Intune Newsletter – 20th January 2023

Welcome to another Intune newsletter, hopefully this week things will be a bit less “lnkless”. For everyone who came through ASRmageddon unscathed, well done!

Community Content

ASRmageddon

As you can imagine, this was a massive talking point (and still is) so this first section is all around scripts and thoughts on the shortcut removal of 2023.

First Nicklas Ahlberg has an amended version of the official MS script to use with the Rock Enroll tool (LinkedIn)


Silvio Di Benedetto looks at the issue, KQL queries to look at what was hit and the fixes (LinkedIn)


This script from Harm Veenstra was one of the earlier ones to be released (prior to the Microsoft script) and proved extremely useful for many (LinkedIn)


Jose Schenardie has also released a script to fix shortcuts which looks useful

https://intune.tech/2023/01/17/ASRmageddon-Medkit2.0.html


Robin Stolpe has released a new PowerShell module using Winget to update apps automatically (LinkedIn)


The latest MacOS Ventura has moved settings config into a more iOS style view, looked at here by Michael Niehaus (LinkedIn)

https://oofhours.com/2023/01/17/macos-ventura-where-have-i-heard-this-before/


Jannik Reinhard has put together an excellent script to grab and analyse the MDM logs on clients, including a video demonstrating how to use it (LinkedIn)

https://jannikreinhard.com/2023/01/15/easy-way-to-analyse-mdm-diagnostic-data-on-the-client/


Changing a password on the login screen used to involve a custom OMA-URI policy, but fortunately that’s now in Settings Catalog as demonstrated in this post from Benoit Hamet (LinkedIn)

https://blog.hametbenoit.info/2023/01/16/intune-enable-self-service-password-reset-on-windows-login-screen-new-option/#.Y8USshXP1qY


Niall Brady has released part 5 of the excellent series on starting out with Windows 365. If you haven’t read the earlier posts, I’d recommend reading those first (LinkedIn)

https://www.windows-noob.com/forums/topic/23168-getting-started-with-windows-365-part-5-managing-your-cloud-pc/


This post from Jitesh Kumar looks at how to use Azure PIM to manage your Azure AD role assignments. If you are licensed for PIM, I’d strongly recommend implementing it

https://www.anoopcnair.com/azuread-role-privileged-identity-management-pim/


The ultimate “in case of emergency” option, expedited releases, we hope we never need them, but we’re glad they are there. This post from Adam Nichols demonstrates how they work within Autopatch and how to opt-out (LinkedIn)

https://mauvtek.com/home/so-its-autopatch-expedited-releases


MFA, we love it, the users hate us for it (largely). Fortunately Michael Mardahl covers the importance of it in this post in case you need to try and convince those higher-up (LinkedIn)


Aresh Sarkari has been busy putting together a selection of PowerShell scripts to manage Windows 365 devices. This post puts them all together in one easy location (LinkedIn)


Most of the main browsers are supported for Conditional Access, but they do need some configuration to get the users to sign-in. Florian Salzmann looks at Edge, Chrome and Firefox in this post with the steps required for each (LinkedIn)

https://scloud.work/en/conditional-access-device-state/

A second post from Florian, this one looks at the ‘disaster of the week’ which this week is ClickShare (LinkedIn)

https://scloud.work/en/startmenu-not-responding/


Another deep-dive from Rudy Ooms, this time looking at the particularly helpful Autopilot error “Something Went Wrong”. If you’re troubleshooting Intune/Autopilot, Rudy’s site should be high up your list! (LinkedIn)


Prajwal Desai has had a busy week with a number of posts, starting with a demo on how to remotely lock devices using Intune. Best to find out now rather than working it out when you need it (LinkedIn)

This posts looks at configuring Windows 365 alerting within Intune (LinkedIn)

To add a lock screen message on an iOS device (“If found, please call” etc.), follow this guide (LinkedIn)

This post from Prajwal looks at the different ways to update your new store apps


This set of scripts and a custom application from Gannon Novak will help you deploy custom Toast Notifications within Intune (LinkedIn)

https://smbtothecloud.com/deploy-custom-toast-notifications-with-intune-part-2/

App protection policies are crucial when dealing with BYOD, but also pretty useful as an extra layer of protection on fully managed devices. For an in-depth walk-through on how to configure and use them, check out this post from Anand P (LinkedIn)

https://www.cloudtekspace.com/post/create-and-assign-an-app-protection-policy-on-ios-ipados


If you’re a Lenovo house (my personal manufacturer of choice), this script from Damien Van Robaeys will convert the model to the readable name you’ll know from the devices themselves (LinkedIn)

https://www.systanddeploy.com/2023/01/get-list-uptodate-of-all-lenovo-models.html


Niels Kok and Stefan Dingemanse have put together an excellent PowerShell module for deploying Windows 365 machines and user settings (LinkedIn)

Here is a direct link to it:

https://www.powershellgallery.com/packages/PSCloudPC/1.0.2


Pim Jacobs has written another excellent post on Azure AD Lifecycle workflows, this one looking at the offboarding process. I’d recomment looking at the previous posts as well if you haven’t read them yet (LinkedIn)

https://identity-man.eu/2023/01/16/offboard-users-with-azure-ad-lifecycle-workflows-all-you-need-to-know/


Authentication Strength is a new feature in Conditional Access to give extra protection over your environment. To find out more and how to implement, read this post from Daniel Bradley (LinkedIn)


Next, Niklas Tinner looks at all things Windows update, the ways to update, different update rings and the importance of it all (LinkedIn)

https://oceanleaf.ch/windows-updates/


Now for two posts from Thomas Marcussen, the first with a thorough look at securing your Windows 365 machines (LinkedIn)

The second post from Thomas looks at some of the new features in Defender for Endpoint which you should be taking advantage of (LinkedIn)


Andy Jones has released an update to the excellent QuickLinks (LinkedIn)


We also have two posts from Peter van der Woude this week, the first looking at how to enable LSA (Local Security Authority) via a custom Intune policy and what extra security it provides (LinkedIn)

When enabing shared mode, but default OneDrive will be disabled which isn’t ideal for non-kiosk machines. To find out how to re-enable it, look at Peter’s second post (LinkedIn)


With the release of Remote Help, there are now two Microsoft native remote support options, which Dominiek Verham looks at in this post (LinkedIn)


If you haven’t tried AOSP yet and would like to test it without needing a second test phone, have a look at this post from Somesh Pathak showing how to use Android Emulator and test from your own PC (LinkedIn)

https://intuneirl.com/2023/01/what-is-aosp-how-to-use-android-emulators-to-configure-manage-enrol-avds-in-intune/

Video Content

Now for a look at the video content starting wit a guide to setting up a BYOD configuration in Intune from Alex de Jong (LinkedIn)


Now for two instructional guides from Chander Mani Pandey, starting with a guide to deploying an email subscription with a report on patch status (LinkedIn)

The second video looks at updating to Windows 11 via Intune Feature Updates (LinkedIn)


Harvansh Singh has released episodes 20 and 21 of the MDE series, starting with a look at Account Protection (LinkedIn)

Episode 21 covers managing incidents and alerts (LinkedIn)


If you haven’t yet setup Autopatch, this video from Nick Ross will guide you through the process


Anoop Nair and Joymalya Basu Roy look at the new store integration and Winget in this video from the HTMD User Group Event (LinkedIn)


The final video content isn’t stricly Intune related, but whilst it’s always DNS, I also think everyone should know how it works and where better to learn than another excellent video from John Savill (LinkedIn)


Microsoft Content

Now for a look at the Microsoft content this week starting with the official script for ASR from Scott Woodgate

https://techcommunity.microsoft.com/t5/microsoft-defender-for-endpoint/recovering-from-attack-surface-reduction-rule-shortcut-deletions/ba-p/3716011


If you want to become an MVP in Security, have a look at this article from Ben Harris

https://techcommunity.microsoft.com/t5/microsoft-defender-for-office/getting-started-as-a-security-mvp-most-valuable-professional/ba-p/3699265


If you have Config Manager, you can use that to manage your servers with Defender and Intune, read this from Atil Gürcan to find out how.

https://techcommunity.microsoft.com/t5/core-infrastructure-and-security/how-to-manage-microsoft-defender-on-windows-server-via-intune/ba-p/3713195


New security baselines for Edge 1909 have been released, Rick Munck has covered what is included in the update

https://techcommunity.microsoft.com/t5/microsoft-security-baselines/security-baseline-for-microsoft-edge-version-109/ba-p/3713981


And finally, if you’re on an Insider build, you’ll soon be getting tabs within Notepad! Find out more here from Dave Grochocki

https://blogs.windows.com/windows-insider/2023/01/19/tabs-in-notepad-begins-rolling-out-to-windows-insiders/


That’s it for this week, have an amazing weekend!

1 thought on “Intune Newsletter – 20th January 2023”

  1. Cheers, as always!

    Going to need to crack the bottle of wine out later for this lot, there’s a lot of information this week heh!

    Reply

Leave a Comment