Welcome everyone to another exciting newsletter with plenty of tremendous Intune content. Put your feet up and enjoy!
Community Content
First, Jose Schenardie has some excellent logic apps to monitor app creation and assignment and post into Slack
https://intune.tech/2023/02/17/Monitoring-Intune-App-Creation-and-Assignments-using-Logic-Apps.html
AAD and MDE groups sadly don’t match as many of us would like. This post from David McWee uses an Intnue custom policy to create group tags to use in MDE
https://davidmcwee.com/2023/02/15/how-to-map-aad-groups-to-mde-device-groups/
If you would like to hide your name and picture from the sign-in screen, follow this guide from Christopher Mogis
https://www.ccmtune.fr/2023/02/hide-your-account-information-on.html
Sometimes when creating a runbook, you want to let others run it, but withouth giving them access to the Azure portal. Damien Van Robaeys shows you how to trigger it via PowerShell in this post
https://www.systanddeploy.com/2023/02/run-azure-automation-runbook-on-demand.html
David Brook has developed another script to manipulate the new drivers and firmware servicing. This one allows bulk enrollment of devices
https://euc365.com/post/bulk-enrol-device-driver-firmware-servicing/
A new application from Trevor Jones to convert to and from base64, I’ve already installed it on my PC!
https://smsagent.blog/2023/02/21/new-tool-base64-converter/
Now for two posts from Jitesh Kumar, the first one demonstrating how to require apps during Autopilot ESP
https://www.anoopcnair.com/required-apps-autopilot-enrollment-status-page/
The second post from Jitesh looks at all things compliance policies including monitoring your policies after deployment
https://www.anoopcnair.com/how-to-manage-intune-compliance-policy-settings/
Next, Snehasis Pani shows how to use direct enrollment for your macOS devices
https://www.anoopcnair.com/direct-enrollment-for-macos-using-intune/
If you are a sentinel user, this PowerShell module from Fabian Bader converts rules between YAML and ARM
https://cloudbrothers.info/en/convert-sentinel-analytics-rules/
This useful script from Jannik Reinhard will create Azure AD groups for your deployments with a set percentage of users in each group
No doubt if you are using Intune, you are an O365 house for email. This post from Nico Wyss demonstrates how to use Intune to block gmail sync
https://cloudfil.ch/disable-gmail-sync-on-intune-managed-devices/
You may already be using a previous script from René Laas to deploy language packs. This latest post shows how to deploy them using the new store integration
https://endpointcave.com/another-way-to-install-a-language-pack-via-intune/
If you have any Linux devices, you can now implement compliance policies against them to set some baselines to access corporate resources. To find out how to enrol them, follow this guide from Mr T-Bone
https://www.tbone.se/2023/02/22/start-managing-your-linux-with-intune/
This comprehensive guide from Bilal el Haddouchi looks at the cross-tenant synchronisation feature currently in preview in Entra
Should you still be wrestling users away from Chrome (we’ve all been there), this guide from Jonathan Lefebvre will help you manage the browser in the meantime
To enrol your AVD/W365 machines into Defender for Endpoint, follow this thorough guide from Aresh Sarkari
A second post from Aresh this week, demonstrating how to disable Search highlights on W365/AVD machines
Rudy Ooms has been digging through the logs again, this time looking at what happens when turning on/off the setting to allow pre-provisioning
You can now manage the appearance of the search button in Windows 11. This post from Peter van der Woude will show you how to do so with a custom policy
This post from Jan Bakker demonstrates how to duplicate your CA policies both in the GUI and using Graph
Rather than having to dig through the registry on a machine, Tom Machado shows how we can use Graph to find the output of a PowerShell script
A very useful preview feature, using Conditional Access for PIM escalated permissions. To find out more and how to test it, follow this post from Kenneth van Surksum
Another new AAD preview feature, Benoit Hamet looks at the new suspicious activities reporting feature in this post
This is one I should probably be doing myself. Use VS Code snippets to quickly insert your repeatable code as covered here by Harm Veenstra
If you’re using Nerdio Enterprise, Dominiek Verham shows how to use a custom domain with it
The Windows 365 application is excellent (and I use it daily), but for your end-users, there are quite a lot of screens to skip before you can actually use it. Gannon Novak has done some detective work and has found out how you can skip past them.
It’s always worth looking for devices which haven’t checked into Intune, best case they’ll be really out of date, worst case, there may be something wrong with them. This script from Lewis Barry will grab the devices and export them into a CSV for you to review
There is nothing worse than running your new script and just seeing the red “Forbidden” error message. To find out what permissions a graph command needs, have a look at this post from Daniel Bradley
Defender for Endpoint is a powerful tool across platforms. To find out how to deploy to your iOS devices, follow this guide from Jeffrey Appel
If you’re having issues connecting with the Windows 365 app (particularly if you use multiple accounts), have a read of this post from Niall Brady
Saurabh Sarkar has produced a thorough look at the full update process using WUfB in this post, well worth reading!
http://everythingaboutintune.com/2023/02/guide-for-managing-windows-updates-via-intune/
CIS have released the windows 11 baselines which Anoop Nair looks at here
https://www.anoopcnair.com/intune-windows-11-cis-benchmarks-download-now/
When dealing with kiosk devices, you may want to restrict other users from logging onto the device. Niklas Tinner has an excellent way of doing so using groups membership
https://niklastinner.medium.com/deny-local-log-on-for-azure-ad-accounts-98fef00bcd0b
Break glass accounts are critical in your environment, but should only be used in an emergency. This post from Sander Rozemuller not only automates the account creation but also sets up monitoring to alert when it is used
https://www.rozemuller.com/configure-break-glass-accounts-infrastructure-automated/
Robin Hobo has put together an in-depth look at deploying Win32 apps which is an excellent introduction to packaging for Intune
https://www.linkedin.com/pulse/how-deploy-win32-applications-microsoft-intune-remote-robin-hobo/
Simon Skotheimsvik has put together an excellent script to provide a menu for selecting a Group Tag when enrolling into Autopilot
Video Content
We start this weeks video content with a quick demo from Craig Camacho showing how to hide the last logged in user information on a shared device
This video from Nick Ross looks at the different tools available to automate your application packaging including Choco, Winget and Simeon Cloud
Another packaging alternative is Pckgr as demonstrated here by Dean Ellerby
The latest intune.training video featuring Adam Gross and Steven Hosking shows how to use the new Store Integration to remove applications
This video featuring Lior Bela, Aria Carley and Nir Froimovici looks not only at Autopatch, but also Update for Business and Update for Business deployment services and how they work
The latest video from Chander Mani Pandey looks at Win32 app packaging and deployment
Microsoft Content
First up, the Intune support team have released a troubleshooting guide for the new store functionality
Next, Lior Bela looks at the best Microsoft tooling to handle updates for your environment
And a video to go with it:
This two part from Carla DiFranco shows how to use the built-in inventory and app compatibility reporting within Intune to check your apps are compatible
And finally, the latest skilling snack is now live, this one from Dave Davies is an introduction to Azure AD
That’s it for this week, have an amazing weekend