Intune Newsletter – 10th February 2023

Another week has flown by, hopefully a week was long enough to read the epic newsletter from last week! Get comfy, here comes another one!

Community Content

We start this week with a post from Mike van den Brandt looking at the essentials you should be looking to implement (as a minimum) to secure your M365 tenant

Next up, Jannik Reinhard has put together a very useful script to export all failed assignments also including instructions to run it on a schedule and email the output.

Paul Winstanley has released part 2 of the incredibly in-depth guide on setting up Conditional Access, this one looking at all things MFA including the end-user experience. If you haven’t read part 1, I would strongly recommend checking that too

Microsoft licensing can be a minefield at times and that can include Windows 365 and working out which version is best for you or your customers. Here Dominiek Verham gives a detailed comparison of the two to help with the decision making

If you’re an HP house, this script from Gerry Hampson will help you remove all of the pre-installed software during Autopilot OOBE

The MD-100/MD-101 combo are finally being replaced with the new MD-102 which is very exciting for any Windows/Intune admins. Daniel Bradley has been quick off the mark with this study guide

A second post from Daniel this week, this one demonstrating how to use the New-MgUser Commandlet to create a new user with PowerShell and Graph

In a similar theme, this post from Daniel shows how to use Graph and PowerShell to create groups

For many, co-management is a stepping stone to full cloud device management. If you want to learn how the capability numbers work, this post from Ben Whitmore is for you

Part 2 of Shehan Perera‘s BYOD series, this time looking at managing devices if you have decided to allow personal devices to be joined to AAD/Intune

We all love an automated report, it saves time digging around in admin portals. This comprehensive post from René Laas shows how to configure a weekly report of Defender for Endpoint recommendations directly into Teams

Now ASRmageddon is a distant memory, hopefully you have ASR rules now fully enabled, but wouldn’t it be great if you could fully enforce them. This custom compliance script from Joey Verlinden can be used to block access if ASR rules are not applied

A new feature in 2301 is enrollment notifications as explored here by Peter van der Woude including customizing them to your environment

Another exciting new feature in 2301 is the new troubleshooting experience which Jitesh Kumar runs through in details in this post

A second post from Jitesh, this one looking at configuring Office policies from within Intune

The first of three posts from Anand P, this one demonstrating how to add an additional administrator to a managed google play store, especially useful if it was originally setup with a non-generic account!

Anand’s second post looks at what happens if you receive the “Couldn’t add your device” error when enrolling an Android enterprise device and how to resolve it.

The third post is a thorough run-through on configuring Apple device enrollment tokens

If you’re a Lenovo house, this post and script from Philip Jorgensen uses Graph API to add the device friendly name into the notes field on the device in Intune

This post from Joost Gelijsteen looks at how you can use deployment rings not only for Windows updates but also apps and policy changes

If you are deploying Adobe Reader as-is, this post from Nico Wyss is a must-read, including some useful PowerShell scripts/proactive remediations for hardening the security of it

If you would rather use the new store integration to remove built-in apps over a custom script, this post from Aresh Sarkari will show you the steps involved

This very thorough post from Thomas Marcussen runs through all of the capabilities of AVD including some of the newer features and Intune management

Storage sense is a useful tool to clearing space on your devices, especially those with multiple users. This post from Christopher Mogis shows how to enable manually and via Intune

Doug Petrole is running “Monitoring Month” this month with posts on how to monitor your cloud devices, this initial introduction post looks at some of the main items you should be monitoring and why

Jeffrey Appel has released the next part of the Defender for Endpoint series, this one looking at all things automation using Logic Apps

Windows 365 is potentially an excellent way to get the Windows 11 experience on unsupported hardware and increase the lifespan of your devices. In this post from Ola Ström you can see just what’s possible!

I normally avoid talking about Java, but in this case, it’s about removing it, so I’ll allow it! Nicklas Ahlberg has put together an excellent proactive remediation to remove it from your machines

Should you find yourself in a situation where you have lost the original copies of your scripts, this post from Tom Machado talks you through retrieving them from Intune

Sander Rozemuller has also put together a post describing how to recover your PowerShell script using Graph

This post from Mr T-Bone looks at enabling Kerberos ticket on AAD joined W365 machines and also covers deploying cloud trust

Brad Wyatt discovered an issue signing into Google Play to connect to Intune with a “try again with a different browser” error. Fortunately the post includes a fix!

The new AVD web experience is now in public preview and Benoit Hamet has been quick off the mark with a look at it here

Video Content

Now onto the video content for this week, starting with part 4 in the series looking at PSADT from Mattias Melkersen Kalvåg, this time looking at using it to manipulate registry keys

Next, we have three videos from Dean Ellerby, the first one looking at Dean’s top 5 resources when working with Intune

This video demonstrates how to manage and deploy updates to macOS devices using Intune

Also on the macOS theme, Dean’s third video demonstrates how to deplot Defender for Endpoint to your Mac estate

This video from Anoop Nair looks at the supported devices with Intune (as well as a comparison to SCCM) and also looks at custom baseline policies and enrollment device restrictions

The latest Intune.Training video is now live with Adam Gross and Steven Hosking looking at and deploying a custom compliance policy

This video from Dean Cefola demonstrates how to deploy apps using the new store integration and just how easy it is!

The final community content this week comes from Chander Mani Pandey and shows how to find what is blocking your machines from upgrading to Windows 11

Microsoft Content

Now for the Microsoft content, starting with this excellent article from Chris Morrissey covering everything windows update with links to articles and videos to get fully up to speed with the update process.

Another skilling snack, this one from Harjit Dhaliwal with some excellent tips and links for preparing for and onboarding Windows 11

The new Commercial control setting may be useful for those of you wanting to keep more control over your Windows updates, read more in this post from Aria Carley

Some exciting new features in the MSIX packaging tool as covered here by Naveen Kumar Nooka

Multimedia redirection is now generally available for W365 and AVD in this post from Nicholas Xu

Check out the new updates to the Windows Subsystem for Android

The Microsoft Edge PDF capabilities will shortly include Adobe Acrobat PDF engine, you can find out more in this article from Rick Turner

And finally, a look at what’s in development for Intune, I’m particularly excited about the Proactive Remediations on-demand function!

That’s all from this week, have an amazing weekend!

Leave a Comment