As we all know, recently Intune has changed many features, well to be accurate added some features and removed some features. One of the features that got removed recently is setting up the servicing channel for Windows Update for Business. To be honest, I liked this feature previously and it was good that everything was at one place and I could select my servicing channel from one place. Under Update rings for Windows 10 we could see this below feature available:- But now, from latest update of Intune this feature is gone. It is not properly mentioned and documented under Microsoft that they have removed this. When we reached out to Microsoft regarding this they mentioned that many of the popularly not used features have been removed from this latest version. I was really in shock that really this was not a popular property. 😣 But, we had to accept and move on 😏 and find other ways to set it. Well, since we are talking about the ways to move on and other ways to set it, there is one which I feel is good if you want these to be pushed from Intune and not using Group Policies. This is helpful for those who use Standalone Intune to manage there Windows 10/11 devices. Lets see now how we can still set the Windows Servicing Channels without Group Policies. Navigate to Devices - Windows - Configuration profiles - Click on Create Profile From the new blade on the right hand side drop down Platform, Select Windows 10 and later - under Profile Types - select Settings Catalog (preview) - click on Create Provide proper Name and Description and click Next Under Configuration Settings - click on Add Settings A new blade for Settings Picker will open on the right, now either you can search for the Category required or what you can do is just scroll down from the list and select Windows Update for Business (WUfB). When you select WUfB, there will be 62 settings under it. For this blog I am only choosing the one setting that is required but you can go ahead and check all the settings that are required. So, for setting up the servicing channel, you will see that Branch Readiness Level is the one where you get that option with drop down to choose from. Check the setting from below and once you have selected the required settings close the setting picker. Under Configuration settings now you can find the Branch Readiness Level drop down options like below:- Please make a note here which is very important that if you select Semi annual Channel its only applicable till 1903. After 1903 Semi-annual channel and semi-annual targeted has been merged to one and there value is 16. So, choose your options wisely. After selecting your channel select Next and choose groups to assign deployments too. Use Device groups for this kind of deployment. Click on Next to move on. Select Scope tags if any and then click next Review the settings you selected and click on Create That’s all folks, you have selected the servicing channel with an alternate option and deployed it in your environment. If you have other ways to set it up let me know. Also, lets wait for Microsoft to provide better options with Windows Update for Business. See you guys next time then with some new blog post. 😉 😎

When you start managing devices from Intune, obviously you would start having requirement to check the reports for various purposes, like if you are doing patching using WUfB you need to check how many devices are compliant, if you are deploying an application you may want to check its compliance count. We had many reports in MECM which made our tasks easy. But in Intune I still feel we lack few important reports. Yes we do have many reports under Device Monitoring but we may still need to create some dashboards as per our requirements. Now, Intune may not have much inbuilt reports but it certainly gives you opportunity to build some dashboards by exploring the Data warehouse data model which you can get access to. This blog post helps you reach there where you should be able to create a report or dashboard. It seemed pretty straightforward to me. So, here we go... The first thing you would require here is Power BI Desktop app. Now that's free either you can download it and install from App store or you can check the below link, download and install manually the latest version: https://powerbi.microsoft.com/en-us/downloads/ When the installation is complete and you have opened the app you will find the below screen. There are generally 2 ways to connect to OData feed of Intune, one by clicking on Get Data from Home menu or you can just click on the Get data from another source pointed by the red arrow above. Both will open the same window like below. so, when you see this window come to the last option Other and select oData Feed . When you click on this it will ask you for the link of the OData feed: Select Basic or Advanced as per your need, I am gonna go with Basic for demo purposes. To get the URL for OData Feed of Intune you need to got to your Intune Console -> goto Reports -> under I ntune Data Warehouse select Data Warehouse and the copy the URL from OData feed for reporting service . Now come back to Power Bi Desktop and paste the URL on the required window and click OK . New window opens for authentication and it will ask you to sign in to connect to this OData Feed. Now, remember here to use Organizational account and then click on Sign In and provide your creds for Intune. Make sure you have enough permissions to do this in Intune when doing in Production. In my test environment I have not faced any issue with connection or any slowness, but when I tried to connect using my prod credentials it threw error one time and the loading of tables or data seemed a bit laggy, but it can be anything maybe my internet connection was not good enough. 😂 Anyways, you will now see the tables loading with all the required data under Navigator. looking pretty good up until now huh. 😎 if you want to check some data on these tables, just click on any one and you can see like above on the right hand side you corresponding values stored in them. Now, if you want to create a dashboard, based on your requirement just select the tables and you will check boxes highlighted once you select them. Once done click on Load. This will begin to load your tables with values on your workspace. When loading of data is complete you can then work with them click on Visualisations to select the type of graph or data representation according to your needs and then work with columns under Fields and create your own dashboards like below: That's it done, now you can create your own dashboards/reports as per your requirement. I am not that much good with Power BI so digging down deep to create reports and dashboards is lil difficult for me here but you guys are expert so go on and create reports and help people like me in need. 😊 That will be all folks for this time, see you guys in my next post. Until then, Cheers 😉

Recently, I had a requirement where I would need to set the Device Category of the devices in Intune. Well, for a single device it’s pretty easy right. We all know how we can do that. For those of you who are not aware how to change device category go to this MS article and learn https://docs.microsoft.com/en-us/mem/intune/enrollment/device-group-mapping. Now, we all have to agree that Device categories are there to make your job easier so that you can create Azure Security groups based on them and then do your deployments. But what happens to those Windows devices which you have enrolled using Hybrid Azure AD join. Like Mac and iOS, they don’t get any option or there isn’t any option where you could categorise them or rather assign some category automatically at the time of enrolment as you have done it using MDM GPO obviously. So, the question is how can I update the device category of multiple devices at once. Well, there isn’t a straight forward procedure to do it as of now. You just can’t go to Intune portal and start updating each device separately, too much of manual effort. But we have some help from Graph API and Intune PowerShell Module. Small lines of code can achieve things so fast amazing right. 🤗 Let’s see how we can achieve that. Well, here I will show how you can update it for one device; putting loops around those lines and executing the code for multiple devices is your job to do it. I can just show you how to build the code and achieve it. 🤓 Below is the screenshot of the device where you can see that Device Category is Unassigned. Let us see what we need to do in PowerShell to change this manually. If you have not installed the Microsoft.Graph.Intune module. Execute below line first and install the module. Install-Module -Name Microsoft.Graph.Intune Note : If you face any error, try to open PowerShell in an elevated Admin prompt and set execution policy to Unrestricted. Once the installation of the module is done do an import of the module now using the below command: Import-Module Microsoft.Graph.Intune After the importing the module successfully, we would need to connect to MS Graph to execute our code. The only pre-req here is that you should have at least Intune Administrator role to access and make changes to the device category. Command is below to connect to MSGraph: Connect-MSGraph Once you hit enter it will ask for your credentials like shown below Enter your credentials to connect and then it would show your tenant id confirming the connection Now, once you are connected you have to check your available device categories. This is required so that you get the id of your device categories, since at this moment you would not have any other way to get the id of device categories. Execute the below command to get the device category information. Get-DeviceManagement_DeviceCategories Check in the Intune portal whether you have correct information For me all good up until now. Next, you would require Intune Device ID of the device. You can get it from the Intune portal or since we are executing everything using PowerShell let’s get the device details in a file in .csv format and find the Device ID. You can use the same command to get the list of all device id’s: Get-IntuneManagedDevice | Get-MSGraphAllPages | Select ID, DeviceName |Export-Csv -Path "c:\Temp\Listdevice.csv" The .csv file looks like this Now, we have everything that we need to execute the code to change the device category. I am going to change the device category of the device DESKTOP-U9IRJ4D so I am using it’s device id and device category will be Windows so I am using the device category id of the windows here. #Declare Variables $DeviceID = "dde9c683-ba2c-491c-92d2-453c8d549da0" $DeviceCategory = '3deae90a-1692-446a-97e0-46ee2ce673ab' # Create the request body which will associate the objects $requestBody = @{ "@odata.id" = "https://graph.microsoft.com/beta/deviceManagement/deviceCategories/$DeviceCategory" } # Make a call to Graph that will create the association Invoke-MSGraphRequest -HttpMethod PUT -Url "deviceManagement/managedDevices/$DeviceID/deviceCategory/`$ref" -Content $requestBody That’s it all done and your device category is changed from Unassigned to Windows. You can use the same code now and just make changes to bulk amount of data at once. Keep the device category id constant and get a dynamic entry for device id’s using foreach block and execute the same code for other devices. That should help you achieve your task. Great, that’s it guys I hope that this should help you guys sort out the issue for Hybrid joined devices and Autopilot devices too. See you until next time. Cheers… 😉