Template for the Win32 PowerShell script installer in Microsoft Intune

March 8, 2026February 14, 2026 by Martin Bengtsson

Introduction

Microsoft Intune now supports using a PowerShell script as the installer for Win32 apps. Instead of specifying a command line, you upload a script. This gives admins more flexibility when deploying applications.

I’ve created a template (install and uninstall) that can serve as inspiration, but also demonstrates how this enables you to:

• Install or uninstall an application (MSI or EXE)
• Copy or remove files to or from any directory
• Add or remove registry settings

All as part of the same deployment. The script handles both SYSTEM and current user context – and when running as SYSTEM, it applies file and HKCU registry changes to all existing user profiles on the device.

The template is available on GitHub: imabdk/Intune-Win32-PowerShell-Script-Installer-Template 🙂

The only PowerShell script you need to manage registry on Windows devices using Microsoft Intune

March 6, 2026January 26, 2026 by Martin Bengtsson

Introduction

If you manage Windows devices with Microsoft Intune, this is the only registry script you’ll ever need.

You need to configure a registry setting that isn’t in Settings Catalog. Maybe it’s a binary value like Outlook font preferences with no CSP support. Maybe you need to delete leftover registry keys from a legacy app. And you need it applied to all user profiles on shared devices – not just one.

Remediations in Intune can help, but writing scripts that handle all these scenarios correctly takes time.

This PowerShell template handles the hard parts:

Runs as SYSTEM by design – manages both user and machine registry from one script, works in environments with strict AppLocker or WDAC policies, and avoids Constrained Language Mode restrictions
Reaches HKCU settings for all users by enumerating SIDs in HKU
Supports both traditional AD and Microsoft Entra ID joined devices
Handles all registry types – String, DWord, Binary, MultiString
Three actions: Set, Delete, and DeleteKey

Single template for both detection and remediation. Modify the configuration section, save two copies, upload to Intune. Done.

Intune Assignment Struggles: Got Devices, Need Users? Got Users, Need Devices? PowerShell to the Rescue

December 23, 2025December 19, 2025 by Martin Bengtsson

Introduction

If you work with device management – whether Intune or ConfigMgr – you’ve hit this scenario:

You have a group of users, but you need to target their devices. Not just any devices they log into, but those specific devices.
Or you have a device group, but you need to reach the users – send them notifications or deploy user-context apps or configurations.

The problem is simple: You’re given one object type, but you need the other. A user group when you need devices. A device group when you need users. Manual cross-referencing through the portal is tedious and doesn’t scale.

Coming from ConfigMgr with on-prem AD? You’re used to very flexible collection queries that could say ‘all devices of users in the Finance group located in the London OU’.

This script handles some of the translation for Intune. Point it at your source groups (containing either users or devices), and it populates your target group with whichever object type you actually need. Add OS version filtering if you want to narrow it down – like notifying users whose devices are below a certain iOS version or assigning policies to Windows devices owned by specific teams.

The best part? The script detects Azure Automation and uses managed identity authentication, so you can schedule it as a runbook to keep your groups updated automatically. 🙂

BIG ANNOUNCEMENT: Toast Notification Script v3 is here!

November 6, 2025November 6, 2025 by Martin Bengtsson

Introduction

I’ve completely REWRITTEN my popular Toast Notification Script from the ground up – now exclusively for Microsoft Intune!

What’s new:

Built specifically for Intune Remediations
Enhanced logging & smart detection logic
Personalized user greetings
Multiple notification scenarios

Perfect for:

Weekly reminders/messages
Pending reboot notifications
Company Portal integration
Custom organizational messages

Ready to deploy? Get it now: https://github.com/imabdk/Toast-Notification-Script

Temp. documentation down below. 🙂

Building a Break-Glass Local Admin Solution for Windows 11 using Intune and Defender for Endpoint

November 5, 2025November 4, 2025 by Martin Bengtsson

Introduction

I’ve been in situations where I needed local admin access to a device, and I needed it *now*. Users couldn’t log in, LAPS wouldn’t retrieve passwords, or domain connectivity and trust had failed. You’re staring at a locked device with no way in, and waiting isn’t an option.

Modern endpoint management is fantastic until it isn’t. We’ve eliminated persistent local admin accounts, embraced cloud authentication, and deployed LAPS – all best practices. But what happens when all of those fail simultaneously?

This post documents the break-glass solution I built for those “need it now” scenarios: a remotely deployable emergency local administrator account using Intune Remediations, with monitoring through Microsoft Defender for Endpoint.

💡 By default, remediations run on a schedule. However, you can run remediations on-demand in Intune, which triggers the scripts to execute instantly (almost) on targeted devices via Windows Notification Service (WNS). This is critical for true emergencies when you can’t wait.

Automating ‘Have I Been Pwned’ Breach Checks for Entra ID Groups using PowerShell

October 26, 2025October 25, 2025 by Martin Bengtsson

Introduction

In today’s digital landscape, data breaches are unfortunately common. As security-conscious professionals, we need to be proactive about monitoring whether our users’ credentials have been compromised. That’s why I built an automated PowerShell tool that checks Entra ID (Azure AD) group members against the Have I Been Pwned database.

The tool generates professional HTML and PDF reports that are perfect for security audits, compliance documentation, and executive briefings – making it easy to communicate breach findings to both technical and non-technical audiences.

Also, it was Friday evening, and I needed a fun project to wrap up the week – turns out automating security checks is a pretty good way to spend it! 😀

Auditing Password Reuse in On-Premises Active Directory with PowerShell and DSInternals

November 2, 2025October 21, 2025 by Martin Bengtsson

Introduction

Password reuse among privileged accounts represents one of the most critical security vulnerabilities in on-premises Active Directory environments.

When multiple privileged accounts share the same password, a single compromise can cascade across your entire infrastructure.

In this post, I’ll demonstrate how to audit your Active Directory environment for shared passwords using PowerShell and the DSInternals module.

How I stole my colleague’s OneDrive content and WiFi passwords using a fake iPhone cable and PowerShell

October 9, 2023October 8, 2023 by Martin Bengtsson

Introduction

Big disclaimer: This is done for educational purposes. Do not steal anyone’s OneDrive content or WiFi passwords – actually don’t steal anything at all. 🙂

Endpoint management and endpoint security are 2 sides of the same coin, which means I’m heavily invested in both worlds. I run internal attack simulations several times a year, and recently came up with a new idea in educating our users.

How about I demo how a fake iPhone cable is enough to steal their OneDrive content and password for their home WiFi?

This post will walk you through the details of doing just that. This involves the use of the infamous O.MG cable and a custom payload launching my PowerShell script directly from GitHub – and ultimately uploading the stolen loot to Dropbox.

Digitally signing my Toast Notification Script to use with ConfigMgr, AppLocker and Constrained Language Mode

January 6, 2022January 5, 2022 by Martin Bengtsson

Introduction

My Toast Notification Script unfortunately only works in PowerShell Full Language Mode (for the time being. I have plans to look into this).

This requirement does not work well with AppLocker and having Constrained Language Mode enabled. My solution to this, is to digitally sign the New-ToastNotification.ps1 file. While working my way through the process myself, I realized that a few changes to the Toast Notification Script itself was needed.

The changes made to this “edition” of the script, are only targeted Configuration Manager. I’m not sure that moving between PowerShell Language Modes coming from Proactive Remediations in Intune, is something that’s possible (if anyone knows this, please let me know).

Additionally to the changes needed, I thought the process itself would make a decent and useful blog post. So here goes. 🙂

Remove desktop shortcuts for the current user and public profile using PowerShell and Proactive Remediations

October 11, 2021October 9, 2021 by Martin Bengtsson

Introduction

I think most IT-professionals who’s working with software delivery in some sort, has dealt with software and software installers in general, that puts a shortcut on the desktop by default. Annoying indeed.

Typically you’re in for a treat, when trying to figure out how to customize the installer, to prevent the shortcut on the desktop from being created. It’s not rare either, that the installer simply doesn’t support that.

And finally, we are all aware of the desktop-shortcut-mess, when using OneDrive PC folder backup (formerly known as ‘Known Folder Move’), where shortcuts are duplicated and synced between devices. Yikes.

Long story short, I was tired of spending time on desktop shortcuts, so I figured it was time to create my own solution to the problem.