Recently, I have been doing a lot of Microsoft Intune deployments and write up’s. One of the most time-consuming tasks with Intune is the application portion, where you package applications up to deploy to your end-user machines. Currently, if the application is bundled as an executable (exe), the steps to get it into Intune is as follows:
- Grab the installation executable
- Find the install switches – most common one is the silent switch, but some applications may have other switches you will need as well
- Find the install directory or registry key to tell Intune if it installed correctly or not
- Find the uninstall executable and any switches it has as well
- Wrap the executable in an ‘INTUNEWIN’ format
- Import file into Intune
- Configure the application with the install and uninstall switches as well as the directory it creates to Intune knows if it installed correctly or not
This process … Continue...
With Auto Pilot you need to import a machines Auto Pilot hash, or hardware ID, to register the device with the Windows Auto Pilot deployment service in Azure. Ideally, the process of getting the Auto Pilot hash would be performed by the OEM, or reseller from which the devices were purchased, but currently the list over participating resellers is small. The other option is to do it manually which requires you boot the device up, go through the out of box experience (OOBE), and then run a PowerShell script which will spit out the hash CSV for you to then import into Auto Pilot. This process can be time consuming if you have a batch of new machines, and once you get the hash for each device, you must reset it so during the next boot it will go through the OOBE and enroll via Auto Pilot.
In this post … Continue...
Intune is a great way to deploy applications to your managed devices, couple that with Auto Pilot and its a quick and easy way to deploy new end-user machines as well. With Intune you can deploy applications like MSI, Win32, Microsoft Store, etc. The application files are cached on your local machine via Intune, and then installed. But with applications that require multiple files, or even install directories, or large install files this may not be the best method. With multiple files you could put all your files and directories in one folder, create a PowerShell script to move the files and call the installer, and wrap it all up in a intunewin format (and then in the Intune install command, call powershell.exe to run your custom PowerShell script). OR you can stick it up in Azure Blob Storage, and create a PowerShell configuration script to download and install it. … Continue...
Hybrid Azure AD join requires devices to have access to the following Microsoft resources from inside your organization’s network. These addresses must be accessed using the SYSTEM context. If you are using Auto Pilot this will be accessed during the enrollment status part:
https://autologon.microsoftazuread-sso.com (If you use or plan to use seamless SSO)
To verify if the device is able to access the above Microsoft resources under the system account, you can use Test Device Registration Connectivity script.
Review AD DS UPN support for Hybrid Azure AD join
The table below provides details on support for on-premises AD UPNs in Windows 10 Hybrid Azure AD join
I found this fantastic PowerShell module from jseerden that queries Microsoft Graph, and allows for cross-tenant Backup & Restore of your Intune Configuration. The Intune Configuration is backed up as JSON files in a given directory. The module allows an administrator to backup, restore and even compare different Intune backup sets.
The module requires a total of 3 modules to be present, you can install them by running the following commands in an administrative PowerShell prompt:
- AzureAD (
Install-Module -Name AzureAD)
- MSGraphFunction (
Install-Module -Name MSGraphFunctions)
The IntuneBackupandRestore PowerShell module is hosted on the PowerShell Gallery. You can install it by running the following command in an administrative PowerShell prompt:
Install-Module -Name IntuneBackupAndRestore
Connect to Microsoft Graph
Next, we will connect to Microsoft Graph using the “Microsoft Intune PowerShell” application in AzureAD, so you don’t need to create your own … Continue...
I am currently doing a Auto Pilot / Intune deployment and was asked how we could deploy web link shortcuts to the users desktop as well as the start menu. Currently when you do a web link app deployment in Intune it will only ‘install’ it in the users Start menu and not the users desktop. By leveraging PowerShell and Intune Configuration policies we can have it deploy to the start menu and the desktop.
During my initial search I came across this blog which was exactly what I was looking for but since I have OneDrive folder redirection it seemed to be having issues finding the desktop path, and I wanted to use any icons instead of the default chrome or edge icons.
Azure Blob and Custom Icons
For the shortcut you need to specify a url to a ICO file. To do this I set up cold Azure … Continue...
My last two articles showed you how you can set a computers desktop wallpaper and lock screen wallpaper without having Enterprise or Education by using a PowerShell script and Intune. Now I wanted to figure out how to configure the Windows accent color to also match my corporate branding.
Get Color Values
The first thing we need to do is to get the proper registry values for the color we want to use. For this I just set my local computer’s accent color to the color I wanted to apply to my target machines. You only need to do this one time, once you set the color you want and copy the keys you will not have to do it again.
Once you set the proper color, you will want to navigate to the following registry path: HKCU:\Software\Microsoft\Windows\CurrentVersion\Explorer\Accent
- The fist key we want to look at is the AccentColorMenu key.
In my previous article I showed you how you can leverage PowerShell and Intune to set a computers wallpaper even if the OS was not Enterprise or Education. Currently, If you want to set the wallpaper or lock screen wallpaper via Intune Policies, you must be on either Enterprise or Education. In this article I will show you how you can leverage PowerShell and Intune, and set your own lock screen wallpaper no matter the version.
In my example I will use Intune to set the lock screen image of my end user machines to the following image:
First, we need to create a PowerShell script that will do the following:
- Download the wallpaper
- Store the wallpaper locally on the target machine
- Set the lock screen wallpaper
In my example, I want to set my wallpaper as the following image: https://www.thelazyadministrator.com/wp-content/uploads/2019/07/nicewall.jpg, which will be named wallpaper_LazyAdmin.jpg and stored at … Continue...
By default, there is an Intune device configuration property that can set a devices wallpaper (Profile Type: Device Restrictions > Personalization) BUT this is only applicable on devices running Windows 10 Enterprise and Windows 10 Education. Luckily, using PowerShell we can download a image from the web, save it locally, and set it as our users wallpapers.
First we need to create our PowerShell script. In PowerShell ISE I created the following script and saved it to my local machine
$RegKeyPath = "HKLM:\SOFTWARE\Microsoft\Windows\CurrentVersion\PersonalizationCSP"
$DesktopPath = "DesktopImagePath"
$DesktopStatus = "DesktopImageStatus"
$DesktopUrl = "DesktopImageUrl"
$StatusValue = "1"
$url = "https://www.thelazyadministrator.com/wp-content/uploads/2019/07/nicewall.jpg"
$DesktopImageValue = "C:\MDM\wallpaper_LazyAdmin.jpg"
$directory = "C:\MDM\"
If ((Test-Path -Path $directory) -eq $false)
New-Item -Path $directory -ItemType directory
$wc = New-Object System.Net.WebClient
if (!(Test-Path $RegKeyPath))
Write-Host "Creating registry path $($RegKeyPath)."
New-Item -Path $RegKeyPath -Force | Out-Null
New-ItemProperty -Path $RegKeyPath -Name $DesktopStatus -Value $StatusValue -PropertyType DWORD -Force |
Graph is Microsoft’s RESTful API that allows you to interface directly with Azure AD, Office 365, Intune, SharePoint, Teams, OneNote, and a whole lot more. By using the Invoke-RestMethod PowerShell cmdlet we can connect and interact directly with the Graph API. The