Migrate to using mdbook

src/pentesting-cloud/azure-security/az-services/intune.md

@@ -0,0 +1,31 @@
+# Az - Intune
+
+{{#include ../../../banners/hacktricks-training.md}}
+
+## Basic Information
+
+Microsoft Intune is designed to streamline the process of **app and device management**. Its capabilities extend across a diverse range of devices, encompassing mobile devices, desktop computers, and virtual endpoints. The core functionality of Intune revolves around **managing user access and simplifying the administration of applications** and devices within an organization's network.
+
+## Cloud -> On-Prem
+
+A user with **Global Administrator** or **Intune Administrator** role can execute **PowerShell** scripts on any **enrolled Windows** device.\
+The **script** runs with **privileges** of **SYSTEM** on the device only once if it doesn't change, and from Intune it's **not possible to see the output** of the script.
+
+```powershell
+Get-AzureADGroup -Filter "DisplayName eq 'Intune Administrators'"
+```
+
+1. Login into [https://endpoint.microsoft.com/#home](https://endpoint.microsoft.com/#home) or use Pass-The-PRT
+2. Go to **Devices** -> **All Devices** to check devices enrolled to Intune
+3. Go to **Scripts** and click on **Add** for Windows 10.
+4. Add a **Powershell script**
+   - ![](<../../../images/image (264).png>)
+5. Specify **Add all users** and **Add all devices** in the **Assignments** page.
+
+The execution of the script can take up to **one hour**.
+
+## References
+
+- [https://learn.microsoft.com/en-us/mem/intune/fundamentals/what-is-intune](https://learn.microsoft.com/en-us/mem/intune/fundamentals/what-is-intune)
+
+{{#include ../../../banners/hacktricks-training.md}}