Welcome to this pre-Christmas Intune Newsletter (next week is Christmas Eve-Eve so I’ll be having some family time!)
It’s another bumper edition, the community never rests!
It is on Tuesday 20th at 7pm GMT (click here to see what that is in your timezone) and it is well worth checking out!
We start this week with two posts from Jitesh Kumar, the first looking at the replacement for the now end-of-life Update Compliance dashboard and how to enrol and configure it.
There may be times where you need to deploy a specific Windows Update to your devices without using traditional Windows Update components. This post will show you how to deploy them as Win32 apps.
The ChatGPT bot has been very popular in social media over the last week. Thomas Martin Grome has tested it to see how it handles AppLocker policies in Intune with good, but not perfect results, there is still a need to understand PowerShell and Graph!
Simon Skotheimsvik has had a look at the new multi-admin approval functionality in Intune, testing the full functionality on offer.
If you are looking to configure Windows Update for Business reports, this guide from Manish Bangia will show you how to configure from scratch including configuring the custom Intune policies.
Jannik Reinhard looks at the new store Winget functionality within the Intune portal in this post including a video walk-through at the bottom.
If you’ve ever wondered what happens to your Intunewin files after adding them to Intune and how to automate it yourself using PowerShell, have a look at this comprehensive post from Sander Rozemuller
ClickOnce Applications are just horrible to package and I often try and avoid them. Fortunately Arne Johansen has a post here on how to package and deliver them.
In another very thorough post, Shehan Perera looks at all things Defender Smartscreen and what it can do to protect your machines.
Encrypting devices using Bitlocker can be temperamental at the best of times. If you have devices which are not modern standy capable, you may find it even trickier still. Have a look at this post from Martin Bengtsson on how to configure policies for these devices.
Another deep dive from Rudy Ooms, this time looking at Autopilot Profiles and device tokens. Well worth checking out to work out what’s going on behind the scenes.
I’m sure you know all about using Winget to deploy apps, but what about adding it to your machines in the first place? Fortunately Prajwal Desai has looked at all of the available options here.
A second post from Prajwal this week with a look at the multi-admin approval feature
Niklas Tinner has had a look at Winget including the new store integration in this post
Next, Thomas Marcussen gives an excellent rundown on Windows 365 lifecycle and the tools available for you
For anyone working with AVD and wanting to automate (and why wouldn’t you), have a look at this selection of scripts from Aresh Sarkari to automate the creation of the key infrastructure in your AVD config.
Another look at multi-admin approvals, this time from Daniel Bradley
A second post this week from Daniel, this one with a very thorough guide to deploying Azure Always-On VPN using Intune, an excellent read!
A popular subject this week, Torbjorn (Mr T-Bone) Granheden has also looked at the new multi-admin approval process.
The Managed Google Play store can get a bit complicated in environments with a large number of published apps. A new feature has recently been added to group them into collections. To find out how, have a look at this post from Peter van der Woude
This is one I am actually implementing right now! Securing your Intune builds is critical, but can be a painful experience. Fortunately Eric Mannon has put together an excellent set of MDE baseline policies for you to import directly into your tenant. Obviously test thoroughly before deploying to production!
Exciting news, AAD Joined machines can now detect a trusted network and switch to a domain firewall profile. Read more in this post from Scott Breen
What happens if you find you need to edit a registry key in the users hive, but you can’t run as user due to permissions issues? To find out how to access and edit using the system account, have a read of this post from Gannon Novak
Now onto the video content from this week, starting with three videos from Chander Manu Pandey, the first demonstrating how to setup Enrollment Notifications.
The second post from Chander looking at managing Ubuntu devices including a demo.
Chander’s third video guides us through mutli-admin approvals in Intune
The ConfigMas videos from Johan Arwidmark keep releasing excellent content. I have picked three, but it’s well worth checking out the channel to look at them all.
The first one looks at Windows Autopatch with guest speaker Andrew Johnson
Johan’s second video this week demonstrates how to use PowerShell to automate VMs in Hyper-V
This video demonstrates how to package a Win32 app using PowerShell
To use the scripts demonstrated above, you will of course need Hyper-V on your machine. This video from Manish Bangia demonstrates how to install it on Windows 10 and 11
If you want to learn all there is to learn about Microsoft Information Protection, watch this video from Andy Malone
Harvansh Singh has released episode 16 of the MDE tutorial, this one looking at App and Browser Isolation. If you are working with MDE I would recommend checking out all episodes.
Whilst more M365 side, when setting security config baselines, the Scuba Baseline tools are well worth checking out. To get a better idea, watch this video from Moe Kinani
Now onto the Microsoft content from this week starting with a look at how to secure your Log Analytics data from Bruno Gabrielli
Microsoft Edge and WebView2 are going end of support for anyone running Windows 7 and 8/8.1(both users)
Shared Android devices now support Edge and Yammer as covered in this post from Christina Wu
An updated document on enrolling Android Enterprise Devices with a Work Profile
What’s coming to Intune, including the exciting ability for users to uninstall from Company Portal!!
This article looks at the networking options for Windows 365 machines (and why I prefer the Microsoft Hosted!)
Also on the subject of Windows 365, the What’s New page now offers SSO for provisioning
Tarek Dawoud looks at the tools available for a true passwordless experience
And finally, Robin Goldstein looks at the new AAD sign-in branding experience
That’s it for this week (and next). I will try and squeeze in one more newsletter before the end of the year (depending how much content is being created over the break of course)
I wish you all a very Merry Christmas