Deploy Organizational Teams Backgrounds without Teams Premium licenses – Azure Storage Account + Intune Remediations

***A new post covering how to do this for New Teams is available here – Deploy Custom Backgrounds to New Teams with Remediations – SMBtotheCloud A client recently wanted to deploy organizational backgrounds to all Teams users. However, this is now a Teams Premium feature, which is an additional cost per user per month (Custom […]

Deploy Organizational Teams Backgrounds without Teams Premium licenses – Azure Storage Account + Intune Remediations Read More »

Dynamically add Device Extension Attributes using Remediations

Intro Every couple of weeks I see a Reddit post or question asking about device group memberships or filters for certain properties that Azure AD doesn’t natively contain. One common request is making a dynamic group for all desktops or all laptops. There may be other specific properties about your devices that Azure AD doesn’t

Dynamically add Device Extension Attributes using Remediations Read More »

Testing Conditional Access for Workload Identities

Conditional Access is constantly evolving and adding new features. One of the newer features is conditional access for workload identities. This allows us to secure service principals for our app registrations. At the moment, this is limited to two conditions – service principal risk and/or Locations. Personally, I’d like to see grant controls for compliant

Testing Conditional Access for Workload Identities Read More »

Set desktop & lock screen background on Windows 10 Pro using Intune

Updated 5/24/2023 – New Custom Detection Script to update your images without updating your Win32 App I recently had a client come to me asking about setting the wallpaper and lock screen, which is a fairly simple task by following the original post content under this section. However, they had several business units where they

Set desktop & lock screen background on Windows 10 Pro using Intune Read More »

AD Connect Sync Issues – Manually Hard Match User Identities

Whether you love it or hate it, AD Connect is still vital to many organizations. As more organizations shift away from Hybrid joined devices, some applications or business processes still rely on AD Windows Authentication for applications or Kerberos for legacy services, like SMB file shares. For that, AD connect is still required for SSO

AD Connect Sync Issues – Manually Hard Match User Identities Read More »

Resolve HAADJ Intune auto-enrollment errors for devices previously enrolled in MAM 

There never seems to be a shortage of issues when dealing with Hybrid Azure AD Joined + Intune Enrolling endpoints. Especially when you inherit a setup and have no history of what was implemented in the past. I encountered a new issue the other day and figured I’d made a quick post. In this situation,

Resolve HAADJ Intune auto-enrollment errors for devices previously enrolled in MAM  Read More »

Naming Hybrid Azure AD Joined Autopilot Devices Automatically using a Custom prefix and Serial Number

Naming Hybrid Joined devices during autopilot has always been very limited. You can’t use variables like %SERIAL% to add the serial number to the device name. You’re basically stuck using a prefix and a randomly generated string of characters. That’s not the best naming convention and it usually adds an additional step for IT admins

Naming Hybrid Azure AD Joined Autopilot Devices Automatically using a Custom prefix and Serial Number Read More »