Intune Newsletter – 11th November 2022

Welcome to another exciting Intune newsletter with another dose of excellent community content and some new Microsoft announcements.

Community Content

This week I’m trying something new and have worked with Dean Ellerby who will do a video walk-through on one of the posts released over the past week and mentioned in the newsletter. This week Dean is trying the script from Sean Bulger below. The video can be found here:

https://www.youtube.com/watch?v=ByKFxF7PlPQ


We start this week with a look at using Intune to manage updates on MacOS devices from Jitesh Kumar

https://www.anoopcnair.com/macos-updates-using-intune-policy/

A second post from Jitesh looks at the backup and restore options for a Windows 365 machine

https://www.anoopcnair.com/restore-windows-365-cloud-pc-point-in-time-rest/

In Jitesh’s third post you can see how to use the new Organisational Messages in Intune (currently in preview)

https://www.anoopcnair.com/configure-organizational-messages-from-intune/

A fourth post from Jitesh this week (is that a record?) looks at restricting Android enrollment to specific manufacturers

https://www.anoopcnair.com/block-android-device-manufacturer-enroll-intune/


Next, Simon Ågren runs through the steps to configure Defender for Endpoint, link it to Intune and then deploy to Windows, Android and iOS devices.

https://www.agrenpoint.com/microsoft-defender-for-endpoint-in-intune-enable-and-onboard/


If you are testing the new Ubuntu support in Intune, this post from Paul Winstanley looks at how to encrypt your devices to keep them compliant.

https://sccmentor.com/2022/11/06/encrypting-ubuntu-for-intune-compliancy/


On a similar note, to be able to encrypt your Ubuntu device, you’ll first need to enroll it. To find out how, follow this guide from Jannik Reinhard

https://jannikreinhard.com/2022/11/06/how-to-enroll-a-ubuntu-device-in-intune/


This newly released PowerShell module from Florian Salzmann (and Jannik Reinhard) allows the addition of custom fields to Intune managed devices as well as some handy bulk actions.

https://scloud.work/en/intunedeviceinventory/


Device firmware feels like it’s been a pain to manage since the first PC was created and the updates are if anything becoming even more regular. If, however, you have a Surface or Acer device, have a look at this post from Shehan Perera to let Intune do the work for you.

https://shehanperera.com/2022/11/08/manage-dfci-settings-1/


If you’ve ever wondered what is happening when you select the “Convert All Targeted Devices to Autopilot” setting in the Deployment Profile, read this post from Rudy Ooms to find out.


For a full in-depth look at what is available for Ubuntu devices, look at this post from Timmy Andersson


If you have websites which need a particular browser, have a look at this post from Gannon Novak using Win32 apps and Proactive Remediations to change the behaviour for desktop shortcuts.


For those of you lucky enough to get a Windows Dev Kit or arm-powered Surface device you might need to deploy Windows 11 onto the devices. To find out how, follow this guide from Johan Arwidmark


Now, a two-parter from Anthony J. Fontanez looking at enabling and using WinRM to manage devices. The first part covers domain/HAADJ machines, the second covers AADJ machines.


When pushing out Android apps to BYOD, the apps install into the work profile which includes Defender for Endpoint so the control is not as thorough as many would like. This guide from Peter Klapwijk shows how to install Defender for Endpoint into the Personal Profile to fully protect the device.

Peter’s second post this week shows how to install an additional language pack during Autopilot using a PowerShell script


Whilst completely unofficial and unsupported, if you don’t like the idea of a wipe and reload to transition from domain join to AAD, give this script/application from Sean Bulger a try

https://www.modernendpoint.com/managed/Migrating-AD-Domain-Joined-Computer-to-Azure-AD-Cloud-only-join/


Now for two posts from Aresh Sarkari looking at Windows 365, the first uses PowerShell and Graph to set the User Settings on a cloud PC.

The second post from Aresh looks at the different restore points and how to use them.


If you aren’t using Autopatch, I imagine (and hope) you are using Feature and Quality update policies. To find out more about Feature Updates, have a read of this post from Jose Schenardie

https://intune.tech/2022/11/10/Seven-things-you-should-know-when-using-Intune-Feature-Updates.html


The M365 Roadmap is the first place to check when finding out what new features and changes are planned for any of the 365 stack. This post from Dominiek Verham tells you more


With MacOS features and support regularly improving, you may be considering moving to Intune to manage your MacOS fleet. This post from Somesh Pathak gives an excellent look at how to secure these devices

A second post from Somesh this week, this one using Logic Apps to send email updates on the status of update compliance


Michael Niehaus has been lucky enough to get the new Windows Project Volterra dev box and has a first look in this post

https://oofhours.com/2022/11/10/project-volterra-my-new-arm64-toy/


Device names are so 2000s! If you want to move away from device names being a factor in looking for devices, this script from David Brook will remove the DisplayName from your devices using Graph

https://euc365.com/post/remove-autopilot-displayname/


Simon Skotheimsvik has released a new script using Graph and PowerShell to automate the creation of Azure AD Groups, very useful for stopping simple errors when manually creating

https://skotheimsvik.blogspot.com/2022/11/create-aad-licensing-groups-by-graph-api.html


Now for this weeks video content starting with this video from Dean Ellerby showing how to deploy Kerberos Cloud Trust to get your AADJ machines communicating with on-prem resources via SSO and Windows Hello for Business (and no need for a domain join!!)


This weeks latest intune.training video has been released with Ben Reader and Steven Hosking discussing Network Access Control with Intune and Cisco ISE (the subject I’m sure most of us are avoiding knowing anything about)


Rather than fill this with videos, have a look at the Windows IT Pro Youtube channel where this week Harjit Dhaliwal has been busy interviewing many IT Pros for their feedback on Windows 11

https://www.youtube.com/c/WindowsITProOnYouTube/videos

Microsoft Content

Now for this weeks Microsoft content, starting with this excellent interactive guide for AutoPatch

https://regale.cloud/Microsoft/viewer/1540/windows-autopatch/index.html#/0/0


We also have the Autopatch what’s new including a demo video from Lior Bela

https://techcommunity.microsoft.com/t5/windows-it-pro-blog/what-s-new-in-windows-autopatch-november-2022/ba-p/3671191


For some tips and tricks in Windows 365 have a look at this video from Christiaan Brinkhoff featuring Ola Ström

https://techcommunity.microsoft.com/t5/windows-events/tips-and-tricks-from-windows-365-mvps/ev-p/3654788


As mentioned earlier, organizational messages are now in public preview and you can read the official announcement from Jesse Stein here

https://techcommunity.microsoft.com/t5/windows-it-pro-blog/deliver-organizational-messages-with-windows-11-and-microsoft/ba-p/3651011


The final article this week from Anupam Pattnaik announces the new Progressive Teams Web App for Linux users.

https://techcommunity.microsoft.com/t5/microsoft-teams-blog/microsoft-teams-progressive-web-app-now-available-on-linux/ba-p/3669846

A second article from Anupam this time announcing the public preview of Mobile Network Protection for Defender (Android and iOS)

https://techcommunity.microsoft.com/t5/microsoft-defender-for-endpoint/mobile-network-protection-for-defender-for-endpoint-on-android/ba-p/3559121?emcs_t=S2h8ZW1haWx8Ym9hcmRfc3Vic2NyaXB0aW9ufExBQkJBME4wVVpDUEk4fDM1NTkxMjF8U1VCU0NSSVBUSU9OU3xoSw


That’s everything for this week, have a relaxing weekend and there will be more exciting content next week!

Posted in Newsletter