WPNinjas HeaderWPNinjas Header

Author: Thomas Kurth

SCCM
Thomas Kurth

Build better pilot rings for Updates with MEMCM

When implementing a update concept there is always one important question open: How do I select devices for the pilot/test phase? My customers most often answer this with one of the following solutions: Manually selecting the devices and check from time to time if there are still enough devices in

Read More »
Azure AD
Thomas Kurth

Dsregcmd for PowerShell and .NET

I often write script or small applications for devices. Many times I required the AzureAD device ID which can be obtained from registry or by parsing the dsregcmd output. But parsing console output is not really reliable when the output changes for example. Now, I found a solution by using the

Read More »
Intune
Thomas Kurth

Windows Update for Business simplifies your environment

There are two types of methodologies to deploy Windows Updates. One is based on ConfigMgr or WSUS. This method brings high level of control regarding which updates are deployed and when they are installed. The other is based on Windows Update for business where customers can work with deployment rings

Read More »
Intune
Thomas Kurth

Deploy Code Signing Certificate with Intune

5.1.2021 – Updated post to include OMA-URI/Custom configuration option  In the last years the recommendation to “Code Sign” scripts should have arrived to everybody. Especially when deploying scripts with Intune or ConfigMgr at scale it’s good to sign them.  It sounds simple but regardless most don’t use it. I would

Read More »
Azure AD
Thomas Kurth

Automatic Azure AD Conditional Access Documentation

Creating configuration documentations is always hassle. Therefore, I extended the Intune documentation with a new option to also document Azure AD Conditional Access policies. The new function Invoke-ConditionalAccessDocumentation will document: Azure AD Conditional Access Policies Translate referenced id’s to real object names (users, groups, roles and applications) Important: The Conditional

Read More »
Azure AD
Thomas Kurth

Azure AD Guest Account -Governance and Cleanup

One of the biggest challenges with guest/external accounts in Azure AD is to build a governance process to keep your directory clean. Many companies do not like to have old and unused guest accounts forever in their Azure AD. Without a review functionality and information who has invited them this

Read More »
SCCM
Thomas Kurth

Monitor Windows Hello and AAD Hybrid join enrollment with MEMCM

Dsregcmd.exe is one of the most important troubleshooting tools on a Windows device when working with Azure AD Hybrid Join or Windows Hello. But this tool is only available as a command line tool and not in PowerShell. I wrote a translation function to change that. The Get-DsRegStatus function can

Read More »
Azure AD
Thomas Kurth

Lessons Learned: Azure AD Conditional Access

Azure AD Conditional Access is one of the most named features which customer implement to protect their environments. But as with many cloud features at first glance it looks really simple to implement but then the complexity comes visible during rollout. Many customers activating it without thinking what the impact

Read More »
Intune
Thomas Kurth

Updated Automatic Intune Documentation Script

Today I had time to improve the Intune Documentation PowerShell Module. This new release brings the following benefits: Bugfix: All ADMX settings are now correctly displayed Assignments of various elements like Scripts, ADMX, Enrollment Status Page and Windows Hello for Business are now documented Section “Enrollment Status Page” renamed to “Enrollment Configuration” because it contains also WHfB, Enrollment Restrictions, ESP, and Enrollment Limits.  Configuration Profiles are now loaded from the Beta Graph API. Therefore, much more types are returned. For example the Domain Join configuration is now part of the documentation. Since

Read More »