Tag - MSIntune

How to manage local user group membership with Microsoft Intune to make users local admin

I did several Intune projects by customers, and with almost every implementation a subset of users’ needs to have local administrator rights (for example developers). There are several ways to grant users these rights, for example via a separate Autopilot profile where you specify that users need to be local Administrator. Or via the “additional local administrators on all Azure AD joined...

Read More

How to deploy Windows Autopatch with Microsoft Endpoint Manager – Intune

Windows Autopatch is a new service from Microsoft that automates the update process of Windows (both quality updates and feature updates), Microsoft 365 Apps for Enterprise (aka Office apps), the Microsoft Edge browser and Microsoft Teams. Once the service is enabled in your tenant and devices are onboarded successful  you don’t need to worry about updates of the supported products anymore...

Read More

How to add or remove system apps in the Android Enterprise Work Profile with Microsoft Intune

Depending on the use cases and the requirements of the company, Android Enterprise Work Profile can be a great enrollment mode for both BYOD devices and company owned devices (in fully managed mode) when using Microsoft Intune. With an Android Enterprise Work Profile, you separate private apps and data from the corporate apps and data to prevent data leakage. Depending on the manufacture and the...

Read More

How to update Security Baselines in Microsoft Intune to a newer version

Security Baselines in Microsoft Intune are templates that contains policy configurations that by default are configured with the best practice from the Microsoft security teams. And that makes a Security Baseline the perfect starting point when creating a new policy set for the modern workplace. When creating a Security Baseline, all settings are pre-configured with the security best-practice...

Read More

How to exclude Shortcuts from syncing to OneDrive with Microsoft Endpoint Manager – Microsoft Intune

Microsoft OneDrive is a great service for storing your files. And when you have “Known Folder Redirection” enabled, your Desktop, Documents and Pictures folders are redirected to OneDrive and synched to the cloud. This way you have the same Desktop, Documents and Pictures folders available on every device which benefits the user experience. However, you have applications that place a...

Read More

How to setup Android Zero-Touch Enrollment with Microsoft Endpoint Manager – Microsoft Intune

Android Zero-Touch Enrollment is a (free) service to automate and enforce MDM enrollments for Android devices running Android 9 or higher, independent of device manufacture. It offers end-to-end security because the MDM enrollment cannot be skipped by the user. The first time the user tuns on the device, clear instructions will be displayed to start the enrollment. All policies and applications...

Read More

How to add iOS devices manually in the Apple Business Manager (ABM) for automatic Microsoft Endpoint Manager – Microsoft Intune enrollment

It’s a best practice to enroll corporate owned iOS/iPadOS devices via the Apple Automated Device Enrollment (ADE) program (PKA Device Enrollment Program – DEP). It offers “out of the box” security because the enrollment with the MDM solution will start automatically and the user can’t work around it. Next to automatic device enrollment it makes it possible to set...

Read More

How to implement and manage Microsoft Windows 365 Cloud PC

In August 2021, Microsoft released Windows 365 Cloud PC. A new cloud-based service that provides Cloud PCs to end users. With this Windows 365 Cloud PC, users get their own personalized desktop in the cloud, which can be accessed from anywhere on any device. It is optimized for Microsoft 365 including Microsoft Teams AV redirection. Unlike Azure Virtual Desktop you pay a fixed price per-user per...

Read More

How to manage your Windows Virtual Desktop session hosts (single user) with Microsoft Endpoint Manager – Microsoft Intune.

By default all Windows Virtual Desktop session hosts are joined with your domain. And in most cases you will apply policy configurations to them via Group Policy Objects (GPO). If you also using Microsoft Endpoint Manager – Microsoft Intune for managing Windows 10 devices, it might also be worth considering to manage your WVD session hosts VMs with it as well.

Read More

How to setup Samsung Knox Mobile Enrollment with Microsoft Intune

Samsung Knox Mobile Enrollment (KME) is a Zero Touch provisioning solution. You can fully automate the enrollment of new, or factory reset devices into an MDM solution like Microsoft Intune. The end user only have to turn on their company-owned Android device and connect to a Wi-Fi or cellular network. This will start the enrollment which the end user cannot cancel or work around.

Read More

How to remove Microsoft Store for Business apps in Microsoft Intune

The Microsoft Store for Business is a powerful service to distribute and manage modern Windows 10 applications from the Windows 10 Store (both free and paid applications). You can connect the Microsoft Store for Business with Microsoft Intune to sync the applications for easy deployment via Microsoft Intune. After the application is synced to Intune you only have to assign the application to a...

Read More

How to add Windows 10 devices to Windows Autopilot even faster

In July, 2018, I wrote this blog about how to setup Windows Autopilot and add existing devices the quickest way. After publishing this blog the Get-WindowsAutoPilotInfo script has been updated several times by the author Michael Niehaus. New functionalities have been added to the scripts. Therefore Windows 10 devices can be added to Windows Autopilot even faster then described in my old blog...

Read More

How to start with Shared iPads for Business with Microsoft Endpoint Manager (Intune) and Apple Business Manager

I get the following question regularly; “can we configure our Apple iPads as Shared device. Where you as a user, can login and logoff without seeing each other’s data?”. Most of the time it’s about medical personal that works in shifts and don’t have a personal device. But you can also think of maintenance and field agents or flight crew members for example. In this case you want to let the...

Read More

How to configure automatic Contact Syncing from Microsoft Outlook to the native Contacts App including Contact Fields filtering on iOS and Android BYOD devices with Microsoft Endpoint Manager

After companies apply Mobile Application Management (MAM) / App Protection Policies to their employees’ mobile devices, and forced them to use the Managed Outlook app instead of the native mail application, one of the most frequently asked questions are “how can I see who’s calling me?” and “where are my contacts? I don’t see them in my native contacts app”. This has everything to do with...

Read More

About Robin Hobo

I am a Technology Specialist working for Microsoft with focus on the Modern Workplace. I am specialized in Microsoft Intune, Azure Virtual Desktop (AVD), Windows 365, Windows 11 and Azure AD. Also interested in mental health, NLP and personal development.

For more information, see the About Me page or my LinkedIn profile.

By continuing to use the site, you agree to the use of cookies. more information

The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.

Close