Welcome to another Friday Intune digest with a look at the excellent content from the community.
Featured
This week’s content has all been extremely thorough so it’s a short but sweet video from Dean Ellerby today. Please give any feedback on the video quality and make sure to subscribe to the Youtube Channel
Community Content
We start this week with an excellent Logic App from Peter Klapwijk to alert of any registered Autopilot devices which have not been enrolled within 180 days.
This and the post below were released after an MS Docs update saying devices over 180 days would require re-registering. This is NOT the case and has since been updated.
However, these reports are still useful, if you are purchasing machines and then not using them for 6 months, you may want to look at your stock control a bit better, last thing a user wants is a brand-new, out of date machine!
Damien Van Robaeys has also looked at alerting when devices hit 180 days, this time using Azure Automation Runbooks along with Teams and SharePoint integration
https://www.systanddeploy.com/2022/11/using-azure-automation-to-get-all.html
On the subject of Autopilot enrollment, Joao Pereira has put together a new tool to enrol devices into Autopilot via Graph with a nice GUI on top
https://github.com/Joaogcp/Intune-Autopilot-Tool
If you use fixed names for devices during Autopilot enrollment, you may find it doesn’t work for the odd device and will fallback to the naming convention set in the Deployment Profile. This Proactive Remediation and Azure Automation from Ondrej Šebela will help resolve any mis-named devices.
https://doitpsway.com/fix-for-incorrectly-named-devices-enrolled-using-autopilot
Group Policy Analytics is a useful new feature for importing any on-prem GPOs into Intune (please don’t bulk import everything though). David Brook has released a new PowerShell script to take things further and import directly via Graph so save exporting, importing and waiting.
https://euc365.com/post/import-gpos-group-policy-analytics-graph-api/
Click Once applications are just hideous to manage and deploy and I think they should be banned! If you are unlucky enough to have to deal with them, have a look at this deep-dive from Rudy Ooms looking at deployment, detection and any applocker issues you may come across.
For anyone looking to start with Windows 365, this excellent post from Shehan Perera is an excellent place to start
https://shehanperera.com/2022/11/19/how-to-get-started-with-windows-365/
Shehan’s second post this week looks at the new Intune Organizational notifications and how to implement them
https://shehanperera.com/2022/11/24/intune-org-messages-1/
In this post from Simon Skotheimsvik you can find out how to enforce iOS updates via MAM and MDM within Intune
https://skotheimsvik.blogspot.com/2022/11/let-intune-stimulate-mobile-updates.html
Prajwal Desai has had an extremely busy week with many posts! The first demonstrates how to force end grace period for Windows 365 machines
Prajwal’s second post is a very thorough deep-dirve into Attack Surface Reduction (ASR) rules in Intune
Intune is constantly being updated with exciting new features, for a single page view of what is happening, have a look at this post from Prajwal
Prajwal’s fourth post this week demonstrates how to set the start page in Edge using Settings Catalog
Jitesh Kumar has also had a busy week with three posts, starting with this one showing how to fully delete Autopilot devices from Intune and AAD
https://www.anoopcnair.com/delete-windows-autopilot-device-from-intune/
Should you have any applications which still use a VBScript to run install commands, this second post from Jitesh will show you how to package and call them in Intune
https://www.anoopcnair.com/deploy-vbscript-for-intune-application-install/
The third post has a look at the new features in Intune service release 2211
https://www.anoopcnair.com/intune-service-release-2211-update-new-features/
We all love a bit of PowerShell and Graph, but did you know the AzureAD and MSOL modules are scheduled for deprecation? You’ll need to use the Graph SDK going forward. To find out how to install it, read this from Daniel Bradley
You may wish to hide drives on your AVD session hosts (temporary data drive springs to mind), if this sounds useful, have a look at this post from Raymond Zaagsma
https://raymondzaagsma.github.io/avd_registry_gpo_hide_drives/
Whilst not strictly Intune related, if you are reading this I imagine you have entire desks full of machines for testing which will need re-imaging fairly regularly. If you don’t want to use a PXE environment, have a look at this post from Timmy Andersson looking at using the built-in features in the excellent TinyPilot KVM
Windows 365 machines are excellent, but when using the Gallery image (and why wouldn’t you), the images come with the new Windows 11 chat icon and also the Teams Appx Package. To remove them both, have a look at this guide from Aresh Sarkari
A second Windows 365 post from Aresh this week, this one with a script to report on any machines with low utilization
Dynamic Groups are an excellent part of Azure AD and something I personally use a lot. If you haven’t come across them before, this guide from Gannon Novak has you covered
Authentication Strength is a new Azure AD feature (currently in preview) to further protect your environment. To find out more, how to implement and how it looks in use, read this post from Kenneth van Surksum
Zero Trust is a key part managing your devices (and users) and is something that should be implemented as early on as possible when setting up a new tenant. For an overview of what it is and why you should implement it, this post from Thomas Marcussen is a good starting point.
Another new feature in preview is Organizational Messages to show notifications to users on their cloud managed devices. Jannik Reinhard has released a guide covering how to set them up and what they look like to the end users.
https://jannikreinhard.com/2022/11/20/how-to-setup-organizational-messages/
Joost Gelijsteen has also looked at this new feature and covered how to configure and send out a message to your devices.
If you are looking to go passwordless, have a look at this post from Jonas Bøgvad
https://blog.skymadesimple.io/passwordless-is-a-bluff/
Now onto this weeks video content, starting with the latest video from MSEndpointMgr featuring Mattias Melkersen and Kent Agerlund. This video looks at Attack Surface Reduction Rules, how they work, what they do and how to implement them.
Azure AD Conditional Access has some excellent built in templates for the most commonly used scenarios. To see just how quickly you can deploy and test them, watch this video from Dean Cefola
That’s all of the community content from this week, let’s have a look at the Microsoft content.
Microsoft Content
Windows Subsytem for Linux (WSL) is now Generally Available. For instructions on installing this incredible new feature, follow this guide from Craig Loewen
If you are using the Graph module, have a look at the available permissions in this updated document
https://learn.microsoft.com/en-us/graph/permissions-reference
That’s it for this week, have a lovely weekend!
