Use powershell to create Azure AD dynamic security group for Azure AD joined (AADJ) devices only

Recently, we had a requirement from customer, that they wanted to deploy applications /apply device configurations etc. from Intune to Azure AD Joined devices ONLY but not other devices like BYOD intune enrolled devices. (MAM/MDM) With intune, you can target apps ,device configurations, profiles ,deployments to both user groups OR device groups but not to…
How to create device based Azure AD group with OSType and OSVersion using powershell for intune

Friend of mine had asked for help to create device based dynamic group with deviceOSType=iOS ,and deviceOSversion less than 12.4.1. The reason for this group was to limit anything below iOS 12.4.1 for iPhone devices and MDM managed devices only to have a collection. So that ,we can exclude them from VPN to restrict users…
Check Microsoft office activation status using SCCM Compliance Settings

I did detailed blog post on 'how to get  office 365 proplus activation status' with help of extended MOF file and inventory changes. With this method ,you will get the activation details such as user email address, shared computer activation etc. For more information, please refer http://eskonr.com/2018/10/how-to-get-office-365-proplus-activation-status-and-excluded-apps-etc-using-sccm-configmgr/ . This method requires extension of MOF files…
How to duplicate or export or copy the Intune app configuration policies

Introduction: We can use app configuration policies in Microsoft Intune to provide configuration settings for an iOS or Android app. These configuration settings allow an app to be customized by using an industry standard approach to app configuration and management. The configuration policy settings are used when the app checks for them, typically the first…
Clean up your WSUS database for better performance and SCCM software update compliance

Introduction: With the recent Current Branch updates starting from 1806 , Microsoft is making good improvement on Software updates maintenance but there is lot to come in the near future. Read the Software updates maintenance tasks available in SCCM https://docs.microsoft.com/en-us/sccm/sum/deploy-use/software-updates-maintenance Many SCCM Admins think that ,installing WSUS ,doing initial configuration and configuring SUP role is…
SCCM Configmgr Remove Collection membership for Direct rule Collections using Powershell

  This blog post is continuation to my previous post ‘Monitor collection evaluation's and remove incremental membership schedule for non-priority collections’ .More information can be found at http://eskonr.com/2019/01/sccm-configmgr-monitoring-collection-evaluations-and-change-update-membership-schedule-using-powershell/ . In this post ,we will see how to improve the collection evaluation performance further by identifying list of collections with direct rule created that have membership…
How to deploy SCCM Remote Control Bits (standalone) to clients without ConfigMgr Console being installed

Introduction/Problem: We are in process of completing office 365 project to all users which bring teams and other products as part of office 365. We are using Lync/Skype for business as collaboration tool prior to office 365 project but once the project started ,every one is on teams hence we can decom lync servers and…