Author: Eswar Koneti

EMS

Recently, I received a request from a customer to identify users who have enrolled their mobile devices, specifically iOS and Android, managed by Intune. Initially, I explored the Intune console, applying filters based on the operating system to generate a list of mobile devices and their associated users. However, this approach only provided a basic view, requiring me to export the data to a CSV file and use Excel formulas to identify users with both iOS and Android devices—an arduous and time-consuming process. Streamlining the Process with KQL and Power BI To simplify this use case, I turned to KQL…

Read More

Managing Windows endpoints with SCCM (System Center Configuration Manager) and co-management enabled can be challenging, especially when dealing with co-management issues. In this post, I’ll share insights and troubleshooting steps to help you resolve issues with devices that are supposed to be co-managed by Intune but aren’t appearing as expected. Background I recently worked on a Power BI report designed to compare devices listed in Active Directory (AD) with those in Intune (via Log Analytics) based on their last logon status. The goal was to identify devices that are co-managed or Intune-enrolled. During this process, I noticed that hundreds of…

Read More

In a recent conversation with a customer managing endpoints via SCCM ConfigMgr, we discussed the need to monitor the installation of critical security applications. Specifically, the customer wants to ensure that devices have essential applications—such as antivirus and device monitoring tools—installed. If any device is missing a required application, it should be flagged in a report. Use Case For instance, consider three essential security agents: Qualys agent, Netskope, Cisco VPN. It’s crucial that these applications are installed on every device. If a device is missing any of these agents, we need a mechanism to identify it in our reporting. To…

Read More
EMS

Requirement rules in Microsoft Intune offer a powerful way to manage application deployments . By ensuring that applications are installed only on devices that meet specific criteria, organizations can enhance security, improve user experience, and streamline IT processes. Limitations of Intune's GUI Requirement Rules Intune provides requirement rules through its GUI, but these options are somewhat limited to operating system and hardware checks. If you come from a SCCM/ConfigMgr background, you may be familiar with "global conditions," which allow you to reuse conditions across multiple applications. Unfortunately, Intune does not currently support this feature. Custom Scripts for Flexibility One of…

Read More

I recently encountered a Windows 10 KMS (Key Management Service) activation issue reported by a customer. The problem was evident from the screenshot provided, where the device displayed an "Activation Required" message on the desktop. The Issue The activation issue was reported from a remote system, and unfortunately, there wasn’t much information on whether the devices at the customer’s site were activated using KMS or MAK (Multiple Activation Key). Given the limited details and the fact that these devices are managed through SCCM/SCCM, I decided to leverage SCCM’s scripting capabilities to investigate the activation status. Activation Methods Overview If you're…

Read More
EMS

This blog post details the troubleshooting steps taken to resolve an issue where a co-managed device wasn't enrolling successfully in Microsoft Intune. The user wasn't able to access applications through the Company Portal, receiving a message about belonging to another organization. "This device is already set up in another organization. Contact company support." Despite the device being co-managed and all workloads transitioned to Intune, the error persisted. Here's a step-by-step breakdown of the investigation and resolution process. Check Device Status in Intune Console The first step was to verify the device's status in the Intune console. I noted that there…

Read More

In a recent project, I was involved in migrating endpoint workloads from SCCM/ConfigMgr to Microsoft Intune. A key part of this migration was transferring the Windows Update for Business (WUfB) workload to Intune, with the goal of managing Windows updates exclusively through Intune. However, after migrating the WUfB workload to Intune, I noticed that some devices continued to receive patches from SCCM. This discrepancy occurs because you will need to configure and assign update rings in Intune otherwise, SCCM will still manage the Windows update patching. To determine whether a device’s Windows patching is controlled by SCCM or Intune, you…

Read More

Two years ago, I wrote an article on how to disable or enable the auto-start feature of the classic Microsoft Teams application on Windows devices using Group Policy (GPO). For more details, please refer to my previous post: How to Disable or Enable Auto-Start of Teams Application Using GPO. With the release of the new Microsoft Teams, many of my blog readers have asked how to disable the auto-start feature for this updated version. Since the methods used for the classic Teams no longer apply, this blog post explores various options for managing auto-start with the new Teams. Managing Auto-Start…

Read More