Import Windows Devices for AutoPilot in Microsoft Endpoint Manager

Benoit LecoursIntune13 Comments

Windows Autopilot is a solution designed that allows you to set up and pre-configure Windows devices for your environment using Azure and Endpoint Manager. The goal of Autopilot is to reduce the OS deployment complexity. If done correctly, a user logs to an out-of-box computer, logs on his computer with his ADD user account, and applicationsĀ and configurations get deployed. All that with minimum infrastructure requirements. If you are new to Autopilot, we have a post that describes every step you need to do to get started. Autopilot has its flaws but it’s improving very fast. One of those flaws was that device importation was made from the Windows Store for Business or the Microsoft Partner Center. Those days are over since you can now import your device directly from Endpoint Manager. Endpoint Manager Autopilot device import Launch Endpoint Manager Select Device / Enroll Devices / Windows enrollment In the Windows Autopilot … Read More

How to use Microsoft Defender for Endpoint antivirus security with Intune

Jonathan LefebvreIntuneLeave a Comment

Microsoft Defender has come a long way since the first few releases to become a leader in all all-things security-related. What was originally a standard antivirus solution has evolved into a full product suite. If you are looking to configure Microsoft Defender(Endpoint protection) with Configuration Manager, see our guide that is available in our shop This post will focus on configuring Microsoft Defender for Endpoint Security Antivirus by using Intune. Prerequisites Windows 10 or Windows 11 Aside from the Intune various licensing option you’ll need to manage your devices, there are no other requirements to use this feature. Create Microsoft Defender for Endpoint antivirus security profiles Connect to the Endpoint portal Browse to Endpoint Security/ Antivirus Click Create Policy. At this point, the Antivirus policies are split into 3 distinct sections. Microsoft Defender Antivirus This will essentially manage the core features. Microsoft Defender Antivirus Exclusions This will be the various … Read More

How to fix Azure Update Compliance missing devices

Jonathan LefebvreIntune, WINDOWS 10, Windows 11Leave a Comment

Azure Update Compliance has been around for a few years already. Originally part of Windows Analytics, it’s the only component that lived through the years. It has become more popular with the growing number of devices managed with Windows Update for Business. It is also useful for an environment that manages updates and feature updates with Configuration Manager. In this post, we’ll cover how to make the required change so devices report back to Azure Update Compliance. I recently did a check for a few clients and noticed that the number of devices in Update Compliance was drastically low or even almost empty in some environments. This is because of a change from Microsoft, that was enforced back in January 2022. Since devices were managed prior to May 2021, we need to adjust the configurations to fix Azure Update Compliance missing devices. If you are looking for how to use … Read More

How to use Desktop Analytics for Windows 10 Feature Update

Jonathan LefebvreIntune, SCCM1 Comment

Desktop Analytics is still a recent product and a small beast that require a bit of time and trial and error to get going. The goal of Desktop analytics is to give data to understand your environment prior to mass roll out a new Windows 10 Feature Update. Desktop Analytics isn’t a product to deploy a Windows 10 Feature Update. ConfigMgr remains the master of the actual deployment. In this blog post, we’ll detail real-world scenarios on how to use Desktop Analytics information to help during a Windows 10 Feature update deployment. Desktop Analytics Windows 10 Update Requirements See our previous post on how to setup Desktop Analytics and connect it to your SCCM/ConfigMgr/MEMCM environment prior to reading this post. Select devices to be evaluated by Desktop Analytics Here are a few questions to help determine which devices should be included. Should Windows 7 devices be included? Assuming you are … Read More

Deploy Win32 Apps with Endpoint Manager (Intune)

Benoit LecoursIntune5 Comments

In September 2019, Microsoft announced that Intune was finally able to distribute Win32 applications. This was a major show stopper to go full MDM for Windows 10 devices for many companies and would keep using SCCM/MEMCM to fulfill this duty. In this post, we will detail how to deploy Win32 Apps with Endpoint Manager. We’ll deploy Google Chrome with the MSI installer as an example. Win32 Apps Endpoint Manager Prerequisites Download the Microsoft Win32 Content Prep Tool from GitHub Prepare Endpoint Manager Win32 application First, you need to “wrap” all the required files into an Endpoint Manager (Intune) format. To do so, Microsoft has a tool that will “convert” your application into a .intunewin file at the end of the process. The generated .intunewin file contains all compressed and encrypted source setup files and the encryption information to decrypt it. Download the Microsoft Win32 Content Prep Tool and have the … Read More

Manage Android devices without GMS using Microsoft Endpoint Manager

Eswar KonetiEMS, IntuneLeave a Comment

I was recently helping out a customer who wanted to manage Android mobile devices using Endpoint Manager for users in China. What is different from managing Android mobile devices for users in China and out of China? There is a significant difference and it is due to the services available on an Android mobile device that is required for managing the devices using Microsoft Intune. Microsoft Endpoint Manager provides 2 ways of protecting the mobile devices which are MAM-WE (Application management without enrollment) and Device enrollment (MDM). Following are some of the major differences between MDM vs MAM (app protection policies): MDM (Mobile Device Management) MAM(Mobile Application Management) Enroll devices Publish Apps Provision settings, certs, profiles Configure and update apps Auto install apps Secure corporate data within mobile apps Report and messure device compliance Report app inventory and usage Remove corporate data Remove corporate data Reset device Remote wipe (Corporate … Read More

Collect Windows10 Events in log analytic Workspace

Jonathan LefebvreAzure, IntuneLeave a Comment

Windows 10, Azure, and Endpoint Manager offer many different tools to gather and know more about what is going on in your environment. One of those is Log Analytics Workspace. Log Analytics workspace has the ability to collect data from Windows devices such as Events and performance data through the Microsoft monitoring agent. This can centralize Windows events to be analyzed and crunched to identify potential impacts happening to many computers. While the Monitoring agent is free, the data hosted in Log Analytics Workspaces will cost a little per month for great insight. Based on past experience, you can expect ~100$/month for roughly 7000 devices reporting Errors and Warning. In this post, we will describe how to configure the Azure Log Analytics Workspace to gather Windows10 Events centrally. Windows10 Events log analytic – Prerequisites The following operating systems are supported to report event viewer by using the Log Analytics agent … Read More

How to use Windows Update for Business with Intune

Jonathan LefebvreIntuneLeave a Comment

Windows Update for Business is one of the new things Microsoft proposed along with Windows 10. It has come a long way since it’s release. Even if it isn’t perfect yet, or give all the flexibility that ConfigMgr (MEMCM) offer when managing monthly update or feature release, for many small/medium business, this brings a more simple approach to patching and maintaining Windows 10 up to date. In this post, we will detail how to configure Intune Windows Update for Business to patch Windows 10 devices managed by Intune Pre-requisites Windows 10 must be managed by Intune If Windows 10 is being co-managed with ConfigMgr(MEMCM), make sure the slider for Software Update is set to Intune Intune Windows Update Business – Update rings strategy Depending on multiple factors, the key for Windows Update for Business to be successful is to define the various update rings for your enterprise. Here, no magic … Read More

How to configure Delivery Optimization with Intune

Jonathan LefebvreIntune, WINDOWS 10Leave a Comment

Microsoft has been hard at work to optimize content delivery since the release of Windows 10 and Office 365. While not perfect at the beginning, the offer is now really great and offer many supported methods to ease the huge content that needs to be distributed month after month. Delivery Optimization is a key component included in Windows 10 since the beginning and recently added to Office 365. Combining Delivery Optimization Intune with Windows update for business will greatly help content download from the Internet. In this post, we will provide details to configure Delivery Optimization for Windows 10 and Office 365, by using Microsoft Intune. This post is part of a series on Windows Autopilot that will be published in the following weeks. In the next posts, we will cover the following subjects : Getting started with Windows Autopilot | Step-by-step guide How to deploy Win32 Applications in Microsoft … Read More

How to deploy Office 365 with Intune

Jonathan LefebvreIntune5 Comments

As part of a move away from standard OS deployment with SCCM toward Windows Autopilot with Intune, one of the usual key component is managing the installation of Office 365. Intune provides a built-in way of creating the application. While the end result will remain the same as other methods of installing Office 365, one of the great benefits of using this method is that it can automatically install the latest build available for the chosen channel, without a need for administrative modifications. In this post, we will detail how to prepare Office 365 application with Intune. This post is part of a series on Windows Autopilot that will be published in the following weeks. In the next posts, we will cover the following subjects : Getting started with Windows Autopilot | Step-by-step guide How to deploy Win32 Applications in Microsoft Intune How to customize Windows 10 with Microsoft Intune … Read More