Microsoft Intune – New Updates in PowerShell Scripts

Microsoft Intune is one of those brilliant products that has helped to optimize IT infrastructure for many businesses. It’s a platform that can transform your business into a modern workplace. And its capabilities are almost without limit. If you want to upload PowerShell scripts in Intune, there is the Microsoft Intune management extension (IME) that you can use for that. This management extension can enhance Mobile Device Management (MDM) resulting in a simpler move to modern management. With all this done, you can then run these scripts on Windows 10 devices. PowerShell scripts are important in a lot of different use cases and this blog is going to take a look at what this technology can do.

What is PowerShell?

PowerShell is a scripting and automation platform belonging to Microsoft. It’s an amazing product that is both a scripting language as well as an interactive command environment that is built on the .NET framework. Released back in 2006, PowerShell was basically a replacement for Command Prompt as the default method for automation of batch processes and creation of customized system management tools. PowerShell can easily automate laborious admin tasks by combining commands known as cmdlets and creating scripts. Available in all Windows OS starting with Windows 2008R2, PowerShell plays a huge role in helping IT professionals configure systems.

Adopting modern management

Modern workplaces now have plenty of user and business-owned platforms allowing users to work from anywhere. With MDM services like Microsoft Intune, you can manage devices that are running Windows 10. The Windows 10 management client will communicate with Intune to run enterprise management tasks. Windows 10 MDM features will be supplemented by IME. With this in place, you can create PowerShell scripts to run on Windows 10 devices e.g, creating a PowerShell script that does advanced device configurations. Having done this, you can upload the script to Intune and assign the script to an Azure AD group. Then run the script. Moreover, you can monitor the run status of the script from start to finish.

Latest updates from Microsoft

In November 2020, Microsoft announced the general availability of PowerShell 7.1 which is built on the foundation of PowerShell 7.0. The goal was to bring about improvements and fixes to the existing technology. Some of these features, updates, and breaking changes include:

  • PSReadLine 2.1.0, including Predictive IntelliSense
  • PowerShell 7.1 has been published to the Microsoft Store
  • Installer packages have been updated for new operating system versions with support for ARM64
  • 4 new experimental features and 2 experimental features promoted to mainstream
  • A number of breaking changes that improve usability

Using scripts in Intune

Before IME can automatically install when a PowerShell script or Win32 app is assigned to the user or device, a few prerequisites should be met:

  • Windows 10 version 1607 or later, Windows 10 version 1709 or later for devices enrolled using bulk auto-enrollment.
  • Devices joined to Azure AD including Hybrid Azure AD-joined which consists of devices that are joined to Azure AD, and are also joined to on-premises Active Directory (AD).
  • Devices enrolled in Intune namely devices enrolled in a group policy, devices that are manually enrolled in Intune, and co-managed devices that use both Configuration Manager and Intune.

Script policy creation

Start by signing in to the Microsoft Endpoint Manager admin center. From there you’ll select Devices then PowerShell scripts then add. Under Basics, you will then have to provide a name and a description for the PowerShell script. Next, you go to Script settings and you’ll have to enter the required properties. After that, you select Scope tags, however, these are optional. And then select Assignments > Select groups to include and an existing list of Azure AD groups will be shown. Lastly, in Review + add, you’ll see a summary of the settings you configured. Select Add to save the script. When you have done so, the policy is deployed to the groups you chose.

Important considerations

If you have scripts that are set to user context with the end-user having admin rights, by default, the PowerShell script runs under the administrator privilege. Also, end-users don’t need to sign in to the device to execute PowerShell scripts. The IME agent checks with Intune once per hour and after every reboot for any new scripts or changes. In the event of a script failing, the agent attempts to retry the script three times for the next 3 consecutive IME agent check-ins. And as far as shared devices are concerned, the PowerShell script runs for every new user that signs in.

PowerShell scripts limitations

Although with Microsoft Intune you can deploy PowerShell scripts to Windows 10 devices, there are a few limitations worth noting. These include: 

  • You won’t get support for running PowerShell scripts on a scheduled basis.
  • Although you can see whether the PowerShell script execution succeeded or failed, the output generated is only available on the endpoint that executes it and is not returned to the MEM Admin Portal.
  • Since executed PowerShell scripts are visible in the Intune Management Extension log file as plain text, credentials can’t be passed securely.
  • The Intune Management Extension agent responsible for executing PowerShell scripts on the endpoints only checks once an hour for new scripts so there is a delay with execution.

Wrap up

Maximizing the time we have is increasingly a massive concern for most organizations. Technological innovation has made it such that we can have more productive time on our hands. PowerShell is a product that is very useful to IT professionals for overall system management. By being able to automate the administration of Windows OS and other applications, organizations can operate more efficiently. The evolution of this platform since its release fourteen years ago has seen it grow from strength to strength. Undoubtedly, this is a product that can easily boost your productivity.        

7 Ways Microsoft 365 Can Help Manage Your Organizational Governance

These days, you will find cloud services offering some pretty amazing features. Platforms like Microsoft 365 (M365) have been developing their functionalities at a very fast pace. With all of those changes, businesses can expect to benefit as well. And they do. The advances in cloud technology have had a significant impact on things like corporate data security and remote work. Moreover, the round the clock support you get from Microsoft experts allows you to swiftly deal with any issues. Even more importantly, M365 helps you manage your organizational governance and that’s something we want to take a closer look at.

Governance in M365

Under Microsoft 365, the key thing is the protection of essential data assets while minimizing risk. There are a few crucial areas that need consideration. Firstly, there is operational assurance. This is mainly an IT task responsible for the operation and performance of the platform. Next, we talk about information assurance. For this, you need to know the regulatory requirements as well as the goals of the business because it involves the management of information throughout the lifecycle. Lastly, we’ll talk about outcome assurance. This part is concerned with providing the necessary guidance to enable an organization to obtain favorable outcomes.  

Preparing your business

Cloud services are constantly evolving and that means businesses need to adequately prepare. These continuous changes can have positive or negative effects depending on your governance policies. It’s important to have policies that best suit your IT team to ensure maximum productivity. Although leveraging the power of the cloud has numerous benefits, your IT team still needs to maintain a framework that guarantees data security. All of this requires the company to set up informed governance policies that are regularly updated as and when necessary.    

Service offering

When it comes to IT governance for M365, all the services you get with M365 including Office 365 and Enterprise Mobility + Security are considered. Businesses will need to assess aspects such as user lifecycles and legal data requirements for the governance framework. It’s important to note that employee recruitment or retirement can upset your governance processes because user and data lifecycle concepts are designed and applied in an expanded form. Given that there will be other employees that need greater access and security, you need to establish protocols for these groups. This will help to maintain corporate data security while granting secure access to those that need it.  

Great communication platforms

Most people will agree that good communication is an absolute necessity for any business to operate properly. Again, this is something Microsoft 365 fully understands. You can have the best business strategies but without good communication channels, your business will struggle. To facilitate great communication, M365 clients can get in touch via Skype, voice calls, and video calls. Yammer and other business platforms are also available when it comes to organizing projects. As well as giving users fantastic options for communication, these platforms are highly secure. So management can rest easy knowing that they can easily relay information and organize projects without worrying about security.  

Improve service delivery

Online platforms have changed the way that clients can interact with businesses. In addition, these platforms also enable businesses to market themselves better to potential clients. With the amount of information available online, decision-making is a lot easier. For instance, through the use of Outlook’s CRM capabilities, you can track your clients and establish business relationships. You also have Microsoft 365 Business that you can use to create mailing lists and manage your marketing emails. Clients get increased convenience because of Bookings which allows them to make appointments anytime, anywhere. Because of the popularity of social media and its significant reach, Microsoft 365 Business also helps you to manage these platforms. It does this by updating the information on your social media platforms and making communication with clients easier.              

 

Microsoft information governance

Information governance has a massive role to play in how effectively an organization operates. With information being a very valuable asset, you cannot afford to compromise your data management. You need to start by understanding the type of information that is governed, something that is done with retention labels which drive the automated lifecycle management of all data. After this, you can configure the labels in a few different ways. You can publish the labels, use MIG/ADG to auto-apply labels, or apply pre-applied labels in bulk. Information governance gives you a system for comprehensive data management on a secure platform.

Effective device management

In these times when plenty of people are working from home, managing employees’ devices is essential to overall organizational governance. Not only is this important to maintain productivity levels, but it’s also necessary for data security. By joining Azure AD and enrolling in Microsoft Endpoint Manager (MEM), users will encrypt their devices and obtain certificates enabling them to access VPNs, Wi-Fi, etc. Furthermore, this will keep employees’ devices up to date, secure, and compliant with all your policies. MEM is a great tool for any business looking to organize their workforce when working remotely without compromising data security.

Simplifying management

Good management is often what makes the difference between successful businesses and struggling ones. Likewise, good technology can have a similar effect on your business. Which is why it’s not a bad idea to check out Microsoft 365. It’s a package deal that has some of Microsoft’s best products, not least of which is the hugely popular Office 365. The tools you get in this package will not only help but improve your organizational governance. Easier communication, advanced security, and 24/7 support help to make your business run efficiently. So if you want to simplify management for your organization, M365 is a great place to start.

What You Can Learn From Microsoft Endpoint Manager Analytics

The importance of data analysis has been steadily growing in the last couple of decades. And as technology has continued to evolve, the tools that we have available to us have significantly improved. These tools help businesses get a clearer view of their operations. One of the more recent offerings is Microsoft Endpoint Manager Analytics (MEMA). With this product, Microsoft is aiming to help organizations measure and improve their productivity. These days, businesses are placing significant emphasis on the degree of productivity of their employees. Therefore it’s important to have a way to actually see this and that’s what we’ll be going over below.

What is Microsoft Endpoint Manager Analytics?

Endpoint Analytics is essentially a new feature that Microsoft has added to Microsoft Productivity Score. What it does is to provide you with information on how the organization is operating as well as the experiences that your users are receiving. Moreover, it can pinpoint policies or hardware issues that are slowing down devices and then make any necessary changes without causing needless disruptions. Therefore, Endpoint Analytics can provide insights that are normally unavailable to IT because of a lack of visibility into the end-user experience. And it can offer this service at a better cost as compared to the costly support channel that you would otherwise use.

Getting started

Once you’ve met all the requirements, the actual process of enrolling a device is pretty straightforward. For Intune-managed devices, you need to go to the Onboard in the Endpoint Analytics portal. When you’re enrolling devices that are managed by Configuration Manager, there are a few steps to follow. Firstly, you have to go and enable Endpoint Analytics data collection in Configuration Manager. Next, you’ll need to enable data upload from Configuration Manager. And the last step involves onboarding in the Endpoint Analytics portal. You will see the connector status light up in Microsoft Endpoint Manager once you have successfully enabled.

Startup performance

This is an area that can be of great concern when it comes to causing delays to your employees. By measuring time to productivity, you can easily see where users are losing time. Endpoint Analytics will help your organization by identifying lengthy boot and sign-in times and then resolving them. In addition, you’ll get a couple of recommended actions that you can take to improve startup times. Having this data at hand enables you to evaluate your startup performance. You can then use this data and compare it to other organizations thus getting a better view of how you’re doing as a business. 

Software optimization

A lot of the time, increasing productivity only requires you to optimize your current software. MEMA plays a key role by providing you with information for improving user experience by optimizing your operating system as well as the versions of Microsoft software that you are already using. You’ll get to benefit from insights for various deployment and management services. Among these are Windows Autopilot, Microsoft Intune, Configuration Manager, Windows 10, and Azure Active Directory. Although you may already be using these platforms, analytics gives you data that helps you to get the most out of them.

Swift problem resolution

In the past, one of the major causes of delays has been users having to wait for IT to resolve problems. However, Endpoint Analytics provides proactive remediation scripting. Simply put, this great feature will resolve common support issues on any of your endpoints. Not only that, but it will fix these problems before users even know there’s an issue. There are built-in scripts that you can use for common issues. But, there is also the possibility of authoring your own scripts based on what issues your users frequently encounter.

Licensing requirements

A valid Microsoft Endpoint Manager license is necessary to enroll devices in Endpoint Analytics. In addition, for proactive remediations, one of the following licenses for managed devices will be required:

  • Windows 10 Enterprise E3 or E5 (included in Microsoft 365 F3, E3, or E5)
  • Windows 10 Education A3 or A5 (included in Microsoft 365 A3 or A5)
  • Windows Virtual Desktop Access E3 or E5

Requirements for Intune devices

Devices under co-management or enrolled in Intune running Windows 10 Pro, Windows 10 Pro Education, Windows 10 Enterprise, or Windows 10 Education. Windows 10 Home isn’t supported. Only devices with Windows 10 Enterprise, Education, or Pro version 1903 or later will get startup performance insights. It’s also important to note that workplace joined or Azure AD registered devices won’t be supported. Lastly, you need to ensure that the Connected User Experiences and Telemetry service are running.

Configuration Manager requirements

For devices that are under the management of Configuration Manager, you’re going to need a minimum of Configuration Manager version 2002 with KB4560496 – Update rollup for Microsoft Endpoint Configuration Manager version 2002 or later. Also, the Configuration Manager clients need to be upgraded to version 2002 or later. And then you should ensure that the Microsoft Endpoint Manager tenant is attached. Another thing to remember is that enrolled devices that meet the Intune requirements will send required functional data directly to Microsoft public cloud.

Enhance your productivity

Common issues that trouble most organizations should not have to persist indefinitely. Time is a priceless commodity and your business needs to strive to fully enhance productivity. Hence the importance of software such as Microsoft Endpoint Manager Analytics. Its ability to furnish you with a comprehensive overview of how your organization is operating has the potential to make it key to your business strategies. Evaluating the problem areas affecting your users and resolving them without disruption will immediately improve workflow. Although Endpoint Analytics is still very much a new product, it’s certainly one that looks like most businesses could need.