Intune Newsletter – 30th December 2022

Welcome to the final Intune newsletter for 2022 and we are ending the year with a bang with an incredible amount of exciting content! I started the newsletters back in April as a way to keep track of everything happening in the Intune (then MEM) community and since then the amount of content has been incredible, this is the 38th edition of this year and now has over 500 subscribers!

A special thanks to everyone in this incredible community, these newsletters would be very brief without your amazing work!

Community Content

We start this newsletter with two posts from Sune Thomsen, the first with a Proactive Remediation script to migrate your on-prem bitlocker keys into Azure AD, ideal if you are transitioning your devices to cloud management.

The second post from Sune demonstrates how to enable the new single-sign-on feature (currently in preview) on your Windows 365 machines.


Stefan Dingemanse has also looked at the new SSO functionality, including what to do with any machines provisioned without the setting enabled.

https://www.stefandingemanse.com/2022/12/15/windows-365-sso


A popular topic, Dominiek Verham also looks at SSO and the end user experience with it enabled.

Dominiek’s second post looks at the new Windows Package Manager (winget) from both the machine and Intune side


Now for two posts from Christopher Mogis, the first of which looks at the new store integration in Intune.

https://www.ccmtune.fr/2022/12/microsoft-store-app-new-in-microsoft.html

Christopher’s second post looks at the compliance settings available for Ubuntu machines and how to configure them.

https://www.ccmtune.fr/2022/12/compliance-settings-for-ubuntu-in.html


Tracking Windows versions can be a lot of work and then having to look though the change log for each new version. Fortunately Jose Schenardie has released an excellent new PowerShell module to list latest builds for Win10/11 as well as release information.

https://intune.tech/2022/12/21/Windows-Release-Information.html


A first post in a new blog from Imran Awan with an introduction to Intune.

https://modernthecloud.blogspot.com/2022/12/Intune.html


If you run ZScaler in your environment, this custom compliance script from Niels Kok will help you monitor the ZScaler status when reviewing compliance of your devices

A second post from Niels this week shows what you can find when exploring Intune features in MS Graph, in this case, an undocumented (and possibly not-working) new setting to install Quality updates during ESP.


Next we have three posts from Simon Skotheimsvik, the first showing how to leverage Power Automate to scan to a Teams folder.

Simon has recently completed the excellent Kusto Detective Agency challenges and has described the experience in this post. NOTE: If you haven’t yet started/finished, the solutions are listed here.

Simon’s final post contains a PowerShell script to enable sensitivity labels on PDF files.


This post from Jitesh Kumar looks at the new preview feature in Azure-AD to configure company branding during the sign-in experience.

https://www.anoopcnair.com/azure-ad-company-branding-sign-in-experiences/


We now have two posts from Moe Kinani with the first looking at the different enrollment methods for your BYOD iOS devices.

https://cloudbymoe.com/f/ios-byod-user-enrollment-intune

This post has a look at the firewall rules available within Intune and the end-user experience after enabling.

https://cloudbymoe.com/f/block-unwanted-outbound-ports-using-intune-firewall-rules


With the new store for business/winget integration now implemented, you may be wondering what to do with your old company portal app deployed via the old method. Fortunately Arno van Dijk has covered your options in this post.

https://www.linkedin.com/pulse/what-do-old-company-portal-arno-van-dijk/


In the old on-prem days, you could setup an AD Trust between two domains and have them talk nicely, but sadly this functionality doesn’t exist in Azure AD. One option is B2B Direct Connect, looked at here by Shehan Perera

https://shehanperera.com/2022/12/22/b2b-direct-access-02/

A second post from Shehan, looking at bulk device actions, where they live and what they do

https://shehanperera.com/2022/12/28/intune-bulk-device-actions-01/


For anyone starting out with Intune, it is worth looking at this new module from Florian Salzmann to quickly deploy a new environment using either your own environment export, or one provided by Florian.

https://scloud.work/en/intune-starter-kit/


There are numerous security benchmarks available for a Microsoft Cloud environment. To look at what’s on offer, have a read of this post from Jonas Bøgvad

https://blog.skymadesimple.io/microsoft-cloud-security-benchmark/


Microsoft Graph underpins everything in Intune (and most of Microsoft Cloud) so it’s well worth learning. To find out how to interact using the PowerShell Graph SDK, have a look at this guide from Will Francillette

https://www.french365connection.co.uk/post/what-is-the-powershell-graph-sdk

Will has also released a second part looking at Graph authentication

https://www.french365connection.co.uk/post/graph-sdk-authentication


When starting with Intune, this look at best practices from Niklas Tinner is an excellent resource!

https://oceanleaf.ch/intune-best-practices/


PowerBi is an extremely powerful data manipulation tool across the entire Microsoft suite. Harvansh Singh demonstrates how to use it to interrogate data in the Intune Data Warehouse in this post


Next up, Thomas Marcussen gives an excellent overview of Windows 365 including costs involved and how to get started.


If you want to understand everything there is to know about Feature Updates, this very comprehensive post from Brooks Peppin will tell you all you need to know


Test base is a powerful, but I find largely under-used utility from Microsoft. Following on from an earlier post (here), Peter van der Woude looks at how to integrate it with Intune

In a second post from Peter, you can see what settings can be enabled to manage the new Windows Package Manager (winget) functionality and how to enable them via a custom policy


If you haven’t heard about the Target API Level changes for Android (or want to learn more), I would urge you to read this post from Somesh Pathak

https://intuneirl.com/2022/12/target-api-level-policy-changes-its-impact-on-enterprises/

A second post from Somesh, this one looking at deploying custom iOS apps

https://intuneirl.com/2022/12/ios-app-distribution-from-private-apps-to-enterprise-apps/

In this post Jannik Reinhard looks at the new multi-admin approval (MMA) feature currently in preview

https://jannikreinhard.com/2022/12/18/the-new-multiple-administrative-approvals-maas/


Stephan van Rooij has a way to create a multi-tenant managed identity (see the previous post here), this latest post gives a demonstration on how to implement it.

https://svrooij.io/2022/12/16/poc-multi-tenant-managed-identity/


This extremely thorough guide on zero-trust, PIM, access packages and more from Thomas Naunheim is definitely worth a read!

https://www.cloud-architekt.net/securing-privileged-access-conditionalaccess-governance/


Some more best practive suggestions for both Autopilot and Intune, this time from Hariom Jindal

https://www.linkedin.com/pulse/easily-manage-devices-microsoft-intune-autopilot-best-hariom-jindal/


Hybrid AAD Join should never be seen as a requirement for accessing on-prem resources when you can configure SSO with an AAD environment. To find out more, read this post from Gannon Novak


Now for four posts from Daniel Bradley, the first looking at extension attributes in Azure AD, what they are, why you may want to use them and how to configure them using PowerShell

Daniel’s second post demonstrates how to edit the MDM user scope via PowerShell

And the third post looks at configuring Intune custom roles via PowerShell

Daniel’s fourth post demonstrates how to initiate a bulk device sync both in the GUI and via PowerShell


You may want to remove IE11 from being launched individually on Windows 10 machines, whilst still retaining the executable for the Edge IE Mode. To find out how to do so using DISM, follow this guide from Prajwal Desai

This second post from Prajwal looks at the different ways to deploy Microsoft Teams from auto-starting.


With Security Defaults now enabled by default on new tenants, where does this leave Break Glass accounts which are not user assigned? Read this post from Jan Bakker with a possible solution.


If you have used AVD, you will no doubt have come across AVD Insights and seen how useful they can be. If you want to go a step further and enable them via automation, have a look at this post/script from Sander Rozemuller

https://www.rozemuller.com/enable-avd-insights-automated/


Ákos Bakos continues the excellent series on OSDCloud with this post looking at what tasks can be automated, including some useful scripts to get you started.


Should you want to run Windows update during Autopilot pre-provisioning, have a look at this post and accompanying scripts from Matias Magnus Andersen

https://epmstuff.wordpress.com/2022/12/27/run-windows-update-only-during-pre-provisioning/


A new preview feature in Intune is the ability to alert on certain failures within Windows 365. To find out how to enable the alerts, follow this from Niall Brady

https://www.windows-noob.com/forums/topic/23164-how-can-i-configure-alerts-for-windows-365-activity-in-intune/


Video Content

Now onto the video content, starting with a look at OpenAI ChatGPT with Jan Kjetil Skanke, Nickolaj Andersen and Michael Mardahl


Next up, the Cloud Management Community hosted an Autopilot Ask-Us-Anything with guest speakers Rudy Ooms and Michael Niehaus.


Next we have two videos from Chander Mani Pandey, the first with a thorough look at Microsoft Autopatch

Chander’s second video looks at Organizational messages including a full demo of the experience.


If you are new to PIM, have a look at this video from Moe Kinani covering eligible assignments to cloud groups


This ConfigMas special from Johan Arwidmark tests the excellent Intune Device Details GUI Tool


This video from Damien Van Robaeys is a full run-through on configuring Azure Log Analytics and adding data from Intune. It is worth checking out the other videos in the Festive Tech Calendar as well here


The final community content in this edition comes from Harvansh Singh with parts 17 and 18 of the MDE tutorial, looking at exploit protection and Smart Screen respectively


Microsoft Content

Now for the Microsoft content starting with this Intune Support tip looking at policy targeting with Autopilot

https://techcommunity.microsoft.com/t5/intune-customer-success/support-tip-targeting-apps-and-polices-with-windows-autopilot/ba-p/3700742

The final content comes from Dave Randall and Nina Desnica looking at one of my favourite subjects, configuration-as-code. This excellent post is well worth checking out!

https://techcommunity.microsoft.com/t5/intune-customer-success/configuration-as-code-for-microsoft-intune/ba-p/3701792


That’s it for this edition and indeed for this year! A special thanks for everyone who has contributed to the many newsletters in 2022, the newsletter will of course return in 2023.

2 thoughts on “Intune Newsletter – 30th December 2022”

Leave a Comment