Welcome to another exciting Intune newsletter with another dose of excellent community content and some new Microsoft announcements.
Community Content
This week I’m trying something new and have worked with Dean Ellerby who will do a video walk-through on one of the posts released over the past week and mentioned in the newsletter. This week Dean is trying the script from Sean Bulger below. The video can be found here:
We start this week with a look at using Intune to manage updates on MacOS devices from Jitesh Kumar
https://www.anoopcnair.com/macos-updates-using-intune-policy/
A second post from Jitesh looks at the backup and restore options for a Windows 365 machine
https://www.anoopcnair.com/restore-windows-365-cloud-pc-point-in-time-rest/
In Jitesh’s third post you can see how to use the new Organisational Messages in Intune (currently in preview)
https://www.anoopcnair.com/configure-organizational-messages-from-intune/
A fourth post from Jitesh this week (is that a record?) looks at restricting Android enrollment to specific manufacturers
https://www.anoopcnair.com/block-android-device-manufacturer-enroll-intune/
Next, Simon Ågren runs through the steps to configure Defender for Endpoint, link it to Intune and then deploy to Windows, Android and iOS devices.
https://www.agrenpoint.com/microsoft-defender-for-endpoint-in-intune-enable-and-onboard/
If you are testing the new Ubuntu support in Intune, this post from Paul Winstanley looks at how to encrypt your devices to keep them compliant.
https://sccmentor.com/2022/11/06/encrypting-ubuntu-for-intune-compliancy/
On a similar note, to be able to encrypt your Ubuntu device, you’ll first need to enroll it. To find out how, follow this guide from Jannik Reinhard
https://jannikreinhard.com/2022/11/06/how-to-enroll-a-ubuntu-device-in-intune/
This newly released PowerShell module from Florian Salzmann (and Jannik Reinhard) allows the addition of custom fields to Intune managed devices as well as some handy bulk actions.
https://scloud.work/en/intunedeviceinventory/
Device firmware feels like it’s been a pain to manage since the first PC was created and the updates are if anything becoming even more regular. If, however, you have a Surface or Acer device, have a look at this post from Shehan Perera to let Intune do the work for you.
https://shehanperera.com/2022/11/08/manage-dfci-settings-1/
If you’ve ever wondered what is happening when you select the “Convert All Targeted Devices to Autopilot” setting in the Deployment Profile, read this post from Rudy Ooms to find out.
For a full in-depth look at what is available for Ubuntu devices, look at this post from Timmy Andersson
If you have websites which need a particular browser, have a look at this post from Gannon Novak using Win32 apps and Proactive Remediations to change the behaviour for desktop shortcuts.
For those of you lucky enough to get a Windows Dev Kit or arm-powered Surface device you might need to deploy Windows 11 onto the devices. To find out how, follow this guide from Johan Arwidmark
Now, a two-parter from Anthony J. Fontanez looking at enabling and using WinRM to manage devices. The first part covers domain/HAADJ machines, the second covers AADJ machines.
When pushing out Android apps to BYOD, the apps install into the work profile which includes Defender for Endpoint so the control is not as thorough as many would like. This guide from Peter Klapwijk shows how to install Defender for Endpoint into the Personal Profile to fully protect the device.
Peter’s second post this week shows how to install an additional language pack during Autopilot using a PowerShell script
Whilst completely unofficial and unsupported, if you don’t like the idea of a wipe and reload to transition from domain join to AAD, give this script/application from Sean Bulger a try
Now for two posts from Aresh Sarkari looking at Windows 365, the first uses PowerShell and Graph to set the User Settings on a cloud PC.
The second post from Aresh looks at the different restore points and how to use them.
If you aren’t using Autopatch, I imagine (and hope) you are using Feature and Quality update policies. To find out more about Feature Updates, have a read of this post from Jose Schenardie
https://intune.tech/2022/11/10/Seven-things-you-should-know-when-using-Intune-Feature-Updates.html
The M365 Roadmap is the first place to check when finding out what new features and changes are planned for any of the 365 stack. This post from Dominiek Verham tells you more
With MacOS features and support regularly improving, you may be considering moving to Intune to manage your MacOS fleet. This post from Somesh Pathak gives an excellent look at how to secure these devices
A second post from Somesh this week, this one using Logic Apps to send email updates on the status of update compliance
Michael Niehaus has been lucky enough to get the new Windows Project Volterra dev box and has a first look in this post
https://oofhours.com/2022/11/10/project-volterra-my-new-arm64-toy/
Device names are so 2000s! If you want to move away from device names being a factor in looking for devices, this script from David Brook will remove the DisplayName from your devices using Graph
https://euc365.com/post/remove-autopilot-displayname/
Simon Skotheimsvik has released a new script using Graph and PowerShell to automate the creation of Azure AD Groups, very useful for stopping simple errors when manually creating
https://skotheimsvik.blogspot.com/2022/11/create-aad-licensing-groups-by-graph-api.html
Now for this weeks video content starting with this video from Dean Ellerby showing how to deploy Kerberos Cloud Trust to get your AADJ machines communicating with on-prem resources via SSO and Windows Hello for Business (and no need for a domain join!!)
This weeks latest intune.training video has been released with Ben Reader and Steven Hosking discussing Network Access Control with Intune and Cisco ISE (the subject I’m sure most of us are avoiding knowing anything about)
Rather than fill this with videos, have a look at the Windows IT Pro Youtube channel where this week Harjit Dhaliwal has been busy interviewing many IT Pros for their feedback on Windows 11
https://www.youtube.com/c/WindowsITProOnYouTube/videos
Microsoft Content
Now for this weeks Microsoft content, starting with this excellent interactive guide for AutoPatch
https://regale.cloud/Microsoft/viewer/1540/windows-autopatch/index.html#/0/0
We also have the Autopatch what’s new including a demo video from Lior Bela
For some tips and tricks in Windows 365 have a look at this video from Christiaan Brinkhoff featuring Ola Ström
As mentioned earlier, organizational messages are now in public preview and you can read the official announcement from Jesse Stein here
The final article this week from Anupam Pattnaik announces the new Progressive Teams Web App for Linux users.
A second article from Anupam this time announcing the public preview of Mobile Network Protection for Defender (Android and iOS)
That’s everything for this week, have a relaxing weekend and there will be more exciting content next week!