Intune Newsletter – 17th February 2023

Welcome to your non-stop-shop for Intune content. This week is so full of content, I started writing it the day after I published last weeks!

Community Content

First up this week, Somesh Pathak has a look at the Factory Reset Protection functionality built in to Android devices

A second post from Somesh, also on the Android theme, looks at the Device Administrator app, what it does and why it’s there

I’m sure you’ve noticed the new sidebar in Edge (love it or hate it?). This post from Nicklas Ahlberg shows how to show it, hide it and add custom links to it

Trevor Jones has put together an excellent script to grab the data on all feature update rings and export to Log Analytics where you can use PowerBi to make charts and exec-friendly displays. Well worth checking out!

Now we have two posts from Tom Machado, the first using Graph to locate a device and plot it on a map

Tom’s second post looks at Device Diagnostics and how to use them effectively

If you are deploying bare metal images with Config Manager, I’d recommend reading this post from Michael Niehaus with a potential issue you may see when domain joining

In Michael’s second post you can find a script to create a provisioning package for bulk enrollment, but more reliably than using the ICD Tooling

Another troubleshooting post, this one from Ramal Abeysekera looking at the “Accunt Not Onboarded” error with macOS devices

Next up, Jannik Reinhard looks at one of my favourite things, Microsoft Graph including how to get started using it (managing Intune gets easier when you’ve mastered Graph)

Now for two posts from Nico Wyss, the first of which with some tips and scripts to harden Chrome with Intune and Defender

Nico’s second post runs through how to retrieve and deploy the certificate required for Fortigate SSL deep inspection via Intune

The next part of Paul Winstanley and Michael Marable‘s excellent look at conditional access is now available, this time enforcing MFA for admins. If you don’t have this setup already, please do so!

Now for two post from Jitesh Kumar starting with a look at user-driven enrollment on iOS devices

And this one covers how to monitor the status of the firewall on your Intune managed devices

If you are in a co-managed setup, this post from Benoit Hamet will show you how to get Config Manager recommendations from within the Intune portal

One of the more annoying parts of setting up a new environment is having to go and assign all of the apps added from Apple VPP, Google Play etc. Fortunately Nick Benton has put together a very useful script to automate bulk assignment

Damien Van Robaeys has put together another excellent script which leverages log analytics to provide a useful dashboard displaying devices with BSOD

An exciting new announcement (official one below), driver management is now publically available (but not yet in the Intune console). Fortunately David Brook has been quick off the mark with the Graph commands to manage it all. David has also released a video version in the content below.

Driver Management via Graph API and PowerShell (

In a follow up post you can find a script to also set deferrals

If you want to see which devices are applicable for driver deployments, you need this post

Next, Florian Salzmann looks at the Defender for Endpoint web filtering capabilities, how to enable in Intune and what the end-user experience is like

Rudy Ooms has again been digging around in Procmon and Wireshark, this time looking at the importance of MSA Tickets in device communication with Intune

A new feature in W11 22H2 is Smart App Control, this post from Peter van der Woude looks at how it works as well as WDAC including configuring the policies

Knowledge of Azure AD/identity management is crucial when working with any of the Microsoft cloud tools. As Eric Woodruff covers here, it’s also critical to most Microsoft exams!

Whilst on the subject of identity, if you don’t currently use PIM, have a read of this post from Mike van den Brandt and find out why you should be using it!

This post from Prajwal Desai runs you through the complete end-to-end steps to deploy Zoom via Intune

A second post from Prajwal, this time thoroughly running through the steps to configure Bitlocker via Intune

Prajwal’s third post looks at the different way of getting cloud PC connection details

On a similar note, if you need Zoom on a cloud VDI machine, Gannon Novak explains how to obtain and install the VDI specific verion here

Mattias Melkersen Kalvåg has released part 4 of the series on PSADT, this time looking at getting, setting and removing registry keys

Some weekly knowledge nuggets from Niclas Andersson, this week looking at Winget, Logic apps and Microsoft Graph

In the first of two posts from Brad Wyatt you can find a PowerShell script to amend permissions on the Public desktop to let users manage their own icons

Brad’s second post uses ADMX Ingestion to enable SSO within Firefox

Following on from a previous post re-creating the Edge baseline, Jörgen Nilsson has now re-created the Windows Security Baseline using the Settings Catalog only

Dynamic AAD Groups and Filters take a lot of the effort out of managing an estate. This post from Priscilla Leon takes a good look at both of them!

Jeffrey Appel has released part 10 of the Defender for Endpoint Series, this part covers some useful tips and tricks as well as what to watch out for.

An updated post from Simon Skotheimsvik showing how to deploy FortiClient VPN, not including PMPC and Scappman

If you want to restrict access to just upload Autopilot hashes, this post from Niklas Tinner will show you how to create a custom role with the required permissions

A second post from Niklas, looking at the wider Intune RBAC permissions

Number match for MFA is soon to be the default, in this post Moe Kinani looks at the PowerShell commands to switch authentication method

This thorough post from Pim Jacobs looks at Azure AD Access Packages and some excellent features you may not know existed

Niels Kok and Stefan Dingemanse have put together an excellent PS Module for managing W365 machines. In this latest post, you can see how it restores and reprovisions a cloud PC

This guide from Aresh Sarkari shows you how to get started with Defender for Endpoint and W365/AVD machines

On the subject of cloud PCs, this post from Doug Petrole looks at the secondary monitoring metrics available

If you are building machines using SCCM/MDT or simply having IT staff login to machine prior to deployment, you may find the primary user does not match the actual end-user and causes havoc with company portal. Fortunately Torbjorn (Mr T-Bone) Granheden has a script that can run in an Azure Runbook to sort it for you

Will Francillette has released part 3 of the Graph SDK series (and we all know how much I love Graph), this one looking at Graph permissions. If you haven’t read the previous parts, check those out too!

Defender for Endpoint is an incredibly useful part of the M365 suite. This post from René Laas runs through the steps to onboard via Intune

If you haven’t yet setup Windows Hello for Business, this post from Manish Bangia will walk you through it step by step

This article from Roy Apalnes demonstrates some of the use cases for leveraging Windows 365

Microsoft now officially support Windows 11 on ARM based macOS devices using Parallels, you can read more in this post from Michael Niehaus

Next, an introduction to Winget (and the interesting history behind package managers) from Kevin Kaminski

Video Content

Now onto the video content, this week starting with a new video from Peter Kay showing how to create a message template for non-compliant devices

Next, Dean Ellerby demonstrates how to import your on-prem GPOs into Intune using GPO Analytics as well as home tips

This episode of the 425 show is a deep dive into Conditional Access featuring Caleb Baker and Shannon Kuehn

The latest Namaste Techies episode is now live with Harjit Dhaliwal and Anoop Nair looking at and discussing Chat GPO and Bing

This video featuring Mattias Melkersen Kalvåg and Chris Gerke shows how to leverage VS Code, Git and PSADT to make building and deploying your Win32 apps much easier!

Managing your security baselines in Intune can be a lengthy process, even more so if you are managing multiple tenants. This video from Nick Ross looks at Microsoft365 DSC and Simeon Cloud to do the hard work for you.

To make logins easier for your end users, you can set a default domain in Intune as demonstrated in this video from Craig Camacho

This video from Chander Mani Pandey shows how to use a PowerShell script and Azure automation to bulk sync Windows devices

As mentioned earlier, David Brook has put together a video covering the new driver integration functionality

If you haven’t tried Winget yet, this video from Dean Cefola will set you well on your way

The latest what’s new in Intune video is now out featuring Mattias Melkersen Kalvåg and Nickolaj Andersen looking at the new features in 2301

The first of a new set of videos from Andrew Jones looking at managing iOS and macOS with Intune, starting with enrolling personal macOS devices

The final video from this week comes from Jóhannes Geir Kristjansson, Jake Shackelford and Sean Bulger looking at the cause of many sleepless nights for me, Graph Pagination. Fortunately the script is shared for you to use in your scripts!

Microsoft Content

Now onto the Microsoft content, starting with a look at the expansion of ASR to MDE managed devices (and how to exclude them) from Laura Arrizza and Amit Ghodke

Expanding support for Attack surface reduction rules with Microsoft Intune – Microsoft Community Hub

As covered earlier, here is the official announcement of the driver integration from Nir Froimovici

If you are reading this, you must have some interest in Windows and Intune. Join the Office Hour to discuss any questions and speak with the experts. Heather Poulsen has more information here

The latest Skilling Snack has been released, this one comes from Danny Guillory and covers transitioning from on-prem to cloud on your end-user devices, looking at your various options

The final content from this week comes from Anton Fontanov looking at improvements to the updating of .Net framework in Windows 11 22H2

If you’re still reading at this point, congratulations! That’s it for this week, go and enjoy your weekend

Leave a Comment