# Az - Intune

{{#include ../../../banners/hacktricks-training.md}}

## Basic Information

Microsoft Intune is designed to streamline the process of **app and device management**. Its capabilities extend across a diverse range of devices, encompassing mobile devices, desktop computers, and virtual endpoints. The core functionality of Intune revolves around **managing user access and simplifying the administration of applications** and devices within an organization's network.

## Cloud -> On-Prem

A user with **Global Administrator** or **Intune Administrator** role can execute **PowerShell** scripts on any **enrolled Windows** device.\
The **script** runs with **privileges** of **SYSTEM** on the device only once if it doesn't change, and from Intune it's **not possible to see the output** of the script.

```powershell
Get-AzureADGroup -Filter "DisplayName eq 'Intune Administrators'"
```

1. Login into [https://endpoint.microsoft.com/#home](https://endpoint.microsoft.com/#home) or use Pass-The-PRT
2. Go to **Devices** -> **All Devices** to check devices enrolled to Intune
3. Go to **Scripts** and click on **Add** for Windows 10.
4. Add a **Powershell script**
   - ![](<../../../images/image (264).png>)
5. Specify **Add all users** and **Add all devices** in the **Assignments** page.

The execution of the script can take up to **one hour**.

## References

- [https://learn.microsoft.com/en-us/mem/intune/fundamentals/what-is-intune](https://learn.microsoft.com/en-us/mem/intune/fundamentals/what-is-intune)

{{#include ../../../banners/hacktricks-training.md}}