Intune Newsletter – 28th October 2022

Welcome to this weeks Intune Newsletter jam packed with incredible content.

Before I start, a special thanks to everyone at Microsoft involved in the Technical Takeoff and if you missed any of the videos you can find them here or on YouTube

Community Content

This weeks first post comes from Jannik Reinhard showing how to use an Azure DevOps Pipeline to move Intune items between tenants

https://jannikreinhard.com/2022/10/23/intune-devops-tools-move-objects-from-dev-to-prod-tenant/


In this post, Courtenay Bernier has developed a PowerApp to quickly look at groups assigned to Intune policies and applications as well as listing members of the groups!

https://uem4all.com/2022/10/20/microsoft-intune-centralized-view-of-aad-groups-and-group-members-assigned-to-policies-and-applications/


Next, Christopher Mogis shows how to use Settings Catalog policies to configure Windows Power Options.

https://www.ccmtune.fr/2022/10/how-to-configure-windows-client-power.html?m=1


Microsoft have recently published guidelines for securing cloud machines. To find out more about the guidelines and what they contain, have a look at this post from Dominiek Verham


If you have been experimenting with ADMX importing within Intune, you will no doubt have come across some errors. Rudy Ooms has put together this post looking at some of these errors and digging into what’s causing them. Well worth checking out to get an idea of what’s happening behind the scenes.


Andy Jones has released version 2 of the excellent Intune Quicklinks (Autopilot version), a great reference point whether you are starting out, or using Intune daily.

https://move2modern.weebly.com/blog-posts/intune-quick-links-iql-version-2


With everyone moving towards soft phones, you may find yourself needing to enrol Teams phones into Intune and potentially hitting issues if you have personal devices blocked. Follow this guide from Jeroen Burgerhout to find out how to resolve these issues using Corporate Device Identifiers

https://www.burgerhout.org/how-to-add-teams-phones-in-to-intune/


Jan Ketil Skanke has put together a very useful script to deploy M365 apps using Win32, but grabbing the files directly during install to make sure that every new installation is using the latest versions without having to constantly update the app.


Windows 365 Cloud Machines are designed for quickly spinning up machines and then destroying them when no longer required, but this can clutter up Azure AD. This script from Morten Pedholt will clean them up for you.


Microsoft Security, Identity and Compliance is always updating and it can seem a struggle to keep up with everything (I know I struggle). Matt Soseman has some tips, tricks and key people to follow on social media to keep you updated in this post. Recommended reading!

https://mattsoseman.wordpress.com/2021/06/19/how-i-keep-up-with-microsoft-sci-product-features-and-news/?preview_id=32012&preview_nonce=c5a6a6f527&preview=true


Microsoft have added some Azure services to Intune so you may need to unblock some additional ports on your firewall. Fortunately Benoit HAMET has them listed here

https://blog.hametbenoit.info/2022/10/24/intune-updates-for-intune-network-endpoints/#.Y1bJn0zMJqY


I’m a big fan of MSIX packaging and App Attach, but it can be tricky to troubleshoot if you have a large AVD estate. Ryan Mangan has built a tool here with a log analytics workspace to quickly diagnose and troubleshoot any errors you may be experiencing.

https://ryanmangansitblog.com/2022/10/06/enterprise-msix-app-attach-troubleshooting-made-easy/


We have part 5 of the incredible series on OSD cloud from Ákos Bakos, this week looking at Azure integration and using Azure Storage to deploy custom images.

https://akosbakos.ch/osdcloud-5-azure-integration/


One of the new premium features announced at Ignite is Privilege Management Support. Jitesh Kumar has looked at it further in this post.

https://www.anoopcnair.com/intune-endpoint-privilege-management-support/

A second post from Jitesh, this one covering how to deploy Dell Support Assist via Intune

https://www.anoopcnair.com/deploy-dell-supportassist-using-intune/


Another Ignite announcement is the exciting new Windows 365 app which Ola Ström has tested and reviewed here.

https://www.olastrom.com/2022/the-windows-365-app


Two posts now from Shehan Perera, the first showing how to use KQL queries to interrogate Intune audit logs with some included examples.

https://shehanperera.com/2022/10/23/intuneauditlogs-1/

The second post looks at the new additions to the authenticator app to avoid MFA fatigue.

https://shehanperera.com/2022/10/26/ms-authenticator-improvements-1/


Sometimes you may find a user has over-requested a cloud PC spec, or equally as likely, are complaining it’s too slow. This post from Niall Brady will show you how to look at the utilisation of a W365 machine and resize as required.

https://www.windows-noob.com/forums/topic/23121-how-can-i-resize-a-windows-365-cloud-pc/


Part 6 of the Log Analytics series from Damien Van Robaeys, this post looks at creating a lab from a CSV with dummy data to start using the knowledge from the previous posts.

https://www.systanddeploy.com/2022/10/starting-with-log-analytics-part-6.html


Azure AD now has cross tenant access to take the headache out of multi-tenancy companies (or MSPs). Moe Kinani runs through how to set this up and what it looks like from the user side

https://cloudbymoe.com/f/mutual-trust-and-the-azure-ad-cross-tenants-access


If you are using Logic Apps, you will be aware that for most connectors you often need to login which is awkward if the person who set it up leaves the business. This post from Mattias Melkersen shows how to set up your Logic Apps to be user-independant.


A couple of new posts from Somesh Pathak looking at all things Apple. The first is a reminder that if you use Apple Business Manager you will need to accept the new terms to enrol new devices or add any new apps

Somesh has also posted part 3 of the series covering macOS management using Intune, this one looking at Compliance Policies, System Preferences and Device Restrictions


There are an incredible number of API permissions in Microsoft Graph, if you want to quickly view them all, have a look at this script from Niels Kok


Next, Thomas Marcussen looks at the new premium suite for Intune announced at Ignite and the new features included in it.


Now for multiple posts from Prajwal Desai, starting with a list of what has been added and updated on the latest Intune versions

This second post is a thorough guide on enrolling and managing Linux devices using Intune

Now you’ve enrolled your Linux device, you’ll need a compliance policy, this post covers that aspect for you


As much as we like to avoid it, there are times where users need local admin, hopefully just IT staff! To manage group memberships using Intune, have a read of this guide from Robin Hobo


If you have an on-prem CA, often for wireless authentication, you’ve probably heard of NDES and SCEP. For a thorough explaination of what they are and what they do, check out this post from Niklas Tinner

https://oceanleaf.ch/intune-ndes-scep-explained/


Oktay Sari was lucky enough to attend Ignite in person and has shared a post on what it was like as well as the key output from the event

https://allthingscloud.blog/microsoft-ignite-2022/


For a look at all of the highlights from the technical takeoff, have a read of this post from Johan Arwidmark


When looking at securing your endpoints, my two places to check first are CIS and NCSC, Jonas Bøgvad has looked at this NCSC guidelines in this latest article

https://blog.skymadesimple.io/national-cyber-security-centre-platform-guides/


Now onto the video content for this week, starting with this video from Mahammad kubaib looking at enrolling AVD devices into Intune and using it to manage them.


This weeks MVPbuzzChat is now out featuring Somesh Pathak and Christian Buckley


A new preview feature in Azure is VM Application definitions. This video from Dean Cefola looks at what they do and how to use them for your Azure VMs


Next up, Dean Ellerby looks at the new Conditional Access templates to quickly set up CA policies in your tenant.


Two videos this week from Jakub Piesik, first looking at the new Intune enrollment notifications

And the second uses Microsoft Access Packages to allow users to request a Windows 365 machine


The final community content this week comes from Manish Bangia showing how to bulk import into Azure AD Groups using the csv import templates

Microsoft Content

Now on for this weeks Microsoft content starting with a deep dive into expedited quality updates from Surabhi Calla

https://techcommunity.microsoft.com/t5/windows-it-pro-blog/get-the-most-out-of-expedited-windows-quality-updates/ba-p/3659741


What’s new in Intune is always worth a read!

https://learn.microsoft.com/en-us/mem/intune/fundamentals/whats-new#week-of-october-24-2022


To look at any past or upcoming Intune events, this link it worth bookmarking

https://techcommunity.microsoft.com/t5/endpoint-management-events/eb-p/MicrosoftEndpointManagerEvents


The Intune Support Team have done an excellent article explaining the Intune device object and the user principal name including a look at the Graph objects

https://techcommunity.microsoft.com/t5/intune-customer-success/understanding-the-intune-device-object-and-user-principal-name/ba-p/3657593


Filter for apps is now in public preview within Conditional Access and is a powerful new addition. Read this from Alex Weinert to find out more.

https://techcommunity.microsoft.com/t5/microsoft-entra-azure-ad-blog/public-preview-conditional-access-filters-for-apps/ba-p/2365680


One of my favourites from this week from Merill Fernando is a new way to quickly access Microsoft Portals without having to memorise every web address. If you work in Intune or Azure, I have a feeling you will use this constantly.

https://cmd.ms/docs/tips/


Windows Update for Business along with Graph is hugely powerful. This article from Angie Chen digs into the subject and even includes a Teams Bot to handle updates.

https://techcommunity.microsoft.com/t5/windows-it-pro-blog/try-windows-update-for-business-with-microsoft-graph/ba-p/3663728


That’s it from this week, I hope you’ve enjoyed reading the posts as much as I have. Back for more next week!

Posted in Newsletter