I recently needed to track down who had recently used a device bound to AzureAD. We don’t tend to make use of the Primary User field, since our devices tend to be handed out in bulk to large groups of people at once, rather than one-at-a-time. This meant I had to track down who was using which device in a more roundabout method.
To accomplish this, you’ll need to use both Microsoft Graph and Microsoft Endpoint Manager.
Lookup the Device ID
First you’ll need Azure’s device ID for the computer.
Make sure to sign into graph, or you’ll only see the sample data.
Query type: GET
Version: beta
URL: https://graph.microsoft.com/beta/deviceManagement/managedDevices/[device ID here]
Click Run Query
You’ll only see the first several lines, which probably won’t show the logged on users.
Click the Expand button
Scroll down to where it says usersLoggedOn then select and copy the ID inside of the quotes.
Go back to Endpoint Manager
Click Users on the left.
Paste the user ID into the search field. This should tell you the name of the user who logged into that device. If there were multiple people recently signed in, they’ll all be in the usersLoggedOn array.
The scenario: you have computers that are only bound to AzureAD and you need to deploy a customized version TeamViewer to those computers. Me too! Here’s what I did.
On the left hand side of the screen, choose Design & Deploy
You’ll see two tabs: Custom Modules and Policies.
The Policies tab has the custom settings used by the client (such as whitelisting, auto-starting, and auto-adding to groups).
Each custom module can only use one “Policy,” but each policy can have all possible settings. If you need to create a new policy, use the “Add policy” button at the top of the screen.
To change a policy, click the edit button next to the one of the policies. (The “enforce” checkbox for each setting prevents the end-user from being able to change that setting). These policies are checked by the client during installation.
Once the policy is setup, go to the Custom Modules tab. Create a new module with the Add Custom Module button or click the edit button on a existing module.
Customize the look of the TeamViewer app however you’d like.
Make sure the TeamViewer policy selected is the correct one from the Policies tab and you’ve selected the group you would like the devices added to under the “Automatically add computers to a group in your Computers list.”
Copy the API token and the Configuration ID. You will need these when creating the app in Intune.
Click the “Download MSI” link as well. Without any options, this MSI will just do a basic TeamViewer Host installation. Only when passed your configuration ID and API token during installation will it give you the customized client and add itself to your TeamViewer groups.
Package the Installer
The MSI file will come in a zip file; unzip it. Inside you will find two more folders: Full and Host. Go into the Host folder and copy the TeamViewer_host.msi file into another folder. I named mine “teamviewer-host”. Make sure there is nothing else in that folder.
Under Detection Rules choose “Manually configure detection rules”
Click + Add
Choose MSI for rule type. Intune will automatically enter the correct MSI Product code. Keep “MSI Product version check” as “no” so that the app won’t re-install if upgrades are done on the client side.
No Dependencies are needed.
Finally, assign it to whatever device groups you need. Devices in those groups will automatically download the TeamViewer Host app as well as place an icon called TeamViewer on the desktop.
That’s it! Your custom TeamViewer host should install on the selected devices and be ready for remote management.