Interact with Microsoft Endpoint Manager applications.
The List Applications page shows a list of line-of-business applications configured for deployment in Microsoft Endpoint Manager / Intune.
You can assign the application to All Users / All Devices from the more button.
Name
The name of the application.
Published
The published status of the application.
Install Command
The command to install the application.
Uninstall Command
The command to uninstall the application.
Install As
Whether the application should install as system or the user.
Restart Behaviour
Whether the app installation may trigger a restart.
Assigned to Groups
Whether the app has active group assignments.
Created At
The creation date and time of the application.
Modified At
The last modified date and time for the application.
Featured App
Whether the app is a featured app in the portal.
# of Dependent Apps
How many dependent apps exist for the application.
Detection Type
Detection rule, if one exists.
Detection File/Folder Name
Detection Rule Folder Name Details.
Detection File/Folder Path
Detection Rule Path details.
Assign to All Users
Assign to All Devices
Assign Globally (All Users / All Devices)
Delete Application
We value your feedback and ideas. Please raise any feature requests on GitHub.
This page will allow you to deploy one of the following types of applications to your tenants. Click each to find out additional details on what is required for each app deployment
We value your feedback and ideas. Please raise any feature requests on GitHub.
Deploy MSP RMM applications.
You can add MSP RMM applications to deploy through Microsoft Endpoint Manager. Below you will find the settings required for each RMM:
Intune Application Display Name
Name the application will appear as in MEM
Installer Token
See note below
Automate Server (including HTTPS)
FQDN of your Automate server
Location ID
Automate site ID
Generating an installer token: See this community script for how to create a token to use in installation.
Intune Application Display Name
Name the application will appear as in MEM
Client URL
Full URL path to download of installer for site
Intune Application Display Name
Name the application will appear as in MEM
Server URL
FQDN including https://
Datto ID
Datto site ID
Intune Application Display Name
Name the application will appear as in MEM
Account Key
Your MSP account key
Organization Key
Identifier for the client organization in Huntress
Huntress documentation on specifics of how to name organization keys can be found here.
Intune Application Display Name
Name the application will appear as in MEM
Client URL
Full path to ImmyBot agent installer for your account
ImmyBot recommends having all newly installed agents land into their holding area before being assigned to groups for onboarding, etc.
Intune Application Display Name
Name the application will appear as in MEM
Client URL
Full path to agent installer for your account
Do not assign
Adds application to MEM but does not deploy
Assign to all users
Targets all users for app deployment
Assign to all devices
Targets all devices for app deployment
Assign to all users and devices
Targets all users and devices for app deployment
Assign to Custom Group
Enter comma separated row of group display name(s)
We value your feedback and ideas. Please raise any feature requests on GitHub.
Deploy applications using the Chocolatey package manager.
You can add an application deployment utilising Chocolatey by executing this wizard. The wizard guides you through the steps and provides the ability for you to deploy an app to many tenants at the same time.
If you have a personal repository you can enter the address for this repository too to deploy packages from your own trusted sources.
The status of the deployment can is traceable through the logs page, or the "Applications queue" page.
The application uploaded is this prepared IntuneWin file with two scripts included - install.ps1 and uninstall.ps1. These scripts install Chocolatey, and then run an install or uninstall command.
If you are unsure or don't trust the IntuneWin file, you have the option to replace this with your own in your fork.
It's strongly recommended that you download, test, and view the contents of the intunewin file.
We value your feedback and ideas. Please raise any feature requests on GitHub.
Deploy applications using the Chocolatey package manager.
You can add an application deployment utilising Chocolatey by executing this wizard. The wizard guides you through the steps and provides the ability for you to deploy an app to many tenants at the same time.
If you have a personal repository you can enter the address for this repository too to deploy packages from your own trusted sources.
The status of the deployment can is traceable through the logs page, or the "Applications queue" page.
The application uploaded is this prepared IntuneWin file with two scripts included - install.ps1 and uninstall.ps1. These scripts install Chocolatey, and then run an install or uninstall command.
If you are unsure or don't trust the IntuneWin file, you have the option to replace this with your own in your fork.
It's strongly recommended that you download, test, and view the contents of the intunewin file.
We value your feedback and ideas. Please raise any feature requests on GitHub.
Deploy Office applications.
You can add Office applications to deploy through Microsoft Endpoint Manager.
Excluded Apps
Apps to be excluded from the deployment.
Update Channel
The update channel the apps will be assigned to.
Languages
What languages to download with the office deployment.
Use Shared Computer Activation
The status of the Network Inspection service.
64 Bit (Recommended)
Whether the install is for the 64 Bit version of Office.
Remove other versions
Whether the install removes other versions of Office.
Accept License
Whether the install accepts the Office EULA license.
We value your feedback and ideas. Please raise any feature requests on GitHub.
Show applications queued for deployment to your tenants.
You can view a list of all applications queued for deployment to your tenants, any application listed here is going to be deployed to your tenants. The application will be removed from this list after deployment, unless it is deployed to "All Tenants"
Tenant ID
The tenant for the application deployment.
Name
The name of the application.
Install Command
The command to install the application.
Assigned to Groups
List the groups assignments for the app.
We value your feedback and ideas. Please raise any feature requests on GitHub.
This page lists all devices registered for Autopilot.
Display Name
The display name of the device.
Serial
The serial number of the device.
Model
The model of the device.
Manufacturer
The manufacturer of the device.
Group Tag
The autopilot group tag assigned to the device.
Enrollment
The enrollment status of the device.
Delete Device - This deletes the autopilot enrollment for the device.
We value your feedback and ideas. Please raise any feature requests on GitHub.
Manage Autopilot devices across your Microsoft 365 tenants.
The following two pages in CIPP give you the ability to manage Autopilot devices:
Add autopilot devices by following the Wizard on this page.
As a partner, you can register devices to Windows Autopilot using any one of these methods:
Hardware Hash (available from OEM or on-device script)
Combination of Manufacturer, Device Model and Device Serial Number
Windows Product Key ID
A Reseller Relationship with the customer tenant may be required in addition to GDAP in order to add Autopilot devices.
This API does not directly return data to CIPP, and thus can incorrectly report the upload has failed.
We value your feedback and ideas. Please raise any feature requests on GitHub.
This page lists all the profiles that exist on the selected tenant, with a brief overview of some configured settings.
Name
The name of the policy.
Description
The profile description.
Language
The language the profile configures on the machine.
Convert to Autopilot
Converts targeted devices to use Autopilot.
Device Name Template
The device name template for the policy.
View JSON - Show all the options and their selected settings, in JSON format.
We value your feedback and ideas. Please raise any feature requests on GitHub.
Manage Autopilot profiles across your Microsoft 365 tenants.
The following two pages in CIPP give you the ability to manage Autopilot Profiles:
This page provides the ability for you to add Autopilot profiles, Autopilot deployment profiles are groups of settings you can deploy to devices. You can create various profile types with this Wizard.
Display Name
Description
Unique Name Template
Convert all Targeted Devices to Autopilot
Assign to all Devices
Self-Deploying Mode
Hide Terms and Conditions
Hide Privacy Settings
Hide Change Account Options
Setup User as Standard User (Leave unchecked to setup user as a local administrator)
White Glove OOBE
Automatically Configure Keyboard
We value your feedback and ideas. Please raise any feature requests on GitHub.
Manage Autopilot status page configuration across your Microsoft 365 tenants.
This page shows the status of the Default Status Page and the settings configured for it.
Name
The name of the status page.
Description
The status page description.
Installation Timeout
The time in minutes before the installation times out.
Show Installation Progress
Whether to display installation progress on the status page.
Block Retries
Whether it's possible to retry in the event of autopilot failure.
Reset on failure
Whether it's possible to reset in the event of autopilot failure.
Usage on failure
Whether the user can continue to use the device in the event of autopilot failure.
We value your feedback and ideas. Please raise any feature requests on GitHub.
This page provides the ability for you to edit/override the default Enrollment Status Page. This page applies to all tenants, all users and devices.
Timeout in minutes
Custom error message
Show progress to users
Turn on log collection
Show status page only with OOBE setup
Block device usage during setup
Retry
Reset
Let users use Device if Setup Fails
We value your feedback and ideas. Please raise any feature requests on GitHub.
Manage Intune devices across your Microsoft 365 tenants.
The following page in CIPP gives you the ability to manage Intune devices:
This is a small selection of the fields available as the properties returned with a Graph API call can be quite extensive. Full documentation for the object can be found here.
Device Name
The display name of the device.
User Principal Name
Displays the user of the machine.
Compliance State
Displays the compliance status of the device.
Manufacturer
The manufacturer of the device.
Model
The model of the device.
Operating System
The OS of the device.
OS Version
The OS of the device.
Enrolled Date Time
Date the device was enrolled.
Managed Device Owner Type
Ownership Status
Device Enrollment Type
The enrollment status of the device.
Join Type
Management Type
View in Intune
Opens the device in the Intune portal
Sync Device
Starts a task to sync the device with Intune
Reboot Device
Sends a command to the device to reboot
Locate Device
Sends a command to locate the device
Retrieve LAPS password
Will retrieve the stored LAPS password from Entra
Rotate Local Admin Password
Will send a command to the device to rotate the LAPS password
Retrieve BitLocker Keys
Will retrieve the device's BitLocker key from Entra
Windows Defender Full Scan
Starts a Windows Defender full scan
Windows Defender Quick Scan
Starts a Windows Defender quick scan
Update Windows Defender
Triggers an update of the Windows Defender signatures
Generate logs and ship to MEM
Fresh Start (remove user data)
Triggers an Intune Fresh Start process with the option selected to remove user data
Fresh Start (do not remove user data)
Triggers an Intune Fresh Start process with the option selected to retain user data
Wipe Device, keep enrollment data
Triggers an Intune Wipe Device process with the option selected to retain enrollment data
Wipe Device, remove enrollment data
Triggers an Intune Wipe Device process with the option selected to remove enrollment data
Wipe Device, keep enrollment data, and continue at powerloss
Triggers an Intune Wipe Device process with the options selected to retain enrollment data and continue even if the device loses power
Wipe Device, remove enrollment data, and continue at powerloss
Triggers an Intune Wipe Device process with the options selceted to remove enrollment data and continue even if the device loses power
Autopilot Reset
Triggers an Intune Autopilot Reset process
Delete Device
Opens a modal to confirm you want to delete the device from Intune
Retire Device
Triggers an Intune Retire Device process
More info
Opens Extended Info flyout
We value your feedback and ideas. Please raise any feature requests on GitHub.
This page lists all the configuration policies on the selected account and provides the ability for you to view the raw JSON of the policy. This information is useful for copy and pasting across systems or scripts.
Name
The name of the policy.
Profile Type
The type of policy.
Created On
The creation date of the policy.
Last Modified
The date the policy was last modified.
Create template based on policy
Assign to All Users
Assign to All Devices
Assign Globally (All Users / All Devices)
Delete Policy
We value your feedback and ideas. Please raise any feature requests on GitHub.
This page currently lacks content and serves as a placeholder.
FOSS (Free and Open-Source Software) lives and dies by the contributions of their communities. Pages like this go unfinished because no one has been able to spare the time it takes to write something up for this.
If you are reading this and have the time to contribute, please consider doing so! We have an edit button at the top of this page and others in order to make it easy for users to contribute. Simply click on the three-dot menu for additional options, including Edit.
We value your feedback and ideas. Please raise any feature requests on GitHub.
This page currently lacks content and serves as a placeholder.
FOSS (Free and Open-Source Software) lives and dies by the contributions of their communities. Pages like this go unfinished because no one has been able to spare the time it takes to write something up for this.
If you are reading this and have the time to contribute, please consider doing so! We have an edit button at the top of this page and others in order to make it easy for users to contribute. Simply click on the three-dot menu for additional options, including Edit.
We value your feedback and ideas. Please raise any feature requests on GitHub.
The Apply Policy wizard provides the ability for you to select one or more tenants and add a MEM policy to their MEM portal.
The Apply Policy wizard can work in one of two ways:
You can select a template from a predefined policy that you have already created.
You can enter the raw JSON. Please note that information on how to obtain the raw JSON is available in the Add Policy Template documentation]
Currently you can only apply new policies, applying policies doesn't update existing policies even if originally created from this template. To work around this you can apply the policy to "AllTenants" and have it reapplied on a schedule.
You can then decide whether to assign the policy to all users, all devices or both. You can also just create the policy without applying it.
We value your feedback and ideas. Please raise any feature requests on GitHub.
Deploy JSON formatted Intune policy templates to your Microsoft 365 tenants.
This page gives you the ability to view all configured templates, in addition to viewing the raw JSON and the type of policy.
Display Name
The name of the template.
Description
The description for the template.
Type
The template type, for example Catalog or Device.
View Template
Delete Template
We value your feedback and ideas. Please raise any feature requests on GitHub.
Intune script management
CIPP can allow you to manage your existing Intune scripts for easier viewing, editing, and deployment.
Script Type
Lists the tyep of script: Windows, MacOS, Remediation, or Linux
Display Name
The display name for the script
Description
The description set on the script
Run As Account
The account designated to run as
Last Modified Date Time
The relative time since the script was last modified
Enforce Signature Check
A Boolean field indicating if the script is set to enforce signature check
Run As32Bit
A Boolean field indicating if the script is set to run in 32Bit mode
ID
The GUID of the script
Created Date Time
The relative time since the script was created
File Name
The file name including extension for the script
Role Scoping Tag Ids
List of Scope Tag IDs for this PowerShellScript instance
Edit Script
Opens a modal to edit the script file. Click the save icon in the top right to save changes or X to close out.
Delete Script
Opens a modal to confirm deletion of the script
More Info
Opens Extended Info flyout
We value your feedback and ideas. Please raise any feature requests on GitHub.
This page currently lacks content and serves as a placeholder.
FOSS (Free and Open-Source Software) lives and dies by the contributions of their communities. Pages like this go unfinished because no one has been able to spare the time it takes to write something up for this.
If you are reading this and have the time to contribute, please consider doing so! We have an edit button at the top of this page and others in order to make it easy for users to contribute. Simply click on the three-dot menu for additional options, including Edit.
We value your feedback and ideas. Please raise any feature requests on GitHub.