PowerBI’s admin-level API’s are not enabled at the OAuth / Entra level, but need to be enabled in the PowerBI Admin Center before you can use M365Permissions to scan all your PowerBI resources for access.
Sometimes someone forgets to enable SecureBoot, boo!
For Lenovo devices built after 2018, this can be remediated using PowerShell without any dependencies whatsoever.
So here’s a simple remediation solution using Intune that reads the SecureBoot status from the Lenovo_BiosSetting WMI class and then uses the Lenovo_SetBiosSetting and Lenovo_SaveBiosSettings WMI classes to enable SecureBoot as needed.
For those of you that want the default terminal in windows 11 to be cmd again, I’ve created two simple files that can be used in an Intune Remediation to automatically configure the default terminal.
I wanted to allow certain users to only start specific azure runbooks in an automation account, so that I wouldn’t need separate automation accounts for each role.
This worked by assigning the ‘Automation Runbook Operator’ per runbook, and the ‘Automation Job Operator’ to the automation account for these users.
The issue
However, some of our runbooks actually run on premises as hybrid runbooks on our Hybrid Worker Group. And when a user tried to start one of those runbooks, they received an error:
“The selected Hybrid Worked Group has no active workers. Until the worker is seen again, the job might fail to start.“
The fix
After some experimenting, I found out that assigning the ‘Microsoft.Automation/automationAccounts/hybridRunbookWorkerGroups/hybridRunbookWorkers/read’ action (using a custom role) at the automation account scope fixed this error and allowed our users to run hybrid jobs without seeing runbooks they don’t need to see.