Endpoint Manager Newsletter – 9th September 2022

Welcome to this weeks bumper newsletter, crammed full of amazing content from the MEM community. Put your feet up, grab your favourite drink and read on…

Community Content

We start this week with this post from Sandy Zeng looking at the different ways to configure and deploy WHfB and the differences between them.


I’m sure we all now have update rings for Windows (and Office), possibly even using AutoPatch, but how are you handling Edge? This post from Joost Gelijsteen will show you how to configure update rings for Edge as well.


Applocker is an excellent tool, especially when meeting security requirements, but it’s one of the most tricky to deploy using Intune. Fortunately u/CloudInfra_net has released this excellent guide!

https://cloudinfra.net/how-to-implement-applocker-using-intune/


If you are auto-enrolling your machines via GPO or SCCM, have a look at this PowerShell function from Ondrej Sebela to solve any issues on machines during enrollment.

https://doitpsway.com/fixing-windows-clients-intune-automatic-enrollment-issues-using-powershell


If you want to move to passwordless authentication (and why wouldn’t you!), read this post from Jannik Reinhard to find out how to enable it on your tenancy

https://jannikreinhard.com/2022/09/04/how-to-activate-the-new-options-for-passwordless-authentication/


With basic authentication now deprecated in Exchange Online, you should consider disabling it across other Microsoft services as well. Here Jonas Bøgvad explains why and more importantly, how to do so.

https://blog.skymadesimple.io/basic-authentication-is-now-the-past-in-exchange-online/

A second post this week from Jonas, this one explaining what the Primary Refresh Token is on AAD joined machines

https://blog.skymadesimple.io/what-is-a-primary-refresh-token/


There are a selection of options to reset your device into OOBE, all of which are nicely covered here by Christopher Mogis

https://www.ccmtune.fr/2022/09/how-to-reset-computer-in-oobe-mode.html


This weeks ‘deep dive with Rudy Ooms‘ looks at what might be causing sync issues, or devices disappearing from Intune altogether (hint: certificates)


Should you still be dealing with on-prem file shares, you have my sympathy. Fortunately the new ADMX import does make it easier to map drives as explained here by Shehan Perera

https://shehanperera.com/2022/09/03/import-admx-1/

Shehan’s second post looks at the relationship between Intune and Defender for Endpoint and what you can configure in each portal to have them play nicely

https://shehanperera.com/2022/09/09/mem-mde-1/


For anyone using the Intune certificate connector, make sure you upgrade from 6.2101.13.0 to retain functionality. Following this excellent guide from Somesh Pathak will help you

https://intuneirl.se/home/f/time-to-upgrade-certificate-connector


Proactive Remediations are great, but what happens if you lose the source code? Grab this script from Oliver Kieselbach and get them all back again

https://oliverkieselbach.com/2022/09/07/get-back-your-intune-proactive-remediation-scripts/

Similarly, Oliver’s second post/script shows how to retrieve your custom detection and requirement scripts

https://oliverkieselbach.com/2022/09/08/get-back-your-intune-win32-app-requirement-and-detection-scripts/


If you haven’t tried a Dev Box yet, have a look at this thorough guide from Peter van der Woude


Another Dev Box guide, this one from Ola Ström which shows how to set one up and the user experience when running one.


If you have yet to setup Autopatch, have a read of this guide from Nicolas Bonnet to get you started.

https://inyourcloud.fr/configure-autopatch/


This post from Jitesh Kumar demonstrates how to manually add and remove devices from Azure AD and Intune

https://www.anoopcnair.com/remove-windows-device-from-azure-ad-join-intune/


This is one I’ve been following with interest over on Twitter, Johan Arwidmark has been experimenting with uploading large files to Intune and the best way to do so.


The Windows Defender security report often has excellent recommendations for securing your device estate, but it’s another portal to log into and check. If, like me, you would rather spend that time doing something more productive, follow this post from Peter Klapwijk and get the report sent straight to you.


Proactive Remediations are probably still my best feature within Intune, but as well as being hidden, they can be difficult to pick up. This post from Niels Kok has you covered so now there are no excuses for not using them


If there are multiple admins in your Intune environment, you might want to keep track of anyone making changes (especially if something goes wrong and you need to revert). Mattias Melkersen Kalvåg shows you how to do so in this post using either Logic Apps or Power Automate


Now onto this weeks video content starting with this one from Andy Jones looking at the updates to Android Zero Touch enrollment


This video from Harvansh Singh demonstrates how to configure Disk Encryption via Microsoft Defender for Endpoint


The final community content this week is this video from Mattias Melkersen Kalvåg and Nickolaj Anderson looking at Nickolaj’s Intune App Factory (which looks very exciting)

Microsoft Content

This article and video gives an excellent overview of the zero trust model across network and infrastructure

https://techcommunity.microsoft.com/t5/microsoft-mechanics-blog/zero-trust-for-network-amp-infrastructure-essentials-series/ba-p/2524070#M57

Endpoint Analytics information has now been added to the adoption score

https://docs.microsoft.com/en-us/mem/analytics/adoption-score

As mentioned above, basic authentication has now been retired in Exchange Online

https://www.microsoft.com/en-us/microsoft-365/blog/2022/09/01/microsoft-retires-basic-authentication-in-exchange-online/

New features announced for Defender for Endpoint

https://techcommunity.microsoft.com/t5/microsoft-defender-for-endpoint/new-features-available-for-mtd-microsoft-defender-for-endpoint/ba-p/3611529

Including Device Health Reporting

https://techcommunity.microsoft.com/t5/microsoft-defender-for-endpoint/new-device-health-reporting-for-microsoft-defender-for-endpoint/ba-p/3589287

Posted in Newsletter