Welcome to the final Intune newsletter for 2022 and we are ending the year with a bang with an incredible amount of exciting content! I started the newsletters back in April as a way to keep track of everything happening in the Intune (then MEM) community and since then the amount of content has been incredible, this is the 38th edition of this year and now has over 500 subscribers!
A special thanks to everyone in this incredible community, these newsletters would be very brief without your amazing work!
Community Content
We start this newsletter with two posts from Sune Thomsen, the first with a Proactive Remediation script to migrate your on-prem bitlocker keys into Azure AD, ideal if you are transitioning your devices to cloud management.
The second post from Sune demonstrates how to enable the new single-sign-on feature (currently in preview) on your Windows 365 machines.
Stefan Dingemanse has also looked at the new SSO functionality, including what to do with any machines provisioned without the setting enabled.
https://www.stefandingemanse.com/2022/12/15/windows-365-sso
A popular topic, Dominiek Verham also looks at SSO and the end user experience with it enabled.
Dominiek’s second post looks at the new Windows Package Manager (winget) from both the machine and Intune side
Now for two posts from Christopher Mogis, the first of which looks at the new store integration in Intune.
https://www.ccmtune.fr/2022/12/microsoft-store-app-new-in-microsoft.html
Christopher’s second post looks at the compliance settings available for Ubuntu machines and how to configure them.
https://www.ccmtune.fr/2022/12/compliance-settings-for-ubuntu-in.html
Tracking Windows versions can be a lot of work and then having to look though the change log for each new version. Fortunately Jose Schenardie has released an excellent new PowerShell module to list latest builds for Win10/11 as well as release information.
https://intune.tech/2022/12/21/Windows-Release-Information.html
A first post in a new blog from Imran Awan with an introduction to Intune.
https://modernthecloud.blogspot.com/2022/12/Intune.html
If you run ZScaler in your environment, this custom compliance script from Niels Kok will help you monitor the ZScaler status when reviewing compliance of your devices
A second post from Niels this week shows what you can find when exploring Intune features in MS Graph, in this case, an undocumented (and possibly not-working) new setting to install Quality updates during ESP.
Next we have three posts from Simon Skotheimsvik, the first showing how to leverage Power Automate to scan to a Teams folder.
Simon has recently completed the excellent Kusto Detective Agency challenges and has described the experience in this post. NOTE: If you haven’t yet started/finished, the solutions are listed here.
Simon’s final post contains a PowerShell script to enable sensitivity labels on PDF files.
This post from Jitesh Kumar looks at the new preview feature in Azure-AD to configure company branding during the sign-in experience.
https://www.anoopcnair.com/azure-ad-company-branding-sign-in-experiences/
We now have two posts from Moe Kinani with the first looking at the different enrollment methods for your BYOD iOS devices.
https://cloudbymoe.com/f/ios-byod-user-enrollment-intune
This post has a look at the firewall rules available within Intune and the end-user experience after enabling.
https://cloudbymoe.com/f/block-unwanted-outbound-ports-using-intune-firewall-rules
With the new store for business/winget integration now implemented, you may be wondering what to do with your old company portal app deployed via the old method. Fortunately Arno van Dijk has covered your options in this post.
https://www.linkedin.com/pulse/what-do-old-company-portal-arno-van-dijk/
In the old on-prem days, you could setup an AD Trust between two domains and have them talk nicely, but sadly this functionality doesn’t exist in Azure AD. One option is B2B Direct Connect, looked at here by Shehan Perera
https://shehanperera.com/2022/12/22/b2b-direct-access-02/
A second post from Shehan, looking at bulk device actions, where they live and what they do
https://shehanperera.com/2022/12/28/intune-bulk-device-actions-01/
For anyone starting out with Intune, it is worth looking at this new module from Florian Salzmann to quickly deploy a new environment using either your own environment export, or one provided by Florian.
https://scloud.work/en/intune-starter-kit/
There are numerous security benchmarks available for a Microsoft Cloud environment. To look at what’s on offer, have a read of this post from Jonas Bøgvad
https://blog.skymadesimple.io/microsoft-cloud-security-benchmark/
Microsoft Graph underpins everything in Intune (and most of Microsoft Cloud) so it’s well worth learning. To find out how to interact using the PowerShell Graph SDK, have a look at this guide from Will Francillette
https://www.french365connection.co.uk/post/what-is-the-powershell-graph-sdk
Will has also released a second part looking at Graph authentication
https://www.french365connection.co.uk/post/graph-sdk-authentication
When starting with Intune, this look at best practices from Niklas Tinner is an excellent resource!
https://oceanleaf.ch/intune-best-practices/
PowerBi is an extremely powerful data manipulation tool across the entire Microsoft suite. Harvansh Singh demonstrates how to use it to interrogate data in the Intune Data Warehouse in this post
Next up, Thomas Marcussen gives an excellent overview of Windows 365 including costs involved and how to get started.
If you want to understand everything there is to know about Feature Updates, this very comprehensive post from Brooks Peppin will tell you all you need to know
Test base is a powerful, but I find largely under-used utility from Microsoft. Following on from an earlier post (here), Peter van der Woude looks at how to integrate it with Intune
In a second post from Peter, you can see what settings can be enabled to manage the new Windows Package Manager (winget) functionality and how to enable them via a custom policy
If you haven’t heard about the Target API Level changes for Android (or want to learn more), I would urge you to read this post from Somesh Pathak
A second post from Somesh, this one looking at deploying custom iOS apps
In this post Jannik Reinhard looks at the new multi-admin approval (MMA) feature currently in preview
https://jannikreinhard.com/2022/12/18/the-new-multiple-administrative-approvals-maas/
Stephan van Rooij has a way to create a multi-tenant managed identity (see the previous post here), this latest post gives a demonstration on how to implement it.
https://svrooij.io/2022/12/16/poc-multi-tenant-managed-identity/
This extremely thorough guide on zero-trust, PIM, access packages and more from Thomas Naunheim is definitely worth a read!
https://www.cloud-architekt.net/securing-privileged-access-conditionalaccess-governance/
Some more best practive suggestions for both Autopilot and Intune, this time from Hariom Jindal
https://www.linkedin.com/pulse/easily-manage-devices-microsoft-intune-autopilot-best-hariom-jindal/
Hybrid AAD Join should never be seen as a requirement for accessing on-prem resources when you can configure SSO with an AAD environment. To find out more, read this post from Gannon Novak
Now for four posts from Daniel Bradley, the first looking at extension attributes in Azure AD, what they are, why you may want to use them and how to configure them using PowerShell
Daniel’s second post demonstrates how to edit the MDM user scope via PowerShell
And the third post looks at configuring Intune custom roles via PowerShell
Daniel’s fourth post demonstrates how to initiate a bulk device sync both in the GUI and via PowerShell
You may want to remove IE11 from being launched individually on Windows 10 machines, whilst still retaining the executable for the Edge IE Mode. To find out how to do so using DISM, follow this guide from Prajwal Desai
This second post from Prajwal looks at the different ways to deploy Microsoft Teams from auto-starting.
With Security Defaults now enabled by default on new tenants, where does this leave Break Glass accounts which are not user assigned? Read this post from Jan Bakker with a possible solution.
If you have used AVD, you will no doubt have come across AVD Insights and seen how useful they can be. If you want to go a step further and enable them via automation, have a look at this post/script from Sander Rozemuller
https://www.rozemuller.com/enable-avd-insights-automated/
Ákos Bakos continues the excellent series on OSDCloud with this post looking at what tasks can be automated, including some useful scripts to get you started.
Should you want to run Windows update during Autopilot pre-provisioning, have a look at this post and accompanying scripts from Matias Magnus Andersen
https://epmstuff.wordpress.com/2022/12/27/run-windows-update-only-during-pre-provisioning/
A new preview feature in Intune is the ability to alert on certain failures within Windows 365. To find out how to enable the alerts, follow this from Niall Brady
Video Content
Now onto the video content, starting with a look at OpenAI ChatGPT with Jan Kjetil Skanke, Nickolaj Andersen and Michael Mardahl
Next up, the Cloud Management Community hosted an Autopilot Ask-Us-Anything with guest speakers Rudy Ooms and Michael Niehaus.
Next we have two videos from Chander Mani Pandey, the first with a thorough look at Microsoft Autopatch
Chander’s second video looks at Organizational messages including a full demo of the experience.
If you are new to PIM, have a look at this video from Moe Kinani covering eligible assignments to cloud groups
This ConfigMas special from Johan Arwidmark tests the excellent Intune Device Details GUI Tool
This video from Damien Van Robaeys is a full run-through on configuring Azure Log Analytics and adding data from Intune. It is worth checking out the other videos in the Festive Tech Calendar as well here
The final community content in this edition comes from Harvansh Singh with parts 17 and 18 of the MDE tutorial, looking at exploit protection and Smart Screen respectively
Microsoft Content
Now for the Microsoft content starting with this Intune Support tip looking at policy targeting with Autopilot
The final content comes from Dave Randall and Nina Desnica looking at one of my favourite subjects, configuration-as-code. This excellent post is well worth checking out!
That’s it for this edition and indeed for this year! A special thanks for everyone who has contributed to the many newsletters in 2022, the newsletter will of course return in 2023.
Hello Andrew,
thanks for all your work. I wish you a HAPPY NEW YEAR.
Bernhard
Thank you Bernhard, you too!