Endpoint Manager Newsletter – 23rd September 2022

Welcome to this weeks newsletter with a plethora of incredible content for you to peruse at your leisure

Community Content

We start this week with an excellent run-through and script from Ben Reader to create a managed identity, assign permissions and then use it to authenticate against Graph

https://powers-hell.com/2022/09/12/authenticate-to-graph-in-azure-functions-with-managed-identites/


This post from Niklas Tinner lists the various errors you may see in Intune and Autopilot and what they mean. It also gives details on how to troubleshoot as well as some of the monitoring tools available. Well worth a look when dealing with any Autopilot issues.

https://oceanleaf.ch/autopilot-troubleshooting-v2/


David Just has released a set of tools for Intune which seem incredibly useful, forcing app assignments to reprocess for a failed install seems particularly useful (especially with the extra GRS key that now needs removing)

https://github.com/djust270/IntuneEndpointTools


With the release of Windows 11 22H2 (more in the Microsoft content below), Joey Verlinden shows how to deploy it via Feature Updates in Intune but targeting a dynamic group to select only Windows 11 devices.

https://www.joeyverlinden.com/upgrade-to-windows-11-22h2/


If you want to configure nested virtualisation (useful for spinning up VMs on an AVD machine), have a look at this guide from Christopher Mogis

https://www.ccmtune.fr/2022/09/hyper-v-nested-virtualization.html


If you need to quickly reference an Intune error code, check how to troubleshoot and resolve it, look no further than this excellent post from Mattias Melkersen Kalvåg. Not only does it list the errors, but how to spot them in the logs and then how to resolve.


If you manage Surface Duo 2 devices, this post from Lothar Zeitler will show you how to use the OEMConfig application to configure and manage them.


For those of you with Lenovo laptops and desktops, have a look at the Lenovo WMI Bios Settings in this guide (thanks to Philip Jorgensen for sharing)

https://docs.lenovocdrt.com/#/bios/wmi/wmi_guide


If you are finding your devices hanging on identifying apps, this post from Rudy Ooms will show you where to start with the troubleshooting and narrowing down the issue.


The Intune Management Extension is a key service for Intune managed devices. If you have ever wondered what the IME Healthcheck does, Jannik Reinhard has you covered with this deep-dive.

https://jannikreinhard.com/2022/09/18/deep-dive-into-the-ime-health-check/


If you’re just starting to look at Winget, have a read of this post from Devraj Mukherjee to see how it works and the commands to manage application installs using it.

https://www.myintunespace.com/forum/software-distribution/windows-package-manager-winget-with-intune


Michael Niehaus has discovered a way of manipulating the OOBE flow to prompt for time zone (or pretty much anything else depending on your html and javascript skills). Find out how in this post.

https://oofhours.com/2022/09/16/prompt-for-time-zone-and-maybe-other-stuff-during-autopilot/


If you ever want to quickly check the app install status, grab this PowerShell module from Ondrej Sebela

https://doitpsway.com/getting-intune-win32app-details-from-the-clients-intune-log-and-registry


Sometimes you’ll find yourself in a position where you need to re-install an OS from scratch (hardware replacement, hybrid to AAD etc.). This post from Hauke Götze will show you how to create a custom Windows ISO with the Autopilot JSON pre-added

https://www.linkedin.com/pulse/reinstall-domain-joined-clients-autopilot-devices-without-hauke-g%C3%B6tze/


This post from Shehan Perera gives an excellent look at Security Baselines, how to set them up to avoid conflict, reporting and more.

https://shehanperera.com/2022/09/22/mem-security-baseline-1/


We all deploy M365 apps as part of Intune, but the question is, should you use the in-built M365 apps, or package as Win32? Read this post from Ru Campbell to look at why Win32 is the better option.


With iOS 16 now released, Somesh Pathak has looked at the new features available from an Enterprise view

https://intuneirl.se/home/f/hands-on-with-ios-16—the-best-features-for-enterprises


After the release of Windows 11 22H2 and Windows 10 22H2, what does this mean to your current estate and how best to update. Read this from Michael Niehaus to find out more

https://www.linkedin.com/in/mniehaus/


Similarly, a new OS version almost always means new appx packages (and often bloat). Have a read of this from Mattias Benninge to see what has been added:


The first screenshots of the Microsoft Store Repository have now been shared as the successor to the store for business and integration of Winget package manager. Anoop Nair has looked at this further in this post

https://www.anoopcnair.com/intune-microsoft-store-repository-integration/


Now onto this weeks video content, starting with this from Jakub Piesik covering Universal Print and how to deploy via Intune


For anyone starting out with Intune, this excellent video from Justin Chalfant will show you how to configure a tenant from scratch.


I personally thing that understanding PowerShell and MS Graph are critical to managing and configuring Intune. This video from Jóhannes Geir Kristjansson, Jake Shackelford and Sean Bulger gives a great starting point.


Microsoft Content

Now onto the Microsoft announcements from this week

With IE now end-of-life, you can now set it to be disabled with this new policy

https://techcommunity.microsoft.com/t5/windows-it-pro-blog/control-ie-retirement-on-your-own-schedule-with-the-disable-ie/ba-p/3627725


As mentioned earlier, Windows 11 22H2 is now available. It is worth noting that it’s not an enablement package but a full update (which can take up to 30 minutes to install)

https://blogs.windows.com/windowsexperience/2022/09/20/available-today-the-windows-11-2022-update/


The new look Microsoft Learn is now out (and also the home to documentation)

https://techcommunity.microsoft.com/t5/microsoft-learn-blog/build-skills-that-open-doors-with-microsoft-learn/ba-p/3614011


Defender for Endpoint is now available on Android devices (company owned, personally enabled)

https://techcommunity.microsoft.com/t5/microsoft-defender-for-endpoint/microsoft-defender-for-endpoint-is-now-available-on-android/ba-p/3626100?emcs_t=S2h8ZW1haWx8Ym9hcmRfc3Vic2NyaXB0aW9ufEw4OFdCTzFEUjgzNlUzfDM2MjYxMDB8U1VCU0NSSVBUSU9OU3xoSw

Some exciting new additions to Intune, well worth checking out

https://learn.microsoft.com/en-us/mem/intune/fundamentals/whats-new#week-of-september-19-2022-service-release-2209


That’s it for this week, have an excellent weekend!

Posted in Newsletter