How to create device based Azure AD group with OSType and OSVersion using powershell for intune

Friend of mine had asked for help to create device based dynamic group with deviceOSType=iOS ,and deviceOSversion less than 12.4.1. The reason for this group was to limit anything below iOS 12.4.1 for iPhone devices and MDM managed devices only to have a collection. So that ,we can exclude them from VPN to restrict users…
How to install volume licensed versions of Project 2016 and Visio 2016 on computer that has office 365 proplus (Click-to-Run)

I have worked on couple of office 365 proplus rollout projects. In all projects ,one of the critical task is to manage MSI based deployments for visio/project 2016 on computer that runs office 365 proplus (Click-to-Run). Click-to-Run is the technology used to install Office 365 proplus subscription based .Windows Installer technology (MSI) was used to…
How to duplicate or export or copy the Intune app configuration policies

Introduction: We can use app configuration policies in Microsoft Intune to provide configuration settings for an iOS or Android app. These configuration settings allow an app to be customized by using an industry standard approach to app configuration and management. The configuration policy settings are used when the app checks for them, typically the first…
Unable to see the intune enrolled windows 10 device in Azure portal – You can’t get there from here

Problem: Recently ,i was looking at customer intune related issue (POC) . Customer had setup conditional access policies (device to be compliant or hybrid Azure AD join) ,intune device compliance policies and also configured Mobility (MDM and MAM). Customer is purely using on-prem domain join and no hybrid azure AD join and no SCCM. They…
How to install SCCM Client from Microsoft Intune for Co-managed and CMG – Notes from the field

I had setup SCCM Cloud Management gateway and Co-management for small customer who would like to extend the SCCM operations to windows 10 devices which are connected to internet. The cloud management gateway (CMG) provides a simple way to manage Configuration Manager clients on the internet. By deploying the CMG as a cloud service in…
WIP policy for intune enrolled devices cannot run Visio project desktop application in enterprise context

WIP (windows information protection) is the mobile application management (MAM) mechanism on Windows 10. WIP gives you a new way to manage data policy enforcement for apps and documents on Windows 10 desktop operating systems, along with the ability to remove access to enterprise data from both enterprise and personal devices (after enrollment in an…