Intune Newsletter – 16th December 2022

Welcome to this pre-Christmas Intune Newsletter (next week is Christmas Eve-Eve so I’ll be having some family time!)

It’s another bumper edition, the community never rests!

Featured Content

Before getting into the amazing community content, Cloud Management Community are doing a festive advent calendar Autopilot AMA with the legendary Rudy Ooms and Michael Niehaus.

It is on Tuesday 20th at 7pm GMT (click here to see what that is in your timezone) and it is well worth checking out!

https://www.meetup.com/cloudmanagementcommunity/events/290295945/

Community Content

We start this week with two posts from Jitesh Kumar, the first looking at the replacement for the now end-of-life Update Compliance dashboard and how to enrol and configure it.

https://www.anoopcnair.com/update-compliance-deprecated-end-of-support/

There may be times where you need to deploy a specific Windows Update to your devices without using traditional Windows Update components. This post will show you how to deploy them as Win32 apps.

https://www.anoopcnair.com/deploy-windows-update-offline-using-intune-mem/


The ChatGPT bot has been very popular in social media over the last week. Thomas Martin Grome has tested it to see how it handles AppLocker policies in Intune with good, but not perfect results, there is still a need to understand PowerShell and Graph!

https://blog.grome.dev/2022/12/how-to-use-applocker-in-intune-app.html


Simon Skotheimsvik has had a look at the new multi-admin approval functionality in Intune, testing the full functionality on offer.

https://skotheimsvik.blogspot.com/2022/12/the-new-multiple-administrative.html


If you are looking to configure Windows Update for Business reports, this guide from Manish Bangia will show you how to configure from scratch including configuring the custom Intune policies.

https://www.manishbangia.com/how-to-configure-windows-update-for-business-reports/


Jannik Reinhard looks at the new store Winget functionality within the Intune portal in this post including a video walk-through at the bottom.

https://jannikreinhard.com/2022/12/11/deploy-windows-store-apps-via-intune/


If you’ve ever wondered what happens to your Intunewin files after adding them to Intune and how to automate it yourself using PowerShell, have a look at this comprehensive post from Sander Rozemuller

https://www.rozemuller.com/win32lob-intunewin-file-upload-process-explained-for-automation/


ClickOnce Applications are just horrible to package and I often try and avoid them. Fortunately Arne Johansen has a post here on how to package and deliver them.

https://how2appvirtualize.blogspot.com/2022/12/how-to-deliver-clickonce-applications.html?m=1


In another very thorough post, Shehan Perera looks at all things Defender Smartscreen and what it can do to protect your machines.

https://shehanperera.com/2022/12/14/defender-smartscreen-deep-dive-02/


Encrypting devices using Bitlocker can be temperamental at the best of times. If you have devices which are not modern standy capable, you may find it even trickier still. Have a look at this post from Martin Bengtsson on how to configure policies for these devices.

https://www.imab.dk/silently-enable-bitlocker-drive-encryption-on-non-modern-standby-capable-devices-using-microsoft-endpoint-manager/


Another deep dive from Rudy Ooms, this time looking at Autopilot Profiles and device tokens. Well worth checking out to work out what’s going on behind the scenes.


I’m sure you know all about using Winget to deploy apps, but what about adding it to your machines in the first place? Fortunately Prajwal Desai has looked at all of the available options here.

A second post from Prajwal this week with a look at the multi-admin approval feature


Niklas Tinner has had a look at Winget including the new store integration in this post

https://oceanleaf.ch/my-take-on-the-future-app-deployment-intune/


Next, Thomas Marcussen gives an excellent rundown on Windows 365 lifecycle and the tools available for you


For anyone working with AVD and wanting to automate (and why wouldn’t you), have a look at this selection of scripts from Aresh Sarkari to automate the creation of the key infrastructure in your AVD config.


Another look at multi-admin approvals, this time from Daniel Bradley

A second post this week from Daniel, this one with a very thorough guide to deploying Azure Always-On VPN using Intune, an excellent read!


A popular subject this week, Torbjorn (Mr T-Bone) Granheden has also looked at the new multi-admin approval process.


The Managed Google Play store can get a bit complicated in environments with a large number of published apps. A new feature has recently been added to group them into collections. To find out how, have a look at this post from Peter van der Woude


This is one I am actually implementing right now! Securing your Intune builds is critical, but can be a painful experience. Fortunately Eric Mannon has put together an excellent set of MDE baseline policies for you to import directly into your tenant. Obviously test thoroughly before deploying to production!

https://github.com/msdirtbag/MDE-Quickstart


Exciting news, AAD Joined machines can now detect a trusted network and switch to a domain firewall profile. Read more in this post from Scott Breen

https://www.linkedin.com/pulse/azure-ad-joined-devices-can-now-detect-trusted-network-scott-breen/


What happens if you find you need to edit a registry key in the users hive, but you can’t run as user due to permissions issues? To find out how to access and edit using the system account, have a read of this post from Gannon Novak

https://smbtothecloud.com/powershell-intune-to-edit-hkcu-registry-as-system-when-standard-users-dont-have-permission/?latest

Now onto the video content from this week, starting with three videos from Chander Manu Pandey, the first demonstrating how to setup Enrollment Notifications.

The second post from Chander looking at managing Ubuntu devices including a demo.

Chander’s third video guides us through mutli-admin approvals in Intune


The ConfigMas videos from Johan Arwidmark keep releasing excellent content. I have picked three, but it’s well worth checking out the channel to look at them all.

The first one looks at Windows Autopatch with guest speaker Andrew Johnson

Johan’s second video this week demonstrates how to use PowerShell to automate VMs in Hyper-V

This video demonstrates how to package a Win32 app using PowerShell


To use the scripts demonstrated above, you will of course need Hyper-V on your machine. This video from Manish Bangia demonstrates how to install it on Windows 10 and 11


If you want to learn all there is to learn about Microsoft Information Protection, watch this video from Andy Malone


Harvansh Singh has released episode 16 of the MDE tutorial, this one looking at App and Browser Isolation. If you are working with MDE I would recommend checking out all episodes.


Mattias Melkersen Kalvåg and Michael Mardahl are joined by Jannik Reinhard and Florian Salzmann to look at their custom device inventory PowerShell module in this video.


Next, we have an end of year recap from the Namaste Technies, Harjit Dhaliwal and Anoop Nair.


Whilst more M365 side, when setting security config baselines, the Scuba Baseline tools are well worth checking out. To get a better idea, watch this video from Moe Kinani

Microsoft Content

Now onto the Microsoft content from this week starting with a look at how to secure your Log Analytics data from Bruno Gabrielli

https://techcommunity.microsoft.com/t5/core-infrastructure-and-security/azure-monitor-manage-data-access-for-your-log-analytics/ba-p/3690750?emcs_t=S2h8ZW1haWx8Ym9hcmRfc3Vic2NyaXB0aW9ufExCS0k5MTJVRkRLTkowfDM2OTA3NTB8U1VCU0NSSVBUSU9OU3xoSw


Microsoft Edge and WebView2 are going end of support for anyone running Windows 7 and 8/8.1(both users)

https://blogs.windows.com/msedgedev/2022/12/09/microsoft-edge-and-webview2-ending-support-for-windows-7-and-windows-8-8-1/


Shared Android devices now support Edge and Yammer as covered in this post from Christina Wu

https://techcommunity.microsoft.com/t5/microsoft-intune-blog/intune-managed-shared-android-devices-now-support-microsoft-edge/ba-p/3692032


An updated document on enrolling Android Enterprise Devices with a Work Profile

https://learn.microsoft.com/en-us/mem/intune/enrollment/android-corporate-owned-work-profile-enroll#managing-apps-on-android-enterprise-corporate-owned-work-profile-devices


What’s coming to Intune, including the exciting ability for users to uninstall from Company Portal!!

https://learn.microsoft.com/en-us/mem/intune/fundamentals/in-development#app-management


This article looks at the networking options for Windows 365 machines (and why I prefer the Microsoft Hosted!)

https://learn.microsoft.com/en-us/windows-365/enterprise/deployment-options


Also on the subject of Windows 365, the What’s New page now offers SSO for provisioning

https://learn.microsoft.com/en-us/windows-365/enterprise/whats-new?WT.mc_id=EM-MVP-5004114


Tarek Dawoud looks at the tools available for a true passwordless experience

https://techcommunity.microsoft.com/t5/microsoft-entra-azure-ad-blog/end-user-passwordless-utopia/ba-p/2144517


And finally, Robin Goldstein looks at the new AAD sign-in branding experience

https://techcommunity.microsoft.com/t5/microsoft-entra-azure-ad-blog/introducing-enhanced-company-branding-for-sign-in-experiences-in/ba-p/3094110


That’s it for this week (and next). I will try and squeeze in one more newsletter before the end of the year (depending how much content is being created over the break of course)

I wish you all a very Merry Christmas

Leave a Comment