SCCM Collections for devices with pending reboot

Long ago, I wrote a blog post on a report for finding the devices with pending reboot, more information is available on https://eskonr.com/2019/01/sccm-report-get-list-of-devices-with-pending-reboot-in-a-collection-with-different-states/ I was recently working on checking the compliance of the devices in SCCM for windows patching and I could see that the software update compliance is not that great due to various…
Powershell script to audit all Azure AD app registrations and notify secret key or certificate expiration

This week, I have another real-time use case about the audit of all azure AD app registrations and notify the application credential (secret key or certificate) near to expiration. Registering an application in Azure AD establishes a trust relationship between your app and the Microsoft identity platform, The application registration can be used to authenticate…
Use PowerShell to audit the Conditional Access Policies and alert via email

Conditional Access in Azure Active Directory needs no introduction. To read more information about Conditional Access, please refer to https://docs.microsoft.com/en-us/azure/active-directory/conditional-access/overview In my recent assignment, there was an ask to back up the conditional access policies every day and also notify through email for a list of conditional policies that are created or modified in the…
Using filters to restrict security information registration from trusted devices

It has been a while since Microsoft has released the combined registration (security) feature that helps users to register for both MFA and SSPR can register once if the methods in the Azure AD Multi-Factor Authentication and SSPR policies are enabled. For more information about Combined security information registration please read https://docs.microsoft.com/en-us/azure/active-directory/authentication/concept-registration-mfa-sspr-combined One of the…
SCCM Right Click Tool Managed workloads of co-managed device

Co-management (cloud attach) enables you to manage Windows 10 or later devices simultaneously by using both Configuration Manager and Microsoft Intune. For more information about co-management, please refer here. For a device to be co-managed, one of the pre-requisite is Windows devices must be connected to Azure AD using Hybrid Azure AD joined or Azure…
SCCM Right click tools–find missing updates of a client

Managing software updates and creation of custom reports in ConfigMgr is OCEAN. You have so much data to visualize based on your needs. One of the very common requirements or reports is, find out the missing/required updates of a device that is managed by SCCM. If you have not moved the device management solution to…
Troubleshooting co-management eligibility devices using scripts feature in SCCM

Intune has a Co-management eligibility report (currently in preview) which provides an eligibility evaluation for devices that can be co-managed. For devices to become co-managed, they must be running on windows 10 and enroll to Azure Active Directory. For a full set of intune reports, please refer to https://docs.microsoft.com/en-us/mem/intune/fundamentals/reports The other day, I was looking…