Tag Archives: intune

Tracking Down AzureAD Device Sign-Ins

I recently needed to track down who had recently used a device bound to AzureAD. We don’t tend to make use of the Primary User field, since our devices tend to be handed out in bulk to large groups of people at once, rather than one-at-a-time. This meant I had to track down who was using which device in a more roundabout method.

To accomplish this, you’ll need to use both Microsoft Graph and Microsoft Endpoint Manager.

Lookup the Device ID

First you’ll need Azure’s device ID for the computer.

Go to https://endpoint.microsoft.com

Click Devices on the left then Windows Devices.

Search for the device you are looking for.

Click on it

In the address bar of the browser, the last part of the URL will be the device ID. Select and copy it.

Query Device Sign-In Information

Now that you have the Device ID, you can lookup the login history using Microsoft Graph.

Go to https://developer.microsoft.com/en-us/graph/graph-explorer

Make sure to sign into graph, or you’ll only see the sample data.

Query type: GET

Version: beta

URL: https://graph.microsoft.com/beta/deviceManagement/managedDevices/[device ID here]

Click Run Query

You’ll only see the first several lines, which probably won’t show the logged on users.

Click the Expand button

Scroll down to where it says usersLoggedOn then select and copy the ID inside of the quotes.

Go back to Endpoint Manager

Click Users on the left.

Paste the user ID into the search field. This should tell you the name of the user who logged into that device. If there were multiple people recently signed in, they’ll all be in the usersLoggedOn array.

Deploying AutoDesk AutoCAD with Intune

AutoDesk’s AutoCAD is the next piece of software I’m deploying via Intune that was clearly never designed to be. It took a few tries, but I believe I’ve got the process down. I hope this makes your life much easier!

The directions here are for AutoCAD, but they should apply to any of the AutoDesk products (Architect, etc.).

Update 2: The new guide is ready! If you’re looking to deploy Autodesk apps versions 2020+, please follow my new guide here:

Update: AutoDesk has changed how their packaging works for AutoDesk 2022 products. You must create a deployment from their website rather than the downloaded installer. I’ll have an updated guide for AutoCAD 2022 over the summer! https://knowledge.autodesk.com/customer-service/network-license-administration/network-deployment/creating-deployment/create-deployment

Create the Custom Installation Package

Log into the AudoDesk management site at https://manage.autodesk.com

Download the AutoCAD 2019 x64 installer.

Installer from the AutoDesk website

There’s 4 levels of installer we’ll be dealing with.
1) The installer you download AutoDesk’s website. This is just a self-extracting, compressed version of the actual installer. I’ll call this “the downloaded installer.”
2) The actual installation files that get extracted. I’ll call this “the extracted installer.”
3) The installation package you’ll create from the extracted installer. I’ll call this the “installation package.”
4) The intunewin file you’ll generate that actually gets uploaded to Intune.

Run the downloaded installer to extract the installation files.

Go to the extracted installer folder and run setup.exe .

Choose “Create Deployment.”

The AutoCAD 2019 Installer

Give your deployment a name without any spaces. This name will automatically be used to create the installation .ini file that will contain the setup information such as your serial key. You’ll need to know this name later.

You can only create a deployment to a network share. Since we’re using Intune, this isn’t relevant, so we’ll pick the hidden C: drive share to specify your local computer. Choose \\localhost\c$\users\[your username]\Desktop\autocad .

Disable the “Create a network log file” since this won’t be running off your LAN.

The AutoCAD 2019 Installation Packager Creator

Choose which components you’d like to install. If your users are not administrators on their machines, I’d recommend disabling AutoDesk Desktop since they won’t be able to use any of its functionality.

If you’re using a license key and serial, enter it.

Wait for the installation package to be created.

Package the Installer

If you haven’t already, download a copy of the Microsoft Win32 Content Prep Tool to your Downloads folder from https://github.com/Microsoft/Microsoft-Win32-Content-Prep-Tool

Open Windows Terminal or PowerShell. Change directory into the directory just above the autocad folder you create for the network installation.

For me that’s:

cd ~/Desktop

Tell the Intune prep tool to create a package from the autocad directory, use the Setup.exe located in the img folder, and save the package to your current directory:

~/Downloads/intuneapputil.exe -c .\autocad\ -s img\Setup.exe -o .

The package will be named setup.intunewin . Since that’s not very helpful, rename it to something that is.

mv setup.intunewin autocad2019.intunewin

Create & Deploy in Intune

Log in to Intune device management at: https://endpoint.microsoft.com

Choose Apps->All Apps

Click the Add Button

Choose the App Type “Windows app (Win32) then click Select at the bottom of the screen.

Choose the autocad2019.intunewin file you created.

On the Program step change the install command to:

Img\Setup.exe /W /q /I Img\[deployment name].ini /language en-us

In my case, it’s:

Img\Setup.exe /W /q /I Img\autocad2019.ini /language en-us

(you can double check the name of your ini file by looking in the autocad\img folder)

For the uninstaller, this is a bit of a kludge since it only uninstalls the main component, not the rest. For me, this is sufficient. You can customize yours by checking out all of the options in the autocad\sms_sccm scripts\[deployment name]_Uninstall.txt file.

msiexec /uninstall {28B89EEF-2001-0409-2102-CF3F3A09B77D}

Choose 64bit Windows 10 under the Requirements

Under Detection Rules choose “Manually configure detection rules”

Click + Add

Choose MSI for rule type and enter the product code for AutoCAD 2019: {28B89EEF-2001-0409-2102-CF3F3A09B77D}

No Dependencies are needed.

Finally, assign it to whatever device groups you need. Devices in those groups will automatically download and install AutoCAD 2019. Alternatively, you can assign it to user groups and those users can install AutoCAD from the Company Portal app.

That’s it; good luck!

-Adam

Deploying Minecraft Education Edition With Intune

Another day, another app to deploy! Today it’s Minecraft Education Edition. If you’re looking to deploy the desktop version of Minecraft Education Edition using nothing but Intune, you’ve come to the right spot!

Package the Installer

Go to https://education.minecraft.net/get-started/download/ and download the Windows Desktop Edition to your Downloads folders.

Make a new folder in your Downloads folder called “MinecraftEducation”.

Open Terminal or PowerShell and change directory int your Downloads folder.

cd ~/Downloads

Extract the Minecraft Education Edition exe into the new folder by running following command in Terminal or PowerShell, replacing [user] with your username. I found the command only worked for me when I used the full path to the extraction location.

.\MinecraftEducationEdition_x86_1.14.50.0.exe /extract C:\users\[user]\downloads\MinecraftEducation\

This will extract the .msi and cab for Minecraft Education as well as the installer for the Visual C++ 2017 redistributable.

If you haven’t already, download a copy of the Microsoft Win32 Content Prep Tool to your Downloads folder from https://github.com/Microsoft/Microsoft-Win32-Content-Prep-Tool

From Windows Terminal or PowerShell run:

IntuneWinAppUtil.exe -c <folder with the msi it in> -s <name of the .msi file extracted to MinecraftEducation> -o <where you want the package file saved>

I had IntuneWinAppUtil.exe in the Downloads folder, Minecraft version 1.14.50.0, and wanted the package file in my current folder so I ran:

.\IntuneWinAppUtil.exe -c .\MinecraftEducation\ -s MinecraftEducationEdition_x86_1.14.50.0.msi -o .

If you have a newer version of Minecraft, just use the name of the .msi file in your MinecraftEducation folder.

Once you have done so, you will have a file called MinecraftEducationEdition_x86_1.14.50.0.intunewin that can be uploaded to Intune.

Create & Deploy in Intune

Go to https://endpoint.microsoft.com

Choose Apps->All Apps

Click the Add Button

Choose the App Type “Windows app (Win32) then click Select at the bottom of the screen.

Choose the MinecraftEducationEdition_x86_1.14.50.0.msi you created.

Choose 64bit Windows 10 under the Requirements

Under Detection Rules choose “Manually configure detection rules”

Click + Add

Choose MSI for rule type. Intune will automatically enter the correct MSI Product code. Keep “MSI Product version check” as “no” so that the app won’t re-install if upgrades are done on the client side.

No Dependencies are needed.

Finally, assign it to whatever device groups you need. Devices in those groups will automatically download Minecraft Education Edition.

That’s it! Enjoy Hour of Code!

Deploying Team Viewer with Intune

The scenario: you have computers that are only bound to AzureAD and you need to deploy a customized version TeamViewer to those computers. Me too! Here’s what I did.

Create the Custom Module & Policies

Log into to www.teamviewer.com

On the left hand side of the screen, choose Design & Deploy

You’ll see two tabs: Custom Modules and Policies.

The Policies tab has the custom settings used by the client (such as whitelisting, auto-starting, and auto-adding to groups).

Each custom module can only use one “Policy,” but each policy can have all possible settings. If you need to create a new policy, use the “Add policy” button at the top of the screen.

To change a policy, click the edit button next to the one of the policies. (The “enforce” checkbox for each setting prevents the end-user from being able to change that setting). These policies are checked by the client during installation.

Once the policy is setup, go to the Custom Modules tab. Create a new module with the Add Custom Module button or click the edit button on a existing module.

Customize the look of the TeamViewer app however you’d like.

Make sure the TeamViewer policy selected is the correct one from the Policies tab and you’ve selected the group you would like the devices added to under the “Automatically add computers to a group in your Computers list.”


Copy the API token and the Configuration ID. You will need these when creating the app in Intune.

Click the “Download MSI” link as well. Without any options, this MSI will just do a basic TeamViewer Host installation. Only when passed your configuration ID and API token during installation will it give you the customized client and add itself to your TeamViewer groups.

Package the Installer

The MSI file will come in a zip file; unzip it. Inside you will find two more folders: Full and Host. Go into the Host folder and copy the TeamViewer_host.msi file into another folder. I named mine “teamviewer-host”. Make sure there is nothing else in that folder.

If you haven’t already, download a copy of the Microsoft Win32 Content Prep Tool from https://github.com/Microsoft/Microsoft-Win32-Content-Prep-Tool

Open Windows Terminal or a command prompt and run:

IntuneWinAppUtil.exe -c <folder with the msi it in> -s TeamViewer_Host.msi -o <where you want the package file saved>

So for me, I had IntuneWinAppUtil.exe on the desktop and wanted the package file there as well, so I ran:

.\IntuneWinAppUtil.exe -c .\teamviewer-host\ -s TeamViewer_Host.msi -o .

Once you have done so, you will have a file called TeamViewer_Host.intunewin that can be uploaded to Intune.

Create & Deploy in Intune

Go to https://endpoint.microsoft.com

Choose Apps->All Apps

Click the Add Button

Choose the App Type “Windows app (Win32) then click Select at the bottom of the screen.

Choose the TeamViewer_Host.intunewin file you created (Firefox may have trouble doing the upload. If so, use another browser)

On the Program step change the install command from:

msiexec /i "TeamViewer_Host.msi" /q

To:

msiexec /i "TeamViewer_Host.msi" /qn CUSTOMCONFIGID=[configuration id] APITOKEN=[API Token] ASSIGNMENTOPTIONS="--grant-easy-access"

(Don’t include the brackets [ ])

Choose 64bit Windows 10 under the Requirements

Under Detection Rules choose “Manually configure detection rules”

Click + Add

Choose MSI for rule type. Intune will automatically enter the correct MSI Product code. Keep “MSI Product version check” as “no” so that the app won’t re-install if upgrades are done on the client side.

No Dependencies are needed.

Finally, assign it to whatever device groups you need. Devices in those groups will automatically download the TeamViewer Host app as well as place an icon called TeamViewer on the desktop.

That’s it! Your custom TeamViewer host should install on the selected devices and be ready for remote management.