1E for Microsoft Intune

Key Capabilities

Intune Real-Time policy and Sync - Monitor last sync time and perform Sync on demand

• Report actual device sync times
• Initiate sync for non-compliant devices
• Automate sync on non-compliant devices

Critical Services Compliance - Secure Boot, AV, EDR, Bitlocker, OneDrive, etc.

• Ensure “critical servers” are compliant
• Ensure SecureBoot and Bitlocker is enabled
• Ensure Services are running & correct configurations
• Keep definition files up to date
• Monitor OneDrive Sync Status

EventID and Intune Diagnostic - Retrieve Intune Diagnostics in single console

• Chronological order of events across all devices or single devices
• No Zip file to review, everything brought back in single view

Real-Time Patching and Last Mile – Increase Patching compliance

• Increase Compliance
• Real-Time Visibility
• Surfacing relevant details about why patches fail
• Visualize the detailed patch status
• Identify and close blind spots in patching process

Normalized Inventory– Increase Patching compliance

• Real-Time hardware inventory data
• Real-Time software inventory data
• Normalized Vendor, Title, Version, Edition information
• Catalog Driven
• Usage Metrics

Setup

• Follow the pre-requite steps and deploy the 1E Solutions Core DEX Pack.

• Upload this DEX Pack with the help of the Product Pack Deployment Tool.

• A 1E Endpoint Automation Policy named 1E for Microsoft Intune will be created.

• Review and enable the rules then deploy the policy to intended management group.

• An Instruction set named 1E Solutions will be created containing all the instructions.

Usage

1. Intune - Check Microsoft Intune Management Extension memory usage

This rule will report the compliance state if the memory usage of the Microsoft Intune Management Extension does not exceed the specified limit. The limit can be customized as per requirement.

2. Intune - Device Management Enrollment Service

This rule ensures that the Device Management Enrollment Service is running and that its start-up type is set to Automatic

3. Intune - Intune client sync state

This rule will report the compliance state if the Intune Management client agent is synced within the specified date range.

4. Intune - Microsoft Intune Management Extension service

This rule ensures that the Microsoft Intune Management Extension service is running is running and that its start-up type is set to Automatic.

5. Intune - Patching - Reboot check pending

This rule will report the compliance state if a system reboot is pending due to OS patch installation.

6. Intune - Patching - Update scan in last 7 days

This rule will report the compliance state if the Windows Update agent has scanned in the last 7 days. The number of days for the last scan can be customized as per requirement.

7. Intune - Patching - Windows check device patched in last 30 days

This rule will report the compliance state if the Windows device has been patched in the last 30 days. The number of days for the last patch can be customized as per requirement.

8. Intune - Remediate Microsoft Intune Management Extension memory usage

This rule ensures that the memory usage of the Microsoft Intune Management Extension service does not exceed the specified limit. If the limit is exceeded, the service will be restarted. The limit can be customized as per requirement.

9. Intune - Security - Bitlocker check disk fully encrypted

This rule will report the compliance state if the OS Drive is fully encrypted with BitLocker.

10. Intune - Security - Bitlocker check is enabled

This rule will report the compliance state if BitLocker is enabled or encryption is in progress for all fixed drives.

11. Intune - Security - Bitlocker ensure is enabled

This rule will ensure that BitLocker is enabled for all fixed drives.

12. Intune - Security - Certificates machine certificate in Personal store

This rule will ensure that there is a valid device certificate in the Personal certificate store. Additionally, it will check if the certificate is expiring within 30 days. The number of days can be customized as per requirement.

13. Intune - Security - CredentialGuard status

This rule will report the compliance state if Credential Guard is enabled on the device.

14. Intune - Security - DeviceGuard status

This rule will report the compliance state if DeviceGuard is enabled on the device.

15. Intune - Security - SecureBoot check is enabled

This rule will report the compliance state if Secure Boot is enabled on the device.

16. Intune - Security - SecureBoot ensure enabled

This rule will ensure that SecureBoot is enabled on the device. Please note that this rule is only supported for Dell devices.

17. Intune - Security - TPM check is enabled

This rule will report the compliance state if TPM is enabled on the device.

18. Intune - Security - Windows Defender components enabled and updated

This rule will report the compliance state if the Windows Defender components are enabled and updated in the last 7 days. The number of days can be customized as per requirement.

19. Intune - Security - Windows Defender definition updated

This rule will report the compliance state if the Windows Defender definitions are updated in the last 7 days. The number of days can be customized as per requirement.

20. Intune - Security - Windows Defender Firewall all profiles state

This rule will report the compliance state of the Windows Defender Firewall profile. Please select "Yes" for the profile that needs to be checked and specify whether it should be enabled or disabled.

21. Intune - Security - Windows Defender Firewall service

This rule ensures that the Windows Defender Firewall Service is running and that its start-up type is set to Automatic.

22. Intune - Windows - Check number of forced reboots

This rule will report the compliance state if forced reboots do not exceed 90 days for the device. The number of days can be customized as per requirement.

23. Intune - Windows - Windows check activated

This rule will report the compliance state if Windows is activated on the device.

24.Intune - Windows Remote Management Service

This rule ensures that the Windows Remote Management Service is running and that its start-up type is set to Automatic.

25. Intune - WMI Repository check consistent

This rule will report the compliance state WMI repository.

Instructions

%State% Microsoft Intune Management Extension service. Set the startup type %startuptype% #Intune

This instruction will Start, Stop and restart the Microsoft Intune Management Extension (IME) service

Trigger Microsoft Intune Sync. Stagger seconds %StaggerSeconds% #Intune

Runs a command to trigger intune sync for Windows device.

Intune Solution - Check if Bitlocker is enabled or encryption in progress for all fixed drives.

Provides the result to check if Bitlocker is enabled or encryption & decryption in progress for all fixed drives.

Check if valid device certificate in the Personal certificate store. Also check if certificate expiring in %Days%.

Provides the result to check if a valid device certificate is in the Personal certificate store. Additionally, it will check if the certificate is expiring within X days.

Intune client Diagnostics report - Connection Info. Refresh diagnostics report older than %Duration% #Intune

This instruction will provide a report of the last sync information. The report can be fetched for periods of 1 day, 8 hours, and in real-time by running the Diagnostics on demand.

Intune client Diagnostics report - Device Info. Refresh diagnostics report older than %Duration% #Intune

This instruction will provide a report of Device information. The report can be fetched for periods of 1 day, 8 hours, and in real-time by running the Diagnostics on demand.

Intune client Diagnostics report - Enrolled Configuration Sources And Target Resources Info. Refresh diagnostics report older than %Duration% #Intune

This instruction will generate a report of enrolled configuration sources and target resources information. The report can be fetched for periods of 1 day, 8 hours, and in real-time by running the Diagnostics on demand.

Intune client Diagnostics report - Managed Applications Info. Refresh diagnostics report older than %Duration% #Intune

This instruction will generate a report of Managed Applications information. The report can be fetched for periods of 1 day, 8 hours, and in real-time by running the Diagnostics on demand.

Intune client Diagnostics report - Managed Policies Info. Refresh diagnostics report older than %Duration% #Intune

This instruction will generate a report of Managed Policies information. The report can be fetched for periods of 1 day, 8 hours, and in real-time by running the Diagnostics on demand.

EventLog: Get event log for Event ID 208 - Intune Server Sync Initiated #Intune

This instruction will provide results that indicates that the Windows MDM client-initiated policy sync with the MDM server

EventLog: Get event log for Event ID 2900 - Warning Not Compliant #Intune

This instruction will provide results that indicates that when the MDM client tries to assess the compliance state of the device and cannot access it.

EventLog: Event ID 809 Unknown Win32 Error, needs further troubleshooting #Intune

This instruction will provide results that indicates an error with Intune policy implementation on device and would require further troubleshooting

EventLog: Event ID 813 - Windows CSP policy is applied #Intune

This instruction will provide results that indicates Windows CSP policy setting is successfully applied on the device.

EventLog: Event ID 814 - Policy update received and applied #Intune

This instruction will provide results that indicates MDM client received a policy update from the server and successfully applied it on the device.

EventLog: Event ID 820 - Set policy precheck call #Intune

This instruction will provide results that indicates MDM client tried to check the status of RequireRetrieveHealthCertificateOnBoot but is unable to complete the process.

Get all Intune event IDs relevant for troubleshooting #Intune

This instruction will provide information of all Intune event IDs that can be used for troubleshooting purpose

Intune Solution - Check that Intune client does not exceed 200 MB of memory utilization.

This instruction will provide the information if the Intune client has exceeded the X number of MB.

Get the last SyncTime of Intune #Intune.

This instruction will provide information on the last synchronization time with the Intune server.

Intune Solution - Check if Credential Guard is enabled.

This instruction will provide information if Credential Guard is enabled on the device.

Intune Solution - Check if Device Guard is enabled.

This instruction will provide information if Device Guard is enabled on the device.

Intune Solution - Check if Secure Boot is enabled.

This instruction will provide information if Secure Boot is enabled on the device.

Get Intune MDM Security Status

This instruction will provide MDM Security health Status.

Intune Solution Check the Bitlocker encryption state of OS Drive.

This instruction will provide information if Bitlocker is enabled and Encryption sate on OS drive

Intune Solution - Check if reboot is pending due to OS patch install

This instruction will provide information if a system reboot is pending due to OS patch installation.

Intune Solution - Check if device patched in last %dateLastPatched%.

This instruction will provide information the compliance state if Windows device patched in last X days

Collect system info for Intune #Intune

This instruction will provide information system information of the device

Intune Solution - Check TPM status.

This instruction will provide the TPM status on the device

Intune Solution - Check Windows activation state.

This instruction will provide information the compliance state of Windows activation.

Intune Solution - Check that the Windows Defender components are enabeld and updated in the last %Lastupdateddays% days .

This instruction will provide information the compliance state if Windows Defender components are enabled and updated in the in last X days

Intune Solution - Check that Windows Defender has updated its definitions within the last %daysThreshold% day(s).

This instruction will provide information the compliance state if the Windows Defender definitions are updated in the last X days.

Intune Solution - Check if %EventID% with %Message% has occured in the %Eventlog% in the last %Timetocheck% %Timemeasurement% more than %Numberofoccurence% with Event %EventName%

This instruction will read and provide the event information if Event ID, Number of occurrence, Name and other relevant information is entered correctly.

Intune Solution - Check if Windows firewall for profiles, Private: %Private%, Public: %Public%, Domain: %Domain% are in the proper state: Private: %PrivateState%, Public: %PublicState%, Domain: %DomainState%.

This instruction will provide information of the Windows Defender Firewall profile. Please select "Yes" for the profile that needs to be checked and specify whether it should be enabled or disabled.

Intune Solution - Check that Windows Update has performed an update scan within the last %daysThreshold% day(s).

This instruction will provide information if the Windows Update agent has scanned in the last X days. The number of days for the last scan can be customized as per requirement.

Check the WMI repository is consistent.

This instruction will provide will report the compliance state WMI repository.