I recently needed to track down who had recently used a device bound to AzureAD. We don’t tend to make use of the Primary User field, since our devices tend to be handed out in bulk to large groups of people at once, rather than one-at-a-time. This meant I had to track down who was using which device in a more roundabout method.
To accomplish this, you’ll need to use both Microsoft Graph and Microsoft Endpoint Manager.
Lookup the Device ID
First you’ll need Azure’s device ID for the computer.
Make sure to sign into graph, or you’ll only see the sample data.
Query type: GET
Version: beta
URL: https://graph.microsoft.com/beta/deviceManagement/managedDevices/[device ID here]
Click Run Query
You’ll only see the first several lines, which probably won’t show the logged on users.
Click the Expand button
Scroll down to where it says usersLoggedOn then select and copy the ID inside of the quotes.
Go back to Endpoint Manager
Click Users on the left.
Paste the user ID into the search field. This should tell you the name of the user who logged into that device. If there were multiple people recently signed in, they’ll all be in the usersLoggedOn array.
AutoDesk’s AutoCAD is the next piece of software I’m deploying via Intune that was clearly never designed to be. It took a few tries, but I believe I’ve got the process down. I hope this makes your life much easier!
The directions here are for AutoCAD, but they should apply to any of the AutoDesk products (Architect, etc.).
Update 2: The new guide is ready! If you’re looking to deploy Autodesk apps versions 2020+, please follow my new guide here:
There’s 4 levels of installer we’ll be dealing with. 1) The installer you download AutoDesk’s website. This is just a self-extracting, compressed version of the actual installer. I’ll call this “the downloaded installer.” 2) The actual installation files that get extracted. I’ll call this “the extracted installer.” 3) The installation package you’ll create from the extracted installer. I’ll call this the “installation package.” 4) The intunewin file you’ll generate that actually gets uploaded to Intune.
Run the downloaded installer to extract the installation files.
Go to the extracted installer folder and run setup.exe .
Choose “Create Deployment.”
The AutoCAD 2019 Installer
Give your deployment a name without any spaces. This name will automatically be used to create the installation .ini file that will contain the setup information such as your serial key. You’ll need to know this name later.
You can only create a deployment to a network share. Since we’re using Intune, this isn’t relevant, so we’ll pick the hidden C: drive share to specify your local computer. Choose \\localhost\c$\users\[your username]\Desktop\autocad .
Disable the “Create a network log file” since this won’t be running off your LAN.
The AutoCAD 2019 Installation Packager Creator
Choose which components you’d like to install. If your users are not administrators on their machines, I’d recommend disabling AutoDesk Desktop since they won’t be able to use any of its functionality.
If you’re using a license key and serial, enter it.
Open Windows Terminal or PowerShell. Change directory into the directory just above the autocad folder you create for the network installation.
For me that’s:
cd ~/Desktop
Tell the Intune prep tool to create a package from the autocad directory, use the Setup.exe located in the img folder, and save the package to your current directory:
(you can double check the name of your ini file by looking in the autocad\img folder)
For the uninstaller, this is a bit of a kludge since it only uninstalls the main component, not the rest. For me, this is sufficient. You can customize yours by checking out all of the options in the autocad\sms_sccm scripts\[deployment name]_Uninstall.txt file.
Under Detection Rules choose “Manually configure detection rules”
Click + Add
Choose MSI for rule type and enter the product code for AutoCAD 2019: {28B89EEF-2001-0409-2102-CF3F3A09B77D}
No Dependencies are needed.
Finally, assign it to whatever device groups you need. Devices in those groups will automatically download and install AutoCAD 2019. Alternatively, you can assign it to user groups and those users can install AutoCAD from the Company Portal app.
Another day, another app to deploy! Today it’s Minecraft Education Edition. If you’re looking to deploy the desktop version of Minecraft Education Edition using nothing but Intune, you’ve come to the right spot!
Make a new folder in your Downloads folder called “MinecraftEducation”.
Open Terminal or PowerShell and change directory int your Downloads folder.
cd ~/Downloads
Extract the Minecraft Education Edition exe into the new folder by running following command in Terminal or PowerShell, replacing [user] with your username. I found the command only worked for me when I used the full path to the extraction location.
IntuneWinAppUtil.exe -c <folder with the msi it in> -s <name of the .msi file extracted to MinecraftEducation> -o <where you want the package file saved>
I had IntuneWinAppUtil.exe in the Downloads folder, Minecraft version 1.14.50.0, and wanted the package file in my current folder so I ran:
Choose the App Type “Windows app (Win32) then click Select at the bottom of the screen.
Choose the MinecraftEducationEdition_x86_1.14.50.0.msi you created.
Choose 64bit Windows 10 under the Requirements
Under Detection Rules choose “Manually configure detection rules”
Click + Add
Choose MSI for rule type. Intune will automatically enter the correct MSI Product code. Keep “MSI Product version check” as “no” so that the app won’t re-install if upgrades are done on the client side.
No Dependencies are needed.
Finally, assign it to whatever device groups you need. Devices in those groups will automatically download Minecraft Education Edition.
The scenario: you have computers that are only bound to AzureAD and you need to deploy a customized version TeamViewer to those computers. Me too! Here’s what I did.
On the left hand side of the screen, choose Design & Deploy
You’ll see two tabs: Custom Modules and Policies.
The Policies tab has the custom settings used by the client (such as whitelisting, auto-starting, and auto-adding to groups).
Each custom module can only use one “Policy,” but each policy can have all possible settings. If you need to create a new policy, use the “Add policy” button at the top of the screen.
To change a policy, click the edit button next to the one of the policies. (The “enforce” checkbox for each setting prevents the end-user from being able to change that setting). These policies are checked by the client during installation.
Once the policy is setup, go to the Custom Modules tab. Create a new module with the Add Custom Module button or click the edit button on a existing module.
Customize the look of the TeamViewer app however you’d like.
Make sure the TeamViewer policy selected is the correct one from the Policies tab and you’ve selected the group you would like the devices added to under the “Automatically add computers to a group in your Computers list.”
Copy the API token and the Configuration ID. You will need these when creating the app in Intune.
Click the “Download MSI” link as well. Without any options, this MSI will just do a basic TeamViewer Host installation. Only when passed your configuration ID and API token during installation will it give you the customized client and add itself to your TeamViewer groups.
Package the Installer
The MSI file will come in a zip file; unzip it. Inside you will find two more folders: Full and Host. Go into the Host folder and copy the TeamViewer_host.msi file into another folder. I named mine “teamviewer-host”. Make sure there is nothing else in that folder.
Under Detection Rules choose “Manually configure detection rules”
Click + Add
Choose MSI for rule type. Intune will automatically enter the correct MSI Product code. Keep “MSI Product version check” as “no” so that the app won’t re-install if upgrades are done on the client side.
No Dependencies are needed.
Finally, assign it to whatever device groups you need. Devices in those groups will automatically download the TeamViewer Host app as well as place an icon called TeamViewer on the desktop.
That’s it! Your custom TeamViewer host should install on the selected devices and be ready for remote management.