Connect to Microsoft Graph for Intune with Powershell ISE Add-ons

Introduction

If you are working with Microsoft Intune on a daily basis, chances are that you are familiar with the awesome Powershell Intune Graph script samples over at GitHub: https://github.com/microsoftgraph/powershell-intune-samples.

I have previously blogged specifically about putting 2 of the scripts to use here:

If you are less familiar with Powershell, the script samples might seem a bit intimidating and difficult for some to put to use. The new Microsoft.Graph.Intune PowerShell Module to the rescue!

Now, this post is not about using the actual module, but how you with a single click can connect to the Graph API and gain access to all the available cmdlets in a very easy and sufficient way.

Read more…

Install Google Chrome Extensions using Microsoft Intune in 3 different ways (Powershell, ADMX ingestion and MSI)

Introduction

I have previously covered the approach on how to install Google Chrome extensions using System Center Configuration Manager. Find my post here: https://www.imab.dk/forcefully-deploy-the-windows-defender-google-chrome-extension-using-configuration-manager/

Then it came to my attention that Microsoft released another and new extension for Chrome last week. It’s called Microsoft Web Activities. This made me go through the approach again, and figured I wanted to cover the methods on how to install Google Chrome Extensions using Microsoft Intune.

Read more…

AutoPilot for existing devices: Move from Windows 7 to modern Co-managed Windows 10 in a jiffy using ConfigMgr

Introduction

Lately I have been preparing our own shift from old school device provisioning with PXE and ConfigMgr, to the modern alternative with Windows AutoPilot. The preparation is two folded, where the mindset of the IT pros working with the technologies needs a shift, but obviously also the technologies and features involved.

We’ve been hitting F12 and preparing devices within IT for many years and while it’s easy to persuade IT pros into using new and exciting technologies, the businesses we serve also needs maturing. We are not quite there yet, but we are getting closer, and the first step is obviously to embrace the technology and start using it.

We don’t have any devices running Windows 7 in our environment (phew), but this is an approach that can be used with previous versions of Windows 10 as well. For example when moving from 1803 to 1809.

Read more…

Install RSAT (Remote Server Administration Tools) for Windows 10 v1809 using Microsoft Intune

Introduction

I don’t know if this will have many uses, but I did a similar post on how to deploy RSAT for Windows 10 v1809 using SCCM (System Center Configuration Manager) back in October when 1809 was initially released. As most people know by now, RSAT is no longer a separate downloadable add on to Windows, but something which is included as “Features on Demand” in the OS itself.

For your convenience, find my previous post here: https://www.imab.dk/deploy-rsat-remote-server-administration-tools-for-windows-10-v1809-using-sccm-system-center-configuration-manager/)

What if you don’t have SCCM and instead are fancying Microsoft Intune for software deployments? You might even run SCCM and Microsoft Intune Co-Management and like to do stuff differently and experimenting like I do? Then this post will be for you 🙂

Company Portal displaying my RSAT 1809 Win32 app (Sorry for the obscure language (Danish). Company portal insists on being in Danish on my computer)

Read more…

Flipping the switch, part 5: A closer look on the client apps workload (Co-management with SCCM and Intune)

Introduction

The client apps workload (also known as mobile apps for co-managed devices) was introduced in System Center Configuration Manager 1806 and was done so as a pre-release feature. The documentation on the workload is today still somewhat lacking, so I figured I’d give you some more insights based on my own findings.

The main idea here is, that apps deployed from Microsoft Intune are available through the Company Portal, and apps deployed from SCCM are available through the Software Center. This is quoted directly from the documentation, but what does this really mean? What types of apps are we able to deploy from Microsoft Intune and what’s the expected behavior? This is something I will try to address in this post. Curious? Read on 🙂

Apps installed from Microsoft Intune to a Co-managed device. Sorry about the obscure language. The company portal on my computer insists on being in Danish 🙁

Read more…

Azure AD Application Proxy, Single Sign-On and Conditional Access

Introduction

As the topic suggests, the following post will be about the Azure AD Application Proxy feature – a feature within Azure Active Directory. I haven’t blogged specifically about this feature before, but I do think it deserves a mention here as well.

I will go into details on how to provide secure remote access to an internal IIS website, and give an example on how to add single sign-on to that experience while protecting everything with Conditional Access.

This post will be followed up with a continuation, where everything will be put to use on a mobile device with a Microsoft Intune managed Edge browser. Curious? Read on and stay tuned 🙂

The end result where an internal IIS is reachable from www

Read more…

How to automatically join Windows AutoPilot devices to On-Premises AD (Hybrid Azure AD Join)

Introduction

Good news everyone! The feature was introduced at Ignite earlier this year and now it’s finally here. Windows AutoPilot now allows you to join your Windows 10 v1809 devices to your on-premises Active Directory (Hybrid Azure AD Join). All the magic lies in a new Intune connector for Active Directory. Sounds exciting, right? This will be everything you need to know, on how to get started with this new amazing feature.

The new Intune Connector for Active Directory (Preview)

Read more…

Deploy the SCCM Client using Microsoft Intune and the Cloud Management Gateway (CMG without PKI certificates)

Introduction

Last week I blogged about how to get properly started with Windows AutoPilot. This week I’m continuing on the topic, and going into details on how you can deploy the SCCM (System Center Configuration Manager) client as a part of the Windows AutoPilot enrollment and thus achieve Co-management with SCCM and Microsoft Intune.

I have previously blogged a lot about Co-management. Focus here has been enrolling devices already managed by SCCM into Intune MDM.

This post is the opposite. This time we are deploying a device through Windows AutoPilot, enrolling it into Microsoft Intune and then deploying the SCCM client through the Cloud Management Gateway. Sounds interesting? Read on 🙂

  • Find all my Co-management posts here: https://www.imab.dk/category/co-mgmt/
    • My post about setting up the Cloud Management Gateway without PKI certificates is especially of interest if pursuing Co-management

Read more…

How to get properly started with Windows AutoPilot: Everything you initially need to know!

Introduction

It’s time for me to take on a new topic on the blog. I have been experimenting, working and blogging a lot about SCCM, Intune and Co-management, but never really touched base with Windows AutoPilot. Time is due and this will be the first in a series of posts about Windows AutoPilot and how to eventually reach Co-management with SCCM and Microsoft Intune through Windows AutoPilot.

First things first though. This post will give you everything you need to know on how to properly get started with Windows AutoPilot. Curious? Read on 🙂

A peek into my AutoPilot devices in my test tenant 🙂

Read more…

Summary of SCUG.DK meeting (System Center User Group Denmark) Fall Edition starring David James

Introduction

In line with traditional practice on my blog, I’m kicking off my posts with an introduction – this time is no different.

The topic is something new however, and that’s even though I have been a frequent SCUG.DK attendee the past many years. I don’t dare to make a promise about making this an habit either, but I do think this event in particular deserves a written summary. So here goes my very first of it’s kind; the summary of SCUG.DK Fall Edition starring David James also known as @djammmer on Twitter.

And by the way, I’m not used to doing summaries – so please bare with me if I missed something obvious. I took notes and did a lot of pictures while tweeting live from the event, so there’s a slight chance I missed out on a thing or two. Apologies in advance.

Also, during this event there was a dedicated request to do tweets with the #MMSMOA hashtag for the chance of winning a trip to MMS 2018 Desert Edition, so if browsing Twitter for interesting Tweets, you will find some of them located on both #SCUGDK and #MMSMOA. 🙂

Front row seats at the SCUG.DK meeting

Read more…