Category: Intune

• Log Analytics for Windows Application Usage Monitoring Part 1.1: Technical Details and Limitations

  Introduction: In my initial article of this series, I mentioned that there were a few asterisks, footnotes, limitations, and caveats to understand with this solution. Luckily, this is again much less of a concern than it was with the System Usage & Authentication Monitoring series as this collector isn’t targeting nearly the volume of event…

  Max

  March 20, 2024

  Intune, Log Analytics, Proactive Remediations, Windows Events

  Azure, Intune, Log Analytics, PowerShell, Proactive Remediations, Windows

• PR for Detecting Faulty Notepad++ Upgrades

  Introduction: I might be a bit behind the wave here, but I wanted to provide something to the community that has helped in my world. As I am sure many folks are already aware, there were a host of vulnerabilities recently found and patched in Notepad++. Those include CVE-2023-40031, CVE-2023-40036, CVE-2023-40164, CVE-2023-40166 which you can…

  Max

  October 13, 2023

  Intune, Proactive Remediations, Windows

  Intune, Notepad++, PowerShell, Proactive Remediations, Vulnerability, Windows

• Log Analytics for Windows Endpoint System Usage & Authentication Monitoring Part 1.6: Deploying the Script

  Introduction: With your data ingesting and workbooks deployed, we are now ready to start deploying the collector via Proactive Remediations in Intune. This will likely be the final article in this series, at least for now. In this section, we will cover… Requirements: This should be pretty obvious, but you need to have completed the setup…

  Max

  September 9, 2023

  Intune, Log Analytics, Proactive Remediations, Windows, Windows Events

  Intune, Log Analytics, PowerShell, Proactive Remediations, Windows, Windows Events

• Log Analytics for Windows Endpoint System Usage & Authentication Monitoring Part 1.3: Configure Event Auditing and Power Settings

  As explained, the System Usage monitoring makes use of Windows Event logs for data gathering. While the Event Log has a ton of useful information by default, some events only log when enabled via an additional policy. Additionally, some won’t log at all until certain power settings are changed (See part 1.1, startup and shutdown…

  Max

  September 8, 2023

  Intune, Log Analytics, Policy, Windows, Windows Events

  Intune, Policy, Settings Catalog, Windows, Windows Events

• Log Analytics for Windows Endpoint System Usage & Authentication Monitoring Part 1.0: Overview

  Introduction: For those of you familiar with my work on Log Analytics, you know that I have at several times throughout several articles touted the ability for PowerShell to pull Windows Events, including those from the Security log which the now old Log Analytics agent could not do. And, unfortunately, the new AMA has other…

  Max

  August 27, 2023

  Azure, Intune, KQL, Log Analytics, PowerShell, Windows, Windows Events

  Azure, DCR, Intune, Log Analytics, PowerShell, Proactive Remediations, Windows

• PowerShell DCR Log Analytics for Windows Endpoints Part 1.9: Deploying the Collector Script via Proactive Remediations

  Introduction: With your data ingesting and workbooks deployed, we are now ready to start to deploy the collector out via Proactive Remediations in Intune. This will likely be the final article in this series, at least for now. To be clear, I mean just the Windows Endpoints series for App/Device/Admin Inventory. There are quite a…

  Max

  August 13, 2023

  Azure, Intune, Log Analytics, Proactive Remediations

  Azure, DCR, Intune, Log Analytics, Proactive Remediations

• Block Office “Add a Place” Menu 3rd-Party Apps

  

  Here is an interesting one. If you go into Word/Excel/PowerPoint/ETC – there is an option under Save As, Add a Place which has a multitude of 3rd party site options you can use to connect Office apps directly to those locations. As of writing I see Box, Egnyte, OpenText Content Cloud, and ShareFile (Beta). I…

  Max

  August 8, 2023

  Intune, Office, Policy, Windows

  Add a Place, Disable, Intune, Office, Policy, Windows

• PowerShell DCR Log Analytics for Windows Endpoints Part 1.2: Admin Inventory Overview

  Introduction: Following my initial article in the series, this article will cover an overview of the Admin Inventory component of this collector / workbook with a primary focus on what this tool does for you and how the data is visualized in the workbooks. In this section we will cover… Prior Knowledge Requirement: I don’t want to…

  Max

  August 3, 2023

  Intune, Log Analytics, PowerShell, Uncategorized, Windows

  Azure, DCR, Intune, Log Analytics, PowerShell

• PowerShell DCR Log Analytics for Windows Endpoints Part 1.0: Device Inventory Overview

  Introduction: This is the start of something big. Those familiar with my work on Log Analytics probably have realized I seem to know a lot but haven’t put out a ton of useable items yet. Those familiar with the work my work is based on, that being Jan Ketil Skanke of MSEndpointMGR team and his…

  Max

  July 27, 2023

  Azure, Function App, Intune, KQL, Log Analytics, PowerShell, Proactive Remediations, Windows

  Azure, DCR, Function App, Intune, Log Analytics, PowerShell, Proactive Remediations, Windows

• PowerShell DCR Log Analytics for Windows 365 Monitoring Part 2.3: Workbook, Collector Deployment

  This will be the last part of this guide. Here we will be deploying and modifying the workbook to match your environment as well as going over the deployment of the collectors and some of the options within them to configure how they function. Note: If you followed the V1 version of this series, you…

  Max

  June 20, 2023

  Intune, KQL, Log Analytics, Proactive Remediations, Windows 365

  Azure, Cloud PC, Intune, KQL, Log Analytics, Proactive Remediations, Windows 365