Category: Intune
-
Automating the Conversion of Intune Group Tags for Windows 11 Upgrades Part 3: Client Side Script
Following my last post, this part will cover the deployment of the client-side script as well as detail how it works and how you can adjust it. I have written about the topic of deploying scripts via proactive remediations a few times now such as for the Log Analytics side. The deployment itself will be…
-
Automating the Conversion of Intune Group Tags for Windows 11 Upgrades Part 2: Function App
Following my last post, this part will cover the deployment of the Function App as well as gathering of the values from the Function App we will need for the next part. Update:Following my recent post on Security Updates for HTTP(s) Function Apps, I have started off by updating the Windows 11 Group Tag Conversion (GTC)…
-
Automating the Conversion of Intune Group Tags for Windows 11 Upgrades Part 1: Overview
I have a fun one to talk about today. This is the first part in a three-part series which covers the use of PowerShell and an Azure Function App to automatically change over Windows 11 devices to a new group tag post upgrading from Windows 10. This is something I have had cooking for a…
-
Security Update for HTTP(s) Function Apps
Howdy folks! I have good news! Great news actually, as I think this will let me start to remove the annoying red security warnings on all my HTTP function apps. Thanks to the work of the @NickolajA of the MSEndpointMGR team, there is a new authentication method for HTTP Functions which is more secure than…
-
Intune Win32 Apps: Running them at System Startup
Here is a scenario: You might need to update an app, say a very critical app like a VPN application, and make sure you do it at a time that won’t interrupt the user. Unfortunately, Intune is not really capable of scheduling app deployments. You won’t be able to say “install this app only between…
-
Murdering Windows 11 Performance by Disabling Windows Defender – What Not to Do.
This is the story of how a rather innocent seeming policy, a policy which many other blogs “suggest” (to one degree or another), can absolutely destroy Windows 11 performance. This issue can slow the machine down by an order of magnitude – under the right conditions. This issue took me the better part of a…
-
Autopilot ESP Bug: Office C2R Teams Installer Resulting in MSI Collision Nightmares
The title here says a lot. Through no short amount of pain, I have uncovered an unfortunate ESP bug related to the Teams Machine-Wide Installer specifically when deployed through Intune using the Microsoft 365 Apps (Windows 10 and later) app type. This article makes for a direct follow up to my ESP App Failure Troubleshooting…
-
PowerShell Intune Win32 Apps – Avoiding a busy MSI Installer
Scenario & Background: Sometimes when you’re packaging apps to deploy via Intune, things need to be a little more complicated than just directly calling an MSI to install. You might need to install a series of MSIs or install an MSI and then copy files around. The easiest solution to make this all happen in…
-
Troubleshooting Autopilot ESP App Failures: Error 0x81036502
Howdy folks! Here is a fun topic for today. Most anyone who works with Autopilot has probably been sent a fuzzy cellphone picture of an ESP failure at one point or another. More often than not, at least in my personal experience, that failure is usually at the Apps stage with the mysterious error 0x81036502.…
-
Auditing Other Logon/Logoff Events for Log Analytics
Some of my up-and-coming PowerShell based Log Analytics guides make use of Windows Event logs for data gathering. While the Event Log has a ton of useful information by default, some events only log when enabled via additional policy. One such policy is the Auditing of Other Logon/Logoff Events. This policy enables a multitude of…
Azure to the Max 