Endpoint Manager Newsletter – 15th July 2022

Welcome one and all to another veritable feast of amazing Intune content from this excellent community!

Community Content

First we have this post from Peter Klapwijk with an excellent Logic App to re-import your devices into Autopilot. Peter is doing some excellent work with Logic Apps so I would recommend having a read of the other posts on the site as well!


Next we have a script from Gannon Novak which creates an App Registration in Azure AD and then demonstrates how we can use this new app to enrol devices directly into Autopilot (or better still, the users can enrol without needing any Azure permissions)


Another script, this one from Ben Whitmore. If, like me, you’re from an SCCM background, you will know how powerful CMTrace is to view logs (and if you’re not, trust us!). This script will deploy CMTrace to devices via Intune but without you needing to have a copy of SCCM to retrieve it from.

https://github.com/byteben/MEM/blob/main/Install-CMTrace.ps1


Following the script theme, this one from Niels Kok can change an Autopilot group tag and also sort your AAD groups at the same time!

https://gist.github.com/NielsS79/e664c3d71d4727e6407a54815bd2aa8f


Licensing can be a minefield at times, especially when looking at device level. Fortunately Jonas Bøgvad has a run-through of device licensing and which situations they work best.

https://www.linkedin.com/pulse/intune-device-licensing-android-jonas-b%C3%B8gvad/


This recently updated post from Rudy Ooms looks at custom compliance policies and how to force a device to check-in against the policy

A second post from Rudy with a very thorough runthrough of using the Winget package manager, how to deploy it, how to install apps with it and how to use it in the System context (a game changer!)

For Rudy’s third post this week, we have more detective work troubleshooting MDM certificate issues


Is there anything worse than users plugging in whatever USB printer they found in a cupboard and then calling for help because it’s complaining about a lack of Cyan for a B&W document. Thanks to this post from Peter van der Woude you can now block unapproved devices so at least you only have to worry about the enterprise ones which hopefully have a service contract on them!


Defender for Cloud (previously known as many many other names) is an excellent security tool. If you aren’t too familiar with it, check out this post from Geert Kooijman will keep you on the right track

https://kooijman.cloud/blog/f/getting-started-with-defender-for-cloud


This very in-depth post from Jannik Reinhard looks at using Intune Data Warehouse and PowerBI to build custom dashboards to view your Intune data. Extremely useful stuff!

https://jannikreinhard.com/2022/07/10/build-powerbi-dashboard-based-on-intune-data-warehouse/

A second post this week from Jannik, this one looks at using machine learning/cognitive services to alert when there is marked change in the number of compliant devices. I’ll be testing this one myself, nice work Jannik!

https://jannikreinhard.com/2022/07/12/detect-anomalies-in-your-intune-environment-with-azure-cognitive-services/

Jannik has had quite the week, we have a third post, this one using PowerShell to create Device Filters, a recommended read if you are like me and want to automate everything

https://jannikreinhard.com/2022/07/14/a-default-set-on-assignment-filter/


Microsoft have recently confirmed that deleting an iOS or Android device doesn’t retire the device or remove the data. Read more about it in this post from Anoop Nair.

https://www.anoopcnair.com/intune-delete-action-no-longer-retire-ios-andro/


The mysterious Autopilot Hash. You may find yourself wondering why devices keep showing in your tenant. Have a read of this thorough article from Maik Koster and your confusion will be answered.


As mentioned in the Microsoft announcements, Autopatch is now in GA so we have a few posts looking at it.

First up, Shehan Perera gives an update on what has changed since preview (and also links to excellent previous posts on using it)

https://shehanperera.com/2022/07/12/windows-autopatch-ga-1/


The second post on Autopatch from Jitesh Kumar with a full run-through of configuring it from scratch

https://www.anoopcnair.com/windows-autopatch-implementation-guide-setup/


This post from Joymalya Basu Roy also runs through Autopatch, requirements, configuring and deploying


You can tell it’s popular new technology, Jonas Bøgvad also shares their thoughts on it!

https://www.linkedin.com/pulse/end-human-management-intune-jonas-b%C3%B8gvad/


With settings catalog now also in GA, this post from Joost Gelijsteen gives a good runthrough of why to use them (and you absolutely should)


This post from Christopher Mogis shows how you can configure using Fido2 security keys to login to Windows 10 or 11

https://www.ccmtune.fr/2022/07/how-to-set-up-fido2-security-key-for.html


This in-depth post from Sander Rozemuller shows how you can use Powershell, Logic Apps and Teams to both alert a user that there is an issue with their personal AVD host, but also give them the ability to restart the host.


This post from Alex Durrant shows how to set the timezone via Settings Catalog in Intune (something I see requested quite often)


Next, Colin Sainsbury talks us through Dell’s new Ready Image functionality to cloud rebuild devices

https://www.linkedin.com/pulse/rebuilding-remote-worker-devices-from-cloud-colin-sainsbury/


In this extremely detailed post (and it’s only part 1!), Jeffrey Appel runs through Defender for Endpoint in-depth. A recommended read!


Carrying on the MDE theme, this post from Anand P shows how to use Powershell and a CSV file to batch tag your devices within MDE

https://www.cloudtekspace.com/post/device-tagging-in-mde-by-powershell-csv


Another option for MDE device tagging is to use Custom Policies in Intune as described here by Ugur Kok


A second post from Anand P, this one covering App Protection policies:

https://www.cloudtekspace.com/post/intune-app-protection


A question as old as the technology itself, “why should I bother with Autopilot?”. If this is a question you are asking (or more likely one of your customers), this video from Dean Ellerby explains it all

Microsoft Content

Now for the Microsoft news and content.

First up, we have a great video from Microsoft Mechanics comparing the options for handling updates on cloud managed devices

Whilst this is just a Microsoft document, look at the last line of the JSON:

"allowAvailableUninstall": true

We may be able to request an uninstall from Company Portal soon!

https://docs.microsoft.com/en-us/graph/api/resources/intune-apps-win32lobapp?view=graph-rest-beta

Autopatch is here, read all about it below!!

https://techcommunity.microsoft.com/t5/windows-it-pro-blog/windows-autopatch-has-arrived/ba-p/3570119

The latest Windows 11 Insider build is now available:

https://blogs.windows.com/windows-insider/2022/07/13/announcing-windows-11-insider-preview-build-25158/


That’s it for this week, have a fantastic weekend!

Posted in Newsletter