Endpoint Manager Newsletter – 30th September 2022

Welcome to this weeks Endpoint Manager newsletter, bursting at the seams with amazing content.

Community Content

We start this week with this post from Peter van der Woude looking at Common Criteria Mode to secure your Android 11+ devices with policies now available in Device Restrictions.


Next up, Jannik Reinhard runs down the new features in the 2209 Intune Service Release. There are some excellent things coming from the Intune team so this is well worth checking out.

https://jannikreinhard.com/2022/09/25/whats-new-in-2209/


We’ve all had images fail during Autopilot, but a lot of the time Autopilot itself isn’t the actual issue (unless it’s the recent time-out failures of course). This post from Rudy Ooms looks at the actual causes of failures with links to a variety of posts on how to troubleshoot and resolve each possible scenario.


If like most of us, you are experimenting with Winget app deployments, have a look at this post from Nathan Hutchinson with a win32 app deployment method for them.

https://www.natehutchinson.co.uk/post/deploying-winget-apps-with-microsoft-endpoint-manager-and-auto-update


Bitlocker is something which should be the first thing to be enabled on any new Intune configuration, but if you want to use start-up PINs, things become a whole lot more tricky, especially during Autopilot. Fortunately Katy Nicholson has put together a list of policies and a PowerShell script to force a PIN during AutoPilot

https://katystech.blog/mem/bitlocker-with-pin


Now that Intune natively supports pkg applications for MacOS, have a read of this post from Jitesh Kumar covering the deployment of them.

https://www.anoopcnair.com/deploy-macos-lob-apps-using-intune-mem/


Some exciting news for anyone managing Linux devices, support for them is now gradually being deployed. To find out more, read this post from Anoop Nair.

https://www.anoopcnair.com/intune-support-for-linux-platform-rollout-guide/


If you are starting out with Microsoft Defender for Endpoint, this post from Tom Pearson is worth checking out to make sure you have the basics in place first.

http://configmgr-ramblings.blogspot.com/2022/09/laying-foundations-in-defender-for.html


Kiosk mode is an excellent feature across OS, if you want to learn how to configure multi-app mode kiosks, this thorough post from Somesh Pathak will run you through setting it up from scratch.

A second post from Somesh this week with some troubleshooting and solutions if you find your Android Enterprise devices are running slowly


One exciting new feature in Windows 11 22H2 is enhanced phishing protection. To find out how to enable it with Intune and the end-user experience after having done so, read this post from Shehan Perera

https://shehanperera.com/2022/09/25/win1122h2-enhanced-phishing-protection-1/


Azure AD Sign-in logs are a critical but often overlooked part of your security posture. If you want to investigate sign-in errors, or someone attempting a brute force attempt, have a look at this from Jonas Bøgvad

https://blog.skymadesimple.io/examine-the-sign-in-logs/


If you don’t have access to a VM, or want to do some quick testing of apps or scripts, the Windows Sandbox is an excellent tool. In this post Marcus Zvimba will show you how to enable and use it.

https://haydog.tech.blog/2022/09/29/windows-sandbox-once-you-boot-it-youll-not-want-to-lose-it/


If you would rather deploy the Sandbox with PowerShell, have a read of this post from Christopher Mogis

https://www.ccmtune.fr/2022/09/how-to-install-windows-sandbox-with.html


Branding is often the first thing any users or customers will notice ahead of whatever technical marvels you have implemented. This excellent guide from Simon Skotheimsvik will show you how to brand everything from the portals to every OS.

https://skotheimsvik.blogspot.com/2022/09/branding-your-tenant-and-managed.html


If you have ever considered putting sensitive information in your Intune PowerShell scripts, don’t do it! Ondrej Sebela explains why in this post.

https://doitpsway.com/is-it-safe-to-place-sensitive-information-into-intune-scripts


Next, for anyone using Android devices, have a look at Zero-touch enrollment, covered nicely here by Timmy Andersson including looking at the user experience.


OSD Cloud is an incredible way of imaging devices from bare metal ensuring the latest Windows version and drivers. This new series from Ákos Bakos looks at it from end-end, starting in this post with the basics to set it up.


If you are running a hybrid AD-AAD setup with Azure AD Connect and looking to go full-cloud only, you will need to convert your users to Cloud Managed. Follow this guide from Gannon Novak to find out how.


As a general rule, it’s always DNS, but now and again it’s also firewall rules (basically, it’s always networking). If you want to quickly check you can communicate with Microsoft services, try this useful script from Harm Veenstra


Two posts from Tobias Almen this week, starting with an update to the incredible IntuneCD tool. Tobias has now added a web front-end to it using a docker image

https://github.com/almenscorner/intunecd-monitor

If you manage MacOS devices, have a read of this post covering app deployment via Munki with a manifest tool to target both users and devices

https://almenscorner.io/munki-manifests-reboot/


Whilst technically more Endpoint Configuration Manager, this new release of the community management pack from Dujon Walsham it well wortk looking at

https://www.protectorg.com/blog/endpoint-manager-management-pack-1-0-0-1-officially-released


Managing drivers is always a pain, fortunately if you use HP devices, you can now manage them using HP Image Assistant and Proactive Remediations thanks to this post from Florian Salzmann

https://scloud.work/en/hp-driver-intune/


Another hardware related Proactive Remediation, this time from Philip Jorgensen to collect data from Lenovo devices and upload them to a Log Analytics workspace so you’ll have lots of lovely pie charts to share with management

https://blog.lenovocdrt.com/#/2022/log_analytics_device_health


My love of PowerShell is no secret (and hopefully it’s catching on!). Sometimes I need to find a command I’ve run previously, but mashing the up arrow is giving me RSI. Damien Van Robaeys has created a script which gives a way to search previous commands and quickly find what you are looking for

https://www.systanddeploy.com/2022/09/easily-find-specific-word-or-command-in.html


Now onto this weeks video content, starting with this one from Dean Ellerby exploring the exciting new Smart App Control feature in Windows 11 22H2


If you’re excited to try all of the amazing new 22H2 features, but don’t see it in Windows update yet, watch this video from John Savill to speed things along.


For those starting out with Android deployment, this video from Rajesh Kumar will walk you through the entire process.


For a good look at the new Windows 11 22H2 features, watch this video from Anoop Nair and Harjit Dhaliwal


The final community content this week is this video from Adam Gross, Steven Hosking, Ben Reader, Mike Danoski and Matt Call looking at all things Settings Catalog and ADMX Ingestion

Microsoft Content

Now for the news and announcements from Microsoft.

First up, a look at the new 11-22H2 features, specifically from an IT administrators perspective.

https://techcommunity.microsoft.com/t5/windows-it-pro-blog/what-s-new-for-it-pros-in-windows-11-version-22h2/ba-p/3631904


A look at the new FAQs for Autopatch

https://learn.microsoft.com/en-us/windows/deployment/windows-autopatch/overview/windows-autopatch-faq#can-you-change-the-policies-and-configurations-created-by-windows-autopatch


Along with the OS features, check out the new Security Baselines with 22H2

https://techcommunity.microsoft.com/t5/microsoft-security-baselines/windows-11-version-22h2-security-baseline/ba-p/3632520


For those with a co-managed environment, a look at the Autopilot process with co-management.

https://techcommunity.microsoft.com/t5/microsoft-endpoint-manager-blog/co-management-settings-windows-autopilot-with-co-management/ba-p/3638500


More details about support for Linux OS, specifically Ubuntu LTS

https://learn.microsoft.com/en-us/mem/intune/fundamentals/in-development#intune-support-for-linux-ubuntu-lts-desktops-will-be-generally-available

That’s it for this week, happy reading and have an incredible weekend.

Posted in Newsletter