Deploy a Scheduled Task in Intune

Unlike with GPOs / GPPs, Intune doesn't currently have a configuration profile option to deploy a scheduled task (ST).

The alternative is to deploy powershell scripts with a ST definition XML file in a Win32 App.

Manually create the ST.  Don't worry if you can't set it to SYSTEM and run while users logged off on the manually configured one.  This corrects itself during the export / import process.

Export the ST to a XML file.

Delete the manually created ST and import it back to check it imports correctly.

The import/install powershell looks like this.  Save it to a powershell file in the same folder as the XML

e.g. install.ps1

$scriptDir = Split-Path -Parent $MyInvocation.MyCommand.Definition
$STImportFile = Join-Path $scriptDir "<STDefinition.xml>"

Register-ScheduledTask -TaskName "<TS Name>" -xml (Get-Content $STImportFile | Out-String)

The removal/uninstall powershell is simply this.  Save it to a powershell file in the same folder as the XML

e.g. uninstall.ps1

Unregister-ScheduledTask -TaskName "<TS Name>" -Confirm:$false

Create a detection powershell script for Intune detection.  Test it as with admin credentials.

$taskName = "<TS Name>"
$taskStatus = Get-ScheduledTask | ?{$_.TaskName -eq $taskName}
if ($taskStatus)
    {Exit 0}
    else
    {Exit 1}

That's the file set.  Use the IntuneWinAppUtil to create the uploadable Intune format.  For the -s switch just point to the Installation powershell script file.

Finally create an Intune Win32 app for deployment and upload the .intune file as the source.

Configure the install and uninstall commands as

powershell -executionpolicy bypasss -file .\install.ps1

powershell -executionpolicy bypasss -file .\uninstall.ps1

Upload the detection powershell script at the detection app setup stage.

Excel Duplicate checks

 This formula checks a columns in a list for duplicates.  In this case the column header of the column being checked is called MachineName.  This formula is put in each cell of the adjacent column and identifies if each entry is unique or a duplicate

=IF(COUNTIFS([MachineName], [@MachineName]) > 1, "Duplicate", "Unique")

Specify a custom MDM Diagnostics log

 

Intune collects a ton of logs from MDM Diagnostics, but what about the other logs that aren't in collected as standard?

Add an entry under this key

HKLM\SOFTWARE\Microsoft\MdmDiagnostics\Area\DeviceProvisioning\FileEntry

example

%windir%Temp\*Installer*      REG_DWORD    0x000000ff (255)

This makes the diagnostics collect files matching the wild cards.

In the diagnostics they are compressed in a mdmlogs-<date>.cab file in the folder which includes the name  ...MDMDiagnostics_mdmlogs-<date reference>

Intune Management Extension Log Files

 AI / Human generated

Here’s a breakdown of what each of the log files you listed typically records, especially in the context of Microsoft Intune and Windows device management:

---

1. agentexecutor.log

• Logs activity related to the execution of agents within the Intune Management Extension (IME). This includes running PowerShell scripts, Win32 apps, and other tasks assigned to the device.

---

2. appactionprocessor.log

• Tracks actions taken on applications, such as installation, uninstallation, and detection logic. It helps diagnose issues with app deployment and processing.

---

3. appworkload.log

• Monitors workload-related operations for applications, including how apps are handled during provisioning or policy enforcement. It may log transitions between workloads or app states.

This log reveals

• Intune App GUIDs and associated App Names
• Detection methods and status
• App Installation command lines
• Installation Exit Codes
• AutoPilot ESP application queuing and execution progress

Useful search strings

• In EspPhase
• which need to be installed for current phase of ESP
• <installation command line of apps>
• Launch Win32Appinstaller

---

4. devicehealthmonitoring.log

• Captures device health data, including performance metrics, error states, and compliance status. Useful for identifying devices that may be failing or out of compliance.

---

5. healthscripts.log

• Logs execution of health check scripts deployed via Intune. These scripts are used to assess and report on device health, and the log includes output and any errors encountered.

---

6. intunemanagementextension.log

• Primary log for the Intune Management Extension (IME). It records all activities related to the extension, including script execution, app deployment, and communication with Intune services.

---

7. sensor.log

• Logs data from sensors used for endpoint analytics or monitoring. This can include performance data, boot times, and other telemetry collected for analysis.

---

8. win32appinventory.log

• Tracks inventory of Win32 applications on the device. It logs detection, installation status, and reporting back to Intune about the presence and state of Win32 apps.

Locating the Intune Win32app install time in the registry

 

The following allows you to know when an Intune App installed if there are no log files generated by the install.

Intune apps have an associated GUID which is displayed at the end of the URL when viewing the app in Intune.

This corresponds to the GUIDs written in various places below here

HKLM\SOFTWARE\Microsoft\IntuneManagementExtension\Win32Apps

e.g.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\IntuneManagementExtension\Win32Apps\OperationalState\00000000-0000-0000-0000-000000000000\c1872573-4036-4eef-9228-d6e932b2d9f9

"ExecutionStatus"="Completed"

"ExecutionTime"="05/01/2025 09:51:19"

"ExecutionType"="Install"

"ExecutionReason"="Default"

"ExecutionReboot"="Clean"

In the above example the app with GUID c1872573-4036-4eef-9228-d6e932b2d9f9 executed its installation at "05/01/2025 09:51:19"

Checking the Endpoint Intune Configuration Profile status - has the policy arrived?

 

We'll I've set it and I've synced it but is it there?

Even if your configuration profile (CP) has arrived and doing it's thing, you probably still want to see how that happened.  If your CP is not doing it's thing, then you'll want to check it has arrived and what it actually looks like.

Everything here assumes a Windows devices that is correctly enrolled and managed by Intune.

First locate the GUID of the management provider GUID.  A folder in the following location will carry this GUID

C:\ProgramData\Microsoft\DMClient\<Provider GUID>
also
HKLM\SOFTWARE\Microsoft\EnterpriseResourceManager\Tracked\<Provider GUID>

Now you can go into the registry and see the evidence of the CPs arriving here and what their settings are:

HKLM\SOFTWARE\Microsoft\PolicyManager\Providers\<Provider GUID>\default\device

HKLM\SOFTWARE\Microsoft\PolicyManager\Providers\<Provider GUID>\default\<User SIDs>

Successful CP implementations are then reflected here often with accompanying keys confirming the GUID of the Provider which is responsible for applying the setting.  This is not that helpful though.  Typically you already know the GUID of the provider.

HKLM\SOFTWARE\Microsoft\PolicyManager\current\device

HKLM\SOFTWARE\Microsoft\PolicyManager\current\<User SIDs>

HKLM\SOFTWARE\Microsoft\PolicyManager\Providers\<Provider GUID>\default\device\ADMX_

The above type of policies maybe migrated from GPOs and the active settings still applied and operating under

HKLM\SOFTWARE\Policies

Unlike GPOs, at the time of writing there is no known way to locate a policy on the client and reverse lookup which configuration profile is applying the setting.  But you love hunting through hundreds of configuration profiles for settings right?

Prevent "Pick an Account" prompt in Edge

 

There are one are more several accounts on different tenants and edge annoying repeatedly asks you which one to use when you are using your normal Edge profile signed into the correct tenant account.

Typically you'll probably have one main account which you use all the time and others which you use less often.

To prevent this prompting go to Settings_Accounts_Access work or school and remove the other accounts which are not used that often.