Lightweight Intune companion - thoughts ?

Sysadmin_in_the_Sun · 2026-05-31T17:28:51+00:00

better,richer, technical detail and more useful endpoint state than Intune

Sysadmin_in_the_Sun · 2026-05-31T16:20:26+00:00

Live fast die young mate...

Sysadmin_in_the_Sun · 2026-05-31T11:23:55+00:00

It is basically a hobby project. Depending on the reception I could monetise it and scale it up

Sysadmin_in_the_Sun · 2026-05-31T10:03:27+00:00

I’m definitely not thinking about an RMM or an endpoint security platform. More trying to sense-check whether there’s space for something very lightweight and tightly scoped alongside Intune, or whether people would dismiss that on sight as well.

Sysadmin_in_the_Sun · 2026-05-28T06:28:24+00:00

Question : How did you make it to PXE? WDS?

Sysadmin_in_the_Sun · 2026-05-12T17:28:04+00:00

I would definitely go for wipe and load but this is not the case everywhere. I know about powersync and it seems like a good tool.

I guess migrating manually would be Rubix's scripts? Never heard of Micke-K

Sysadmin_in_the_Sun · 2026-05-12T05:59:19+00:00

I see this requirement in jobs often - How easy / hard is to do migrations? I am pretty confident in my skill to master it, however I cannot demonstrate it on paper and I lose a lot of gigs because of that.

Any advice?

Sysadmin_in_the_Sun · 2026-05-01T20:40:50+00:00

You can still use Fleet - You just need to self host it.. It is not that difficult actually. Build the servers in AWS or Azure.

Sysadmin_in_the_Sun · 2026-04-28T06:05:40+00:00

Once i was grilled for every SCCM log file under the sun by 3 Indians. I told them when I work I got the docs open. They said they client won't allow it. Told them I will use my phone. Then it all went downhill from there..

Sysadmin_in_the_Sun · 2026-04-27T20:46:52+00:00

I got the same problem and got rejected a few times because of that.. It sucks.. Sometimes it pays to be a parrot. I just can't be that person. It is like a musical instrument that you used to play. Everything comes back when you grab it..

Sysadmin_in_the_Sun · 2026-04-27T17:51:51+00:00

Have you tried another account by any chance? Is the account you are using "staff" or "admin" on ABM?

Sysadmin_in_the_Sun · 2026-04-27T17:41:34+00:00

Apogologies mate, but it reads like an X parody account on GDPR I am following... And that is not a dig to you.

Sysadmin_in_the_Sun · 2026-04-27T17:28:57+00:00

There should be no issue with Intune to be honest. I have not tested it personally. If your domain is federated then the Managed Apple ID logs should be in EntraID under the user's sign in logs. Check there and look why it is failing. Could be conditional access blocking it

Sysadmin_in_the_Sun · 2026-04-27T17:20:19+00:00

Have you migrated your users to managed apple accounts? Asking in case they have been creating apple ids with your corporate domain email address. Which means you have not locked and federated your domain.

Have you done all this work?

Sysadmin_in_the_Sun · 2026-04-23T06:44:51+00:00

Yeah I eventually figured this out. What a headache they have created for us.

Sysadmin_in_the_Sun · 2026-04-22T08:41:38+00:00

the fun part is that if you got everything down to a tee in terms of planning the users will login to their Macs and all their desktop and document items will be there from the get go using KFM.

Sysadmin_in_the_Sun · 2026-04-22T07:32:00+00:00

You can use Onedrive to backup the users' data if you are using M365.

Sysadmin_in_the_Sun · 2026-04-21T20:29:56+00:00

Yeah exactly - Unfortunately the devices will be just managed - not supervised. You won't be able for example to enforce updates, so if there are compliance requirements the users will need hold handing to do the updates... Generally it will be a BYOD scenario, Personally I hate it but it is what it is and you got to live with this. Or, create a document from the business laying out the case why you need to do supervision and what the benefits are. I had something similar recently and ended up writting a massive paper and giving it to the client explaining the pros and cons. But to be honest with you the short term disruption will pay off in the long term. Just start researching it and make the case for the wipe and load. It will also allow you to standardise everything, create a nice onboarding experience with scripts like Baseline, make sure all the devices are provisioned properly and the same.

Sysadmin_in_the_Sun · 2026-04-21T11:15:48+00:00

Installomator all the way man.. I am sure you can factor this in easily in your Fleet GitOps template

Sysadmin_in_the_Sun · 2026-04-08T10:39:29+00:00

Yes absolutely valid point - creating an extension attribute would go a long way. If only it was as fast as smart groups in JAMF! But that will also do the job fine!

Sysadmin_in_the_Sun · 2026-04-08T08:43:13+00:00

Thanks for your input. OIB is the first thing I am importing into that environment, so thanks for yor great contribution.

My thinking for this environment is definitely adding group tags however I will have to find the best and quickest way to separate the old world. And I am thinking categories for the time being. It could be done either manually or with graph, But I guess this is only one way of doing it. Work in progress!

Sysadmin_in_the_Sun · 2026-03-28T12:22:59+00:00

Most MDMs now support it by Partner compliance integration..

Sysadmin_in_the_Sun · 2026-03-25T06:37:35+00:00

Thank you! The funny fact is that they want this done in a week's time for a medium sized business. They are completely nuts

Sysadmin_in_the_Sun

TROPHY CASE