Welcome to this weeks Endpoint Manager Newsletter (and for those of you lucky enough to get to the Workplace Ninja summit, welcome back!)
Community Content
We start this week with a post from Harm Veenstra with a clever script to read Intune Management Extension logs using the gridview output in PowerShell. Very useful if you want to do some quick troubleshooting on a machine without wanting to install a log viewing tool.
If you have ever deployed a shared device, you will notice that out of the box, the Onedrive client is disabled which is useful for any web only machines, but there are times where you will need the users to be able to access Onedrive. Fortunately Joost Gelijsteen has put together a guide to re-enable it using Settings Catalog.
Winget and Proactive Remediations work extremely well together as you can see in this post from Florian Salzmann demonstrating how to use Proactive Remediations to update your Winget apps. I’m especially looking forward to this functionality being added to Florian’s amazing Intune Win32 Deployer application!
https://scloud.work/en/winget-updates-proactive-remediations/
If you want to build a VM running Windows 11 ARM, have a read of this from Michael Niehaus
https://oofhours.com/2022/09/14/want-your-own-windows-11-21h2-arm64-isos/
If you are looking at CIS compliance, this post from Martin Bengtsson will show you how to configure Firewall logging using Powershell and Intune
We now have two posts from Damien Van Robaeys. This first shows how to create a link to automatically run an application from Company Portal without needing to click the Install button
https://www.systanddeploy.com/2022/09/run-application-from-company-portal.html
The second post uses the excellent ServiceUI.exe to demonstrate how to interact with the user environment when running an application in the system context.
https://www.systanddeploy.com/2022/09/displaying-user-dialog-to-user-through.html
If you’ve ever wondered what is happening when pre-provisioning a device, have a read of this deep dive from Rudy Ooms…
If you haven’t configured Credential Guard for your machines (and are licensed to use it, sorry Business Premium users), check out this guide from Christopher Mogis
https://www.ccmtune.fr/2022/09/how-to-configure-credential-guard-with.html
We also have two posts from Anoop Nair this week, starting with some excellent information on all of the different portals available for end users to manage their devices and accounts. Well worth checking out and including in any instructions or documentation provided to users.
https://www.anoopcnair.com/10-end-user-portals-from-intune-azure-ad-m365/
Anoop’s second post looks at the deployment schedule to the different AutoPatch rings and when to expect an update to install.
https://www.anoopcnair.com/windows-autopatch-deployment-schedule-quality/
Have you ever wondered what happens to applications in company portal after you’ve been added to the uninstall group? Have a read of this article from Jitesh Kumar to find out.
https://www.anoopcnair.com/uninstall-application-using-intune-win32app-mem/
It seems it’s a week for double posts, this time from RenĂ© Laas. The first shows how to use the Graph API to find the noncompliance actions against a compliance policy.
https://endpointcave.com/get-actions-for-noncompliance-via-graph-api/
If you want to create groups for update rings which dynamic policies and balanced users, these detailed instructions will show you how to do so using Logic Apps
https://endpointcave.com/create-dynamic-groups-with-an-increasing-number-of-users/
If you need a response from users quickly, but to record the results, email is often not the best option. Have a look at this clever use of Proactive Remediations and Log Analytics from Jannik Reinhard to quickly interact with users, without giving them any option.
If you’d rather spend your days doing more productive things than browsing Intune logs (Doom, anyone?), then have a read of this from Peter Klapwijk and let Logic Apps do the work for you and output it nicely into a Teams channel.
https://www.linkedin.com/pulse/how-monitor-your-microsoft-intune-tenant-logic-apps-peter-klapwijk/
Apple Certificates are one thing you should be monitoring and renewing before expiry. If you haven’t renewed the MDM certificate before, have a look at this guide from Marcus Zvimba
If you ever find yourself in the unfortunate situation where you have lost admin access to your Azure tenant, you’ll be glad you read this post from Joey Verlinden on how to re-gain access.
https://www.joeyverlinden.com/what-happens-if-you-lock-out-your-azure-tenant/
Settings Catalog is an incredible addition to Intune, but from a PowerShell and Graph perspective, it’s a bit more tricky to deal with. In this post, Sander Rozemuller shows how to use your current policies as a template to use with Graph.
https://www.rozemuller.com/deploy-intune-settings-catalog-automated-from-scratch-with-graph-api/
Another double-bill, this time from Somesh Pathak, the first one looking at using the Intune MAM Packager tool to wrap iOS apps to enable MAM protection of the applications and data
https://intuneirl.se/home/f/wrap-me-up
Somesh’s second post looks at enrolling iOS 16 devices into Intune using Modern Authentication and the Setup Assistant rather than Company Portal
https://intuneirl.se/home/f/move-to-setup-assistant-with-modern-authentication-with-ios16
If you have never configured the Apple connector within Intune before, follow this post from John Gruber and you’ll have it setup in no time at all.
https://www.gitbit.org/course/ms-500/learn/Setting-up-Apple–iOS-devices-in-Intune-MAjW0a2_p
Version 8.0 of the excellent Windows Update Compliance Dashboard from Maurice Daly, Jan Ketil Skanke and Sandy Zeng has been released with a load of new features added. If you want a compliance dashboard for your Intune joined devices, this is what you need!
For those starting out with Microsoft Graph, it’s incredible! Have a read of this excellent guide from Ben Whitmore to send you well on your way!
https://patchtuesday.com/getting-started-with-microsoft-graph-and-win32apps/
Whilst not released this week, if you are having Autopilot issues currently with a “Something Went Wrong” error message, check out these two posts from Rudy Ooms and Michael Niehaus
https://oofhours.com/2020/11/03/something-went-wrong-with-oobeaadv10/
The first of this weeks video content comes from Jakub Piesik with an excellent overview of Windows 365
The last of this weeks community content. If you have been deploying and using Key Trust for SSO with WHfB, have a watch of this video from Steven Hosking and Adam Gross to see how much better Hybrid Cloud Trust is, both for deployment and from an end user perspective.
Microsoft Content
Now onto the Microsoft announcements from the last week
This post and video looks at how you can use Intune to manage frontline user devices better
With the announcement of iOS 16 and MacOS 13, Zero Day Support is available for both
A new PowerShell module has been released to make creating custom Compliance Policies a lot easier
That’s it for this newsletter, but there will be plenty more content to come this time next week!
