Welcome one and all, it may be holiday season, but the content from the Intune community never stops! Read on for this weeks exciting posts…
Community Content
We start this week with an excellent guide from Rahul Jindal covering implementing Azure PIM to manage the Azure Device Admins role with just-in-time access. I’m a massive fan of PIM and this is something I suggest to all customers!
https://rahuljindalmyit.blogspot.com/2022/08/additional-local-administrators-on.html
Next up, Shehan Perera gives a run-down on how to use Device Control within Intune and Defender for Endpoint to manage those pesky USB and Bluetooth peripherals.
https://shehanperera.com/2022/08/06/mem-device-control-1/
Shehan’s second post shows how to use Intune to control where F1 takes you into Edge, re-directing to an internal Knowedgebase may be a lot more useful than the standard Edge help
https://shehanperera.com/2022/08/07/replace-edge-browser-f1-key-help-url-with-endpoint-manager/
Jannik Reinhard has released an excellent new troubleshooting tool which gives in-depth details of the devices and the ability to sync, restart, ping or my favourite, trigger a remediation script against an individual device.
https://jannikreinhard.com/2022/07/31/introduction-of-the-intune-device-troubleshooter/
A second post this week from Jannik, this one showing you how to bring back the old Win10 Right-click menu on Windows 11
https://jannikreinhard.com/2022/08/02/change-windows-11-context-menu-with-intune/
In this next post, Dean Ellerby has a look at Autopatch including a video on how to configure and enrol devices into this excellent new service.
https://www.linkedin.com/pulse/first-look-windows-autopatch-enrolment-dean-ellerby/
We all know about the service health status within the Intune portal, but how many of us actually look at it daily? I know I only check if someone reports an issue. This post from Anoop Nair will show you how to enable email alerts so you can find out before the users start shouting.
https://www.anoopcnair.com/email-alerts-for-intune-outages-m365-services/
Next up, we have another excellent technical look at the autopilot hash from Michael Niehaus. This one is looking at creating your own fabricated devices by manipulating the hash (I love the device details!)
https://oofhours.com/2022/08/08/connect-the-dots-create-your-own-hashes/
If you’ve experienced the Autopilot 801c03ed error code, check out this post from Christopher Mogis with a fix.
https://www.ccmtune.fr/2022/08/windows-autopilot-error-code-801c03ed.html
If you deploy Android devices, you’ll probably use the Work Profile quite a lot. This post from Robin Hobo shows how to move system applications into the Work Profile on a device.
This post from Rudy Ooms looks at various methods to delay app installations during Autopilot
As you may or may not have heard, Apple have released Lockdown mode in Beta as an extra layer of security for high risk devices. Timmy Andersson looks at the implications this has if your devices are already MDM managed
If you are using Autopatch and letting Microsoft handle your patching, you’ll need to know how to look for any Microsoft issues. This post from Jitesh Kumar will show you how to do just that.
https://www.anoopcnair.com/windows-autopatch-service-health-status-intune/
If you are just starting your Autopilot journey, this post from Gannon Novak gives an excellent run-through on enrolling devices
This one has been translated from Spanish to excuse the unusual URL. The post from Octavio Rodríguez looks at using Conditional Access policies with Microsoft Tunnel VPN
Next up, Damien Van Robaeys has part 4 of the getting started guide for Log Analytics. If this is your first exposure, I’d start with part 1
https://www.systanddeploy.com/2022/08/starting-with-log-analytics-part-4.html
A second post from Damien, this one will show you how to get a message on Teams when an Autopilot build completes. Very useful if you’re on a large deployment project and need to track progress
https://www.systanddeploy.com/2022/08/automatically-sending-teams.html
If you’re using SCCM or MDT to deploy your base image, have a look at this post from Johan Arwidmark looking at the importance of drivers in your WinPE image
Self-deploying shared devices are an excellent feature of Intune and often overlooked. This post from Joost Gelijsteen will show you how to configure and deploy a shared device.
This post from Jonas Bøgvad looks at the ways we can protect Android devices from Malware using all of the tools available
https://blog.skymadesimple.io/android-and-malware/
A second post from Jonas this week looking at App Deployment options and what we know about the Store for Business changes
https://blog.skymadesimple.io/microsoft-store-app-integration-with-microsoft-endpoint-manager/
If you aren’t familiar with the Intune CD tool, read this post from Aaron Parker on how to configure and deploy it to automate your Intune documentation and monitoring for changes
https://stealthpuppy.com/automate-intune-documentation-github/
Now onto this weeks video content and we will start with Dean Ellerby’s first look at Microsoft Entra and finding out what it is and what it does
If you haven’t looked at the new Cloud Trust model for on-prem SSO with WHfB, have a look at this video from Pim Jacobs, Ronny de Jong and Prakhar Srivastava
This video from Manish Bangia demonstrates how to deploy an SCCM lab into Azure
We also have part two of Mattias Melkersen Kalvåg’s excellent series on packaging with PowerShell Application Deployment Toolkit (PSADT)
The last of the community content for this week comes from Harjit Dhaliwal and Anoop Nair showing how to navigate the Intune support portal and log tickets
Microsoft Content
Now for the news and announcements from Microsoft
If you are co-managed or migrating from SCCM to Intune, this will look at migrating encryption
Defender for Cloud Apps is now included in the Defender Portal for better management and easier to view data
How to leverage Azure Bastion to connect to your home network
Another new preview, this one covers Device Health within the Defender for Endpoint dashboard
WIP is going end-of-support, more information about it and suggestions on what to use instead
This post looks at using CA to restrict web access to corporate data
With Desktop Analytics end of life, follow this guide to close your account
https://docs.microsoft.com/en-us/mem/configmgr/desktop-analytics/account-close
A new PowerShell Commandlet “get-whatsnew” to save you digging around in help pages and online documentation
https://devblogs.microsoft.com/powershell/announcing-the-release-of-get-whatsnew/
That’s it for this week, have an excellent summer weekend!