How to Connect the New Intune Devices Log to Azure Sentinel

I've updated my original instructions on Connecting Intune to Azure Sentinel due to a recent log addition for Intune. Use those instructions for the complete steps to enabling Azure Sentinel to monitor Intune activity. A new log type has shown up recently. The new log type is Devices and the table name created is IntuneDevices … Continue reading How to Connect the New Intune Devices Log to Azure Sentinel

Intune – Query Azure AD Bitlocker Keys using Graph API

The Issue If you have recently started using the BitLocker Encryption options out of Intune whether its device configuration or the endpoint protection encryption portion you will see there are many great reports like the encryption below. The problem is its quite hard to see if your machines have backed up their keys to Azure … Continue reading Intune – Query Azure AD Bitlocker Keys using Graph API

Intune – “Conditional Access, Terms of Use and The Company Portal”

The Issue We recently had an issue where we tried to use the Conditional Access setting and only granting Terms of Use for an Android Device Enrollment. The Investigation What happens now is as described in our docs article Terms of use - Azure Active Directory | Microsoft Docs - The authenticator app installs... Why … Continue reading Intune – “Conditional Access, Terms of Use and The Company Portal”

Setting up an Android Emulator for testing Intune features

Overview As more customers leverage either standalone Microsoft Intune or Microsoft Endpoint Manager for cloud management of their devices they also seek an efficient means to upskill administrators on Intune features and capabilities without the need to purchase devices upfront for testing.   Scenario I recently delivered a workshop where attendees experienced the above issue … Continue reading Setting up an Android Emulator for testing Intune features

Intune DeviceType Reference for Azure Sentinel KQL

As you start to connect your Intune/Endpoint Manager logs to Azure Sentinel, you may see right away that there's a DeviceType column exposed that looks valuable but the results show ID numbers instead of just device names. This DeviceType column is directly related to the DeviceTypeID for Intune device entities. As an example, the following … Continue reading Intune DeviceType Reference for Azure Sentinel KQL

Digging Deeper into Intune and Azure Sentinel

Last week I finally found some time to start digging into managing security for Intune-enrolled devices with Azure Sentinel. Obviously, the first thing that had to be done was to connect Intune data to Azure Sentinel. Read about how to do that here: Connecting Intune to Azure Sentinel. The next step was to ensure that … Continue reading Digging Deeper into Intune and Azure Sentinel

Intune: Export Policies for Comparison

Hey everyone, Theron (aka T-) here, Senior Consultant with Microsoft Consulting Services (MCS), deeply involved in a current project to configure Intune for a customer's use. As with many of your customers, mine found themselves in a situation where they needed to get a secure 'remote' working solution in place quickly due to the COVID-19 … Continue reading Intune: Export Policies for Comparison

Intune – “Steps for Windows 10 Automated MDM Enrollment into Microsoft Intune”

Business Case I recently had a scenario at a customer where we needed to very quickly enroll machines into Intune but in an automated way without user intervention. After a few days of testing and troubleshooting please find my tips below. In the current scenario Co-Management has already been set up in MEMCM. This is … Continue reading Intune – “Steps for Windows 10 Automated MDM Enrollment into Microsoft Intune”