Welcome to this weeks exciting newsletter and whether you are a glass half empty or half full type of person, we can all agree, this is definitely full of content!
I’m testing something new this week, if you want to like or share one of the articles on LinkedIn, I’m including a link directly to the post as well as the direct blog post link. Feedback/improvements always welcome.
Featured Content
I’m a huge fan of PowerShell Application Deploy Toolkit and this news is worthy of a feature at the top here. Version 3.9 has now been released with some excellent updates.
https://github.com/PSAppDeployToolkit/PSAppDeployToolkit/releases/tag/3.9
Mattias Melkersen Kalvåg has also interviewed the geniuses behind the toolkit (Dan Cunningham, Sean Lillis, Mo Mashwani) in this video (LinkedIn)
Community Content
Now for a look at configuring and using Multiple admin approvals in Intune from Jitesh Kumar (LinkedIn)
https://www.anoopcnair.com/configure-multiple-admin-approvals-in-intune/
A second post from Jitesh this week, looking at the invalid client message when enrolling via Autopilot and how to fix it (LinkedIn)
https://www.anoopcnair.com/intune-windows-enrollment-invalid-client-error/
If you are looking to manage macOS devices using Intune, this post from Snehasis Pani shows how to configure device restriction settings (LinkedIn)
https://www.anoopcnair.com/device-restriction-settings-for-macos-intune/
For anyone wanting to know exactly what’s going on when you add new winget apps into Intune, I’d strongly recommend reading this post from James Robinson (LinkedIn)
https://skiptotheendpoint.co.uk/under-the-hood-pt-2-microsoft-store-apps/
This logic app from René Laas generates a report of all machines listed in Defender for Endpoint so you can ensure it matches those managed in Intune for a clean environment (LinkedIn)
https://endpointcave.com/report-of-all-defender-for-endpoint-devices/
Unless you are in the position where you are the only person with admin rights over Intune, you’ll probably want to see if anyone else is messing with your environment. This post from Niklas Tinner uses Intune reporting, Log Analytics and alert rules (or logic apps) to alert you of changes. (LinkedIn)
https://oceanleaf.ch/intune-event-based-automation-for-alerting/
Jannik Reinhard has put together an excellent guide and video to quickly get started with Intune (or even check you are doing it right) (LinkedIn)
https://jannikreinhard.com/2023/01/08/intune-quick-start-guide/
If you are weighing up if now is the time to deploy Windows 11 or not, this post from Michael Niehaus may help you with that decision. Remember, you have until 2025! (LinkedIn)
https://oofhours.com/2023/01/07/is-2023-the-year-for-windows-11/
Michael’s second post this week takes a look at Windows on arm64 processors
https://oofhours.com/2023/01/12/is-2023-the-year-for-windows-on-arm64/
As mentioned in the MS news last week, AAD Connect Cloud Sync is scheduled to replace Azure AD Connect. To find out more about it, what it does, what it can’t do and how to upgrade, have a look at this thorough post from Shehan Perera (LinkedIn)
https://shehanperera.com/2023/01/08/its-2023-lets-talk-about-azure-ad-connect-cloud-sync/
Following on from last weeks PowerShell script to display the top 50 machines experiencing BSOD, Damien Van Robaeys has taken it one step further and can now send Teams notifications with the devices listed (LinkedIn)
https://www.systanddeploy.com/2023/01/getting-teams-notification-for-top-50.html
I deploy some of my scripts to the PowerShell Gallery if they are re-usable and don’t need huge amounts of input or amendments, but it can be tricky to get them uploaded. If you want to add yours on there, follow this guide from Nicholas Xuan Nguyen (LinkedIn)
https://adamtheautomator.com/powershell-gallery/
I have seen Winget become a lot more popular of late for deploying apps, but it is also useful for keeping them updated. If you want a bit more management over the updates, including adding app exclusions (something I’ve been after for a while), check out this app and ADMX instructions from Hauke Götze (LinkedIn)
https://github.com/Weatherlights/Winget-AutoUpdate-Intune
macOS support in Intune keeps improving, especially on the app deployment front. What if you need to deploy a custom application though? Have a look at this post from Liviu Barbat to find out how to get those LOB apps deployed. (LinkedIn)
Whilst Autopilot doesn’t work on Windows Home, that doesn’t stop users enrolling their machines into Intune. Fortunately Daniel Bradley has a very thorough post on using device filters to block these devices. (LinkedIn)
With AAD and MSOL modules soon to be deprecated, if you haven’t moved to PowerShell SDK yet, now is the time to do so. Daniel’s second post runs through how to install it (LinkedIn)
If you’ve ever looked at custom toast notifications and wondered what wizardry is going on there, have a look at this comprehensive post from Gannon Novak and you’ll be creating notifications before you know it. (LinkedIn)
Nico Wyss has put together an excellent script to change the hostfile on Intune managed machines when using AlwaysOn VPN (LinkedIn)
https://cloudfil.ch/alwaysonvpn-change-hostfile-via-intune-script-deployment/
In this post, Sander Rozemuller looks at the new sign-in branding in Azure and how to configure it for a better end-user experience (LinkedIn)
https://www.rozemuller.com/automated-user-sign-in-experience-with-company-branding/
Following on from last weeks deep-dive into the world of Autopilot, Rudy Ooms has continued the series with a look at the DeviceAddRequest command running in the background (LinkedIn)
Next, Somesh Pathak looks at some important queries to run within Defender for Endpoint to make sure your estate is secure from the offset, including devices not onboarded and devices with local admin (LinkedIn)
I’m a big fan of Winget, but the current non-preview version lacks PowerShell commandlets. If you want to update your apps using PowerShell, have a look at this script from Harm Veenstra (LinkedIn)
Next, José Pinos looks at 5 conditional access policies everyone should implement, including a handy spreadsheet with the policy details in (LinkedIn)
If you are switching to the new Store App deployment, this guide from Prajwal Desai is well worth reading. (LinkedIn)
A second post from Prajwal showing how to configure multi-admin approvals (LinkedIn)
Did you know Power Automate can connect to graph and send JSON? Moe Kinani is demonstrating it in this post to automate guest creation and add an extra attribute field! (LinkedIn)
https://cloudbymoe.com/f/automate-guest-creation-and-add-sponsor-attribute-field-via-graph
This post from Dominiek Verham looks at nested virtualization to allow you to run a VM from within your cloud PC (LinkedIn)
David Brook has been looking at the pesky 0x00000000 error when deploying a new store app and has a fix in this post (LinkedIn)
https://euc365.com/post/troubleshooting-ms-store-app-install-error-0x00000000/
Jeffrey Appel has released part 7 of the excellent Defender for Endpoint series, this one looking at integration with other Microsoft products (LinkedIn)
Video Content
Now for this weeks video content, starting with the latest MDE episode from Harvansh Singh looking at USB device blocking and allowing (LinkedIn)
Now for three videos from Peter Kayode demonstrating how to enrol devices into Intune, firstly using Autopilot and then using Company Portal (LinkedIn & LinkedIn)
Peter’s third video demonstrates how to block personal devices (LinkedIn)
Chander Mani Pandey demonstrates how to use Autopatch to upgrade your machines to Windows 11 in this video (LinkedIn)
After the update to M365Maps, Dean Ellerby looks at the top features of this incredible resource (LinkedIn)
This video from David Brook reviews and demonstrates the different ways to give users access to Windows 365 (LinkedIn)
The last community content this week comes from Dean Cefola looking at the new single sign-on functionality in Windows 365 (LinkedIn)
Microsoft Content
Now for the Microsoft content starting with a look at what’s new in Autopilot
A look at planning an Azure PIM deployment
Updates to Windows Subsystem for Android
The Intune support team have released some exciting details about app supercedence improvements due soon
Some exciting Autopatch news, it is now supported via FastTrack
The final content from this week comes from Christina Wu looking at the new features for frontline workers using shared devices
Yeah, we’ve put that in place, just am a MSP and have multiple customers and thousands of machines.
Hoping it won’t be a manual job for shortcuts, as some devices have lost absolutely everything.
Will have to read this later, due to the Microsoft defender balls up issue that has deleted all desktop and shortcut icons.
Absolute nightmare from their side…
You have my sympathy
A workaround, set this ASR to audit:
Block Win32 API calls from Office macro