Welcome to the first MEM newsletter of September. I hope everyone has had a fab summer!
Community Content
We start this week with a post which looks at my favourite part of Intune, Proactive Remediations. Joey Verlinden has helpfully put together an excellent list of remediations which you can just grab and deploy.
I’m sure we’ve all dealt with those massive applications (AutoCAD!) and how we deploy those in the new cloud-powered world. This post from Johan Arwidmark looks at exactly that and the best way to deploy any giant applications.
Next up, René Laas shows how to create a dynamic AAD group to show devices enrolled by Device Administrator accounts.
https://endpointcave.com/create-a-dynamic-device-group-for-all-dem-user-enrolled-devices/
Conditional Access, MFA, Risky Sign-ins, all absolutely vital in securing your environment. But what happens if the MFA authentication servers go off and no-one can login? This is one of the reasons why everyone should have a break-glass account. Read this post from Shehan Perera to learn more!
https://shehanperera.com/2021/11/26/az-break-glass-account/
This is one I’ve been looking forward to since I first heard about it. Damien Van Robaeys has released the new SelfX tool to allow your users to fix common issues themselves. The best part is you can configure the XML to add your own fixes to the list!
https://www.systanddeploy.com/2022/08/selfx-tool-allowing-users-to-solve.html?m=0
A second post this week from Damien, this one shows how to use Provisioning packages to automate enrollment of a Windows Sandbox into Intune
https://www.systanddeploy.com/2021/09/automatically-enroll-windows-sandbox-or.html?m=0
Currently Intune does not have a built in filter to target only the primary user of a device. This post/script from Oliver Kieselbach shows a way around it (excellent names for the test users as well!)
https://oliverkieselbach.com/2022/08/30/deploy-an-intune-application-with-user-device-affinity/
If you are just getting started with Winget, this post from Florian Salzmann gives an excellent introduction on how to use it in the device context.
https://scloud.work/en/how-to-winget-intune/
Another Conditional Access post, this one from Phillip Büchler looking at exclusions and how you can empower your users to request exclusions (pending approval) when travelling outside previously approved aread
https://fime.ch/posts/ca-exclusions/
If you are using Windows Defender, this flow from Moe Kinani will show you how to tag devices based on the users location.
https://cloudbymoe.com/f/tag-microsoft-defender-machines-based-on-your-user-location
For anyone who hasn’t yet deployed AutoPatch, have a read of this run-through from Robin Hobo has you covered. If you’re E3 licensed, I’d recommend trying it!
We couldn’t have a MEM newsletter without at least one post from Rudy Ooms! This is a new script which runs various checks against a machine to check it is ready for Autopilot Pre-Provisioning. If you’ve dealt with TPM Attestation before, you’ll appreciate this one!
This post from Harvansh Singh runs through how to package and deploy a Win32 app, as well as checking it has installed ok.
I personally much prefer running my PC in Dark Mode (including a Firefox plugin for force websites which don’t play nicely). Fortunately the MEM Portal has themes available, as covered in this post from Jitesh Kumar
https://www.anoopcnair.com/enable-dark-mode-for-intune-admin-portal-mem/
For anyone still supporting Chrome (switch to Edge), have a look at this from Rahul Jindal with the policies needed to secure the browser.
https://rahuljindalmyit.blogspot.com/2022/08/chrome-browser-enterprise-security.html?m=1
A new application from Aaron Parker, this one will customise a new image (across Operating System and AVD) including removing bloat, deploying start meny and more.
https://stealthpuppy.com/image-customise/install/
If you want to use a hidden dll to send MDM commands via PowerShell (and who wouldn’t), check out this post from Michael Niehaus
https://oofhours.com/2022/08/26/send-mdm-commands-without-an-mdm-service-using-powershell/
This post from Jannik Reinhard shows how to use Proactive Remediations and Azure Automation to create an AAD group based on a local attribute on the device itself.
https://jannikreinhard.com/2022/08/28/create-and-fill-aad-group-based-on-an-local-attributes/
A second post from Jannik this week. If you want to find yourself on this newsletter in the future (and who wouldn’t!), read on and see how to start out with MEM content creation.
https://jannikreinhard.com/2022/08/31/how-to-start-with-creating-blog-content-about-mem/
Mattias Melkersen Kalvåg has released a new version of his excellent Intune Debug Tools with the latest update parsing event log items on top of all of the previous tools available.
https://github.com/mmelkersen/EndpointManager/tree/main/Intune%20Debug%20Tools#version-15
If you have ever wondered about the maximum number of applications you can add to Intune, check out this post from Scott McAllister
https://scotscottmca.com/2022/09/01/Intune-App-Limit/
Whilst not strictly MEM related, I’m sure most of us also manage M365 licenses. This automation from Moe Kinani will alert you when the licenses are running low
https://cloudbymoe.com/f/stay-alerted-when-your-o365-licenses-are-low
Following the Microsoft announcement (below), you can now add language packs via PowerShell. Read this post from Stefan Dingemanse to find out how
Saad Khamis has released a new version of the IntuneWinAppUtil GUI with many new features. If you package apps, it’s worth checking out!
This new script from Christopher Mogis runs checks on key Windows security components to confirm they are operating correctly. This one could be linked with a Proactive Remediation and potentially exported to Log Analytics for further reporting.
https://www.ccmtune.fr/2022/08/windows-11-security-check-with.html
An updated post from Peter Klapwijk. Along with the previous Proactive Remediation, you can now remove the new Teams Chat icon via Settings Catalog. Read on to find out how.
This post from Brooks Peppin looks at Hybrid Azure AD Join and some key findings from a large project to deploy it.
Now for the video content for this week
This video from Jóhannes Kristjansson, Jake Shackelford and Sean Bulger covers how to create an Azure App Registration to connect to MS Graph
Microsoft Content
As mentioned above, Microsoft have released Language Pack Management via PowerShell
https://docs.microsoft.com/en-gb/powershell/module/languagepackmanagement/?view=windowsserver2022-ps
That’s it for this week, have an amazing weekend!
