Welcome to this weeks Endpoint Manager newsletter, bursting at the seams with amazing content.
Community Content
We start this week with this post from Peter van der Woude looking at Common Criteria Mode to secure your Android 11+ devices with policies now available in Device Restrictions.
Next up, Jannik Reinhard runs down the new features in the 2209 Intune Service Release. There are some excellent things coming from the Intune team so this is well worth checking out.
https://jannikreinhard.com/2022/09/25/whats-new-in-2209/
We’ve all had images fail during Autopilot, but a lot of the time Autopilot itself isn’t the actual issue (unless it’s the recent time-out failures of course). This post from Rudy Ooms looks at the actual causes of failures with links to a variety of posts on how to troubleshoot and resolve each possible scenario.
If like most of us, you are experimenting with Winget app deployments, have a look at this post from Nathan Hutchinson with a win32 app deployment method for them.
Bitlocker is something which should be the first thing to be enabled on any new Intune configuration, but if you want to use start-up PINs, things become a whole lot more tricky, especially during Autopilot. Fortunately Katy Nicholson has put together a list of policies and a PowerShell script to force a PIN during AutoPilot
https://katystech.blog/mem/bitlocker-with-pin
Now that Intune natively supports pkg applications for MacOS, have a read of this post from Jitesh Kumar covering the deployment of them.
https://www.anoopcnair.com/deploy-macos-lob-apps-using-intune-mem/
Some exciting news for anyone managing Linux devices, support for them is now gradually being deployed. To find out more, read this post from Anoop Nair.
https://www.anoopcnair.com/intune-support-for-linux-platform-rollout-guide/
If you are starting out with Microsoft Defender for Endpoint, this post from Tom Pearson is worth checking out to make sure you have the basics in place first.
http://configmgr-ramblings.blogspot.com/2022/09/laying-foundations-in-defender-for.html
Kiosk mode is an excellent feature across OS, if you want to learn how to configure multi-app mode kiosks, this thorough post from Somesh Pathak will run you through setting it up from scratch.
A second post from Somesh this week with some troubleshooting and solutions if you find your Android Enterprise devices are running slowly
One exciting new feature in Windows 11 22H2 is enhanced phishing protection. To find out how to enable it with Intune and the end-user experience after having done so, read this post from Shehan Perera
https://shehanperera.com/2022/09/25/win1122h2-enhanced-phishing-protection-1/
Azure AD Sign-in logs are a critical but often overlooked part of your security posture. If you want to investigate sign-in errors, or someone attempting a brute force attempt, have a look at this from Jonas Bøgvad
https://blog.skymadesimple.io/examine-the-sign-in-logs/
If you don’t have access to a VM, or want to do some quick testing of apps or scripts, the Windows Sandbox is an excellent tool. In this post Marcus Zvimba will show you how to enable and use it.
https://haydog.tech.blog/2022/09/29/windows-sandbox-once-you-boot-it-youll-not-want-to-lose-it/
If you would rather deploy the Sandbox with PowerShell, have a read of this post from Christopher Mogis
https://www.ccmtune.fr/2022/09/how-to-install-windows-sandbox-with.html
Branding is often the first thing any users or customers will notice ahead of whatever technical marvels you have implemented. This excellent guide from Simon Skotheimsvik will show you how to brand everything from the portals to every OS.
https://skotheimsvik.blogspot.com/2022/09/branding-your-tenant-and-managed.html
If you have ever considered putting sensitive information in your Intune PowerShell scripts, don’t do it! Ondrej Sebela explains why in this post.
https://doitpsway.com/is-it-safe-to-place-sensitive-information-into-intune-scripts
Next, for anyone using Android devices, have a look at Zero-touch enrollment, covered nicely here by Timmy Andersson including looking at the user experience.
OSD Cloud is an incredible way of imaging devices from bare metal ensuring the latest Windows version and drivers. This new series from Ákos Bakos looks at it from end-end, starting in this post with the basics to set it up.
If you are running a hybrid AD-AAD setup with Azure AD Connect and looking to go full-cloud only, you will need to convert your users to Cloud Managed. Follow this guide from Gannon Novak to find out how.
As a general rule, it’s always DNS, but now and again it’s also firewall rules (basically, it’s always networking). If you want to quickly check you can communicate with Microsoft services, try this useful script from Harm Veenstra
Two posts from Tobias Almen this week, starting with an update to the incredible IntuneCD tool. Tobias has now added a web front-end to it using a docker image
https://github.com/almenscorner/intunecd-monitor
If you manage MacOS devices, have a read of this post covering app deployment via Munki with a manifest tool to target both users and devices
https://almenscorner.io/munki-manifests-reboot/
Whilst technically more Endpoint Configuration Manager, this new release of the community management pack from Dujon Walsham it well wortk looking at
https://www.protectorg.com/blog/endpoint-manager-management-pack-1-0-0-1-officially-released
Managing drivers is always a pain, fortunately if you use HP devices, you can now manage them using HP Image Assistant and Proactive Remediations thanks to this post from Florian Salzmann
https://scloud.work/en/hp-driver-intune/
Another hardware related Proactive Remediation, this time from Philip Jorgensen to collect data from Lenovo devices and upload them to a Log Analytics workspace so you’ll have lots of lovely pie charts to share with management
https://blog.lenovocdrt.com/#/2022/log_analytics_device_health
My love of PowerShell is no secret (and hopefully it’s catching on!). Sometimes I need to find a command I’ve run previously, but mashing the up arrow is giving me RSI. Damien Van Robaeys has created a script which gives a way to search previous commands and quickly find what you are looking for
https://www.systanddeploy.com/2022/09/easily-find-specific-word-or-command-in.html
Now onto this weeks video content, starting with this one from Dean Ellerby exploring the exciting new Smart App Control feature in Windows 11 22H2
If you’re excited to try all of the amazing new 22H2 features, but don’t see it in Windows update yet, watch this video from John Savill to speed things along.
For those starting out with Android deployment, this video from Rajesh Kumar will walk you through the entire process.
For a good look at the new Windows 11 22H2 features, watch this video from Anoop Nair and Harjit Dhaliwal
The final community content this week is this video from Adam Gross, Steven Hosking, Ben Reader, Mike Danoski and Matt Call looking at all things Settings Catalog and ADMX Ingestion
Microsoft Content
Now for the news and announcements from Microsoft.
First up, a look at the new 11-22H2 features, specifically from an IT administrators perspective.
A look at the new FAQs for Autopatch
Along with the OS features, check out the new Security Baselines with 22H2
For those with a co-managed environment, a look at the Autopilot process with co-management.
More details about support for Linux OS, specifically Ubuntu LTS
That’s it for this week, happy reading and have an incredible weekend.