Welcome to a bumper Intune newsletter with some very Christmas themed video content for you to enjoy. The community have been hard at work this week
Featured Content
In this week’s featured video, Dean Ellerby tests the new muli-admin approval functionality
Community Content
Following on from last weeks new store integration (which should hopefully now be in most tenants), it is unsuprisingly featured quite a lot this week.
Peter Klapwijk looks at an important and often overlooked aspect of this new functionality, how to lock it down to stop your end users going wild. This post shows how to setup a custom policy and the effects it has.
You may notice some devices showing in Intune with “NOSERIAL” in the name. To find out what they are, have a look at this from Sascha Banz
Another new (and useful) Intune feature currently in preview is multi-admin approval. This guide from Shehan Perera runs through what it does, what it covers, how to implement and how to use it.
https://shehanperera.com/2022/12/06/multiple-admin-approvals-01/
Now for two posts from Jitesh Kumar the first looking at how to retire non-compliant devices within the Intune portal
https://www.anoopcnair.com/retire-noncompliant-devices-from-intune-portal/
The second post has a good look at the new Store Integration, what it does, what it can’t do and how to deploy apps using it.
https://www.anoopcnair.com/deploy-microsoft-store-apps-from-intune-winget/
If you are using Windows 365 and haven’t yet tried the new Store app, have a look at this from Vidya M A and see what you’re missing!
https://www.anoopcnair.com/windows-365-app-experience-cloud-pc-application/
The Intune roadmap has had an exciting update with firmware and driver updates going into Private Preview in 2023 (something I’ve been looking forward to for a while now). To find out what it offers over the current functionality, have a look at this from Anoop Nair
For a look at the new features in macOS 13 Ventura and the available macOS settings, have look at this from Snehasis Pani
https://www.anoopcnair.com/new-system-settings-in-macos-intune-policies/
Microsoft Graph API underpins pretty much anything M365/W365/Azure and is something I hugely recommend learning. For those working with W365, this getting started guide from David Brook is an excellent starting point.
https://euc365.com/post/windows-365-graph-api-powershell-basics/
Ah, BIOS settings, the silent assassin just waiting to break something. Sadly it’s a necessary evil and should be kept up to date. If you run an HP house, this post from Simon Skotheimsvik will show you how to deploy HP Connect to use Intune to update your devices.
https://skotheimsvik.blogspot.com/2022/12/hp-connect-for-intune-part2-bios.html
Azure AD Lifecycle Workflows need more recognition, they can make onboarding and offboarding a much more pleasant experience. In the second part of this series, Pim Jacobs shows you how to setup your onboarding process. If you haven’t read part one already, I’d recommend reading that first.
If you have Secured-Core PCs (or aren’t sure and want to find out), you can deploy Windows 11 Config Lock via Intune policies. Intrigued? Read this post from Dean Ellerby to find out more.
One of my top posts from this week, Sander Rozemuller demonstrates how to add apps using the new store integration via PowerShell and the Graph API, including automatically grabbing the icon directly from the store.
https://www.rozemuller.com/add-mirosoft-store-app-with-icon-into-intune-automated/
If, like me, you prefer to automate all of the mundane tasks, have a look at this guide from Niklas Tinner demonstrating how to use a logic app to automate Intune configuration.
https://oceanleaf.ch/intune-automation-with-azure-runbooks/
When deploying apps using the new MS Store, make sure you aren’t blocking auto-update. Have a look at this post from Aresh Sarkari to find out more.
We all have SharePoint sites which rapidly fill with data and it reaches the point where “it’s a job for another day” and next thing you know, it’s a weeks work to sort it. To schedule a purge via Azure Automation, follow this guide from Damien Van Robaeys
https://www.systanddeploy.com/2022/12/scheduling-purge-of-files-in-sharepoint.html
One new AVD Private Preview feature is Private Endpoints which are well worth checking out. If you want to deploy them using Terraform (and why wouldn’t you), check out this post from Johan Vanneuville
Devices come and go, they break, they reach of life, they disappear into a desk drawer for the next 12 years. To stop your Intune environment becoming clogged with these devices (and ruining your stats), Device Cleanup Rules are your friend. This post from Prajwal Desai will show you how to set them up.
A second post form Prajwal this week demonstrating how to mark an application as Featured in Company Portal
We have two posts from Rudy Ooms this week because the content was so in-depth it was too much for one post!
The first post is a deep-dive into the new store functionality, if you want to know what’s going on behind the scenes, this is the place to look.
Rudy’s second post looks at what happens with some of the CSP settings and how to troubleshoot if your store apps aren’t working.
Intune has the vast majority of features from Azure, especially around security and RBAC so should be treated in the same way. This post from Jake Walsh looks at setting up a Cloud Foundation when starting any cloud journey.
One thing Intune doesn’t handle well out of the box is printer deployment, especially after Print Nightmare (it’s 2022, we shouldn’t need these beasts from hell, but that’s an organizational issue).
If you are one of the many poor people who have to deploy printers to a cloud only environment, this post from Harm Veenstra will take one headache away from you.
For those of you deploying Office apps via the built in CSP, have a look at this post from René Laas demonstrating new functionality to hide the option to select the file format when launching Office for the first time.
https://endpointcave.com/suppress-default-file-format-office-365-prompt-run-via-intune/
Autopilot can be temperamental at times. If you find yourself looking at DefaultUser0 after a pre-provision, have a look at this from Paul Winstanley to find out what may be causing the issues.
https://sccmentor.com/2022/12/07/defaultuser0-when-using-autopilot-pre-provisioning/
In my never-ending quest to automate everything, I find myself on occasion needing to find a list of roles available in AAD. Kaido Järvemets has put together a useful post showing how to do so using Graph API
https://www.kaidojarvemets.com/azure-active-directory-roles/
Christopher Mogis has looked at Winget, what app types it supports and command line usage in this post
https://www.ccmtune.fr/2022/12/winget-presentation-and-usage.html
Custom Compliance are a very useful addition, but not quite as straight forward as some of the other PowerShell powered settings in Intune. To have a look at how to configure and use them, this guide from Gannon Novak should help.
If you don’t access the Conditional Access blade very often, this new preview feature may have slipped by un-noticed. There are now pre-configured templates for you to quickly secure your environment. Harri Jaakkonen looks at them here
Governments are always more tricky to deploy to. Thomas Marcussen has looked at deploying Windows 365 in Government environments in this post
Dominiek Verham has had an in-depth look at the new Organizational Messages functionality in this post, including requirements, setup, branding and deploying messages.
Now onto the copious video content from this week starting with a look at the new Windows Update for Business Reports (you may know it as Update Compliance) from David Brook
Now we have a selection of videos from Johan Arwidmark‘s ConfigMas Christmas specials. I’ve picked the Intune related ones, but it’s well worth checking out the others and subscribing to the channel here
First up, Johan demonstrates how to use a Win32 app in Intune to copy files.
The second video covers a regular Intune query, how to force a Win32 app to re-install
Johan’s third video shows how to quickly deploy a VM to test out your new Intune settings and apps
The latest video demonstrates how to download CMTrace (still the best log viewer) in Intune
Harvansh Singh has released the next part of the MDE tutorial series, this episode looking at ASRs
Now for three videos from Chander Mani Pandey, the first looking at expedited windows quality updates.
Chander’s second video has a look at the Windows Update for Business Reports
The third video has a look at the new Winget Store Integration
If you are starting your Intune journey, this video from Manish Bangia will give some tips and tricks on planning the strategy
Microsoft Content
Now for look at the news and announcements coming from Microsoft starting with a video from Christiaan Brinkhoff demonstrating how to deploy the new Windows 365 app via Intune and the Winget Store Functionality.
RDP Shortpath for AVD has now entered general availability (GA), have a look at this announcement from Rinku Dalwani to read more.
As mentioned earlier, driver and firmware approvals are now on the roadmap for 2023
https://www.microsoft.com/en-us/microsoft-365/roadmap?filters=&searchterms=103641
A look at what’s new in Windows 365 (RDP Shortpath this week)
https://learn.microsoft.com/en-us/windows-365/enterprise/whats-new#device-management
Some updates to the iOS backup and restore functionality using Managed Devices
The final content from this week comes from the Microsoft Edge team with a description of how Sleeping Tabs works to save system resources.
https://blogs.windows.com/msedgedev/2022/12/06/sleeping-tabs-edge-105-sleep-before-discarding/
That’s it for this week, I’ll be back next week with more incredible community content. Stay safe!