Microsoft

Microsoft Endpoint Manager Intune Feedback

Suggestion box powered by UserVoice

Micke

My feedback

  1. 790 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    32 comments  ·  Ideas » Device Configuration Profiles  ·  Flag idea as inappropriate…  ·  Admin →
    An error occurred while saving the comment
    Micke commented  · 

    I created a PowerShell script with a WPF UI for simple export\import\copy\download:

    https://github.com/Micke-K/IntuneManagement

  2. 19 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    4 comments  ·  Ideas » Device Configuration Profiles  ·  Flag idea as inappropriate…  ·  Admin →
    An error occurred while saving the comment
    Micke commented  · 

    I created a PowerShell script with a WPF UI for simple export\import:

    https://github.com/Micke-K/IntuneManagement

    An error occurred while saving the comment
    Micke commented  · 

    This can be done by using the Intune PowerShell module. Simple example:

    Export:
    Connect-MSGraph
    $intents = Invoke-MSGraphRequest -Url "https://graph.microsoft.com/beta/deviceManagement/intents"
    foreach($intent in $intents.value)
    {
    ConvertTo-Json $intent | Out-File "$env:Temp\$($intent.displayName).json" -Force
    $settings = Invoke-MSGraphRequest -Url "$($url)/deviceManagement/intents/$($intent.id)/settings"
    ConvertTo-Json $settings.value | Out-File "$env:Temp\$($intent.displayName)_Settings.json" -Force
    }

    Import:
    Connect-MSGraph
    foreach($file in (Get-Item -path "$env:temp\*.json" -Exclude "*_Settings.json"))
    {
    $settingsFile = $file.DirectoryName + "\" + $file.BaseName + "_Settings.json"
    if(-not (Test-Path $settingsFile)) { continue }

    $intentObj = ConvertFrom-Json (Get-Content $file.FullName -Raw)
    $intentSettings = Get-Content $settingsFile -Raw

    $newIntent = @"
    {
    "displayName": "$($intentObj.displayName)",
    "description": "$($intentObj.description)",
    "settingsDelta":
    $($intentSettings)

    }
    "@

    $result = Invoke-MSGraphRequest -Url "https://graph.microsoft.com/beta/deviceManagement/templates/$($intentObj.templateId)/createInstance" -Content $newIntent -HttpMethod POST
    }

    Note: This will most likely not work between environments because of template id is probably different. That can be fixed by getting the template ID of the other environment.

  3. 2 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    0 comments  ·  Ideas » Azure Admin Console  ·  Flag idea as inappropriate…  ·  Admin →
    Micke shared this idea  · 
  4. 551 votes
    Vote
    Sign in
    (thinking…)
    Sign in with: Facebook Google Microsoft Intune
    Signed in as (Sign out)
    You have left! (?) (thinking…)
    32 comments  ·  Ideas » Windows-specific  ·  Flag idea as inappropriate…  ·  Admin →
    An error occurred while saving the comment
    Micke commented  · 

    How is the environment configured?

    We had the same issues but after updating Azure AD Connect to sync 2016 schema and updated the certificates on the domain controllers it worked.

    This requires that the AD schema is 2016 or higher (note: functional level can be lower but the schema itself must be 2016). It stores the required information in the msDS-KeyCredentialLink attribute. Check the AAD Connector that the attribute is available and enabled. It will not work without this.

    It also requires that the certificate on the domain controllers (KDC Authentication) is configured with a CRL that can be accessed by the computers e.g. for Azure AD joined only, the CRL must be published to a HTTP web site with anonymous access.

    We can now access UNC shares without prompt for credentials on our computers that are only joined to Azure AD.

    There are plenty of blogs describing how to do this.

Feedback and Knowledge Base