Endpoint Manager Newsletter – 12th August 2022

Welcome one and all, it may be holiday season, but the content from the Intune community never stops! Read on for this weeks exciting posts…

Community Content

We start this week with an excellent guide from Rahul Jindal covering implementing Azure PIM to manage the Azure Device Admins role with just-in-time access. I’m a massive fan of PIM and this is something I suggest to all customers!

https://rahuljindalmyit.blogspot.com/2022/08/additional-local-administrators-on.html


Next up, Shehan Perera gives a run-down on how to use Device Control within Intune and Defender for Endpoint to manage those pesky USB and Bluetooth peripherals.

https://shehanperera.com/2022/08/06/mem-device-control-1/

Shehan’s second post shows how to use Intune to control where F1 takes you into Edge, re-directing to an internal Knowedgebase may be a lot more useful than the standard Edge help

https://shehanperera.com/2022/08/07/replace-edge-browser-f1-key-help-url-with-endpoint-manager/


Jannik Reinhard has released an excellent new troubleshooting tool which gives in-depth details of the devices and the ability to sync, restart, ping or my favourite, trigger a remediation script against an individual device.

https://jannikreinhard.com/2022/07/31/introduction-of-the-intune-device-troubleshooter/

A second post this week from Jannik, this one showing you how to bring back the old Win10 Right-click menu on Windows 11

https://jannikreinhard.com/2022/08/02/change-windows-11-context-menu-with-intune/


In this next post, Dean Ellerby has a look at Autopatch including a video on how to configure and enrol devices into this excellent new service.

https://www.linkedin.com/pulse/first-look-windows-autopatch-enrolment-dean-ellerby/


We all know about the service health status within the Intune portal, but how many of us actually look at it daily? I know I only check if someone reports an issue. This post from Anoop Nair will show you how to enable email alerts so you can find out before the users start shouting.

https://www.anoopcnair.com/email-alerts-for-intune-outages-m365-services/


Next up, we have another excellent technical look at the autopilot hash from Michael Niehaus. This one is looking at creating your own fabricated devices by manipulating the hash (I love the device details!)

https://oofhours.com/2022/08/08/connect-the-dots-create-your-own-hashes/


If you’ve experienced the Autopilot 801c03ed error code, check out this post from Christopher Mogis with a fix.

https://www.ccmtune.fr/2022/08/windows-autopilot-error-code-801c03ed.html


If you deploy Android devices, you’ll probably use the Work Profile quite a lot. This post from Robin Hobo shows how to move system applications into the Work Profile on a device.


This post from Rudy Ooms looks at various methods to delay app installations during Autopilot


As you may or may not have heard, Apple have released Lockdown mode in Beta as an extra layer of security for high risk devices. Timmy Andersson looks at the implications this has if your devices are already MDM managed


If you are using Autopatch and letting Microsoft handle your patching, you’ll need to know how to look for any Microsoft issues. This post from Jitesh Kumar will show you how to do just that.

https://www.anoopcnair.com/windows-autopatch-service-health-status-intune/


If you are just starting your Autopilot journey, this post from Gannon Novak gives an excellent run-through on enrolling devices


This one has been translated from Spanish to excuse the unusual URL. The post from Octavio Rodríguez looks at using Conditional Access policies with Microsoft Tunnel VPN

https://www-deployment-mx.translate.goog/usar-conditional-access-con-microsoft-tunnel/?_x_tr_sl=auto&_x_tr_tl=en&_x_tr_hl=en-US&_x_tr_pto=wapp


Next up, Damien Van Robaeys has part 4 of the getting started guide for Log Analytics. If this is your first exposure, I’d start with part 1

https://www.systanddeploy.com/2022/08/starting-with-log-analytics-part-4.html

A second post from Damien, this one will show you how to get a message on Teams when an Autopilot build completes. Very useful if you’re on a large deployment project and need to track progress

https://www.systanddeploy.com/2022/08/automatically-sending-teams.html


If you’re using SCCM or MDT to deploy your base image, have a look at this post from Johan Arwidmark looking at the importance of drivers in your WinPE image


Self-deploying shared devices are an excellent feature of Intune and often overlooked. This post from Joost Gelijsteen will show you how to configure and deploy a shared device.


This post from Jonas Bøgvad looks at the ways we can protect Android devices from Malware using all of the tools available

https://blog.skymadesimple.io/android-and-malware/

A second post from Jonas this week looking at App Deployment options and what we know about the Store for Business changes

https://blog.skymadesimple.io/microsoft-store-app-integration-with-microsoft-endpoint-manager/


If you aren’t familiar with the Intune CD tool, read this post from Aaron Parker on how to configure and deploy it to automate your Intune documentation and monitoring for changes

https://stealthpuppy.com/automate-intune-documentation-github/


Now onto this weeks video content and we will start with Dean Ellerby’s first look at Microsoft Entra and finding out what it is and what it does


If you haven’t looked at the new Cloud Trust model for on-prem SSO with WHfB, have a look at this video from Pim Jacobs, Ronny de Jong and Prakhar Srivastava


This video from Manish Bangia demonstrates how to deploy an SCCM lab into Azure


We also have part two of Mattias Melkersen Kalvåg’s excellent series on packaging with PowerShell Application Deployment Toolkit (PSADT)


The last of the community content for this week comes from Harjit Dhaliwal and Anoop Nair showing how to navigate the Intune support portal and log tickets

Microsoft Content

Now for the news and announcements from Microsoft

If you are co-managed or migrating from SCCM to Intune, this will look at migrating encryption

https://techcommunity.microsoft.com/t5/core-infrastructure-and-security/modernizing-endpoint-management-encryption-part1/ba-p/3592709

Defender for Cloud Apps is now included in the Defender Portal for better management and easier to view data

https://docs.microsoft.com/en-us/microsoft-365/security/defender/microsoft-365-security-center-defender-cloud-apps?view=o365-worldwide

How to leverage Azure Bastion to connect to your home network

https://techcommunity.microsoft.com/t5/itops-talk-blog/securely-manage-my-on-prem-server-using-cloud-services/ba-p/3590528

Another new preview, this one covers Device Health within the Defender for Endpoint dashboard

https://techcommunity.microsoft.com/t5/microsoft-defender-for-endpoint/new-device-health-reporting-for-microsoft-defender-for-endpoint/ba-p/3589287

WIP is going end-of-support, more information about it and suggestions on what to use instead

https://docs.microsoft.com/en-us/mem/intune/fundamentals/whats-new#plan-for-change-ending-support-for-windows-information-protection

https://techcommunity.microsoft.com/t5/intune-customer-success/support-tip-end-of-support-guidance-for-windows-information/ba-p/3580091

This post looks at using CA to restrict web access to corporate data

https://techcommunity.microsoft.com/t5/intune-customer-success/enabling-corporate-access-using-browser-controls-in-windows/ba-p/3593410

With Desktop Analytics end of life, follow this guide to close your account

https://docs.microsoft.com/en-us/mem/configmgr/desktop-analytics/account-close

A new PowerShell Commandlet “get-whatsnew” to save you digging around in help pages and online documentation

https://devblogs.microsoft.com/powershell/announcing-the-release-of-get-whatsnew/


That’s it for this week, have an excellent summer weekend!

Posted in Newsletter