Recently, I worked on an SCCM report that compares the list of applications installed on two different computers—typically an older device and a new PC. This is particularly useful in scenarios such as hardware migrations or system upgrades or Virtual to physical migration, where you need to ensure that users have the necessary applications on their new devices. Why This Report is Useful: Though customer is using SCCM for application deployments, but there is no standard practice of automated deployments of applications such as user/device based requests etc. During the process of migrating users to new hardware, the management of…
Author: Eswar Koneti
Recently, I came across an insightful blog post on X (formerly Twitter) by Peter, discussing dynamic group creation for Intune deployments. Inspired by that, I wanted to share my own method—using regular expressions (regex) in Entra ID dynamic groups to build deployment rings based on percentage logic for Intune. 🧩 The Use Case Imagine managing 3,000 Windows devices across different locations, regions, or countries. You want to stage your Intune deployments in phases—starting with a pilot, then gradually rolling out to production in multiple rings. Here’s a rollout schedule I prefer (though you can adjust the % as needed): Ring…
Have you ever needed to extract a complete list of all Win32 applications in Microsoft Intune along with their properties, detection rules, and requirement rules? Few years ago, I wrote a blog post about extracting SCCM application properties from XML files stored in SQL. Now, with Intune becoming the primary endpoint management solution, I had a similar requirement—exporting all Win32 apps with their full details, including: ✅ Install/Uninstall command lines ✅ Detection rules (Registry, File, MSI, Script) ✅ Requirement rules (Architecture, Scripts, Dependencies) ✅ Creation & last modified dates ✅ Dependencies (if any) Since Intune doesn’t provide a built-in export…
Right Click Tools earned its reputation by streamlining endpoint management within Microsoft Configuration Manager. Now, Recast Software has extended those capabilities to Microsoft Intune with a free browser extension—Right Click Tools for Intune Community Edition. This browser extension is designed to bring familiar, efficient device management actions directly into your Intune console. Unifying Co-Managed Device Actions in a Single Interface For IT teams juggling on-premises, co-managed, and Intune environments, managing devices requires switching between multiple consoles. The new extension, available for both Chrome and Edge, changes that by integrating essential right-click actions directly within Intune. Here’s how it works: ·…
Introduction: Windows Hello for Business is a game-changer for enterprise security, offering a seamless and secure way to authenticate users on Windows devices. It replaces traditional passwords with biometric authentication (like facial recognition or fingerprint scanning) and a backup PIN. This PIN acts as a secondary authentication method, ensuring users can still access their devices even if biometrics fail or aren’t available. While Windows Hello for Business enhances security and simplifies the login process, it’s not without its challenges. One such issue I recently encountered involves the PIN reset functionality. Specifically, when users attempt to reset their PIN from the…
In this blog post, we’ll walk through the steps to migrate Microsoft 365 (Office) updates from SCCM/MECM to Intune for devices that are co-managed or fully managed by Intune. This process is part of a broader cloud migration strategy, enabling organizations to manage Office updates via Intune for a subset of devices or all devices. This guide is applicable to both co-managed and fully Intune-managed devices. Let’s dive in! Requirements Scenario: You have hundreds of Windows devices that are co-managed, with Microsoft 365 updates currently managed by SCCM. As part of your cloud migration to Intune, you want to…
Managing Intune managed device health, compliance, and updates across an organization can be a complex task, especially when dealing with various data sources. By integrating Intune device data with Windows Update for Business (WUfB) data in Log Analytics, you can gain powerful insights into the status of your devices, their security compliance, and update history. This approach simplifies reporting and troubleshooting by combining device inventory information with patch management in a centralized location. Before diving into the combing of the Intune data and WUfB data, here’s what you’ll need: Prerequisites: Intune Logs in Log Analytics: You must configure Intune to…
In this blog post, we'll explore how to detect the source of registry key modifications on a Windows device. In other words, we'll look into identifying who is adding, deleting, or changing registry keys, whether through Group Policy (GPO), Intune, SCCM, scripting, or other methods. Scenario: BitLocker Recovery Mode While investigating an event related to exceeding the maximum failed sign-in attempts that caused a device to enter BitLocker recovery mode, I have come across an interesting finding. For a full list of BitLocker recovery scenarios, you can refer to the official Microsoft documentation. Here’s how the situation cracked: I selected…