Endpoint Management Glossary

Application Workspace

A category of third-party tools that provide application lifecycle management for enterprise environments. These tools typically handle packaging, testing, and deployment of software across managed devices. They often complement or extend the native capabilities of platforms like Microsoft Intune.

PowerStacks context: App Store for Intune is PowerStacks' application workspace for Microsoft Intune. It handles hash-verified WinGet packaging, custom MSI uploads, ring-based rollouts, and per-app rollback, all running inside your own Azure tenant.

Autopilot (Windows Autopilot)

A collection of technologies used to set up and pre-configure new Windows devices, getting them ready for productive use. Windows Autopilot simplifies the IT admin experience by enabling zero-touch deployment. Devices can be shipped directly to end users and configured automatically via cloud policies on first boot.

PowerStacks context: BI for Intune includes Autopilot deployment reporting, giving visibility into enrollment status, deployment profiles, and failure rates across your device fleet.

Azure AD / Entra ID

Microsoft Entra ID (formerly Azure Active Directory) is Microsoft's cloud-based identity and access management service. It provides single sign-on, multifactor authentication, and conditional access to applications and resources. Entra ID is the identity backbone for Microsoft 365, Azure, and Intune.

PowerStacks context: All PowerStacks products authenticate via Entra ID. The BI products use app registrations with delegated or application permissions.

Compliance Policy

A set of rules and conditions in Microsoft Intune that define the minimum requirements a device must meet to be considered compliant. Compliance policies can check for OS version, encryption status, password requirements, jailbreak detection, and more. Non-compliant devices can be blocked from accessing corporate resources via Conditional Access.

PowerStacks context: BI for Intune provides detailed compliance reporting across all your policies, including trend analysis and per-setting breakdowns that go beyond the built-in Intune admin center views.

ConfigMgr / SCCM

Microsoft Endpoint Configuration Manager (ConfigMgr), formerly System Center Configuration Manager (SCCM), is an on-premises management platform for Windows devices. It handles software deployment, OS imaging, patch management, and hardware/software inventory at enterprise scale. Many organizations still run ConfigMgr alongside Intune during cloud migration.

PowerStacks context: BI for SCCM connects directly to your ConfigMgr SQL database via Power BI Gateway, providing pre-built reports for software updates, application deployment, device health, and inventory without requiring a data warehouse.

Co-management

A configuration where devices are simultaneously managed by both Microsoft Intune and Configuration Manager. Co-management allows organizations to gradually shift workloads from on-premises ConfigMgr to cloud-based Intune (including compliance policies, resource access, Windows Update, and device configuration) while maintaining existing investments.

PowerStacks context: BI for Intune and BI for SCCM together provide full visibility across co-managed environments, covering both the cloud and on-premises sides of your management infrastructure.

CVE (Common Vulnerabilities and Exposures)

A standardized identifier system for publicly known cybersecurity vulnerabilities. Each CVE entry (e.g., CVE-2024-12345) represents a specific security flaw in software or hardware. Microsoft publishes CVEs for its products and maps them to security updates distributed through Windows Update and WSUS.

PowerStacks context: BI for Defender surfaces CVE data from Microsoft Defender for Endpoint, mapping vulnerabilities to affected devices in your environment so you can prioritize remediation.

Data Collection Rule (DCR)

A configuration object in Azure Monitor that defines how data is collected, transformed, and routed from monitored resources. DCRs specify which data sources to collect from (performance counters, event logs, custom logs) and where to send the data (Log Analytics workspaces, Azure Monitor Metrics, or other destinations).

Defender for Endpoint

Microsoft Defender for Endpoint is an enterprise endpoint security platform designed to prevent, detect, investigate, and respond to advanced threats. It includes capabilities such as threat and vulnerability management, attack surface reduction, endpoint detection and response (EDR), and automated investigation and remediation.

PowerStacks context: BI for Defender connects to Defender for Endpoint via the Microsoft Graph Security API and provides Power BI reports covering vulnerability exposure, threat detections, device risk scores, and security recommendations.

Device Categories

A feature in Microsoft Intune that allows administrators to create custom categories (e.g., "Corporate", "BYOD", "Kiosk") and assign them to managed devices. Device categories can be used to organize devices in the Intune console and to target policies, apps, and compliance rules to specific groups of devices via dynamic Azure AD groups.

Discovered Apps

The inventory of applications that Intune detects on managed devices through its device check-in process. Discovered apps include both managed (deployed via Intune) and unmanaged (user-installed) software. This inventory is available in the Intune admin center under Apps > Monitor > Discovered apps.

PowerStacks context: BI for Intune includes thorough discovered apps reporting, helping you identify unmanaged software, shadow IT, and outdated application versions across your device fleet.

Graph API (Microsoft Graph)

Microsoft Graph is a unified REST API that provides access to data and intelligence across Microsoft 365 services including Intune, Azure AD, Defender, Teams, and SharePoint. It uses OAuth 2.0 for authentication and supports both delegated (user context) and application (service context) permission models.

PowerStacks context: PowerStacks BI products rely heavily on the Microsoft Graph API to pull device, app, compliance, and security data into Power BI.

Intune (Microsoft Intune)

Microsoft Intune is a cloud-based endpoint management service that provides mobile device management (MDM) and mobile application management (MAM). It enables organizations to control how devices (including phones, tablets, and laptops) access corporate data. Intune is part of the Microsoft Intune Suite and integrates with Azure AD, Defender, and Configuration Manager.

PowerStacks context: PowerStacks builds BI for Intune, providing thorough reporting and analytics for the Intune ecosystem.

Intune Compliance Reporting

The built-in reporting capabilities within the Microsoft Intune admin center that show device compliance status against configured policies. Native reports include device compliance status, non-compliant devices, and policy-level summaries. These reports are useful for quick checks but have limited customization, filtering, and historical trending capabilities.

PowerStacks context: BI for Intune extends native Intune compliance reporting by bringing the data into Power BI, where it can be sliced by any dimension, trended over time, and combined with other data sources in a single interactive dashboard.

Intune Remediation (Proactive Remediations)

A feature in Microsoft Intune that allows administrators to deploy paired PowerShell scripts (a detection script and a remediation script) to managed devices. The detection script checks for a specific condition, and if the condition is found, the remediation script runs to fix it. Common uses include clearing browser caches, resetting services, and enforcing registry settings.

Power BI

Microsoft Power BI is a business intelligence platform that provides interactive data visualization and reporting capabilities. It includes Power BI Desktop (authoring tool), the Power BI service (cloud-hosted sharing and collaboration), and Power BI Mobile (consumption on mobile devices). Power BI connects to hundreds of data sources and supports DAX for advanced calculations.

PowerStacks context: PowerStacks' BI product line is built entirely on Power BI. BI for Intune, BI for SCCM, and BI for Defender are Power BI template files (.pbit) that connect directly to Microsoft management APIs and databases.

Power BI Dashboard

An interactive report page in Power BI that displays key metrics and visualizations. Dashboards can contain tiles pinned from multiple reports, providing a single-pane-of-glass view across data sources. In the Power BI service, dashboards support natural language Q&A queries, data alerts, and mobile-optimized layouts.

PowerStacks context: Each PowerStacks BI product ships with dozens of pre-built dashboard pages covering the most common reporting needs for IT administrators and MSPs.

Power BI Gateway

An on-premises data gateway that acts as a bridge between the Power BI cloud service and on-premises data sources. The gateway enables scheduled data refresh for reports that connect to databases, file shares, or other resources behind a firewall. It supports both personal mode (single user) and standard mode (shared across an organization).

PowerStacks context: BI for SCCM requires a Power BI Gateway to connect to your on-premises ConfigMgr SQL database. The gateway handles authentication and data transfer securely without exposing your database to the internet.

Power BI Semantic Model

Formerly called a "dataset," a semantic model is the data model published to the Power BI service that underlies one or more reports. It defines tables, relationships, measures, and calculations. Semantic models can be refreshed on a schedule and shared across multiple reports and workspaces.

PowerStacks context: PowerStacks uses a star-schema data model across all its BI products, enabling any report to be built using Power BI's point-and-click interface. The semantic models are designed for extensibility, so you can add custom measures and tables alongside the built-in ones.

PSADT (PowerShell App Deployment Toolkit)

An open-source framework for deploying applications via PowerShell scripts. PSADT provides a consistent wrapper around application installations, offering features like user interaction dialogs, pre/post-install actions, logging, and silent installation handling. It is widely used in enterprise environments for packaging applications for SCCM and Intune deployment.

PowerStacks context: App Store for Intune wraps every package with PSADT v4 before converting to .intunewin and deploying through the standard Intune Win32 pipeline. Per-installer-type silent switches and consistent logging come built in.

Self-Service App Catalog

A web-based portal that allows end users to browse, search, and request software installations without submitting IT helpdesk tickets. Self-service catalogs typically include approval workflows, so IT administrators retain control over what gets installed while reducing the manual burden of handling individual software requests.

PowerStacks context: App Store for Intune is a branded self-service catalog with configurable multi-stage approval workflows. Notifications route through Microsoft Teams and Outlook, so approvers can act on requests without leaving their inbox. Approved apps deploy automatically via Intune.

Star Schema

A dimensional data modeling approach commonly used in business intelligence and data warehousing. In a star schema, a central fact table (containing measurable events or metrics) is surrounded by dimension tables (containing descriptive attributes). This structure optimizes query performance and makes data intuitive to navigate in BI tools.

PowerStacks context: PowerStacks uses a star-schema data model across all its BI products, enabling any report to be built using Power BI's point-and-click interface without needing to understand complex joins or SQL.

Supersedence

A feature in Microsoft Intune's Win32 app management that allows a newer version of an application to replace an older version. When a supersedence relationship is configured, Intune automatically uninstalls the old version and installs the new one on targeted devices. This is the primary mechanism for managing application updates at scale in Intune.

PowerStacks context: App Store for Intune uses a two-app deployment model that records every prior version, so rolling back an app is itself a deploy, not a delete. Halting a bad rollout mid-flight does not require emergency repackaging.

Win32 App

The Intune application type used to deploy traditional Windows desktop applications. Win32 apps are packaged into the .intunewin format using the Microsoft Win32 Content Prep Tool, then uploaded to Intune with detection rules, requirements, and installation commands. Win32 apps support dependencies, supersedence, and requirement scripts.

PowerStacks context: App Store for Intune automates Win32 app packaging end to end: WinGet manifests or admin-uploaded MSIs are PSADT-wrapped, converted to .intunewin, and uploaded to Intune with detection rules auto-generated from the source manifest or the MSI Property table.

WinGet (Windows Package Manager)

Windows Package Manager (winget) is Microsoft's official command-line package manager for Windows. It provides a repository of thousands of application manifests hosted on GitHub (microsoft/winget-pkgs) that contain download URLs, silent install switches, and metadata. WinGet can install, update, and uninstall software from the command line.

PowerStacks context: App Store for Intune uses WinGet manifests as a catalog source, never as a runtime installer on the endpoint. At packaging time, both the manifest and the downloaded installer are SHA-256 verified before being wrapped with PSADT v4 and converted to .intunewin.

Windows Update for Business (WUfB)

A free service from Microsoft that enables IT administrators to manage Windows update deployment directly from the cloud. WUfB policies, configured through Intune or Group Policy, control deferral periods for feature and quality updates, set maintenance windows, and manage driver updates. It eliminates the need for on-premises WSUS infrastructure.

PowerStacks context: BI for Intune includes Windows Update for Business reporting, providing visibility into update ring assignments, deferral compliance, and update installation status across your managed fleet.