Another week has flown by, hopefully a week was long enough to read the epic newsletter from last week! Get comfy, here comes another one!
Community Content
We start this week with a post from Mike van den Brandt looking at the essentials you should be looking to implement (as a minimum) to secure your M365 tenant
Next up, Jannik Reinhard has put together a very useful script to export all failed assignments also including instructions to run it on a schedule and email the output.
Paul Winstanley has released part 2 of the incredibly in-depth guide on setting up Conditional Access, this one looking at all things MFA including the end-user experience. If you haven’t read part 1, I would strongly recommend checking that too
Microsoft licensing can be a minefield at times and that can include Windows 365 and working out which version is best for you or your customers. Here Dominiek Verham gives a detailed comparison of the two to help with the decision making
If you’re an HP house, this script from Gerry Hampson will help you remove all of the pre-installed software during Autopilot OOBE
http://gerryhampsoncm.blogspot.com/2023/02/remove-pre-installed-hp-software-during.html?m=1
The MD-100/MD-101 combo are finally being replaced with the new MD-102 which is very exciting for any Windows/Intune admins. Daniel Bradley has been quick off the mark with this study guide
A second post from Daniel this week, this one demonstrating how to use the New-MgUser Commandlet to create a new user with PowerShell and Graph
In a similar theme, this post from Daniel shows how to use Graph and PowerShell to create groups
For many, co-management is a stepping stone to full cloud device management. If you want to learn how the capability numbers work, this post from Ben Whitmore is for you
Part 2 of Shehan Perera‘s BYOD series, this time looking at managing devices if you have decided to allow personal devices to be joined to AAD/Intune
https://shehanperera.com/2023/02/03/byod-02/
We all love an automated report, it saves time digging around in admin portals. This comprehensive post from René Laas shows how to configure a weekly report of Defender for Endpoint recommendations directly into Teams
https://endpointcave.com/get-every-week-a-defender-for-endpoint-vm-recommendation/
Now ASRmageddon is a distant memory, hopefully you have ASR rules now fully enabled, but wouldn’t it be great if you could fully enforce them. This custom compliance script from Joey Verlinden can be used to block access if ASR rules are not applied
A new feature in 2301 is enrollment notifications as explored here by Peter van der Woude including customizing them to your environment
Another exciting new feature in 2301 is the new troubleshooting experience which Jitesh Kumar runs through in details in this post
https://www.anoopcnair.com/intune-troubleshooting-for-device-user-issues/
A second post from Jitesh, this one looking at configuring Office policies from within Intune
https://www.anoopcnair.com/configure-office-app-policy-in-intune/
The first of three posts from Anand P, this one demonstrating how to add an additional administrator to a managed google play store, especially useful if it was originally setup with a non-generic account!
https://www.cloudtekspace.com/post/how-to-add-additional-admin-or-owner-to-managed-google-play-store
Anand’s second post looks at what happens if you receive the “Couldn’t add your device” error when enrolling an Android enterprise device and how to resolve it.
https://www.cloudtekspace.com/post/android-enterprise-enrollment-error-while-enrolling-to-intune
The third post is a thorough run-through on configuring Apple device enrollment tokens
https://www.cloudtekspace.com/post/setup-apple-automated-device-enrollment-ade-token-in-intune
If you’re a Lenovo house, this post and script from Philip Jorgensen uses Graph API to add the device friendly name into the notes field on the device in Intune
https://blog.lenovocdrt.com/#/2023/intune_device_notes
This post from Joost Gelijsteen looks at how you can use deployment rings not only for Windows updates but also apps and policy changes
If you are deploying Adobe Reader as-is, this post from Nico Wyss is a must-read, including some useful PowerShell scripts/proactive remediations for hardening the security of it
https://cloudfil.ch/intune-and-defender-365-adobe-acrobat-reader-hardening/
If you would rather use the new store integration to remove built-in apps over a custom script, this post from Aresh Sarkari will show you the steps involved
This very thorough post from Thomas Marcussen runs through all of the capabilities of AVD including some of the newer features and Intune management
Storage sense is a useful tool to clearing space on your devices, especially those with multiple users. This post from Christopher Mogis shows how to enable manually and via Intune
https://www.ccmtune.fr/2023/02/manage-drive-space-with-storage-sense.html
Doug Petrole is running “Monitoring Month” this month with posts on how to monitor your cloud devices, this initial introduction post looks at some of the main items you should be monitoring and why
https://www.desktopsforeveryone.com/blog/launching-monitoring-month
Jeffrey Appel has released the next part of the Defender for Endpoint series, this one looking at all things automation using Logic Apps
Windows 365 is potentially an excellent way to get the Windows 11 experience on unsupported hardware and increase the lifespan of your devices. In this post from Ola Ström you can see just what’s possible!
I normally avoid talking about Java, but in this case, it’s about removing it, so I’ll allow it! Nicklas Ahlberg has put together an excellent proactive remediation to remove it from your machines
Should you find yourself in a situation where you have lost the original copies of your scripts, this post from Tom Machado talks you through retrieving them from Intune
https://poemtomdm.fr/2023/02/09/get-powershell-and-bash-scripts-from-intune-using-microsoft-graph/
Sander Rozemuller has also put together a post describing how to recover your PowerShell script using Graph
https://www.rozemuller.com/get-intune-device-management-scripts-content-using-graph/
This post from Mr T-Bone looks at enabling Kerberos ticket on AAD joined W365 machines and also covers deploying cloud trust
https://www.tbone.se/2023/02/09/enable-cloud-kerberos-ticket-retrieval-for-aad-joined-devices/
Brad Wyatt discovered an issue signing into Google Play to connect to Intune with a “try again with a different browser” error. Fortunately the post includes a fix!
The new AVD web experience is now in public preview and Benoit Hamet has been quick off the mark with a look at it here
https://blog.hametbenoit.info/2023/02/10/avd-new-web-client-experience-in-preview/#.Y-Vv-q3P3mE
Video Content
Now onto the video content for this week, starting with part 4 in the series looking at PSADT from Mattias Melkersen Kalvåg, this time looking at using it to manipulate registry keys
Next, we have three videos from Dean Ellerby, the first one looking at Dean’s top 5 resources when working with Intune
This video demonstrates how to manage and deploy updates to macOS devices using Intune
Also on the macOS theme, Dean’s third video demonstrates how to deplot Defender for Endpoint to your Mac estate
This video from Anoop Nair looks at the supported devices with Intune (as well as a comparison to SCCM) and also looks at custom baseline policies and enrollment device restrictions
The latest Intune.Training video is now live with Adam Gross and Steven Hosking looking at and deploying a custom compliance policy
This video from Dean Cefola demonstrates how to deploy apps using the new store integration and just how easy it is!
The final community content this week comes from Chander Mani Pandey and shows how to find what is blocking your machines from upgrading to Windows 11
Microsoft Content
Now for the Microsoft content, starting with this excellent article from Chris Morrissey covering everything windows update with links to articles and videos to get fully up to speed with the update process.
Another skilling snack, this one from Harjit Dhaliwal with some excellent tips and links for preparing for and onboarding Windows 11
The new Commercial control setting may be useful for those of you wanting to keep more control over your Windows updates, read more in this post from Aria Carley
Some exciting new features in the MSIX packaging tool as covered here by Naveen Kumar Nooka
Multimedia redirection is now generally available for W365 and AVD in this post from Nicholas Xu
Check out the new updates to the Windows Subsystem for Android
The Microsoft Edge PDF capabilities will shortly include Adobe Acrobat PDF engine, you can find out more in this article from Rick Turner
And finally, a look at what’s in development for Intune, I’m particularly excited about the Proactive Remediations on-demand function!
https://learn.microsoft.com/en-us/mem/intune/fundamentals/in-development
That’s all from this week, have an amazing weekend!
