Managing Intune managed device health, compliance, and updates across an organization can be a complex task, especially when dealing with various data sources. By integrating Intune device data with Windows Update for Business (WUfB) data in Log Analytics, you can gain powerful insights into the status of your devices, their security compliance, and update history. This approach simplifies reporting and troubleshooting by combining device inventory information with patch management in a centralized location. Before diving into the combing of the Intune data and WUfB data, here’s what you’ll need: Prerequisites: Intune Logs in Log Analytics: You must configure Intune to…
Author: Eswar Koneti
In this blog post, we'll explore how to detect the source of registry key modifications on a Windows device. In other words, we'll look into identifying who is adding, deleting, or changing registry keys, whether through Group Policy (GPO), Intune, SCCM, scripting, or other methods. Scenario: BitLocker Recovery Mode While investigating an event related to exceeding the maximum failed sign-in attempts that caused a device to enter BitLocker recovery mode, I have come across an interesting finding. For a full list of BitLocker recovery scenarios, you can refer to the official Microsoft documentation. Here’s how the situation cracked: I selected…
I recently had a conversation with a customer about Windows Update for Business (WUfB) deployment services and devices managed by Intune. Customer using MECM/SCCM and all of the WUfB workloads are moved to Intune. If you'd like to learn more about WUfB, you can refer to the official documentation here. During our discussion, we focused on improving the security posture of devices through timely Windows updates. To enhance compliance with Windows Update policies, the first step is to gather statistics on the update status of Intune-managed devices. A few months ago, I shared a post on how to identify whether…
Recently, I received a request from a customer to identify users who have enrolled their mobile devices, specifically iOS and Android, managed by Intune. Initially, I explored the Intune console, applying filters based on the operating system to generate a list of mobile devices and their associated users. However, this approach only provided a basic view, requiring me to export the data to a CSV file and use Excel formulas to identify users with both iOS and Android devices—an arduous and time-consuming process. Streamlining the Process with KQL and Power BI To simplify this use case, I turned to KQL…
Managing Windows endpoints with SCCM (System Center Configuration Manager) and co-management enabled can be challenging, especially when dealing with co-management issues. In this post, I’ll share insights and troubleshooting steps to help you resolve issues with devices that are supposed to be co-managed by Intune but aren’t appearing as expected. Background I recently worked on a Power BI report designed to compare devices listed in Active Directory (AD) with those in Intune (via Log Analytics) based on their last logon status. The goal was to identify devices that are co-managed or Intune-enrolled. During this process, I noticed that hundreds of…
In a recent conversation with a customer managing endpoints via SCCM ConfigMgr, we discussed the need to monitor the installation of critical security applications. Specifically, the customer wants to ensure that devices have essential applications—such as antivirus and device monitoring tools—installed. If any device is missing a required application, it should be flagged in a report. Use Case For instance, consider three essential security agents: Qualys agent, Netskope, Cisco VPN. It’s crucial that these applications are installed on every device. If a device is missing any of these agents, we need a mechanism to identify it in our reporting. To…
Requirement rules in Microsoft Intune offer a powerful way to manage application deployments . By ensuring that applications are installed only on devices that meet specific criteria, organizations can enhance security, improve user experience, and streamline IT processes. Limitations of Intune's GUI Requirement Rules Intune provides requirement rules through its GUI, but these options are somewhat limited to operating system and hardware checks. If you come from a SCCM/ConfigMgr background, you may be familiar with "global conditions," which allow you to reuse conditions across multiple applications. Unfortunately, Intune does not currently support this feature. Custom Scripts for Flexibility One of…
I recently encountered a Windows 10 KMS (Key Management Service) activation issue reported by a customer. The problem was evident from the screenshot provided, where the device displayed an "Activation Required" message on the desktop. The Issue The activation issue was reported from a remote system, and unfortunately, there wasn’t much information on whether the devices at the customer’s site were activated using KMS or MAK (Multiple Activation Key). Given the limited details and the fact that these devices are managed through SCCM/SCCM, I decided to leverage SCCM’s scripting capabilities to investigate the activation status. Activation Methods Overview If you're…