So this was something which came up a few months back with a customer, we realized in many organizations DNS Search suffix is set by AD Group Policy or the DHCP scope using options. But when deploying an Azure AD join device without line of sight we may not get search suffix and after connecting VPN UNC paths and some internal sites were failing.

So below is a one liner which did the trick, Set-DnsClientGlobalSetting and our search list divided with a comma.

Now to deploy this using Intune, I simply save the .ps1 to my local machine and deploy via Intune PowerShell.

Devices > Windows > PowerShell scripts > + Add

Save and target your users or devices, keep in mind if you want this to land prior to your user logging in for the first time, best to target the device or Autopilot group if using during deployment.