Welcome everyone to the first Intune newsletter for 2023, I hope you all had a relaxing break. The community has already been busy releasing new content!
Community Content
We start this week with an excellent new website from Ugur Koc. If you use KQL in your role, this site lists KQL queries available on GitHub to save you having to create them yourself, a real timesaver!
Next, we have two posts from Imran Awan, the first looking at your options when setting up a single app kiosk on Windows.
https://modernthecloud.blogspot.com/2023/01/comparing-different-ways-to-set-up.html
This script from Imran can quickly display (some) apps installed onto a machine using PowerShell and the Win32 Object WMI call
https://modernthecloud.blogspot.com/2023/01/InstallAppsPowershell.html
This one needs no introduction! Aaron Dinnage has released an update to the incredible M365 Maps website
Jannik Reinhard has released a new tool to run on end-user systems which offers some excellent self-service functionality
https://jannikreinhard.com/2023/01/01/system-information-and-self-service-tool/
With fixed drives, there are policies in place to force encryption and save the key to Azure AD, but these don’t exist out of the box for removable storage. Fortunately Gannon Novak has a solution which you can read about here
If you want to let Microsoft do the hard work patching your devices, Autopatch is your friend. This post from Prajwal Desai will show you how to set it up.
The downside of cloud based data is securing it. With managed devices, it’s pretty straight forward, but what about unmanaged ones? Joey Verlinden has you covered with this post on Defender for Cloud Apps
This next post from Joost Gelijsteen looks at the new multi-admin approvals functionality, how to set it up and use it day-to-day
For those of you with Lenovo devices, have a look at all of the lovely management tasks you can let Intune sort in this very thorough post from Mattias Melkersen Kalvåg
One of the advantages of a well configured Intune setup is it allows support teams to be more proactive and look for trends and issues before reported by the users. This PowerShell script from Damien Van Robaeys will display the top 50 devices with BSOD
https://www.systanddeploy.com/2023/01/using-powershell-and-ms-graph-to-get.html
Now for two posts from Daniel Bradley, the first with end-to-end instructions to deploy Always on Azure VPN using Intune
Daniels second post shows how to use an App Registration and client secret to programatically to connect to Microsoft Graph using PowerShell
This post from Moe Kinani shows how to use ADMX import in Intune to add 3rd party admin templates
https://cloudbymoe.com/f/import-custom-3rd-party-administrative-templates-into-intune
The latest Rudy Ooms deep-dive looking at the OfflineDeviceID in Autopilot and preparing us for the next post, I can’t wait…
In this post, Somesh Pathak looks at the new Unlisted App option for iOS devices as a new, improved way to distribute in-house iOS apps to managed devices
This post from Dominiek Verham was of particular interest to me. For anyone who hasn’t come across Rimo3, or wants to find out more, it’s well worth a read
If you are looking at Windows 365, or trying to convince your organization to implement it, this post from David Brook will come in handy.
https://euc365.com/post/why-windows-365/
Will Francillette has put together a custom compliance policy to thoroughly ensure a device is encrypted before allowing access
https://www.french365connection.co.uk/post/intune-custom-bitlocker-assessment
Jeffrey Appel has released part 6 of the excellent Defender for Endpoint series, this one with an in-depth look at validation and troubleshooting
Now for two posts from Jitesh Kumar, starting with a very important one. Microsoft recently enabled a setting in AAD which allows users to create their own tenant (and give them GA on it). Read more to find out how to turn this off!
https://www.anoopcnair.com/restrict-azure-ad-tenant-creation-for-users/
The second post from Jitesh shows how to configure screen capture protection on a Windows 365 machine to stop users screen-grabbing from a non-managed device
https://www.anoopcnair.com/configure-screen-capture-protection-windows-365/
A new Windows 11 feature allows you to set AAD joined device firewall profiles to Domain, which was previously only possible on hybrid joined devices. This post from Peter van der Woude shows how to enable and configure it.
Simon Skotheimsvik looks at the new Azure AD branding experience in this post
Next, Michael Niehaus looks at the latest Windows 11 stats and how the uptake is going
https://oofhours.com/2023/01/05/windows-11-had-a-bad-year/
Trying to get device information from end-users can be a struggle! Fortunately Florian Salzmann has put together a script which will automatically send it to Teams for you
https://scloud.work/en/support-info-to-teams/
Video Content
Now onto this weeks video content, starting with two videos from Chander Mani Pandey, the first showing how to configure automated email alerts with the lastest cumulative and OOB updates
The second video covers the five different Autopilot deployment scenarios and where you may use them
The final community content from this week comes from Peter Kayode with a look at the Device Name Template setting. It’s well worth subscribing to Peters channel as well.
Microsoft Content
Now for the Microsoft content, starting with a look at the new ADMX policies for Windows 10 and Windows 11 from Helmut Wagensonner
Some tips from the Intune Support Team on targeting with Autopilot and how Intune processed changes at the group membership level.
With Azure AD Cloud Sync scheduled to replace Azure AD Connect, this video from the Microsoft Security Team should help understand why the need to change.
That’s it for this week, thanks to everyone who has contributed content and there will be plenty more next week!
Wonderful
Glad you found it useful!