Microsoft Intune is a market-leading Mobile Device Management (MDM) tool for securely managing your Apple iOS, macOS, Android, and Windows devices anywhere in the world.

With the rapid move to hybrid working and more employees now wanting flexibility, traditional device management tools such as Active Directory are limited for staff working outside of the office, without implementing complicated Always On VPN.

As Microsoft Intune is fully cloud-based, devices can be managed comprehensively from any location. This can be further improved by implementing Windows Autopilot for machine provisioning, and devices can be shipped directly to end users with no input required from the IT department.

Configuring your new environment to work reliably can be a daunting task with multiple options to configure settings, and this is where Microsoft Intune Cookbook can help, running through every stage, from purchasing your licenses to enrolling your devices in a working environment.

On top of this, automation is a key part of working with IT systems; automating a repeatable task reduces the risk of user error as well as significantly improving productivity. As well as demonstrating how to configure your environment in the web portal, this book will also show you how to leverage Microsoft PowerShell and Microsoft Graph to automate your daily tasks. For this purpose, several recipes have an Automating it section included.

Included at the following URL are links to some excellent community resources, which are worth reading and following as you embark on your Intune journey:

https://github.com/PacktPublishing/Microsoft-Intune-Cookbook/blob/main/blogs-links-communities.md

Note that during the writing of this book, Microsoft renamed Azure Active Directory to Microsoft Entra ID, so there may be occasions where the old Azure Active Directory naming is used, especially in screenshots where the portals had not been updated.

This book is ideal for anyone either starting out on their Intune journey or existing Intune users who want to learn Microsoft Graph for automation.

This could be system administrators, end-user computer administrators, cloud administrators, or even support staff looking to take the next step up the ladder.

As it is a hands-on cookbook, while it touches on architectural considerations, the primary demographic is technical staff who are implementing a solution.

While the book does not cover the basics of PowerShell scripting, you should be able to follow the scripts with a limited knowledge of PowerShell commands.

Chapter 1, Getting Started with Microsoft Intune, is an introduction to Intune. It takes a look at licensing requirements and setting up the first tenant. It then moves onto Entra ID, covering MDM and Mobile Application Management (MAM) enrollment scopes, the creation of both static and dynamic groups, and then assigning roles and looking at device settings.

Chapter 2, Configuring Your New Tenant for Windows Devices, looks at the policy options available for Windows devices and how to use them to comprehensively manage your Windows fleet.

Chapter 3, Securing Your Windows Devices with Security Policies, covers all the important security policies available for Windows devices and how to best configure them for your environment.

Chapter 4, Setting Up Enrollment and Updates for Windows, looks at Windows Update and autopatch, configuring Windows Hello for Business, before finally looking at the enrollment of devices using Autopilot and the Enrollment Status Page (ESP).

Chapter 5, Android Device Management, covers the management of your Android devices using Google Play. It runs through the full end-to-end process of configuring your managed Google Play account, connecting it to Intune, and using it to deploy applications. After configuring the connections, the chapter will run through configuring your enrollment profiles for different use cases and then move on to the policies themselves, including looking at Original Equipment Manufacturer (OEM) specific policies. Finally, it will cover the use of app protection policies for Bring your Own Device (BYOD) scenarios.

Chapter 6, Apple iOS Device Management, looks at the management of both iOS and macOS devices from Apple, with devices managed by Apple Business Manager and Apple Volume Purchase Program for applications. After running through configuring Apple Business Manager, the chapter then demonstrates how to connect it to Intune, add the required certificates, and set up enrollment profile tokens. Once the basic environment is configured, it moves on to configuring policies and deploying (and protecting) applications from the app store for iOS.

Chapter 7, macOS Device Management, continues the Apple journey with macOS devices. It covers configuring your first policy and then deploying scripts and applications to your devices, before finally looking at keeping your macOS up to date.

Chapter 8, Setting Up Your Compliance Policies, explores the very important, but often overlooked, area of compliance. When tied to Conditional access, it is the best way to secure your environment against risky/infected machines. The chapter covers configuring compliance policies for all currently supported operating systems and the various settings available for each. For Windows devices, it also dives into the more complex but powerful custom compliance policies. Finally, it demonstrates how to link your compliance policies to a Conditional access policy.

Chapter 9, Monitoring Your New Environment, runs through the monitoring options available within Intune. It looks at monitoring your applications (both installed and detected) and your critical app protection policies and then moves on to the devices. In device monitoring, you can learn how to review the success of your configuration profiles, device compliance, and device enrollment successes and failures. The chapter will then look at checking your device update status and, finally, review any admin tasks within the portal itself, including device actions and audit logs for policy/app changes.

Chapter 10, Looking at Reporting, covers all of the available reports within Intune initially, including security and Endpoint analytics. It then moves beyond Intune, covering connecting PowerBI to the Intune Data Warehouse and deploying Windows Update for Business Reports within an Azure Log Analytics Workspace. Finally, it will cover how to export your diagnostics events to Azure for further alerting or management.

Chapter 11, Packaging Your Windows Applications, examines application packaging and deployment, which can be a blocker to many. The chapter runs through deploying all Windows applications, starting with your straightforward Microsoft Store apps and then covering packaging in the MSIX or Win32 format, using the official Microsoft tools. It also covers application dependencies and supersedence for Win32 applications.

Chapter 12, PowerShell Scripting across Intune, looks at all of the available scripts inside Intune, starting with the basic device scripts. It will then move on to the very useful proactive remediations before looking at how they can be used when deploying apps – in particular, during detection and requirement checking.

Chapter 13, Tenant Administration, runs through the options within the Tenant Administrative menu within Intune, including your day-to-day admin tasks (monitoring connectors, troubleshooting, and version checking). It also covers the more set-once options such as terms and conditions, setting roles, and customizing. Finally, it covers using filters to manage assignments, sending organizational messages, and looking at multi-admin approval.

Chapter 14, Looking at Intune Suite, looks at the additional licensed features currently included in the Intune Suite. We will look at Remote Help, Microsoft Tunnel for Android/iOS, device anomalies, and Endpoint Privilege Management.

For the sections on automation, you will need a machine capable of running PowerShell; version 5 or version 7 will work fine. While you can simply download and run the scripts, using an editor will aid in following the steps.

If you are using the digital version of this book, we advise you to type the code yourself or access the code via the GitHub repository (link available in the next section). Doing so will help you avoid any potential errors related to the copying and pasting of code.

You can download the example code files for this book from GitHub at https://github.com/PacktPublishing/Microsoft-Intune-Cookbook. If there’s an update to the code, it will be updated in the existing GitHub repository.

We also have other code bundles from our rich catalog of books and videos available at https://github.com/PacktPublishing/. Check them out!

There are a number of text conventions used throughout this book.

Code in text: Indicates code words in text, database table names, folder names, filenames, file extensions, pathnames, dummy URLs, user input, and Twitter handles. Here is an example: “For these devices, remove them using Remove-MgDevice.”

A block of code is set as follows:

$Headers = @{
    "Authorization" = "Bearer " + $resourceToken
    "Content-type"  = "application/json"
    "X-Requested-With" = "XMLHttpRequest"
    "x-ms-client-request-id" = [guid]::NewGuid()
    "x-ms-correlation-id" = [guid]::NewGuid()
}

Any command-line input or output is written as follows:

((Invoke-MgGraphRequest -Method GET -Uri "https://graph.microsoft.com/beta/deviceManagement/configurationSettings?&`$filter=categoryId eq '4a5e4714-00ac-4793-b0cc-5049041b0ed7'" -OutputType PSObject).value | select-object name, description, '@odata.type', rootDefinitionId, options, @{Name="Platform"; Expression={ $_.applicability | Select-Object platform}},@{Name="technologies"; Expression={ $_.applicability | Select-Object technologies}},valuedefinition, id) | out-gridview

Bold: Indicates a new term, an important word, or words that you see on screen. For example, words in menus or dialog boxes appear in the text like this. Here is an example: "Now that we have our licensing in place, we need to create a tenant"

Tips or important notes

Appear like this.

In this book, you will find several headings that appear frequently (Getting ready, How to do it..., Automating it, There’s more..., and See also).

To give clear instructions on how to complete a recipe, use these sections as follows.

Getting ready

This section tells you what to expect in the recipe and describes how to set up any software or any preliminary settings required for the recipe.

How to do it…

This section contains the steps required to follow the recipe.

Automating it

This section shows you how to leverage Microsoft PowerShell and Microsoft Graph to automate your daily tasks.

There’s more…

This section consists of additional information about the recipe in order to make you more knowledgeable about it.

See also

This section provides helpful links to other useful information for the recipe.

Feedback from our readers is always welcome.

General feedback: If you have questions about any aspect of this book, email us at customercare@packtpub.com and mention the book title in the subject of your message.

Errata: Although we have taken every care to ensure the accuracy of our content, mistakes do happen. If you have found a mistake in this book, we would be grateful if you would report this to us. Please visit www.packtpub.com/support/errata and fill in the form.

Piracy: If you come across any illegal copies of our works in any form on the internet, we would be grateful if you would provide us with the location address or website name. Please contact us at copyright@packt.com with a link to the material.

If you are interested in becoming an author: If there is a topic that you have expertise in and you are interested in either writing or contributing to a book, please visit authors.packtpub.com.

Once you’ve read Microsoft Intune Cookbook, we’d love to hear your thoughts! Please click here to go straight to the Amazon review page for this book and share your feedback.

Your review is important to us and the tech community and will help us make sure we’re delivering excellent quality content.

Thanks for purchasing this book!

Do you like to read on the go but are unable to carry your print books everywhere?

Is your eBook purchase not compatible with the device of your choice?

Don’t worry, now with every Packt book you get a DRM-free PDF version of that book at no cost.

Read anywhere, any place, on any device. Search, copy, and paste code from your favorite technical books directly into your application.

The perks don’t stop there, you can get exclusive access to discounts, newsletters, and great free content in your inbox daily

Follow these simple steps to get the benefits:

1. Scan the QR code or visit the link below

https://packt.link/free-ebook/9781805126546

2. Submit your proof of purchase
3. That’s it! We’ll send your free PDF and other benefits to your email directly