Tag: Azure

• Everything I Know on Subscription Activation

  Overview: Over the past few years, I have had to write far too many blogs on or surrounding the topic of Subscription Activation. Fixed – Enterprise Subscription Activation Broken by KB5036893 & KB5036892Retired: Detecting & Automatically Removing Secondary “Work Or School” Accounts: Part 1Retired: Detecting & Automatically Removing Secondary “Work Or School” Accounts: Part 2Retired: Detecting & Automatically Removing…

  Max

  June 11, 2025

  Policy, PowerShell, Proactive Remediations, Subscription Activation, Update to my work, Windows, Windows 11

  0X87E10BF2, Azure, Intune, Microsoft, PowerShell, Proactive Remediations, Remediation, security, SingleTenantldExpectedForAadUsers, Windows, Windows 11, Work or School account

• Technical Deep-Dive on the Workplace Un-Joined Solution (Work and School account Removal)

  Introduction: This article pairs with my Everything I Know on Subscription Activation article as is to cover the technical deep dive over how I created the Work or School account detection and removal scripts as part of the “Workplace Un-joined” project. I figured this in-depth information likely didn’t need to go right into the master…

  Max

  June 11, 2025

  PowerShell, Proactive Remediations, Technical Deep Dive

  Azure, Intune, Microsoft, PowerShell, Remediation, Settings.dat, Subscription Activation, Windows, Windows 11

• Detecting & Automatically Removing Secondary “Work Or School” Accounts: Part 4

  This Article Has Been Retired! Warning: I have chosen to “retire” this article. As time has marched on, and more information has been revealed, the blogs in this series have slowly become less and less up-to-date, and frankly, more and more of the information I was told as gospel has proved flawed or muddied. As…

  Max

  February 4, 2025

  Azure, PowerShell, Proactive Remediations

  Azure, Intune, Microsoft, technology

• PowerShell DCR Log Analytics Updates: SMBv1 Monitoring & WMI/WMIC Update

  SMBv1 – Windows Endpoint Monitoring: I pray that nobody has SMBv1 actually enabled as of June 2024 however, I have an update to share on this subject with regards to the Windows Endpoint Monitoring collector and workbook. Previously, the Windows Endpoint Monitoring script was simply checking whether or not the Windows Feature for SMBv1 was installed. If…

  Max

  June 13, 2024

  Log Analytics, Update to my work

  Azure, DCR, Log Analytics, PowerShell, SMB v1, SMBV1, Update, WMI

• Log Analytics for Application Usage Monitoring Part 1.6: Deploying the Script

  Introduction: With your data ingesting and workbooks deployed, we are now ready to start deploying the collector via Proactive Remediations in Intune. This will likely be the final article in this series, at least for now. In this section, we will cover… Requirements: This should be pretty obvious, but you need to have completed the setup…

  Max

  May 20, 2024

  Azure, Log Analytics, Proactive Remediations, Windows, Windows Events

  Azure, Intune, Log Analytics, PowerShell, Proactive Remediations, Windows Events

• Log Analytics for Application Usage Monitoring Part 1.5: Importing the Workbook

  Introduction: With your data now ingesting into Log Analytics, granted the collectors not yet deployed, we are ready to begin setting up our workbooks to further confirm data is coming in properly. Note: It would be a good idea to have at least a few devices manually ingest some data before starting this process. In this…

  Max

  May 20, 2024

  Azure, KQL, Log Analytics, Windows, Windows Events

  Azure, DCR, Function App, Log Analytics, PowerShell, Proactive Remediations

• Log Analytics for Application Usage Monitoring Part 1.4: Sample Data, Tables, DCRs, Initial Ingestion

  Introduction: We have now covered what this solution does and its cost, at least from an ingestion standpoint. Now, we will finally be deploying something! In this article, we will generate our sample data, use it to create our new tables and DCRs, grant the appropriate permissions on those DCRs, and perform an initial ingestion!…

  Max

  April 19, 2024

  Azure, Function App, Log Analytics, PowerShell, Windows, Windows Events

  Azure, DCR, Function App, Intune, Log Analytics, PowerShell, Proactive Remediations, Windows, Windows 11

• Log Analytics for Application Usage Monitoring Part 1.3: Configure Event Auditing

  As explained in prior articles, the Application Usage Monitoring makes use of Windows Event logs for data gathering. While the Event Log has a ton of useful information by default, the logs we need to capture for this tool to function are not logged by default and instead must be enabled via policy This article…

  Max

  April 9, 2024

  Log Analytics, Policy, Windows, Windows Events

  Auditing, Azure, Intune, Log Analytics, PowerShell, Proactive Remediations, Windows

• Log Analytics for Application Usage Monitoring Part 1.2: Cost

  Introduction: Following my initial articles describing what is collected, how it is displayed, this article will cover the cost of this solution. Before we start, please know that I am no Azure cost “expert.” I can point you in the right direction and provide examples, but you need to consult with Microsoft and your internal…

  Max

  April 2, 2024

  Function App, Log Analytics, Windows, Windows Events

  Azure, Function App, Log Analytics, PowerShell, Proactive Remediations

• Log Analytics for Windows Application Usage Monitoring Part 1.1: Technical Details and Limitations

  Introduction: In my initial article of this series, I mentioned that there were a few asterisks, footnotes, limitations, and caveats to understand with this solution. Luckily, this is again much less of a concern than it was with the System Usage & Authentication Monitoring series as this collector isn’t targeting nearly the volume of event…

  Max

  March 20, 2024

  Intune, Log Analytics, Proactive Remediations, Windows Events

  Azure, Intune, Log Analytics, PowerShell, Proactive Remediations, Windows