There were a lot of new updates for Microsoft Intune at the Ignite 2022. Organizational Messages are one of them. This feature is still in preview and believe more options will be available in the coming months. Imagine you need to send that one quick important message to the users on a Friday afternoon reminder … Continue reading Organizational Messages – A Better Way to Push Important Messages to Your Users via Microsoft Intune
Category: Microsoft Intune
My First Speaking Session and the First Microsoft EM+S Community Live Event
So last week I finally did my very 1st speaking session. This is the very 1st community event held by the Discord Group Microsoft EM+S Community. Microsoft EM+S Community https://www.youtube.com/watch?v=Cxr61C4g7iQ Shout out to the other speakers as they've all done a great job in presenting their sessions as well as continuously sharing their knowledge on … Continue reading My First Speaking Session and the First Microsoft EM+S Community Live Event
Enrolling Linux Devices and Setting Compiance Policies in Intune
My morning coffee hit me in a very different way this morning. I've been sitting on the whole Linux enrollment feature introduced a few weeks ago and this morning I thought I need to do it. This is an early look at the Linux Enrollment and what Compliance Policies are available from Intune. What I … Continue reading Enrolling Linux Devices and Setting Compiance Policies in Intune
Intune to Configure and Lock DFCI for Autopilot Devices
How handy it will be to manage the UEFI (Unified Extensible Firmware Interface) settings of the enrolled devices? That's exactly what I'm going to explore in this article. What I will be covering 👇🏾 What is DFCI? (Device Firmware Configuration Interface)Use CasesDFCI LifecycleRequirements and OEM Vendor SupportOEM Vendor SupportIntune to Manage DFCI?Intune Device Configueration ProfileWrapping … Continue reading Intune to Configure and Lock DFCI for Autopilot Devices
New and Updated Microsoft Intune Device Control Policy Settings
New day new blog post. This is more of an updated guide to what I've written some time ago (check below) https://shehanperera.com/2022/08/06/mem-device-control-1/ What I Will Be Covering? 👇🏽 What's New?🌟 Apply layered order of evaluation for Allow and Prevent device installation policies across all device match criteria🌟 Removable Storage Access🌟 Defender Scanning (this setting can … Continue reading New and Updated Microsoft Intune Device Control Policy Settings
Microsoft Intune Audit Logs Hunting With KQL
In this blog article, I want to discuss the power of KQL again and do a bit of a deep dive. I've written a few blog posts about getting started with KQL and using some basic queries that can make your tech life more effortless. I want to specifically focus on the IntuneAuditLogs KQL table … Continue reading Microsoft Intune Audit Logs Hunting With KQL
The Calm After the Storm. Microsoft Ignite 2022 All Endpoint Management and Identity and Access Announcements
Microsoft Ignite 2022 just finished and it was a blast! So many new product updates and announcements. It was truly exciting to see all the Ignite related news. Because obviously it was a lot and probably the LinkedIn feeds are flooded with the updates and reposts and what not, I thought to give it a … Continue reading The Calm After the Storm. Microsoft Ignite 2022 All Endpoint Management and Identity and Access Announcements
Get Started with Microsoft Graph Intune PowerShell Module for Endpoint Manager Tasks
This is my very first blog post after being awarded as a Microsoft MVP and during the past few days it was all about processing this new avenue that just opened up in my life and was mentally getting ready for it. I will be writing a separate article about that later. But for now, … Continue reading Get Started with Microsoft Graph Intune PowerShell Module for Endpoint Manager Tasks
Configure “Enhanced Phishing Protection in Microsoft Defender SmartScreen” in Windows 11 22H2 via Endpoint Manager
Windows 11 22H2 update brought a lot of good stuff and as a tech enthusiast I really appreciate what Microsoft is doing to ensure the end user devices are protected. Enhanced Phishing Protection in Microsoft defender SmartScreen is one of them. While the features are available to the standard Windows Home user, I tested these … Continue reading Configure “Enhanced Phishing Protection in Microsoft Defender SmartScreen” in Windows 11 22H2 via Endpoint Manager
Microsoft Intune and Defender for Endpoint Relationship Simplified
I stumbled upon this so many times, tripped and fell, read things over, test things again and again, and finally thought to write about it. Without understanding the high-level architecture and how these two services talk to each other, using this in day-to-day tech life can be challenging. Especially if you are coming from a … Continue reading Microsoft Intune and Defender for Endpoint Relationship Simplified
How to Use Endpoint Manager Import ADMX Function to Map Shared Drives
Earlier this year I wrote the same but more of a manual method to map drives using Endpoint Manager OMA-URI function and by ingesting the ADMX files in raw form to configure the drives. https://shehanperera.com/2022/04/01/network_shares_with_mem/ After Microsoft announced the Preview of the Import ADMX function, I was thrilled as I wanted to test out a … Continue reading How to Use Endpoint Manager Import ADMX Function to Map Shared Drives
Azure AD Device Registration – Part 2 – Use Azure Automation to Get Notified When Devices Go Pending State
This is the 2nd post of this 2 part troubleshooting series and In the 1st part of this series I showed you why the devices can go on Pending and what can you do to troubleshoot and fix the issue. But what if you go Hybrid AAD Join mode with your fleet and you need … Continue reading Azure AD Device Registration – Part 2 – Use Azure Automation to Get Notified When Devices Go Pending State
Azure AD Device Registration – Part 1 – How to Fix the Pending Registration State Issue?
Firstly I must say, during your cloud journey you may have seen this error many times and fixed this many times. Also there can be engineers who are yet to see this error (among other errors) and want to fix this. In a Hybrid AAD Joined (HAADJ) environment, ideally what you want the device registration … Continue reading Azure AD Device Registration – Part 1 – How to Fix the Pending Registration State Issue?
[Nugget] Replace Edge Browser F1 Key Help URL with Endpoint Manager
![[Nugget] Replace Edge Browser F1 Key Help URL with Endpoint Manager](https://emsroute.com/wp-content/uploads/2022/08/windows-feature-update-device-readiness-reports-1.png?w=863&h=0&crop=1)
Quick nugget and this can be a handy way to push your IT Support/ Helpdesk info in to the user's browser and its literally one key stroke away. F1 that is. In the Edge Brower, if you press F1 key, you will get the below default webpage But wouldn't that be nice to make it … Continue reading [Nugget] Replace Edge Browser F1 Key Help URL with Endpoint Manager
Device Control Polices with Microsoft Defender for Endpoint and Endpoint Manager
Device Control is one of the core components of any Device Management solution. This identifies what devices the user can install in their system or plug and play. While there are devices that need to be installed on user computers such as printers, specific computer peripherals, and USB keys, you don't want to allow the … Continue reading Device Control Polices with Microsoft Defender for Endpoint and Endpoint Manager
[Product Feature] Passwordless Authentication with FEITIAN BioPass FIDO2 Security Key K49
![[Product Feature] Passwordless Authentication with FEITIAN BioPass FIDO2 Security Key K49](https://emsroute.com/wp-content/uploads/2022/07/windows-feature-update-device-readiness-reports-11.png?w=863&h=0&crop=1)
FEITIAN Technologies recently reached me out via LinkedIn to request if I can review one of their latest Passwordless key products - K49. This is not a paid review and only contains my independent opinion as a technologist as well as an avid Identity and Access Management enthusiast. I'm always a big fan of going … Continue reading [Product Feature] Passwordless Authentication with FEITIAN BioPass FIDO2 Security Key K49
A Closer Look At The Azure AD Joined Device Local Administrator Role And Endpoint Manager Account Protection Policy
Local Admin is a must needed account/ access that requires in a domain setup for so many reasons. Over the years Microsoft brought many options to manage these accounts in a secure manner. Restricted groups/ LAPS etc. With Azure AD and Endpoint Manager in the scene, many devices are moved to cloud managed rather than … Continue reading A Closer Look At The Azure AD Joined Device Local Administrator Role And Endpoint Manager Account Protection Policy
An Attempt to Configure Defender for Endpoint and Endpoint Manager With the Same Device Tag
Most often the device tagging requirements are simple or you do have a set of tags for the devices that are enrolled in Intune and a set of tags for the devices onboarded in Defender for Endpoint. However there can be situations where you need both services to have the same device tagging setup. This … Continue reading An Attempt to Configure Defender for Endpoint and Endpoint Manager With the Same Device Tag
How to use Log Analytics on Endpoint Manager
Ever since I learned about KQL I'm obsessed about it and what it can do in Azure Log Analytics space and this is my attempt on plugging another service to Log Analytics to experiment with the logs. KQL has proven to be a clever tool when it comes to dig deeper in to Log Analytics. … Continue reading How to use Log Analytics on Endpoint Manager
How to Setup Endpoint Manager RBAC
Welcome to another MEM article. Today I'm going to talk about an essential component of Microsoft Endpoint Manager where a lot of admins ignore or fail to configure. As your team grows or if you planning on outsourcing tasks to a different team of admins, a MSP perhaps, it is vital to configure correct RBAC … Continue reading How to Setup Endpoint Manager RBAC
EMS Route 