elitego logo dark

Intune

How to Silently Synchronize SharePoint Site Library to File Explorer using Intune

Leave a Comment / Intune, SharePoint /

In this step-by-step guide, weā€™ll walk you through the process of silently synchronizing a SharePoint site library to File Explorer using Microsoft Intune. Whether you’re an IT admin managing multiple users or want a streamlined workflow, these steps will help you achieve this effortlessly. Why Sync SharePoint Libraries to File Explorer? Synchronizing SharePoint libraries with File Explorer provides numerous benefits: Ease of Access: Access files as if they were on your local drive. Offline Availability: Work on files even when offline; they sync back when connected to the internet. Improved Collaboration: Ensure that your team always has the latest file version. Familiar Interface: Users are more comfortable with File Explorer than SharePoint’s web interface. Pre-Requisites Before we begin, ensure the following: Microsoft Intune Subscription: A valid Microsoft Intune license is required to deploy configurations to devices. OneDrive Sync Client: Ensure the OneDrive Sync Client is installed on the devices, as SharePoint libraries sync through OneDrive. SharePoint Online Plan: Your organization must use SharePoint Online for the libraries you intend to sync. Step 1: Set Up the SharePoint Library To begin, access your SharePoint site and configure it for automatic sync. Navigate to your SharePoint Online site. Open the Document Library you want to sync. At the top-right corner, select the Sync button. This will trigger a prompt to open OneDrive on the userā€™s machine. (Refer to Image 1) (Image-1. This shows where to click the “Sync” button on the SharePoint document library page.) When prompted to open via browser, cancel the action. You will then see a popupā€”copy the Library ID from there. (Refer to Image 2) (Image-2. This shows the prompt where you copy the SharePoint Library ID.) Open PowerShell in admin mode and run the following command to decode the library ID: [uri]::UnescapeDataString(“Copied String”) Use the output as your library ID. (Refer to Images 3 & 4) (Image-3. This shows the PowerShell window where the command is run to decode the Library ID.) (Image-4. This displays the decoded SharePoint Library ID in PowerShell.) Step 2: Configure OneDrive Sync in Microsoft Intune Now, letā€™s configure Microsoft Intune to automatically sync the SharePoint library for users. 2.1. Create a Configuration Profile in Intune Log in to the Microsoft Intune Admin Center. Navigate to Devices > Configuration Profiles. Click + Create profile. 2.2. Select the Platform and Profile Type Under Platform, select Windows 10 and later. Choose Settings Catalog under Profile type. Click Create. (Refer to Image 5) (Image-5. This shows the Intune Admin Center screen where a new configuration profile is created.) 2.3. Configure OneDrive Settings Provide a name and description for the profile. (Refer to Image 6) (Image-6. This shows the form where the name and description for the profile are entered.) Add the setting for OneDrive Sync. In the Settings picker, search for ā€œOneDriveā€ and select Configure team site libraries to sync automatically (for users). (Refer to Image 7) (Image-7. This displays the Settings Picker in Intune where “Configure team site libraries to sync automatically” is selected.) This setting specifies SharePoint libraries to sync automatically when users sign in to the OneDrive app. Ensure OneDrive Files On-Demand is enabled. 2.4. Add the SharePoint Library ID The URL structure for the SharePoint document library, which includes: PowerShell [uri]::UnescapeDataString(“Copied String”) 1.  Enter the data in this format: Example below tenantId=7762b0ae-0469-4c2f-8c9d-600ca093f92c&siteId={a0fd35c9-b3d0-4419-9a20-80350d156920}&webId={d11f7ba8-3e27-49dd-bb8e-5c181fb42ceb}&listId=0d851de8-f52f-45af-acf6-d45c9c0cf400&webUrl=https://nifanliveco.sharepoint.com/sites/Office-Doc&version=1 2. Click Save. (Refer to Image 8) (Image-8. This shows the structure of the URL required for setting the SharePoint library sync in Intune.) Step 3: Assign the Profile After configuring the profile, assign it to the appropriate Azure AD groups or devices. Navigate to the Assignments section, and click Add groups/all users/devices. (Refer to Images 9 & 10) Choose the desired group and click Create. When users sign in to their Windows devices managed by Intune, the designated SharePoint library will automatically sync to their File Explorer under OneDrive. (Image-9. This shows the process of assigning the sync profile to all users in Intune.) (Image-10. This shows where groups or devices are selected for the profile assignment in Intune.) Step 4: Verifying the Synchronization To verify that the library has synced: Open File Explorer. In the left-hand pane under the OneDrive section, you should see the SharePoint library. Users can interact with the files as if they were locally stored. (Refer to Image 11) (Image-11. This shows the File Explorer window where the synced SharePoint library appears under Directory.) Step 5: Troubleshooting Common Issues If users are facing issues with the synchronization, here are some common problems and solutions: OneDrive Not Installed: Ensure that the OneDrive Sync Client is installed on the user’s device. Wrong Library ID: Double-check the library ID configuration in Intune. Ensure the URLs are correct. Permissions Issues: Verify that users have the correct permissions to access the SharePoint library. Important Notes about the OneDrive Sync Setting:The “Configure team site libraries to sync automatically” setting allows you to automatically sync SharePoint libraries when users sign in to OneDrive (OneDrive.exe). However, it may take up to 8 hours after sign-in for the sync to begin. Make sure that OneDrive Files On-Demand is enabled, as this setting is compatible only with Windows 10 (1709) Fall Creators Update or later. Avoid syncing libraries to more than 1,000 devices or large libraries to ensure smooth performance. Also, this feature does not support on-premises SharePoint sites. Once enabled, users cannot stop syncing the library. Suggested Articles Configuring OneDrive Files On-Demand Sync through Microsoft Intune: This article covers how to enable OneDrive Files On-Demand Sync, allowing users to manage their files efficiently while saving local storage space. Reference Microsoft Documentation: Configure team site libraries to sync automatically

How to Silently Synchronize SharePoint Site Library to File Explorer using Intune Read More Ā»

How to Configure OneDrive Files On-Demand Sync: Mastering Configuration for Intune Administrators

Leave a Comment / Intune, OneDrive /

In this guide, we’ll cover the step-by-step process of configuring OneDrive Files On-Demand Sync through Microsoft Intune using the Settings Catalog. Whether you’re an IT admin or someone managing devices across an organization, enabling Files On-Demand will help users manage their files efficiently while saving local storage space. Why Use OneDrive Files On-Demand Sync? OneDrive Files On-Demand is a powerful feature that allows users to access all their files stored in OneDrive or SharePoint Online without downloading them fully to their device. This feature helps save disk space, providing users with the flexibility to mark files as “online-only” or download them for offline access as needed. Key Benefits: Saves Storage: Files appear without consuming local disk space. On-Demand Access: Files are downloaded only when accessed, minimizing storage usage. Seamless Integration: Files can be managed in File Explorer as if they are stored locally. Prerequisites Before we start, make sure you meet the following prerequisites: Microsoft Intune Subscription: An active Intune license is required. OneDrive Sync Client: The OneDrive Sync Client must be installed on user devices. Windows 10 (1709) or Later: Files On-Demand is available starting with Windows 10 Fall Creators Update (1709). Step 1: Log in to Microsoft Intune Admin Center Go to the Microsoft Intune Admin Center. Log in with the appropriate admin credentials. Step 2: Create a New Configuration Profile Navigate to Devices > Configuration profiles. Click + Create profile. Choose Windows 10 and later as the platform. Under Profile type, select Settings catalog. Click Create to proceed. (Refer to Image 1 for visual aid.) (1. Image 1: Creating a New Configuration Profile in Intune – This image should display the step of selecting “Create profile” in Intune’s admin center with Windows 10 and Settings Catalog.) Step 3: Name and Describe the Profile Provide a name for the profile, such as “Enable OneDrive Files On-Demand”. Optionally, add a description to clarify its purpose. (Refer to Image 2 for visual aid.) (2. Image 2: Naming and Describing the Profile – Show the screen where you name the profile (e.g., “Enable OneDrive Files On-Demand”) and provide a description.) Step 4: Add OneDrive Files On-Demand Setting In the Configuration settings section, click Add settings. Use the Settings picker to search for “OneDrive”. Find and select Enable OneDrive Files On-Demand under OneDrive settings. Check the box to add this option to your configuration. This setting will enable Files On-Demand on all assigned devices, allowing users to access their OneDrive files without consuming local storage. (Refer to Image 3 for visual aid.) (3. Image 3: Adding OneDrive Files On-Demand Setting – Visual of the Settings picker where “Enable OneDrive Files On-Demand” is selected under OneDrive settings.) Step 5: Configure Additional OneDrive Options (Optional) You can also configure other OneDrive-related settings in Intune. Some useful settings include: Silently sign in users to OneDrive with Windows credentials: Automatically sign users into OneDrive using their Windows credentials without additional login steps. (Refer to Image 4 for visual aid.) (4. Image 4: Configuring Additional OneDrive Settings – Display the optional settings like “Silently sign in users to OneDrive with Windows credentials.”) Step 6: Assign the Profile to Devices or Users Once your profile is ready, assign it to specific groups or users: In the Assignments section, click Add groups. Select the groups or users (e.g., All users) that should receive the policy. Click Next, then Create to finalize the profile. (Refer to Image 5 and 6 for visual aid.) (5. Image 5: Assigning the Profile to Users or Devices – An image showing the Assignments section where you select target groups or users.) (6. Image 6: Create Profile) Step 7: Verify OneDrive Files On-Demand Sync To verify that Files On-Demand is working, follow these steps on a device where the policy has been applied: Open File Explorer. Navigate to the OneDrive folder in the left pane. (Refer to Image 7 and 8 for visual aid.) (Image-7. Before Policy Applied) (Image-8. After Policy Applied) Troubleshooting OneDrive Files On-Demand Sync Issues If you encounter issues with OneDrive Files On-Demand, try these troubleshooting steps: OneDrive Sync Client Not Installed: Ensure the sync client is installed and running. Windows Version: Verify that the device is running Windows 10 version 1709 or later. Network Issues: Check for network connectivity problems preventing sync. Disk Space: Make sure there is enough available space for downloaded files. Conclusion Configuring OneDrive Files On-Demand in Microsoft Intune using the Settings Catalog is a powerful way to improve file management for your users while saving storage space. This step-by-step guide helps ensure a smooth deployment process, enabling users to access their files without using up valuable local disk space. By following these steps, you can start benefiting from the full potential of OneDrive Files On-Demand in your organization.  Reference Reference: https://support.microsoft.com/en-au/office/sync-files-with-onedrive-files-on-demand-62e8d748-7877-420f-b600-24b56562aa70 Reference: https://learn.microsoft.com/en-us/sharepoint/use-silent-account-configuration#enable-silent-configuration Suggested Articles To further enhance your understanding and skills in Microsoft Intune and file management, consider checking out these articles: Easily Copy Group Memberships Between Users in Microsoft 365 Using PowerShell –Streamline user management by learning how to efficiently copy group memberships with PowerShell. How to Setup Windows Autopilot V1 in Microsoft Intune – Understand how to configure Windows Autopilot for seamless device provisioning in your organization.

How to Configure OneDrive Files On-Demand Sync: Mastering Configuration for Intune Administrators Read More Ā»

Deploying Google Chrome via Win32 in Microsoft Intune

Leave a Comment / Chrome, Intune /

In this article, we will go over how to deploy Google Chrome using the Win32 app method in Microsoft Intune. Previously, I demonstrated how to deploy Chrome using Line of Business (LOB) apps. However, based on feedback from a discussion on LinkedIn, Iā€™ve decided to implement it using the Win32 app method for a more efficient approach. Without further delay, letā€™s begin the demo. Preparing the Win32 Package Iā€™ve already prepared the necessary PowerShell scripts and converted them into a Win32 Intune package. To save you the hassle of going through the conversion process yourself, you can download the pre-converted file (install.intunewin) directly from my GitHub repository. If you want to see the contents of the converted package, Iā€™ve also attached the original scripts within the repositoryā€™s zip file. (Refer to Figure 1 for a visual guide) Step 1: Login to Microsoft Intune Go to Microsoft Intune Admin Center. Navigate to Apps > All Apps. Click on +Add. In the right-hand panel, under App type, select Windows app (Win32) from the dropdown list and click Select. (Refer to Figure 2) Step 2: Uploading the Win32 Package On the App package file page, click the Browse button. Select the converted .intunewin file that you downloaded earlier. Click OK to proceed. (Refer to Figure 3) Step 3: Enter Application Details On this page, you’ll need to fill in the necessary information for the application you’re deploying. Here’s what you should provide: Application Name: Enter “Google Chrome” or your preferred name for easy identification. Description: Provide a brief description, such as “Google Chrome Browser Deployment via Win32 in Intune.” Publisher: Enter “Google LLC.” Version (Optional): Enter the version number of the Google Chrome installer you’re deploying (e.g., 115.0.5790.170). Category (Optional): Choose a category, such as “Browsers” or “Productivity,” to help organize your apps. Information URL (Optional): Add a link to additional information or documentation if applicable. Once you’ve filled in all the details, click Next to proceed to the next step. (Refer to Figure 4) Step 4: Configure Installation & Uninstallation: Install Command %SystemRoot%sysnativeWindowsPowerShellv1.0powershell.exe -executionpolicy bypass -command .install.ps1 Uninstall Command %SystemRoot%sysnativeWindowsPowerShellv1.0powershell.exe -executionpolicy bypass -command .uninstall.ps1 Set Device Restart Behavior to No specific action to suppress device restarts after installation. (Refer to Figure 5) Step 5: Set Requirements On the Requirements page, you must specify the mandatory conditions for app installation. These requirements ensure the app is only installed on compatible devices.For example, here are the requirements for this deployment: Operating System Architecture: 64-bit Minimum Operating System: Windows 10 1607 or later (Refer to Figure 6) Step 6: Add Detection Rules Iā€™ve provided detection rules within the GitHub repository that youā€™ll need to upload at this step. (Refer to Figure 7) Step 7: Assign the App Under Assignments, you can choose to assign the app to All Devices under the Required section to ensure it is deployed across all endpoints. Alternatively, you can specify certain device groups for more targeted deployment. (Refer to Figure 8) Step 8: Review & Create Review your settings on the Review + create page. If everything looks good, click Create to finalize the app deployment. (Refer to Figure 9) Step 9: Monitor the Deployment Once the app has been created, you can monitor its progress in the Notifications area of the Intune Admin Center. (Refer to Figure 10) Step 10: Sync Devices with Intune The app will be installed on the assigned devices the next time they check in with Intune. To speed up the process, you can manually sync the devices. This method allows you to streamline your deployments and ensures that apps are efficiently installed on your managed devices through Microsoft Intune.

Deploying Google Chrome via Win32 in Microsoft Intune Read More Ā»

How to Deploy Google Chrome Using Microsoft Intune | MEM

Leave a Comment / Chrome, Intune /

To begin deploying Google Chrome using Microsoft Intune, follow these streamlined steps. I’ve included images to guide you through each part of the process. Step 1: Download Google Chrome Enterprise First, download the Enterprise version of Google Chrome from the following link: Download Google Chrome Enterprise. Figure 1: Download the Enterprise version of Google Chrome. Step 2: Access Apps in Intune Navigate to the Microsoft Endpoint Manager Admin Center and go to Apps > Windows  Figure 2: Navigate to the Apps section in Intune. Step 3: Add App Type  as a Line of Business App After selecting Add, choose the App type. Select Line of business app from the list and click Select. Figure 3: Choose the Line of Business app type. Step 4: Select the Google Chrome MSI File In the App package file section, click Select file. Choose the downloaded Google Chrome MSI file from your computer. Click OK to upload the file. Figure 4: Select and upload the Google Chrome MSI file. Step 5: Configure App Details Name: Enter a name for the app, such as “Google Chrome.” Publisher: Type “Google.” Version: Specify the version of Chrome you downloaded. Additional fields are optional. Fill them out as needed based on your organizationā€™s requirements.             Figure 5: Configure the app settings. Step 6: Assign the App After uploading the Google Chrome app to Intune, go to the Assignments section. Here, you can target specific groups or select all devices for deployment. Click Next to proceed.          Figure 6: Assign the app to devices or user groups. Step 7: Finalize the Creation Click Create to complete the app creation process.                 Figure 7: Finalize the app creation. Step 8: Deployment The app will be processed and deployed to the assigned devices. This may take some time. Figure 8: Deployment in progress. Final Output Figure 9: Final Output This guide provides a clear and concise overview of how to create and deploy the Google Chrome app in Intune. If you have any questions or need further assistance, donā€™t hesitate to ask. Your feedback is valuableā€”please let me know how this guide worked for you or if there are any areas for improvement. Thanks for reading!

How to Deploy Google Chrome Using Microsoft Intune | MEM Read More Ā»

How to Setup Windows Autopilot V1 in Microsoft Intune

Leave a Comment / Autopilot, Intune /

Autopilot automatically configures your laptops and computers with all the necessary software and settings. It even integrates with manufacturers like Dell, allowing you to order a brand-new device and have it shipped directly to the end user. When they receive the laptop, all they need to do is connect it to the internet, enter their Microsoft 365 username and password, and all the applications and settings will be applied. It’s seamless and efficient. You might think this sounds expensive, but it’s not. All you need is an Entra ID Plan 1 license. Or, if you follow my recommendation, a Microsoft 365 Business Premium license, which includes Autopilot. Support Platform Platform Supported Editions Windows 11 Pro Pro Education Pro for Workstations Enterprise Education Windows 10 Pro Pro Education Pro for Workstations Enterprise Education Now, letā€™s dive into the demo. First, weā€™ll prepare by creating Entra ID groups to organize the devices and look at company branding to personalise the experience. Sign in to the Entra Admin Center. Navigate to Devices > All devices > Device settings. Set Users may join devices to Microsoft Entra to All. For setting up device conditions, use the following query to filter Windows devices based on OS type and version: Copy code(device.deviceOSType -eq “Windows”) and ((device.deviceOSVersion -startsWith “10.0.1”) or (device.deviceOSVersion -startsWith “10.0.22”)) This filter applies to devices running Windows with OS versions starting with 10.0.1 or 10.0.22. Company branding settings allow you to customize the Out-of-Box Experience (OOBE) for users. You can display your company logo and tailor the colors to align with your organization’s theme, ensuring that users enrolling their devices feel connected to the correct organization. Sign in to the Entra Admin Center: Entra Admin Center. Navigate to User experiences > Company branding: Company Branding Settings. Edit the Default sign-in configuration and review all the tabs to adjust the user experience according to your needs. 4. Complete the Sign-in Form and click Review + save to finalize your settings. Create an Autopilot Deployment Profile The next step is to create an Autopilot deployment profile, which customizes the Out-of-Box Experience (OOBE) and deployment mode for end users. This profile controls how devices are configured when users first power them on. You can create up to 350 deployment profiles in a single Intune tenant. To create an Autopilot deployment profile, follow these steps: Sign in to the Intune Admin Center. Navigate to Devices > Windows > Windows enrollment > Deployment Profiles. Click on Create Profile at the top. Select Windows PC as the profile type. Enter a profile name (e.g., “Sales Department Profile”) and click Next. Configure the Out-of-Box Experience (OOBE) settings: Deployment mode: Choose between User-driven or Self-deploying. For most cases, selecting User-driven means the user will enter their credentials during setup. Join to Microsoft Entra ID: Choose Microsoft Entra joined to automatically join devices to your Entra ID. If you’re in a hybrid environment, you can select Hybrid Azure AD Join instead. Microsoft Software Licensing Terms and Privacy Settings: Choose whether to Hide these during setup for a smoother user experience. User account type: Set to Standard to prevent users from having administrative rights on their devices. Allow pre-provisioned deployment: You can choose No to skip this step, or Yes if you want to pre-configure devices. Region and language settings: Choose the appropriate region (e.g., English United Status) to ensure the device’s region matches your needs. Device template name: Set a naming convention for your devices (e.g., Autopilot-XXX, where “XXX” is a random string of numbers). Assign groups: Add the groups you created earlier to the profile, and select any groups you want to exclude if necessary. Click Next and then Create to finalize the deployment profile. Once created, you can go back to Devices > Windows and refresh the device list to check the profile assignment status. It may take a few minutes for the profile to be assigned. Add Hardware Hash to Intune It’s time to load the hardware hashes into Intune. A hardware hash is a unique identifier for each laptop or computer. If you’re purchasing devices directly from manufacturers like Dell, you can set up a relationship with them to provide the hardware hashes of the devices you’re buying, which can then be loaded into Intune. There are a couple of ways to add hardware hashes into Intune. The first method is through a PowerShell script that generates a CSV file containing the hardware hash, stored on your C drive. You can then navigate to the folder and view the hardware hash of the computer you’re working on. For the Demo i just using powershell ISE but you can use powershell administrator only  PowerShellCopy [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12 New-Item -Type Directory -Path “C:HWID” Set-Location -Path “C:HWID” $env:Path += “;C:Program FilesWindowsPowerShellScripts” Set-ExecutionPolicy -Scope Process -ExecutionPolicy RemoteSigned Install-Script -Name Get-WindowsAutopilotInfo Get-WindowsAutopilotInfo -OutputFile AutopilotHWID.csv Once you have the hardware hash, you need to upload it to Intune via the Microsoft 365 Admin Center. In Endpoint Manager, go to Devices, then Device Onboarding and Enrollment, and navigate to Windows Autopilot. You can import the hardware hash CSV file here, and after a few minutes, your device will appear in Intune. Its another way to upload the Hardware Hash  Directly upload the hardware hash to an MDM service Directly uploading the hardware hash to an MDM service such as Microsoft Intune can be done on any device, but it’s especially useful for a device currently undergoing Windows Setup and OOBE. To directly upload the hardware hash for a device: On a device that is: Currently undergoing Windows Setup and OOBE: At the sign-in prompt after OOBE starts, open a command prompt window with the keystroke Shift+F10. In the command prompt window that opens, start PowerShell by running the following command: Windows Command PromptCopy powershell.exe Already undergone Windows Setup and OOBE: Sign into the device. Open an elevated Windows PowerShell prompt. At the PS PowerShell command prompt, run the following PowerShell commands: PowerShellCopy [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12 Set-ExecutionPolicy -Scope Process -ExecutionPolicy RemoteSigned Install-Script -Name Get-WindowsAutopilotInfo -Force Get-WindowsAutopilotInfo -Online If prompted to do so, agree to

How to Setup Windows Autopilot V1 in Microsoft Intune Read More Ā»

How to Deploy Custom Wallpapers via Intune Using a Win32 Package

Leave a Comment / Intune /

Customizing wallpapers and lock screens on company devices can significantly enhance your brand presence and ensure a consistent visual experience across your organization. For enterprises with Windows Enterprise licenses, this customization is straightforward using Intune’s Settings Catalog or local Group Policy Objects (GPOs). However, companies using Microsoft 365 Business Premium licenses face some limitations as these customizations aren’t directly available. Thankfully, there’s an effective workaround: deploying wallpapers using Win32 packages with Intune. This guide will walk you through the process of deploying custom wallpapers on Windows 10 and 11 devices using Intune and a prepared Win32 package. Why Use a Win32 Package? Using a Win32 package to set wallpapers offers several advantages: No Web Server Required: You can include your image files directly within the package, eliminating the need for external hosting. Flexibility: Easily update or change wallpapers by modifying the package. Control: Ensure that the wallpapers cannot be changed by end-users once deployed. Prerequisites Windows 10/11 Enterprise License: While this method can work on devices without Enterprise licenses, advanced customization through Intune’s Settings Catalog requires Enterprise. Admin Access: To deploy apps via Intune, you need administrative privileges within your Microsoft Intune portal. Step-by-Step Guide 1. Prepare Your Wallpaper Package Iā€™ve created a PowerShell script to automate wallpaper deployment. You can find the script in my GitHub repository. Here’s how to customize it: Include Your Images: Add your desired image files (JPG or PNG) to the package. Ensure they are named appropriately and placed in the “Wallpaper” folder. Modify the Script: Open Install.ps1 and update line 5 with the correct name of your wallpaper image. Follow the structure shown in the example folder images: Image-1: Folder structure Image-2: Data Folder Image-3: Install script Image-4: Uninstall script Image-1: Folder structure Image-2: Data Folder Change the install script wallpaper image name as your retirements Image-3: Install script Change the uninstall script wallpaper image name as your retirements Image-4: Uninstall script 2. Convert the Package to a Win32 App To deploy via Intune, you need to convert your package into an Intunewin file using the Microsoft Win32 Content Prep Tool. Follow these steps: Download the Tool: Obtain the latest Microsoft Win32 Content Prep Tool. Run the Tool: Open IntuneWinAppUtil.exe. Provide Paths: Source Folder: Point to your package folder. Setup File: Specify install.ps1. Output Folder: Choose where the .intunewin file will be saved. Command: IntuneWinAppUtil.exe -c “Source file” -s “install.ps1” -o “Output-Destination” Image-5 3. Upload the Win32 App to Intune Now, upload the generated .intunewin file to Intune: Navigate in Intune: Go to Intune > Apps > Windows apps > +Add. Configure Basic Information: Enter the app name, description, and publisher. These are mandatory fields. Program Settings: Installation Command: %SystemRoot%sysnativeWindowsPowerShellv1.0powershell.exe -executionpolicy bypass -command .install.ps1 Uninstallation Command: %SystemRoot%sysnativeWindowsPowerShellv1.0powershell.exe -executionpolicy bypass -command .uninstall.ps1 Set the installation behavior to “System”. 4. Define Requirements and Detection Rules Requirements: Ensure all target devices are compatible. Detection Rules: Upload the script install.ps1 to verify if the wallpaper is correctly applied. 5. Assign the App Skip dependencies and supersedence configurations. Assign the app to the desired groups in your organization. Further Steps Follow the Images below Action Command Install Command  %SystemRoot%sysnativeWindowsPowerShellv1.0powershell.exe -executionpolicy bypass -command .install.ps1 Uninstall Command %SystemRoot%sysnativeWindowsPowerShellv1.0powershell.exe -executionpolicy bypass -command .uninstall.ps1 Successfully Implemented!!!  Result in Windows 10 Result in Windows 11 Thumbs up and follow my Linkedin: https://www.linkedin.com/in/nnifan/

How to Deploy Custom Wallpapers via Intune Using a Win32 Package Read More Ā»

Use Case Scenario – Device Exclusion from Intune Policy

Leave a Comment / Intune /

Today, I faced a request involving a policy that was applied broadly across the organization to all devices. One user needed to be excluded from this policy. In this post, I’ll walk you through how I resolved the issue. The initial request was regarding a user who was unable to change the screen sleep settings, which were managed by an Intune policy. Because of this policy, users were unable to make any changes to the power management settings on their devices (refer to Image-1). Image-1: Screen Sleep Settings Managed by Intune Policy This policy controls power management settings, preventing users from changing computer and display settings on their own (refer to Image-2). Image-2: Power Management Settings We can’t simply edit this policy to exclude a device; instead, we need to use a feature called Filters. Filters allow us to target specific devices or exclude them from certain policies (refer to Image-3). Image-3: Using Filters in Intune Steps to Exclude a Device from an Intune Policy Using Filters Create a filter Sign in to the Intune admin center. Select Tenant administration > Filters > Create. Select Managed devices Image-4 Image-4: Creating a Filter in Intune 2. Define Filter Properties In the Basics section, enter the following details: – Filter name: Enter a descriptive name for the filter. For example, “Windows OS Version Filter”. – Description: Enter a description for the filter. This step is optional but recommended. – Platform: Choose the appropriate platform, such as Windows 10 and later (refer to Image-5). Image-5: Selecting the Platform 3. Create a Rule for the Filter In the Rules section, you can create a rule using the rule builder or manually entering the rule syntax. Using the Rule Builder: – And/Or: After adding an expression, you can expand it using “and” or “or”. – Property: Select a property for your rule, such as device or operating system SKU. – Operator: Choose an operator, like “equals” or “contains”. – Value: Enter the value for the expression. For example, enter 10.0.18362 for the OS version or “Microsoft” for the manufacturer. – Click Add expression after setting the property, operator, and value (refer to Image-6). Image-6: Rule Builder in Intune Using Rule Syntax: – You can also manually enter the rule expression in the rule syntax editor. Select Edit in the Rule Syntax section (refer to Image-7). Image-7: Rule Syntax Editor – The expression builder will open. Manually enter expressions, such as (device.osVersion -eq “10.0.18362”) and (device.manufacturer -eq “Microsoft”) (refer to Image-8). Image-8: Manual Rule Expression Image-9 4. Apply the Filter to the Policy After creating the filter, go to the Power Management Policy and edit it to include the newly created filter (refer to Image-10). Image-10: Adding the Filter to the Policy 5. Sync the Policy on the Device Go back to the device and sync the policy to apply the changes (refer to Image-11). Image-11: Syncing the Policy on the Device 6. Verify the Policy Update After the policy update, verify that the exclusion has been successfully applied (refer to Image-12). Image-12: Policy Update Verification I hope this guide helps you understand the process of excluding a device from an Intune policy using filters. Let me know if you have any questions šŸ™‚

Use Case Scenario – Device Exclusion from Intune Policy Read More Ā»

Partner with Us for Comprehensive IT
 

We’re happy to answer any questions you may have and help you determine which of our services best fit your needs.

Whatsapp us at: +94 777 64 62 11
Your benefits:
  • Client-oriented
  • Independent
  • Competent
  • Results-driven
  • Problem-solving
  • Transparent
What happens next?
1

We Schedule a call at your convenienceĀ 

2

We do a discovery and consulting metingĀ 

3

We prepare a proposalĀ 

Schedule a Free Consultation

Your Trusted Partner for IT Support, Freelancing, and On-Demand Solutions

Facebook-f X-twitter Linkedin

Service

Managed IT Services

Cloud Solutions

Web Development & Support

Remote IT Support

Useful Links

Terms of Service

Privacy Policy

Disclosures

Colombo, Sri Lanka

[email protected]

+94 76 77 27 137

Ā© 2024 EliteGo IT. All rights reserved.

Get A Quote
Get A Quote