Endpoint Manager Newsletter – 10th June 2022

Welcome to another bumper newsletter covering the excellent work from the Endpoint Manager community (and quite a few announcements from Microsoft)

So, let’s get started and this week we have 3 posts from Rudy Ooms (plus a video later)!

The first of which is looking at the various options to protect against the Follina CVE in MS Office and also a look at an error you may receive if using Settings Catalog with Business Premium Licensing.

This post looks at the joys of MS Licensing upgrade/downgrade and why your licenses could suddenly downgrade themselves, some excellent sleuthing

The third post expands on retrieving Win32 apps and runs through methods to grab any MSI Line of Business apps deployed to your environment (hopefully so you can re-package them into Win32 and then delete them as LOB!)


Next up, Michael Niehaus delves into the murky world of the Autopilot hash and reveals exactly what sits inside the code. I personally found this one exceptionally useful to help explain why hardware replacements will often need a new hash and import (and the risk of ending up with refurbished parts tied to another tenant)

https://oofhours.com/2022/06/03/breaking-down-the-windows-autopilot-hardware-hash/


This script from Martin Bengtsson assists with managing Bitlocker keys when upgrading from on-prem Windows to to Windows 11 via Feature update by exporting them to Azure AD as part of the upgrade process.

https://www.imab.dk/escrow-bitlocker-recovery-keys-to-azure-ad-during-feature-update-to-windows-11/


This post from Manish Bangia runs through collecting logs from device remotely via Intune. It also includes a list of exactly what is captured in these logs which is extremely helpful!

https://www.manishbangia.com/how-to-collect-device-diagnostics-logs-using-intune-portal/


Next up, Peter van der Woude gives a very run through of using the Microsoft Tunnel application to deploy VPN on an application level. This is an exciting feature for iOS and Android which I’m busy testing myself.


As I’m sure everyone is well aware, Internet Explorer is retiring next week on some Windows versions. Fortunately Jitesh Kumar has you covered with this run through to disable IE and configure Edge to run in IE mode with the enterprise site list. If you don’t have this setup already, I suggest you have a read.


This script from Jannik Reinhard will add an icon into the system tray with quick access to sync a device (permissions allowing), open company portal, or collect machine diagnostics. Well worth testing.

https://jannikreinhard.com/2022/06/05/company-portal-system-tray-icon/


Whilst not strictly Endpoint Manager, we all use Azure AD daily and I was excited to read about the new member of facility within dynamic groups. This post from Pim Jacobs explains how they work and how to implement them.

https://identity-man.eu/2022/06/07/using-the-new-azure-ad-dynamic-groups-memberof-property/


This amazing PowerShell module from Damien Van Robaeys will grab BIOS information from Dell, Lenovo, HP and Toshiba devices, either locally, or remote devices and export to CSV, HTML or grid-view. I wonder if it could output to a Log Analytics workspace…

https://www.systanddeploy.com/2022/06/getbios-module-list-bios-settings-from.html


For those of you with a lab environment (I imagine most of you), Niels Scheffers shows how to convert an ISO into VHDX to use in Hyper-V


It’s been a very busy week with announcements from Microsoft as well.

This is one of my favourites, click on the PDF or Visio and there is an excellent rundown of which enrollment option to use for each scenario and device type.

https://docs.microsoft.com/en-gb/microsoft-365/solutions/cloud-architecture-models?view=o365-worldwide#intune-enrollment-options

For anyone still on the fence around MSIX, have a look at this article which shows apps you are already using in that format

https://techcommunity.microsoft.com/t5/windows-dev-appconsult/msix-probably-you-don-t-know-but-you-are-already-using-it/ba-p/3406636

As mentioned earlier, Azure AD now supports nested groups, this is the official announcement

https://techcommunity.microsoft.com/t5/azure-active-directory-identity/create-quot-nested-quot-groups-with-azure-ad-dynamic-groups/ba-p/3118024

If you are using universal print with the current printer provisioning tool (and are running Windows 11), you can now manage them directly via Settings Catalog!

https://techcommunity.microsoft.com/t5/microsoft-endpoint-manager-blog/universal-print-settings-available-in-microsoft-endpoint-manager/ba-p/3478710

Windows 11 22H2 is now in Preview so get testing! (You can even convert the ISO to VHDX using the guide above)

https://techcommunity.microsoft.com/t5/windows-it-pro-blog/preview-of-windows-11-version-22h2-now-available/ba-p/3478084

Finally, there are new reports in preview to review driver and app compatibility with Windows updates.

It’s also worth noting the section at the bottom around the retirement of Desktop Analytics.

https://techcommunity.microsoft.com/t5/windows-it-pro-blog/preview-app-and-driver-compatibility-insights-in-endpoint/ba-p/3482136


Now onto the videos, starting with this one from Dean Ellerby looking at which licenses are required for Autopilot and running through the m365maps website.

If you want to learn more about Intune and Autopilot, I’d also suggest looking at Dean’s Udemy course here


I’m a big fan of OSD Cloud as a modern way of imaging devices. For those of you wanting to try it, Dean’s second video runs through a quick start.


Next we have a video from Harvansh Singh running through troubleshooting various issues you may encounter in Autopilot deployments


And finally, another post from Rudy Ooms, this time it’s a video demonstrating how to grab a LOB application


I hope you’ve found all of these useful and a special thanks to the community for creating such excellent content!

Now…

Posted in Newsletter