retire, wipe, lock and pin reset mobile devices. Basically, it’s a version 2.0 of the tool I made a couple of months ago. That tool is limited to the ConfigMgr 2012 R2 functionality, of wipe and retire, and this new tool also contains the ConfigMgr 2012 R2 SP1 functionality, of lock and pin reset. The use case for this tool is still the same. In most cases the service desk is responsible for helping end-users with their mobile devices. What if the company rather not …

Read more

Invoke remote device actions via PowerShell

This will be a short blog post about a the newly introduced WMI class, in the latest service pack, called SMS_DeviceAction. As I’m currently working on a new tool to remotely manage mobile devices, which will be released soon, I noticed that the SMS_DeviceAction class is used to invoke and query the Lock and PinReset actions. What’s even more important is the fact that the SMS_DeviceAction class isn’t documented, yet. In this blog post I’ll post the required information to successfully query the SMS_DeviceAction class and to successfully invoke the methods of the SMS_DeviceAction class. Methods The SMS_DeviceAction class contains the method InvokeAction. The InvokeAction method requires the following input parameters. Parameter Data Type Description Action String This parameter is required and should contain the …

Read more

Automagically set the mobile device owner to company

Before I’ll start with this blog post I would like to say thank you to Kim Oppalfens, for his great suggestion to look at WMI Eventing. I didn’t know that it was that versatile and powerful! Thanks Kim! Scenario The scenario for this post is actually quite simple and is applicable to an environment with Microsoft Intune integrated with ConfigMgr. By default, the device owner of a mobile device is set to Personal and that’s not always the desired value. A lot of customers still provide their employees with (mobile) devices and want the tooling to reflect that information. This blog post will provide an automagic method to set the mobile device owner to Company, by default. The best thing is that it’s still possible …

Read more

Retire or wipe mobile devices via PowerShell

This blog post will be about a new tool, written in PowerShell, to retire and/ or wipe a mobile device. Let’s start with the fact that I know that it’s possible to retire and/ or wipe a mobile device through the ConfigMgr console, but that didn’t stop me from creating this tool. The reason for that is related to how mobile devices are managed and who is usually responsible. In most cases the service desk is responsible for helping end-users with their mobile devices. Now what if a company rather not provides the ConfigMgr console to the service desk, or a company wants to prevent the service desk from wiping a mobile device? That’s were this tool comes in place. >> Available via download here …

Read more

Installing the Microsoft Intune client directly after a task sequence

This blog post will be about a bit strange scenario, it will be about deploying a device via a task sequence of ConfigMgr and ending up with the Microsoft Intune client. There are some cases in which the customer elects to manage some devices through Microsoft Intune, instead of ConfigMgr, but still wants to deploy the operating system via ConfigMgr. In those cases creativity is required to get the Microsoft Intune client installed. The ConfigMgr client and the Microsoft Intune client can’t coexist on one device and it’s not possible to remove the ConfigMgr client during the task sequence (without breaking the task sequence).  That’s were the SMSTSPostAction task sequence variable comes in place. This variable can be used to trigger an (unmonitored) action after …

Read more

Uninstall the Microsoft Intune client via PowerShell

This post will be a short and quick follow-up on my post earlier this week about uninstalling the Microsoft Intune client. The second method I mentioned in that post was about using the ProvisioningUtil.exe. Personally I think the actions mentioned in that method are too many manual actions, so I created a small PowerShell script with two functions to do exactly the same. In this post I’ll go through the two functions, and how they come together, in three steps. >> The complete script is available via download here on the TechNet Galleries! << Step 1: Get the ServiceId The first step is that I need to get the service ID for the uninstall command line. The following function goes through the registry path that …

Read more

Verify the role-based administration model via PowerShell

Let’s switch back to pure ConfigMgr and PowerShell this week. It will be a relatively short blog post, but in this post I’ll go through WMI and show how to get the right information about the role-based administration model. I know that this information is also available through the console, but what if I want to verify the configured role-based administration model. In that case I don’t want to go through the console, in that case I want to automate it. That way I can schedule it every now and then. SMS_Admin To get the information that I’m looking for I have to look at the SMS_Admin class in WMI. This class represents all the different administrative users. The first step is quite easy and …

Read more