Endpoint Manager Newsletter – 29th July 2022

Welcome to this weeks newsletter which for a holiday week has a surprising amount of content from this incredible community.

So, let’s begin…

Community Content

We start with this post from Katy Nicholson showing how to enable and configure Terms of Use within Intune/AAD and what the end user experience will look like.

https://katystech.blog/mem/intune-terms-of-use


If you missed the AMA on Autopilot last week, here Johan Arwidmark has looked at some of the key questions and answers raised.


Following on from the previous post on device compliance, Jannik Reinhard, this one uses Azure Automation and Cognitive services to alert via Teams if there is a sudden increase in application installation failures.

https://jannikreinhard.com/2022/07/24/detect-anomalies-in-your-intune-environment-with-azure-cognitive-services-part-2-application-installations/

A second post from Jannik with some updates to the excellent System Tray tool adding some welcome additions (sync, Quick assist and password reset)

https://jannikreinhard.com/2022/07/27/the-further-development-of-the-company-portal-system-tray-icon/


Another part-2 post, this time from Shehan Perera looking at the options for providing local admin on AAD devices with the Microsoft built-in options.

https://shehanperera.com/2022/07/23/providing-local-admin-access-2/


Whilst I normally stick to just Intune related posts, this one from Dominiek Verham whilst mostly around Windows 365 has some excellent content around the new Autopatch service


After an update from Microsoft, there has been a change to the old method of triggering an app re-install after 3 failed attempts. Read about it in this post from Rudy Ooms

Rudy’s second post this week is an excellent look at a time-out error you may be seeing in Autopilot and what’s causing it


If you have migrated machines from one tenant to another, have a look at this post from Simon Skotheimsvik to watch for a potential issue with devices in Store for Business

https://skotheimsvik.blogspot.com/2022/07/autopilot-device-deadlock-between-two.html?m=1


One of my favourites this week, Jasper Bernaers has done an excellent guide on why you should move devices to Intune. I imagine if you’re reading this, you have already made that decision, but this will certainly help convince the execs!

https://www.linkedin.com/pulse/why-move-your-endpoints-infrastructure-microsoft-365-azure-bernaers/


Following the alerting theme from previous weeks, this post from Manish Bangia shows how to use Log Analytics to alert to any changes on a Conditional Access Policy

https://www.manishbangia.com/track-capolicy-using-email-alert/


Next we have four posts from Jitesh Kumar (a busy week!), starting with a guide on sending custom notifications to devices and the experience across platforms

https://www.anoopcnair.com/send-custom-notifications-to-users-intune-mem/

The second post looks at the new reports in Preview to check on the status of autopatch deployments

https://www.anoopcnair.com/windows-autopatch-quality-updates-report-intune/

This in-depth guide runs through configuring and monitoring Security Baselines

https://www.anoopcnair.com/intune-security-baselines-policies-windows10-11/

If you have deployed Autopatch and want to exclude some devices from it (possibly key machines), this guide has you covered

https://www.anoopcnair.com/exclude-device-from-windows-autopatch-mem/


In a follow-up to last weeks post, Oktay Sari looks at a passwordless experience on Android and iOS devices using the Microsoft Authenticator app. I’d recommend watching the video at the end to see the user experience as well

https://allthingscloud.blog/working-passwordless-on-mobile-devices/


For those of us with scripted installs, this post from Gannon Novak shows how to create AAD Groups using the Graph module instead of Azure AD module

Gannon’s second post this week uses PowerShell, Logic Apps and many others to grab hardware hashes and send them straight to a teams channel


Browser extensions are a wonderful thing, I’m sure we all have many of them, but we want to manage just what our end users can and can’t add. This post from Joost Gelijsteen shows how to do just that in both Edge and Chrome.


A very useful and thorough post from James Yip looking at why App Protection policies are essential and how to configure them.


This post from Rabia Noureen looks at the new Azure AD review functionality and also explains more around the change to force Security Defaults.

https://petri.com/microsoft-it-admins-remove-inactive-azure-ad-users/


Intune isn’t just for end user devices, now the new server licensing has arrived, you can use Defender for Endpoint and Intune to manage servers Anti-virus, as explained in this post from Florian Salzmann


Risky sign-ins are one thing that everyone should be monitoring, but if you don’t have a SIEM, it can be a time consuming process. Fortunately we have a solution from Søren Andersen using Log Analytics and a Logic App to email a list from the previous 24 hours.


If you do any App Packaging and haven’t looked at PSADT, watch this video from Mattias Melkersen Kalvåg and see how it will make your life so much easier!


We have another tool to help your users be more self-sufficient and hopefully reduce support calls. This one from Christopher Mogis has some excellent features and I would strongly suggest giving it a try.

https://www.ccmtune.fr/2022/07/user-assistant-tool-for-end-user.html


File Associations can be a real pain, add in different departments using different applications and it can almost feel like a full time job in itself. This post from René Laas will show you how to leverage Sharepoint and Logic Apps to do the heavy lifting for you!

https://endpointcave.com/manage-file-type-associations-for-multiple-entities-or-departments/


If you are reading this after your summer holidays, or looking forward to starting them, Jonas Bøgvad has some tips on what to check upon your return (as well as clearing that backlog of emails!)

https://blog.skymadesimple.io/getting-back-to-work/


Following on from last weeks post on how to collect Procmon logs from Defender, in this one, Anand P shows how to then analyse them further.

https://www.cloudtekspace.com/post/how-to-analyze-pml-file-defender-av


Next we have two posts from Anoop C Nair, the first one digs into the Update Compliance logs and grabs device and patch details using KQL

https://www.anoopcnair.com/intune-devices-patch-deployment-status-country/

The second post looks at a current Autopilot issue where users are getting a message about an Invalid Username and Password. It seems to be happening more often, so worth reading about now in case you come across it in your environment

https://www.anoopcnair.com/autopilot-username-or-password-is-incorrect/


A late addition, a new application has been released by Ugur Koc which will search for a Winget application, grab the files and package it for you


Finally for this week we have a video from Harjit Dhaliwal & Anoop C Nair and a guest speaker Joymala Basu Roy looking at the new Autopatch functionality

Microsoft Content

Now onto the Microsoft announcements from this week

First, it’s always worth checking what’s new in the world of Intune

https://docs.microsoft.com/en-us/mem/intune/fundamentals/whats-new#week-of-july-25-2022-service-release-2207

This part is particularly interesting

https://docs.microsoft.com/en-us/mem/intune/fundamentals/whats-new#new-hardware-detail-available-for-individual-devices-running-on-iosipados-and-macos

Some excellent news around hardware replacements, Intune and Autopilot can now cope with motherboard replacements!

https://techcommunity.microsoft.com/t5/intune-customer-success/return-of-key-functionality-for-windows-autopilot-sign-in-and/ba-p/3583130

New Azure AD Certificate Authentication as well

https://techcommunity.microsoft.com/t5/microsoft-entra-azure-ad-blog/check-out-new-azure-ad-certificate-based-authentication-cba/ba-p/2365682

An overview of what happens when you deploy machines to Autopatch:

https://docs.microsoft.com/en-us/windows/deployment/windows-autopatch/deploy/windows-autopatch-device-registration-overview

And to finish off, probably the most useful from my perspecive, a look at the evolved Microsoft Store

https://techcommunity.microsoft.com/t5/windows-it-pro-blog/update-to-endpoint-manager-integration-with-the-microsoft-store/ba-p/3585077

That’s another exciting week completed, have a fab weekend!

Posted in Newsletter