Restricting the Local Admins group – Intune

Sometimes, a device that should be onboarded with Autopilot, doesn’t get onboarded with Autopilot – for example, I recently uploaded the hardware hashes for several hundred devices provided by a hardware vendor.  The majority of these devices kicked into Windows Autopilot and onboarded with the appropriate Deployment Profile assigned. But I noticed that a very small number of devices did not onboard correctly, and while this isn’t a huge issue for the user, there were a few things that could cause an issue – two immediately spring to mind The computer name is randomly generated instead of having the computer…

Windows 11 Azure AD Groups and Filters – An update

The more I think about managing Windows 11 in Azure AD and Intune, the more I want to refine some of the configurations I have done. The recent Windows 11 Dev Channel build had me thinking about the Azure AD and Intune Filter blog posts and the configurations done there. Now if you are not doing any Windows Insidering at your company (first thing I’d ask is why not, but that’s a conversation for another time), then the configurations for Windows 11 in those blog posts should be perfectly fine until the next release of Windows 11 in 2022 (Remember,…

Windows 10, 11 and Intune Filters

In a previous post I wrote about a way to create an Azure AD dynamic device group to identify Windows 11 devices. But what if you don’t want to add an additional group or groups, or do a bit of rework with your Intune configuration, or have Intune profiles and policies targeted at groups that only contain users? Fortunately a recent Intune feature (currently in preview) may be able to help here. Filters are a way to deploy Intune profiles and policies to user and/or device groups where there maybe (for example) both Windows 10 and Windows 11 devices, but…

Windows 11 and Intune – A Windows 11 Dynamic Device Group

I’ve recently started working on validating Windows 11 in my organisation. We manage our devices primarily with Intune now so I need a quick and easy way to identify these devices. I’m a big fan of using Azure AD Dynamic Groups to reduce admin overhead, and I use these a lot (both Device and User) to help me manage my environment. I have a standard Windows 10 Dynamic group The Query used here (device.managementType -eq “MDM”) -and (device.deviceOSType -contains “Windows”) will look for all Windows devices that are Intune managed and add them to this Azure AD group. However, at…

Windows Autopilot and (Non Pacific Standard Time) Time zones

First things first…  Let me say I LOVE WINDOWS AUTOPILOT!!  It’s an awesome way for organisations to on-board Windows 10 devices in this new Modern Workplace world.  But while the technology has been ground-breaking for Window by bringing that user driven on-boarding experience that people are used to with iOS and Android, it has not been without its problems. Recently, I’ve had an issue when implementing this solution and it’s taken some serious troubleshooting, multiple service calls and some rather stressful times. I want to state here that while I detail this experience originally from a client site, nothing in…