Welcome to this weeks Ignite Special Endpoint Manager Intune newsletter. This week we have plenty of content, both Ignite and non-Ignite related. I have split the newsletter this week to make it easier to find the Ignite specific news
If you want to check out the sessions I attended, you can follow the link below. At the bottom of the page I have included direct links to the sessions I found most useful for Intune (plus ask the experts, but they aren’t online yet)
https://ignite.microsoft.com/attendees/08e093b7-d5df-4a3b-9bb6-05cc76f2a868
Contents
Community Content – Non Ignite
Community Content – Ignite
Microsoft Content – Non Ignite
Microsoft Content – Ignite
Microsoft Ignite Video Links
Community Content – Non Ignite
We start this week with a post from Jannik Reinhard lifting the lid on what actually happens behind the scenes when using Delivery Optimisation as well as looking at the pre-requisites and configuration.
https://jannikreinhard.com/2022/10/09/deep-dive-into-delivery-optimization/
This post from Liviu Barbat digs through the IME logs to look at the pesky retry interval on Win32 applications, well worth a read if you want to find out exactly what’s happening when you deploy applications.
https://patchtuesday.com/win32app-retry-interval/
If you need to set DNS Suffixes on your Intune managed devices, follow this guide from Alex Durrant
These days users are becoming tired of MFA prompts and clicking approve regardless of whether they are actually expecting it. Have a look at this post from Jonas Bøgvad on some options around this issue.
https://blog.skymadesimple.io/mfa-fatigue/
Ondrej Sebela has updated the IntuneStuff PowerShell module to include new functions to list all policies as well as everything a selected AzureAD group is assigned to.
https://doitpsway.com/get-all-intune-policies-using-powershell-and-graph-api
Link to the module:
https://www.powershellgallery.com/packages/IntuneStuff/1.2.7
Enrollment notifications are a new feature in Intune, follow this guide from Christopher Mogis to find out how to configure and enable them.
https://www.ccmtune.fr/2022/10/how-to-configure-enrollment.html
A second post this week as well showing how to get a W365 machine for development and testing
https://www.ccmtune.fr/2022/10/how-to-create-windows-365-demo-tenant.html
If you are worried about Adversay-in-the-middle attacks on your estate, have a look at these instructions from Moe Kinani to protect yourself using conditional access.
https://cloudbymoe.com/f/aitm-phishing-attack-and-the-steal-cookie-nightmare
Mikael Karlsson has released a new version of the excellent Intune Management tools. If you haven’t used them before, I highly recommend checking them out!
https://github.com/Micke-K/IntuneManagement/blob/master/ReleaseNotes.md
Another look at Enrollment Notifications, this time from Arno van Dijk
If you worry about machines being left unlocked and at risk, dynamic lock is an excellent solution as it locks and unlocks automatically based on a bluetooth connected device. To force your users to enable and use dynamic lock, have a look at this Custom Compliance policy from Joey Verlinden
https://www.joeyverlinden.com/require-dynamic-lock-with-custom-compliance-policy/
For those looking at Windows 365 machines, licensing can be difficult to understand. This post from Ola Ström looks at the different licenses available.
https://www.olastrom.com/2022/cloud-pc-licensing-and-where-to-start
Bitlocker is an amazing feature, but when it goes wrong, it can be a nightmare to resolve with many moving parts to consider. This script from Gannon Novak resolves an issue where Hybrid AD Joined machines aren’t uploading recovery keys.
When grabbing device information via PowerShell, you can use WMI or CIM, but which should you use? Read this post from Mike Kanakos
https://www.commandline.ninja/get-ciminstance-vs-get-wmiobject/
An exciting new feature in Outlook (especially if you don’t have something like CodeTwo in place). Outlook signatures are now sychronised to the cloud, no more complaints when devices are rebuilt! It is even cross-platform. Find out more in this post from Florian Salzmann
https://scloud.work/en/synchronize-outlook-signatures/
Three posts now from Aresh Sarkari, the first one looks at using PowerShell to create a provisioning policy for a Windows 365 machine
The second post uses PowerShell to assign an Azure AD group to the policy created earlier
The third post looks at using PowerShell to unassign or delete Windows 365 Provisioning Policies
Another thorough deep-dive from Rudy Ooms, this time delving into the murky waters of the Intune Device Certificate, how it works, how it renews and what happens if it lapses.
Microsoft Docs (or now Microsoft Learn) are constantly being updated and it can be difficult to keep track. This post from Jan Bakker shows how to use a logic app to alert when the Github Repos powering the docs are updated.
Sometimes you have required apps which need to be installed quickly, but post ESP, especially when looking at the likes of a Bitlocker PIN. Follow this guide from Oliver Kieselbach on how to do so using a Requirements script
https://oliverkieselbach.com/2022/10/14/post-esp-intune-win32-apps-installations/
To learn everything build related, numbers, how to find them, servicing dates etc. have a read of this post from Prajwal Desai
A second post from Prajwal demonstrating how to enable Dark Mode in the Intune Portal
Part 3 of the excellent series on OSD Cloud from Ákos Bakos has been released. This looks at Zero Touch Deployment as well as using GitHub to run scripts during imaging.
For all things BYOD, have a look at this comprehensive guide from Somesh Pathak looking at Zero Trust, Conditional Access and Application Protection amongst other things.
For a look at Conditional Access authentication strength, have a look at this post from Fabian Bader
https://cloudbrothers.info/en/conditional-access-authentication-strength/
Now onto this weeks video content, starting with this from Dean Ellerby showing how to configure your own Intune lab using Hyper-V in only 20 minutes!
This video/AMA from Johan Arwidmark and Andrew Johnson looking at a variety of excellent community tools for managing Intune devices and the environment as a whole
https://www.youtube.com/watch?v=mL0YZPw8a8U
The latest Intune Training video is here featuring Matt Call, Adam Gross, Steven Hosking, Ben Reader and Mike Danoski looking at all things endpoint security
Community Content – Ignite
Dean Ellerby has been at Ignite Seattle and has an article on what it has been like in person
Plus day two
Dominiek Verham has been quick off the mark with a look at the Windows 365 app including some very useful screenshots
Ola Ström was also lucky enough to attend in person and has shared a post on the key announcements:
Microsoft Content – Non-Ignite
These are pre-Ignite announcements:
A look at application compatibility and test base for Windows 11
Windows 11 22H2 Update Fundamentals
I would strongly recommend signing up for Microsoft Technical Take-Off for everything Intune
Microsoft Content – Ignite
Book of news:
https://news.microsoft.com/ignite-2022-book-of-news/
New Intune product family and branding
New Intune advanced plan including remote help, priv management and app deployment
Service-Now Integration
Windows Hello for Business Cloud Trust now in GA
Support to deliver custom notifications direct to Windows 11 machines
Autopatch Updates
Expediting Updates
Windows Update for Business Reports
Windows 365 System Based Alerts
Windows 365 Connectivity History Checks
Windows 365 App Public Preview
Windows Push Notifications
What’s new in Windows 365
Edge updates including the new workspaces
https://blogs.windows.com/msedgedev/2022/10/12/ignite-2022-innovations-updates-microsoft-edge/
New Microsoft Teams announcements (not strictly Intune, but I’m sure we all use it daily)
What’s new for Microsoft 365 Admins
New AAD Integrations
Updates to Outlook for Android and iOS
Android Front Line Worker updates
MacOS Software Updates
Windows LAPS for AAD Devices
https://learn.microsoft.com/en-us/windows-server/identity/laps/laps-overview
Android Management Solutions
A video with Steve Dispensa looking at some of the Intune announcements
Videos I’d recommend watching
Protect everything, everyone, everywhere with comprehensive security
https://ignite.microsoft.com/en-US/sessions/17bbd01d-4e26-4e2e-9eec-3a060b477eda?source=/schedule
Re-energize your workforce in the office, at home, and everywhere in between
https://ignite.microsoft.com/en-US/sessions/9090c839-cf8f-4462-9650-72a3ace65d44?source=/schedule
Windows: Building what matters most for your business
https://ignite.microsoft.com/en-US/sessions/76c947d1-f82f-432c-a426-223721ef72d7?source=/schedule
Secure your workforce with Windows + Intune
https://ignite.microsoft.com/en-US/sessions/2c334d3c-0886-4b98-8f02-ee0c8e4691d3?source=/schedule
Strengthen security and cut costs with an endpoint management you can count on
https://ignite.microsoft.com/en-US/sessions/b31d97b4-90c0-428f-80c5-e76402f02ce1?source=/schedule
Empower frontline workers with Microsoft Endpoint Manager
https://ignite.microsoft.com/en-US/sessions/ea11e64f-34ad-4efc-95d5-bf370b97be51?source=sessions
Security best practices for managing across platforms with Endpoint Manager
https://ignite.microsoft.com/en-US/sessions/1c90dbc9-1716-4d6f-995c-b7665719325a?source=sessions
Unify Apple device management into Endpoint Manager
https://ignite.microsoft.com/en-US/sessions/e2e4e73a-cb67-4adb-b921-1aec9ebbad52?source=sessions
Microsoft makes endpoint management and protection easy – when it’s consolidated across platforms in the cloud
https://ignite.microsoft.com/en-US/sessions/eb6f3981-d879-471b-828d-a79e98702ec4?source=sessions
Ask the Experts Sessions
https://ignite.microsoft.com/en-US/sessions/31780fe3-0ce9-4c69-a1a4-20dcaeb3a9d0?source=/schedule
https://ignite.microsoft.com/en-US/sessions/7a941fba-db13-4691-aa70-c5adcc41dbbc?source=sessions
https://ignite.microsoft.com/en-US/sessions/a120211d-8dcb-4394-95fb-c8e73259223f?source=sessions
And that’s everything I think, it’s a long read, but hopefully worth it!
Thanks to everyone in the Intune community and a massive thanks to everyone from Microsoft, it’s been a long few days (especially with the time differences), but totally worth it!