Welcome to this weeks newsletter, chocked full on delicious content from both the Intune community and a load of Microsoft announcements. Grab a seat and enjoy the feast…
Community Content
We start this week with two posts from Jannik Reinhard. As I am sure you will have noticed, Intune version 2210 is now rolling out across tenants and the first post has a look at what’s new in this release.
https://jannikreinhard.com/2022/10/29/whats-new-in-2210/
Jannik’s second post has a look at the ever improving analytics and reports within Intune.
https://jannikreinhard.com/2022/10/30/overview-of-analytics-capacities-in-intune/
One of the exciting announcements from Ignite and the Tech Takeoff was the new Cloud LAPS and upcoming AAD integration. To read more about it, have a look at this post from Fabrizio Gobeli
Whilst not community content, if you are using PSADT, have a look at this new GUI wrapper from Master Packager (I also highly recommend their MSI creation software as well)
https://www.masterpackager.com/master-wrapper
Now we have three posts from Jitesh Kumar, starting with a look at Cloud LAPS and how to configure it with Intune.
https://www.anoopcnair.com/cloud-laps-password-management-microsoft-intune/
The second post looks at the exciting new functionality in Conditional Access to filter by applications (including custom ones!), covering end-to-end setup of a new policy.
https://www.anoopcnair.com/filter-application-azure-ad-conditional-access/
The third post looks at Attack Surface Reduction rules in Intune, what can be configured, how to configure and how to troubleshoot. Plus a look at the applied GUIDs
https://www.anoopcnair.com/attack-surface-reduction-asr-rules-in-intune/
This post from Ola Ström (and Lego duck) looks at using AAD groups and provisioning policies to create cloud PCs in regions more appropriate for the end users.
https://www.olastrom.com/2022/deploying-cloud-pcs-in-different-regions
Printing has been a nightmare to deal with since the day printers were invented (who else remembers having to feed the paper back onto the cogs!). Print nightmare just made things even worse. For a guide on how to deploy printers using Intune whilst still remaining secure, follow this from Florian Salzmann
https://scloud.work/en/point-and-print-intune/
If you are using Conditional Access in your environment, per-use MFA is often not required and just another place to troubleshoot issues. Follow these instructions from Gannon Novak for a seamless transition from one to the other.
Even in the days of Autopilot and OSD Cloud, there are still times where you’ll need to build from ISO and you really want something which doesn’t have months of updates outstanding. To sort this, implement an image factory using this guide from Johan Arwidmark
When running an AVD or W365 machine, the media playback functionality is not quite as smooth as on a local device. Whilst still in preview, the multimedia redirection addition makes a big difference. This post from Dominiek Verham shows you how to install and enable it for a smoother experience.
Andreas Stenhall has done an excellent comparison of the new Smart App Control features in 22H2 with WDAC in this post
For anyone using Azure file shares (or considering doing so), Peter van der Woude has a post on how to map the drives on Intune managed machines (including custom ADMX templates)
Next, Simon Ågren has shared this post on configuring conditional access policies to allow only devices managed by Intune and compliant
https://www.agrenpoint.com/device-compliance-overview/
Anyone on Intune 2210 will no doubt have noticed the new ChromeOS device option. To find out more and how to configure, read this post from Joymalya Basu Roy
Peter Daalmans has also looked at ChromeOS enrollment and the features available to managed devices.
The latest deep dive troubleshooting from Rudy Ooms covers what could be causing sync issues and why to be careful if you disable Windows services.
The final part of the excellent OSD Cloud series from Ákos Bakos is now out. This one covers some additional findings and useful trips when you start to implement it. If you haven’t looked at OSDCloud before, this series is well worth checking out.
We now have two posts from Aresh Sarkari, the first looking at the available device restrictions in Intune for Windows 365 machines.
In a follow-up, you may find your security baselines clashing with these new policies, follow this to resolve any issues
If you come from a Config Manager background, you’ll be familiar with Device Affinity and how it automatically detected the main user. Whilst Intune grabs the Primary user on initial setup, after that it needs to be manually changed. This script from Sean Bulger will give a more automated experience.
https://www.modernendpoint.com/managed/Dynamically-Update-Primary-Users-on-Intune-Managed-Devices/
Next up, René Laas has looked at the different ways to deploy and install language packs via Intune
https://endpointcave.com/the-easiest-way-to-install-language-pack-via-intune/
For anyone looking to migrate from config manager to Intune, have a look at this tool from Jose Espitia which will take the hard work out of converting applications into Intunewin format.
https://www.joseespitia.com/2022/11/03/convert-cmapptointunewin-function/
Now for two posts from Prajwal Desai, the first looking at ways to repair and re-install the Company Portal app on Windows devices.
The second post covers how to find and read the audit logs for Windows 365 devices.
Another excellent new dashboard from the MSEndpointMgr team (Maurice Daly, Nickolaj Andersen, Sandy Zeng, Jan Ketil Skanke) with KQL queries to look at all audit events in Intune. This is highly recommended!
Next up we have two posts from Somesh Pathak, first looking at the new Just in Time Registration options available for iOS devices
The second post is the next part of the macOS management series, this one looking at Edge management and M365 app deployment.
This post from Shehan Perera has a look at the new device control policies now available in Intune which are well worth checking out.
https://shehanperera.com/2022/11/01/intune-device-control-policy-1/
Nicklas Ahlberg has released the incredible new Rock Enroll tool which should be in the toolbox for anyone who manages Intune devices!
We have quite a lot of video content this week as well, starting with the latest MDE tutorial from Harvansh Singh
This video from MSEndpointMgr looks at the top 3 functions found in PSADT
The latest intune.training video has been released with Sean Bulger, Jóhannes Geir Kristjansson and Jake Shackelford looking at some real-life situations for Graph (and dynamic groups)
The final community content from this week comes from David Brook with a full end-to-end run through to configure a Windows 365 Enterprise machine.
Microsoft Content
We have a lot of Microsoft announcements this week as well.
The first from Anya Novicheva and Jaye Ren covers the new Just-in-Time registration for iOS and iPadOS
Shirleyse Haley gives an excellent recap on the new features and announcements in security and compliance across the stack
Everyone should have break-glass accounts in Azure AD, but you need to be careful they aren’t mis-used. Follow this guide from Michael Hildebrand to use Log Analytics and monitor them.
You can now create reusable settings and use FQDN in firewall rules as covered here by the Intune Support Team (Laura Arrizza, Nick Welton and Jess Krynitsky)
Intune now has increased control for removable storage devices as covered here by Laura Arrizza
Finally for this week, a look at what’s in development for Intune
https://learn.microsoft.com/en-us/mem/intune/fundamentals/in-development
In particular:
That’s it for this week, have a great weekend!