Welcome to this weeks bumper newsletter, crammed full of amazing content from the MEM community. Put your feet up, grab your favourite drink and read on…
Community Content
We start this week with this post from Sandy Zeng looking at the different ways to configure and deploy WHfB and the differences between them.
I’m sure we all now have update rings for Windows (and Office), possibly even using AutoPatch, but how are you handling Edge? This post from Joost Gelijsteen will show you how to configure update rings for Edge as well.
Applocker is an excellent tool, especially when meeting security requirements, but it’s one of the most tricky to deploy using Intune. Fortunately u/CloudInfra_net has released this excellent guide!
https://cloudinfra.net/how-to-implement-applocker-using-intune/
If you are auto-enrolling your machines via GPO or SCCM, have a look at this PowerShell function from Ondrej Sebela to solve any issues on machines during enrollment.
https://doitpsway.com/fixing-windows-clients-intune-automatic-enrollment-issues-using-powershell
If you want to move to passwordless authentication (and why wouldn’t you!), read this post from Jannik Reinhard to find out how to enable it on your tenancy
With basic authentication now deprecated in Exchange Online, you should consider disabling it across other Microsoft services as well. Here Jonas Bøgvad explains why and more importantly, how to do so.
https://blog.skymadesimple.io/basic-authentication-is-now-the-past-in-exchange-online/
A second post this week from Jonas, this one explaining what the Primary Refresh Token is on AAD joined machines
https://blog.skymadesimple.io/what-is-a-primary-refresh-token/
There are a selection of options to reset your device into OOBE, all of which are nicely covered here by Christopher Mogis
https://www.ccmtune.fr/2022/09/how-to-reset-computer-in-oobe-mode.html
This weeks ‘deep dive with Rudy Ooms‘ looks at what might be causing sync issues, or devices disappearing from Intune altogether (hint: certificates)
Should you still be dealing with on-prem file shares, you have my sympathy. Fortunately the new ADMX import does make it easier to map drives as explained here by Shehan Perera
https://shehanperera.com/2022/09/03/import-admx-1/
Shehan’s second post looks at the relationship between Intune and Defender for Endpoint and what you can configure in each portal to have them play nicely
https://shehanperera.com/2022/09/09/mem-mde-1/
For anyone using the Intune certificate connector, make sure you upgrade from 6.2101.13.0 to retain functionality. Following this excellent guide from Somesh Pathak will help you
https://intuneirl.se/home/f/time-to-upgrade-certificate-connector
Proactive Remediations are great, but what happens if you lose the source code? Grab this script from Oliver Kieselbach and get them all back again
https://oliverkieselbach.com/2022/09/07/get-back-your-intune-proactive-remediation-scripts/
Similarly, Oliver’s second post/script shows how to retrieve your custom detection and requirement scripts
If you haven’t tried a Dev Box yet, have a look at this thorough guide from Peter van der Woude
Another Dev Box guide, this one from Ola Ström which shows how to set one up and the user experience when running one.
If you have yet to setup Autopatch, have a read of this guide from Nicolas Bonnet to get you started.
https://inyourcloud.fr/configure-autopatch/
This post from Jitesh Kumar demonstrates how to manually add and remove devices from Azure AD and Intune
https://www.anoopcnair.com/remove-windows-device-from-azure-ad-join-intune/
This is one I’ve been following with interest over on Twitter, Johan Arwidmark has been experimenting with uploading large files to Intune and the best way to do so.
The Windows Defender security report often has excellent recommendations for securing your device estate, but it’s another portal to log into and check. If, like me, you would rather spend that time doing something more productive, follow this post from Peter Klapwijk and get the report sent straight to you.
Proactive Remediations are probably still my best feature within Intune, but as well as being hidden, they can be difficult to pick up. This post from Niels Kok has you covered so now there are no excuses for not using them
If there are multiple admins in your Intune environment, you might want to keep track of anyone making changes (especially if something goes wrong and you need to revert). Mattias Melkersen Kalvåg shows you how to do so in this post using either Logic Apps or Power Automate
Now onto this weeks video content starting with this one from Andy Jones looking at the updates to Android Zero Touch enrollment
This video from Harvansh Singh demonstrates how to configure Disk Encryption via Microsoft Defender for Endpoint
The final community content this week is this video from Mattias Melkersen Kalvåg and Nickolaj Anderson looking at Nickolaj’s Intune App Factory (which looks very exciting)
Microsoft Content
This article and video gives an excellent overview of the zero trust model across network and infrastructure
Endpoint Analytics information has now been added to the adoption score
https://docs.microsoft.com/en-us/mem/analytics/adoption-score
As mentioned above, basic authentication has now been retired in Exchange Online
New features announced for Defender for Endpoint
Including Device Health Reporting