Endpoint Manager Newsletter – 9th September 2022

Welcome to this weeks bumper newsletter, crammed full of amazing content from the MEM community. Put your feet up, grab your favourite drink and read on…

Community Content

We start this week with this post from Sandy Zeng looking at the different ways to configure and deploy WHfB and the differences between them.

I’m sure we all now have update rings for Windows (and Office), possibly even using AutoPatch, but how are you handling Edge? This post from Joost Gelijsteen will show you how to configure update rings for Edge as well.

Applocker is an excellent tool, especially when meeting security requirements, but it’s one of the most tricky to deploy using Intune. Fortunately u/CloudInfra_net has released this excellent guide!


If you are auto-enrolling your machines via GPO or SCCM, have a look at this PowerShell function from Ondrej Sebela to solve any issues on machines during enrollment.


If you want to move to passwordless authentication (and why wouldn’t you!), read this post from Jannik Reinhard to find out how to enable it on your tenancy


With basic authentication now deprecated in Exchange Online, you should consider disabling it across other Microsoft services as well. Here Jonas Bøgvad explains why and more importantly, how to do so.


A second post this week from Jonas, this one explaining what the Primary Refresh Token is on AAD joined machines


There are a selection of options to reset your device into OOBE, all of which are nicely covered here by Christopher Mogis


This weeks ‘deep dive with Rudy Ooms‘ looks at what might be causing sync issues, or devices disappearing from Intune altogether (hint: certificates)

Should you still be dealing with on-prem file shares, you have my sympathy. Fortunately the new ADMX import does make it easier to map drives as explained here by Shehan Perera


Shehan’s second post looks at the relationship between Intune and Defender for Endpoint and what you can configure in each portal to have them play nicely


For anyone using the Intune certificate connector, make sure you upgrade from 6.2101.13.0 to retain functionality. Following this excellent guide from Somesh Pathak will help you


Proactive Remediations are great, but what happens if you lose the source code? Grab this script from Oliver Kieselbach and get them all back again


Similarly, Oliver’s second post/script shows how to retrieve your custom detection and requirement scripts


If you haven’t tried a Dev Box yet, have a look at this thorough guide from Peter van der Woude

Another Dev Box guide, this one from Ola Ström which shows how to set one up and the user experience when running one.

If you have yet to setup Autopatch, have a read of this guide from Nicolas Bonnet to get you started.


This post from Jitesh Kumar demonstrates how to manually add and remove devices from Azure AD and Intune


This is one I’ve been following with interest over on Twitter, Johan Arwidmark has been experimenting with uploading large files to Intune and the best way to do so.

The Windows Defender security report often has excellent recommendations for securing your device estate, but it’s another portal to log into and check. If, like me, you would rather spend that time doing something more productive, follow this post from Peter Klapwijk and get the report sent straight to you.

Proactive Remediations are probably still my best feature within Intune, but as well as being hidden, they can be difficult to pick up. This post from Niels Kok has you covered so now there are no excuses for not using them

If there are multiple admins in your Intune environment, you might want to keep track of anyone making changes (especially if something goes wrong and you need to revert). Mattias Melkersen Kalvåg shows you how to do so in this post using either Logic Apps or Power Automate

Now onto this weeks video content starting with this one from Andy Jones looking at the updates to Android Zero Touch enrollment

This video from Harvansh Singh demonstrates how to configure Disk Encryption via Microsoft Defender for Endpoint

The final community content this week is this video from Mattias Melkersen Kalvåg and Nickolaj Anderson looking at Nickolaj’s Intune App Factory (which looks very exciting)

Microsoft Content

This article and video gives an excellent overview of the zero trust model across network and infrastructure


Endpoint Analytics information has now been added to the adoption score


As mentioned above, basic authentication has now been retired in Exchange Online


New features announced for Defender for Endpoint


Including Device Health Reporting


Leave a Comment