Intune Newsletter – 24th February 2023

Welcome everyone to another exciting newsletter with plenty of tremendous Intune content. Put your feet up and enjoy!

Community Content

First, Jose Schenardie has some excellent logic apps to monitor app creation and assignment and post into Slack

AAD and MDE groups sadly don’t match as many of us would like. This post from David McWee uses an Intnue custom policy to create group tags to use in MDE

If you would like to hide your name and picture from the sign-in screen, follow this guide from Christopher Mogis

Sometimes when creating a runbook, you want to let others run it, but withouth giving them access to the Azure portal. Damien Van Robaeys shows you how to trigger it via PowerShell in this post

David Brook has developed another script to manipulate the new drivers and firmware servicing. This one allows bulk enrollment of devices

A new application from Trevor Jones to convert to and from base64, I’ve already installed it on my PC!

Now for two posts from Jitesh Kumar, the first one demonstrating how to require apps during Autopilot ESP

The second post from Jitesh looks at all things compliance policies including monitoring your policies after deployment

Next, Snehasis Pani shows how to use direct enrollment for your macOS devices

If you are a sentinel user, this PowerShell module from Fabian Bader converts rules between YAML and ARM

This useful script from Jannik Reinhard will create Azure AD groups for your deployments with a set percentage of users in each group

No doubt if you are using Intune, you are an O365 house for email. This post from Nico Wyss demonstrates how to use Intune to block gmail sync

You may already be using a previous script from René Laas to deploy language packs. This latest post shows how to deploy them using the new store integration

If you have any Linux devices, you can now implement compliance policies against them to set some baselines to access corporate resources. To find out how to enrol them, follow this guide from Mr T-Bone

This comprehensive guide from Bilal el Haddouchi looks at the cross-tenant synchronisation feature currently in preview in Entra

Should you still be wrestling users away from Chrome (we’ve all been there), this guide from Jonathan Lefebvre will help you manage the browser in the meantime

To enrol your AVD/W365 machines into Defender for Endpoint, follow this thorough guide from Aresh Sarkari

A second post from Aresh this week, demonstrating how to disable Search highlights on W365/AVD machines

Rudy Ooms has been digging through the logs again, this time looking at what happens when turning on/off the setting to allow pre-provisioning

You can now manage the appearance of the search button in Windows 11. This post from Peter van der Woude will show you how to do so with a custom policy

This post from Jan Bakker demonstrates how to duplicate your CA policies both in the GUI and using Graph

Rather than having to dig through the registry on a machine, Tom Machado shows how we can use Graph to find the output of a PowerShell script

A very useful preview feature, using Conditional Access for PIM escalated permissions. To find out more and how to test it, follow this post from Kenneth van Surksum

Another new AAD preview feature, Benoit Hamet looks at the new suspicious activities reporting feature in this post

This is one I should probably be doing myself. Use VS Code snippets to quickly insert your repeatable code as covered here by Harm Veenstra

If you’re using Nerdio Enterprise, Dominiek Verham shows how to use a custom domain with it

The Windows 365 application is excellent (and I use it daily), but for your end-users, there are quite a lot of screens to skip before you can actually use it. Gannon Novak has done some detective work and has found out how you can skip past them.

It’s always worth looking for devices which haven’t checked into Intune, best case they’ll be really out of date, worst case, there may be something wrong with them. This script from Lewis Barry will grab the devices and export them into a CSV for you to review

There is nothing worse than running your new script and just seeing the red “Forbidden” error message. To find out what permissions a graph command needs, have a look at this post from Daniel Bradley

Defender for Endpoint is a powerful tool across platforms. To find out how to deploy to your iOS devices, follow this guide from Jeffrey Appel

If you’re having issues connecting with the Windows 365 app (particularly if you use multiple accounts), have a read of this post from Niall Brady

Saurabh Sarkar has produced a thorough look at the full update process using WUfB in this post, well worth reading!

CIS have released the windows 11 baselines which Anoop Nair looks at here

When dealing with kiosk devices, you may want to restrict other users from logging onto the device. Niklas Tinner has an excellent way of doing so using groups membership

Break glass accounts are critical in your environment, but should only be used in an emergency. This post from Sander Rozemuller not only automates the account creation but also sets up monitoring to alert when it is used

Robin Hobo has put together an in-depth look at deploying Win32 apps which is an excellent introduction to packaging for Intune

Simon Skotheimsvik has put together an excellent script to provide a menu for selecting a Group Tag when enrolling into Autopilot

Video Content

We start this weeks video content with a quick demo from Craig Camacho showing how to hide the last logged in user information on a shared device

This video from Nick Ross looks at the different tools available to automate your application packaging including Choco, Winget and Simeon Cloud

Another packaging alternative is Pckgr as demonstrated here by Dean Ellerby

The latest video featuring Adam Gross and Steven Hosking shows how to use the new Store Integration to remove applications

This video featuring Lior Bela, Aria Carley and Nir Froimovici looks not only at Autopatch, but also Update for Business and Update for Business deployment services and how they work

The latest video from Chander Mani Pandey looks at Win32 app packaging and deployment

Microsoft Content

First up, the Intune support team have released a troubleshooting guide for the new store functionality

Next, Lior Bela looks at the best Microsoft tooling to handle updates for your environment

And a video to go with it:

This two part from Carla DiFranco shows how to use the built-in inventory and app compatibility reporting within Intune to check your apps are compatible

And finally, the latest skilling snack is now live, this one from Dave Davies is an introduction to Azure AD

That’s it for this week, have an amazing weekend

Leave a Comment