Intune Newsletter – 24th February 2023

Welcome everyone to another exciting newsletter with plenty of tremendous Intune content. Put your feet up and enjoy!

Community Content

First, Jose Schenardie has some excellent logic apps to monitor app creation and assignment and post into Slack

https://intune.tech/2023/02/17/Monitoring-Intune-App-Creation-and-Assignments-using-Logic-Apps.html


AAD and MDE groups sadly don’t match as many of us would like. This post from David McWee uses an Intnue custom policy to create group tags to use in MDE

https://davidmcwee.com/2023/02/15/how-to-map-aad-groups-to-mde-device-groups/


If you would like to hide your name and picture from the sign-in screen, follow this guide from Christopher Mogis

https://www.ccmtune.fr/2023/02/hide-your-account-information-on.html


Sometimes when creating a runbook, you want to let others run it, but withouth giving them access to the Azure portal. Damien Van Robaeys shows you how to trigger it via PowerShell in this post

https://www.systanddeploy.com/2023/02/run-azure-automation-runbook-on-demand.html


David Brook has developed another script to manipulate the new drivers and firmware servicing. This one allows bulk enrollment of devices

https://euc365.com/post/bulk-enrol-device-driver-firmware-servicing/


A new application from Trevor Jones to convert to and from base64, I’ve already installed it on my PC!

https://smsagent.blog/2023/02/21/new-tool-base64-converter/


Now for two posts from Jitesh Kumar, the first one demonstrating how to require apps during Autopilot ESP

https://www.anoopcnair.com/required-apps-autopilot-enrollment-status-page/

The second post from Jitesh looks at all things compliance policies including monitoring your policies after deployment

https://www.anoopcnair.com/how-to-manage-intune-compliance-policy-settings/


Next, Snehasis Pani shows how to use direct enrollment for your macOS devices

https://www.anoopcnair.com/direct-enrollment-for-macos-using-intune/


If you are a sentinel user, this PowerShell module from Fabian Bader converts rules between YAML and ARM

https://cloudbrothers.info/en/convert-sentinel-analytics-rules/


This useful script from Jannik Reinhard will create Azure AD groups for your deployments with a set percentage of users in each group

https://jannikreinhard.com/2023/02/19/create-smart-groups-for-wave-deployment-of-configurations-in-intune/


No doubt if you are using Intune, you are an O365 house for email. This post from Nico Wyss demonstrates how to use Intune to block gmail sync

https://cloudfil.ch/disable-gmail-sync-on-intune-managed-devices/


You may already be using a previous script from René Laas to deploy language packs. This latest post shows how to deploy them using the new store integration

https://endpointcave.com/another-way-to-install-a-language-pack-via-intune/


If you have any Linux devices, you can now implement compliance policies against them to set some baselines to access corporate resources. To find out how to enrol them, follow this guide from Mr T-Bone

https://www.tbone.se/2023/02/22/start-managing-your-linux-with-intune/


This comprehensive guide from Bilal el Haddouchi looks at the cross-tenant synchronisation feature currently in preview in Entra


Should you still be wrestling users away from Chrome (we’ve all been there), this guide from Jonathan Lefebvre will help you manage the browser in the meantime


To enrol your AVD/W365 machines into Defender for Endpoint, follow this thorough guide from Aresh Sarkari

A second post from Aresh this week, demonstrating how to disable Search highlights on W365/AVD machines


Rudy Ooms has been digging through the logs again, this time looking at what happens when turning on/off the setting to allow pre-provisioning


You can now manage the appearance of the search button in Windows 11. This post from Peter van der Woude will show you how to do so with a custom policy


This post from Jan Bakker demonstrates how to duplicate your CA policies both in the GUI and using Graph


Rather than having to dig through the registry on a machine, Tom Machado shows how we can use Graph to find the output of a PowerShell script

https://poemtomdm.fr/2023/02/20/my-experience-with-the-powershell-scripts-feature-using-microsoft-graph/


A very useful preview feature, using Conditional Access for PIM escalated permissions. To find out more and how to test it, follow this post from Kenneth van Surksum


Another new AAD preview feature, Benoit Hamet looks at the new suspicious activities reporting feature in this post

https://blog.hametbenoit.info/2023/02/24/azure-ad-you-can-now-enable-suspicious-activities-reporting-preview/#.Y_iVdh_P3mE


This is one I should probably be doing myself. Use VS Code snippets to quickly insert your repeatable code as covered here by Harm Veenstra


If you’re using Nerdio Enterprise, Dominiek Verham shows how to use a custom domain with it

https://techlab.blog/use-a-custom-url-for-nerdio-manager-for-enterprise/?utm_source=rss&utm_medium=rss&utm_campaign=use-a-custom-url-for-nerdio-manager-for-enterprise

The Windows 365 application is excellent (and I use it daily), but for your end-users, there are quite a lot of screens to skip before you can actually use it. Gannon Novak has done some detective work and has found out how you can skip past them.


It’s always worth looking for devices which haven’t checked into Intune, best case they’ll be really out of date, worst case, there may be something wrong with them. This script from Lewis Barry will grab the devices and export them into a CSV for you to review


There is nothing worse than running your new script and just seeing the red “Forbidden” error message. To find out what permissions a graph command needs, have a look at this post from Daniel Bradley


Defender for Endpoint is a powerful tool across platforms. To find out how to deploy to your iOS devices, follow this guide from Jeffrey Appel


If you’re having issues connecting with the Windows 365 app (particularly if you use multiple accounts), have a read of this post from Niall Brady


Saurabh Sarkar has produced a thorough look at the full update process using WUfB in this post, well worth reading!

http://everythingaboutintune.com/2023/02/guide-for-managing-windows-updates-via-intune/


CIS have released the windows 11 baselines which Anoop Nair looks at here

https://www.anoopcnair.com/intune-windows-11-cis-benchmarks-download-now/


When dealing with kiosk devices, you may want to restrict other users from logging onto the device. Niklas Tinner has an excellent way of doing so using groups membership

https://niklastinner.medium.com/deny-local-log-on-for-azure-ad-accounts-98fef00bcd0b


Break glass accounts are critical in your environment, but should only be used in an emergency. This post from Sander Rozemuller not only automates the account creation but also sets up monitoring to alert when it is used

https://www.rozemuller.com/configure-break-glass-accounts-infrastructure-automated/


Robin Hobo has put together an in-depth look at deploying Win32 apps which is an excellent introduction to packaging for Intune

https://www.linkedin.com/pulse/how-deploy-win32-applications-microsoft-intune-remote-robin-hobo/


Simon Skotheimsvik has put together an excellent script to provide a menu for selecting a Group Tag when enrolling into Autopilot


Video Content

We start this weeks video content with a quick demo from Craig Camacho showing how to hide the last logged in user information on a shared device


This video from Nick Ross looks at the different tools available to automate your application packaging including Choco, Winget and Simeon Cloud


Another packaging alternative is Pckgr as demonstrated here by Dean Ellerby


The latest intune.training video featuring Adam Gross and Steven Hosking shows how to use the new Store Integration to remove applications


This video featuring Lior Bela, Aria Carley and Nir Froimovici looks not only at Autopatch, but also Update for Business and Update for Business deployment services and how they work


The latest video from Chander Mani Pandey looks at Win32 app packaging and deployment


Microsoft Content

First up, the Intune support team have released a troubleshooting guide for the new store functionality

https://techcommunity.microsoft.com/t5/intune-customer-success/troubleshooting-the-microsoft-store-and-microsoft-intune/ba-p/3750341


Next, Lior Bela looks at the best Microsoft tooling to handle updates for your environment

https://techcommunity.microsoft.com/t5/windows-it-pro-blog/update-power-microsoft-management-solutions-for-your-scenario-s/ba-p/3749183

And a video to go with it:


This two part from Carla DiFranco shows how to use the built-in inventory and app compatibility reporting within Intune to check your apps are compatible

https://techcommunity.microsoft.com/t5/windows-it-pro-blog/app-confidence-our-approach-begins-with-inventory/ba-p/3750087

https://techcommunity.microsoft.com/t5/windows-it-pro-blog/app-confidence-from-our-compatibility-story-to-yours/ba-p/3750085


And finally, the latest skilling snack is now live, this one from Dave Davies is an introduction to Azure AD

https://techcommunity.microsoft.com/t5/windows-it-pro-blog/skilling-snack-intro-to-azure-active-directory/ba-p/3751366


That’s it for this week, have an amazing weekend

Leave a Comment