Open in app

Sign In

Write

Sign In

Niklas Tinner
Niklas Tinner

7 Followers

Home

About

2 days ago

Conditional Access block specific device

Some time ago there was a use case to block some selected devices that are Azure AD joined from company resource access. Of course we think of a Conditional Access control policy. But what if you cant identify the(se) device(s) through any condition? …

Azure Ad

2 min read

Conditional Access block specific device
Conditional Access block specific device
Azure Ad

2 min read


Mar 8

The way around device and user assignments (mixing)

I am sure we are all aware that for Intune assignments we can’t use user and device groups for the include or exclude intent of the same profile, at the same time. This “mix” is an unsupported scenario and leads to unexpected behaviors, errors, generally a conflict. …

Microsoft Intune

3 min read

The way around device and user assignments (mixing)
The way around device and user assignments (mixing)
Microsoft Intune

3 min read


Mar 2

Remote actions for an end user with Intune

There are several remote actions for an end user that affect his devices and involve Intune or Azure AD. This short post will give an overview about the capabilities. Mainly there are the following portals: My Account — Devices Here are all devices listed where the user signed-in, which resulted in an Azure AD…

Microsoft Intune

2 min read

Remote actions for an end user with Intune
Remote actions for an end user with Intune
Microsoft Intune

2 min read


Feb 23

Deny Local Log On for Azure AD accounts

Windows can be setup in shared PC or Kiosk mode. I have already written a blogpost about this. The aim is to provide a Windows experience for multiple users on one device, where the user may not even has his own (AAD) account. Now on these devices you may want…

Microsoft Intune

2 min read

Deny Local Log On for Azure AD accounts
Deny Local Log On for Azure AD accounts
Microsoft Intune

2 min read


Feb 15

Permissions to manage and upload an Autopilot identity

So you may have individuals or partners that are responsible for uploading Autopilot identities (hardware hash associated Azure AD objects), so they are associated with the tenant and get the Autopilot profile and enrollment configurations. They import may be done manually through a .csv upload or through Get-WindowsAutoPilotInfo for testing. Now the permissions that are needed to manage Autopilot identities are displayed in the screenshot below. You may create a custom role in Intune under Tenant administration>roles>Create>Intune role, give it a suitable name and assign the permissions found in the image below. Everything is found under the category enrollment programs. The permissions may even be more restricted to unselect Delete device and Assign profile, but I would create the role with these permissions so all tasks around Autopilot identities can be done.

Microsoft Intune

1 min read

Permissions to manage and upload an Autopilot identity
Permissions to manage and upload an Autopilot identity
Microsoft Intune

1 min read


Feb 8

UAC admin prompt for credentials in OOBE

There is a special scenario where you could encounter an UAC prompt during the Out-Of-Box-Experience (OOBE) experience. In my case it included: Autopilot reset Local policies security options (User Account Control: Behavior of the elevation prompt for standard users) Non-English OS language (German, but it might affect other languages too) …

Microsoft Intune

2 min read

UAC admin prompt for credentials in OOBE
UAC admin prompt for credentials in OOBE
Microsoft Intune

2 min read


Jan 31

Install winget / Windows app installer

Recently I installed a Windows Insider version OS that surprisingly had no winget, respective Windows app installer on it. For Intune this means that no “new Store” apps can be installed, since they use winget. Even the essential Company Portal doesn’t. Then I thought about installing Windows app installer from…

Microsoft Intune

2 min read

Install winget / Windows app installer
Install winget / Windows app installer
Microsoft Intune

2 min read

Niklas Tinner

Niklas Tinner

7 Followers

https://oceanleaf.ch/ | #EnterpriseMobility #Security #MEM #ModernWorkplace

Following
  • Nicola

    Nicola

  • Scott Duffey

    Scott Duffey

  • John Gruber

    John Gruber

  • Jannik Reinhard

    Jannik Reinhard

Help

Status

Writers

Blog

Careers

Privacy

Terms

About

Text to speech