New Microsoft Intune Licensing Explained
Microsoft recently announced the new Intune Plans. In this blog post, I want to break down what that is and what it includes. Intune is already enabled in the licenses? Yes. However, the Plans can be separately purchased to help…
![[Nugget Post] How to Check All Intune Filter Related Associated Assignments?](https://shehanstechblog.files.wordpress.com/2023/02/downloadpage.png?w=1200)
[Nugget Post] How to Check All Intune Filter Related Associated Assignments?
You implement more and more filters in policies, but how to go back and see all the associated assignments? Rather than remembering or noting down all the filters you have created and checking manually, you can now see this in…
BYOD – Part 2 – Manage Your Azure AD Registered Devices
Previously on BYOD… I discussed the restrictions and conditions you can make so the BYOD fleet can be managed well. Read below if you haven’t. My focus was the Azure AD and Intune side of things when it comes to…
BYOD – Part 1 – The Love-Hate Relationship
This is a 2 part series and I would like to get to the nitty gritty of BYOD because as IT Pros or leaders who are managing IT in an organization, we have dealt with BYOD (Bring Your Own Device)…
Microsoft Intune Bulk Device Actions
This will be a short blog post, but I want to cover something that is important when you have a large device fleet. This is a useful feature if you haven’t seen it yet or not tried it yet, because…
How to Configure Multiple Admin Approvals Over Intune Resources
A new feature was recently introduced and is still in the Public Preview mode. Multiple Admin Approvals or MAAs. At this stage, this can be only applied to Apps and Scripts. What this does is let you as an Admin…
Organizational Messages – A Better Way to Push Important Messages to Your Users via Microsoft Intune
There were a lot of new updates for Microsoft Intune at the Ignite 2022. Organizational Messages are one of them. This feature is still in preview and believe more options will be available in the coming months. Imagine you need…
My First Speaking Session and the First Microsoft EM+S Community Live Event
So last week I finally did my very 1st speaking session. This is the very 1st community event held by the Discord Group Microsoft EM+S Community. Microsoft EM+S Community Shout out to the other speakers as they’ve all done a…
Enrolling Linux Devices and Setting Compiance Policies in Intune
My morning coffee hit me in a very different way this morning. I’ve been sitting on the whole Linux enrollment feature introduced a few weeks ago and this morning I thought I need to do it. This is an early…
Use Intune to Manage Device Firmware Configuration Interface Settings for Autopilot Devices
How handy it will be to manage the UEFI (Unified Extensible Firmware Interface) settings of the enrolled devices? That’s exactly what I’m going to explore in this article. What I will be covering 👇🏾 What is DFCI? (Device Firmware Configuration…
New and Updated Microsoft Intune Device Control Policy Settings
New day new blog post. This is more of an updated guide to what I’ve written some time ago (check below) What I Will Be Covering? 👇🏽 What’s New? 🌟 Apply layered order of evaluation for Allow and Prevent device…
Microsoft Intune Audit Logs Hunting With KQL
In this blog article, I want to discuss the power of KQL again and do a bit of a deep dive. I’ve written a few blog posts about getting started with KQL and using some basic queries that can make…
The Calm After the Storm. Microsoft Ignite 2022 All Endpoint Management and Identity and Access Announcements
Microsoft Ignite 2022 just finished and it was a blast! So many new product updates and announcements. It was truly exciting to see all the Ignite related news. Because obviously it was a lot and probably the LinkedIn feeds are…
Get Started with Microsoft Graph Intune PowerShell Module for Endpoint Manager Tasks
This is my very first blog post after being awarded as a Microsoft MVP and during the past few days it was all about processing this new avenue that just opened up in my life and was mentally getting ready…
Configure “Enhanced Phishing Protection in Microsoft Defender SmartScreen” in Windows 11 22H2 via Endpoint Manager
Windows 11 22H2 update brought a lot of good stuff and as a tech enthusiast I really appreciate what Microsoft is doing to ensure the end user devices are protected. Enhanced Phishing Protection in Microsoft defender SmartScreen is one of…
Device Hardening with Endpoint Manager Security Baseline for Windows Policy
The word on the street is not “If I get hacked” but “when I will get hacked” and securing your infrastructure starts from your end users and devices and hardening those devices that the users use every day have never…
Microsoft Intune and Defender for Endpoint Relationship Simplified
I stumbled upon this so many times, tripped and fell, read things over, test things again and again, and finally thought to write about it. Without understanding the high-level architecture and how these two services talk to each other, using…
How to Use Endpoint Manager Import ADMX Function to Map Shared Drives
Earlier this year I wrote the same but more of a manual method to map drives using Endpoint Manager OMA-URI function and by ingesting the ADMX files in raw form to configure the drives. After Microsoft announced the Preview of…
Azure AD Device Registration – Part 2 – Use Azure Automation to Get Notified When Devices Go Pending State
This is the 2nd post of this 2 part troubleshooting series and In the 1st part of this series I showed you why the devices can go on Pending and what can you do to troubleshoot and fix the issue.…
Azure AD Device Registration – Part 1 – How to Fix the Pending Registration State Issue?
Firstly I must say, during your cloud journey you may have seen this error many times and fixed this many times. Also there can be engineers who are yet to see this error (among other errors) and want to fix…
![[Nugget] Replace Edge Browser F1 Key Help URL with Endpoint Manager](https://shehanstechblog.files.wordpress.com/2022/08/windows-feature-update-device-readiness-reports-1.png?w=1200)
[Nugget] Replace Edge Browser F1 Key Help URL with Endpoint Manager
Quick nugget and this can be a handy way to push your IT Support/ Helpdesk info in to the user’s browser and its literally one key stroke away. F1 that is. In the Edge Brower, if you press F1 key,…
Device Control Polices with Microsoft Defender for Endpoint and Endpoint Manager
Device Control is one of the core components of any Device Management solution. This identifies what devices the user can install in their system or plug and play. While there are devices that need to be installed on user computers…
![[Product Feature] Passwordless Authentication with FEITIAN BioPass FIDO2 Security Key K49](https://shehanstechblog.files.wordpress.com/2022/07/windows-feature-update-device-readiness-reports-11.png?w=1200)
[Product Feature] Passwordless Authentication with FEITIAN BioPass FIDO2 Security Key K49
FEITIAN Technologies recently reached me out via LinkedIn to request if I can review one of their latest Passwordless key products – K49. This is not a paid review and only contains my independent opinion as a technologist as well…
A Closer Look At The Azure AD Joined Device Local Administrator Role And Endpoint Manager Account Protection Policy
Local Admin is a must needed account/ access that requires in a domain setup for so many reasons. Over the years Microsoft brought many options to manage these accounts in a secure manner. Restricted groups/ LAPS etc. With Azure AD…
Windows Autopatch – General Availability With Improvements
This is an update post on the much awaited Windows Autopatch service. This went from Public Preview to General Availability today (12/06/2022) and number of good improvements have been introduced and I would like to go through them. If you…
An Attempt to Configure Defender for Endpoint and Endpoint Manager With the Same Device Tag
Most often the device tagging requirements are simple or you do have a set of tags for the devices that are enrolled in Intune and a set of tags for the devices onboarded in Defender for Endpoint. However there can…
Windows Autopatch – 3. Support Requests
This will be a short post, but I like to emphasize this great feature Windows Autopatch provides. In case you haven’t seen the news, Windows Autopatch is now in Public Preview and I’m thrilled to write about it. Post 1…
Windows Autopatch – 2. Deployment Rings, Security Groups and Device Profiles
In case you haven’t seen the news, Windows Autopatch is now in Public Preview and I’m thrilled to write my 2nd post about it. Post 1 can be found below 1. Tenant Onboarding and Device Registration In this post I…
Windows Autopatch – 1. Tenant Onboarding and Device Registration
Windows Autopatch is finally here and this will update your eligible Windows 10 and 11 devices and Office application. This is a IT admin hands off task as opposed to traditional Patch Tuesday and other patching events and internal IT…
How to use Log Analytics on Endpoint Manager
Ever since I learned about KQL I’m obsessed about it and what it can do in Azure Log Analytics space and this is my attempt on plugging another service to Log Analytics to experiment with the logs. KQL has proven…
How to Setup Endpoint Manager RBAC
Welcome to another MEM article. Today I’m going to talk about an essential component of Microsoft Endpoint Manager where a lot of admins ignore or fail to configure. As your team grows or if you planning on outsourcing tasks to…
FIX and Thoughts on Autopilot Pre-Provision Error 0x80180014
It was one of days where you get these sort of errors just after completing a task. That big ol’ unsatisfying red screen with an error. This time it was We couldn’t finish MDM enrollment. Error 0x80180014 At 1st glance,…
Pros and Cons of Using Microsoft Endpoint Manager Policy Sets Feature
What else can be a great feature in Microsoft Endpoint Manager other than bundling up all the policies and create that “Golden Image” type policy and assign it to the Device or User groups so from an Administrators perspective, you…
How to Migrate Group Policies to Microsoft Endpoint Manager using Group Policy Analytics
Hello again. Today I’m writing about the MEM Group Policy Analytics feature which is still in preview, and how you can inspect your local GPOs and migrate them to MEM. Why you ask? Organizations whether the are big or small,…
How to Easily Configure Google Chrome Policies via Microsoft Endpoint Manager?
I would say this is a long time coming and Admins can take a bit of a rest without looking for the Google Chrome ADMX files and updating the custom OMA-URI content whenever the ADMX updates.The good news is Microsoft…
How to Configure Microsoft Intune Remote Help Feature?
I think it’s too soon to compare Remote Help with a tool like TeamViewer because Remote Help feature with Microsoft Endpoint Manager just went on GA this week. I was looking at this option for quite a while and finally…
How To Map a Shared Drive Using Microsoft Endpoint Manager Instead of GPOs
Welcome to another MEM how to article. Among Microsoft Endpoint Manager’s wonderful capabilities I see this as a big win towards promoting it’s modern device management capabilities. This will simply supersede the local AD, OUs and GPMC that used to…
How To Create and Usages of Microsoft Endpoint Manager (MEM) Device Filters
MEM device filters finally came out of preview to General Availability (GA) and lets see why we need to use device filters. What Device Filters Does? This helps the Endpoint Manager policies to apply in a more targeted manner. This…
Two Ways To Enable Hybrid AAD Join Mode For A Controlled Deployment
When you planning (of course you are!) to bring the local AD joined Windows workstations to Microsoft Endpoint Manager/ Intune, one of the first things you need to complete is a Pilot/ controlled deployment to understand the end result, Hybrid…
Microsoft Endpoint Manager Shared Multi-User Device Profiles
In this article, I’m planning on uncovering a configuration profile in MEM which is known as the Shared Multi-User Device Profiles. These profiles can be used and applied to the devices in the fleet which will be used by many…
Preparing workstations for the Cloud Journey with Hybrid Azure AD Join – Part 2: Add the devices to Intune
Part 1: Preparing workstations for the Cloud Journey with Hybrid Azure AD Join Now that we have add the existing computers to Azure AD in the Hybrid Join mode, there are few more steps that needs to be completed before…
Preparing workstations for the Cloud Journey with Hybrid Azure AD Join
In almost all the cases, the organization is not in a position to get away from the local domain as its tightly connected with other services that are running on-premises and maintaining the on-premises identity is vital. Further, you have…
Get new content delivered directly to your inbox.
EMS Route - Shehan Perera 