You’re looking for automating configuration profiles creation ? You came to the right place. Imagine having a multitude of configuration profiles to generate and wanting to simplify the process with PowerShell. Additionally, you aim to efficiently assign these profiles to various groups and include a scope tag for each of them. If you’re as enthusiasticContinue reading “Efficiency Unleashed : Create Intune Configuration Profiles with Powershell”
Author Archives: Tom Machado
Unlocking Windows LAPS: How to Safeguard Local Passwords with Administrative Units
Windows LAPS (Local Administrator Password Solution) has recently become generally available, introducing a robust and intriguing design built on multiple DLLs and functions. Numerous resources exist that detail how to enable and utilize this feature. In this blog post, we will explore a crucial aspect of Windows LAPS – how to delegate access to theContinue reading “Unlocking Windows LAPS: How to Safeguard Local Passwords with Administrative Units”
First journey into Windows 365 : Provisioning and Deployment
More and more Intune features are being supported into Cloud PCs. Last one announced was Endpoint Privilege Management (EPM) at this time but you manage Cloud PC with Intune quite deeply : Apps, Configurations, Updates, Autopatch, Compliance, Defender. Copilot was also announced to be working with the OS on Cloud PCs. Oh and the developmentContinue reading “First journey into Windows 365 : Provisioning and Deployment”
Run bulk local passwords rotations from Intune with WindowsLAPS, Powershell and Graph API
I’ve met this scenario with multiple customers in the past using the WindowsLAPS feature : How to manually initiate a local password rotation on multiple devices. I’m wiritng this post also because i had discussions with IT guys looking for a scripting way to do it recently. Goal : Initiate this rotation below but onContinue reading “Run bulk local passwords rotations from Intune with WindowsLAPS, Powershell and Graph API”
Leverage Power Automate and Intune custom attributes to add macOS devices to EntraID groups automatically
EntraID (Azure AD) dynamic groups is very handy when it comes to automate group membership. Eventhough the possibilities are many (Autopilot, manufacturer, AD attributes, ExtensionAttribute, more), there is no way to use dynamic groups with Intune macOS custom attributes natively (for now ?). You have created your custom attributes, it’s running fine. You succeded toContinue reading “Leverage Power Automate and Intune custom attributes to add macOS devices to EntraID groups automatically”
Deploy Un-Managed macos Applications with Intune
New feature ! You can deploy un-managed applications on macos with Intune leveraging the Intune MDM Agent. It doesn’t take the MDM check-in path but it uses the Intune MDM Agent one. We’ll have a look into the Intune MDM Daemon. This will impact the sync frequences of your non-managed applications deployments, we’ll get there.Continue reading “Deploy Un-Managed macos Applications with Intune”
Secure macos devices with custom configuration profiles and Intune
Intune native templates are easy to use and offer multiple possibilities to configure your macos devices. Also, settings catalog is getting bigger and bigger every month as Microsoft invest time and effort to gather most settings possible. Use a custom profile can be usefull to gather multiple settings through multiple payloads. Export these settings inContinue reading “Secure macos devices with custom configuration profiles and Intune”
Configure SSO with Intune on corporate macOS devices
MacOS devices are registered in Azure AD. Enduser is logged on with a local account. You can leverage JAMF Connect to log in using an AAD account, but without this kind of third-party tool, local session is the way. Eventhough the user affinity is established during the device enrollment, the enduser still use a localContinue reading “Configure SSO with Intune on corporate macOS devices”
Enroll a corporate MacOS device in Intune through Apple Business Manager
To manage the MacOS device at his full potential, you want to enroll it in a corporate way. It’s easier to enroll a MacOS device using the company portal (MS article here). But from an Intune perspective, the thing is you get a personnal device, not a corporate one. In this post, i enroll aContinue reading “Enroll a corporate MacOS device in Intune through Apple Business Manager”
My thoughts on the Powershell Scripts feature using MS Graph
I struggled to understand the usecases behind the Powershell Scripts feature in the first place. Technically, i get it. It gives me the possbility to perform tasks on remote managed workstation using a powershell script. However, from the Intune portal, i could not find a proper way to leverage the feature with a relevant reportingContinue reading “My thoughts on the Powershell Scripts feature using MS Graph”
Poem to MDM 