Autopilot HWID online – direct WindowsAutopilotinfo into Intune
With autopilot HWID -online switch it’s possible to inject the HWID directly into Intune so there is no need to down and upload civ files. Start laptop, in the OOBE bootscreen …
Azure AD Set password to never expire
Check user account or set password never expires for a cloud managed user account. This is not possible for on-premises synced accounts. In this case you control the setting in …
AAD connect migrate / upgrade to AAD Connect 2.0 with Server 2022
More information of AAD connect can be found here: https://docs.microsoft.com/en-us/azure/active-directory/hybrid/whatis-azure-ad-connect-v2 In this article I describe the migration of AAD connect 1.6.16.0 to AAD connect 2.x. Windows Server 2012 and Windows Server …
Change Azure AD device ownership
When a Windows device is enrolled in Azure AD using an Azure AD join the following security principals will be added to the local administrators group on the device. Azure AD global administrator role Azure AD …
Microsoft 365 Admin portals & handy urls
Portal name Link Description Azure Active Directory portal aad.portal.azure.com View and manage Azure Active Directory Microsoft Endpoint Manager admin center / Intune portal endpoint.microsoft.com Use Microsoft Endpoint Manager to manage and secure devices …
Install AzureAD Powershell module
MS Online is an old module to manage the Azure/Office 365 from PowerShell. Azure Active Directory PowerShell for Graph (AzureAD) is a modern PowerShell module for interacting with Azure infrastructure. The module …
Hybrid AAD domain join without SCP – without AADconnect hybrid setup
To Hybrid domain join a device you have to configure your Azure AD Connect which creates a Service Connection Point (SCP) in your Active Directory. However in some environments it’s not …
Get Windows Autopilot from OOBE – Register Device in AutoPilot.
If your devices is bought without Autopilot registration you need to register it first by using Get-WIndowsAUtoPilotInfo.ps1.Normally to achieve this you would boot into Windows and run the script and …
Google Chrome (always sign-in issue) & Azure Conditional Access
Azure does not see that your device is Azure AD joined via the Google Chrome browser. Because of this the user needs to sing in to Office 365 (& MFA) …
Office 365 disable the Keep me signed in (KMSI) displays a “Stay signed in? ” prompt
Sign in to the Azure portal using the Global administrator account . Select Azure Active Directory, select Company branding, and then select Configure. In the Advanced settings section, Switch the “Show option to remain signed in” setting to No. …
Staged ADFS Migration to Cloud Authentication (Azure AD)
This feature allows you to test cloud authentication and migrate gradually from federated authentication. When using high available cloud services you don’t want to rely on your on premises ADFS …