Welcome to another exciting newsletter, this week Microsoft released Unpacking Endpoint Management video series so there is a whole section dedicated to that!
Community Content
We start this week with the next part of Doug Petrole‘s monitoring month, this time looking at monitoring GPU metrics on your cloud machines
https://www.desktopsforeveryone.com/blog/monitoring-month-gpu-metrics
Nico Wyss has put together a useful script and post covering how to deploy apps without an obvious installer
https://cloudfil.ch/copy-program-folder/
Custom Compliance scripts were a welcome addition to Intune, especially for those of us who prefer PowerShell and they give you so many more options. To find out more and look at an example script, have a look at this post from Jannik Reinhard
https://jannikreinhard.com/2023/02/26/how-to-use-custom-compliance-script-example-script/
If you’re looking at managing your macOS fleet using Intune, this comprehensive post from Tom Machado demonstrates how to enrol them via Apple Business Manager
Filters are a very useful tool to speed up assignment and deployment without relying on dynamic groups. A new addition now allows you to see where you have filters assigned rather than having to go digging through your policies. To find out how, read this from Shehan Perera
https://shehanperera.com/2023/02/28/intune-filter-associated-assignments-01/
Now for three posts from Robin Hobo, the first looking at what you can do with autopilot pre-provisioning
https://www.linkedin.com/pulse/how-configure-windows-autopilot-pre-provisioning-robin-hobo/
Robin’s second post shows how to use local group membership to give users admin rights to invididual machines rather than using the AAD role which applies across all devices
The third post from Robin runs through deploying Autopatch into Intune
https://www.linkedin.com/pulse/how-deploy-windows-autopatch-microsoft-intune-robin-hobo/
We all know PS scripts execute during ESP, but what about Proactive Remediations? Rudy Ooms has done some investigating, read on to find out the answer!
Your Azure AD environment is critical to the security of your environment, no point in having a complex alarm system if you leave your front door wide open! To find out how to review and mitigate your AAD threats, read this comprehensive post from Harri Jaakkonen
Have you ever wondered the difference between a personal and corporate device? What better way to learn than from the expert Scott Duffey in this post
This post from Jitesh Kumar looks at all of the new features in the 2302 release (including the renaming!)
https://www.anoopcnair.com/new-feature-intune-service-release-2302-februar/
A second post from Jitesh, looking at the new Intune Suite, what it costs and what you get
https://www.anoopcnair.com/microsoft-intune-suite-for-endpoint-management/
Another new addition to Intune allows you to select the update ring for Defender for endpoint. Benoit Hamet has covered how in this post.
If you aren’t familiar with M365DSC, Will Francillette has released part 1 of a new series covering it’s full usage, this post is your introduction and overview.
For those of you using whiteglove/pre-provisioning, wouldn’t it be nice if those devices sitting ready on the shelf were already encrypted? Whilst not officially supported, Niall Brady has a way of doing just that in these articles
Niall and Paul Winstanley have also released part 7 of the Windows 365 getting started guide, this one looking at using Autopatch to keep them updated
Some users may have a requirement for OneDrive to be fully available offline, those who travel extensively for example. To configure it in your estate, use this excellent Proactive Remediation from Florian Salzmann
https://scloud.work/en/onedrive-desktop-offline/
I’m a big fan of FIDO2 security keys, but because I’m lazy, often just use Hello for Business face recognition. To make FIDO2 the default option for Windows, have a look at this post from Peter Klapwijk
To further secure your machines, Microsoft Defender Application Guard for Office can protect you from malicious office files. This post from Peter van der Woude runs through the steps involved
Struggling to convince yours execs and users to ditch Chrome? This post from Lewis Barry may help you push them towards and Edge only estate
Some very useful PowerShell commands here from Torbjorn (Mr T-Bone) Granheden to update your OS, apps and more
https://www.tbone.se/2023/02/27/update-your-windows-11-with-some-powerful-one-liners/
Did you know you can assign ASR rules to your servers in Intune, even when they aren’t enrolled? If not, read this post from Mattias Melkersen Kalvåg and start cloud managing your server estate!
This post from Niklas Tinner looks at the different ways to manage your Autopilot identities
https://oceanleaf.ch/autopilot-identities-and-assignments/
Next, Andy Jones looks at how to manually add a macOS device to Apple Business Manager
If you have field users who need to be able to change their IP address, but without giving them admin rights, check this script from Simon Skotheimsvik
For those of you using Remote Help, this post from Prajwal Desai shows you how to disable the chat functionality
This post from René Laas shows the graph commands (and some useful app IDs) to deploy the new store apps without using the GUI
https://endpointcave.com/create-microsoft-store-apps-via-graph-api/
Pim Jacobs has released the second part covering Access Packages in Azure AD in this comprehensive post. I’d suggest reading part 1 if you haven’t done so already as well
This post from Niklas Tinner looks at the actions an end-user can take on their own device
https://niklastinner.medium.com/remote-actions-for-an-end-user-with-intune-97546fc3b60e
For anyone managing HP devices, have a read of this post from Gary Blok showing how to configure BIOS WiFi to use Sure Recover
As mentioned in the Microsoft content below, Windows 11 will soon be receiving new features outside of the feature update releases. If you want to turn this off, follow this guide from Michael Niehaus
https://oofhours.com/2023/03/02/want-to-block-windows-11-moments-that-add-new-features/
This post from Jeffrey Appel shows how to use SmartScreen to further protect your devices
Video Content
We start this weeks video content with a look at the Intune Management Extension from Chander Mani Pandey
Next up, Dean Ellerby demonstrates how to deploy the Zoom application MSI the proper way, via Win32
Andrew Jones has released part two of the series for managing your Apple devices, this one looking at connecting Apple Business Manager and Intune
Andy has also released episode 3 looking at enrolling apple devices manually into Apple Business Manager
Now for three videos from Anoop Nair, the first two running through how to use Intune filters, how they work, their limitations and more
Anoop’s third video shows how to deploy Windows Update for Business Reports and then use them.
This demo from Craig Camacho shows how to deploy a custom start menu on Windows 10 and 11
To learn more about Defender for Endpoint, this video featuring Paul Huijbregts, Justen Graves, Joe Anich and Ru Campbell is well worth a watch
To find out what’s new in Windows 365 Enterprise 2302, have look at this video from Donna Ryan and Mattias Melkersen Kalvåg
Microsoft Content
Now for the Microsoft content, starting with a look at all of the new features in 2302 from Ramya Chitrakar
You can now tell Intune to install apps during ESP on pre-provisioned devices as described in this post from Juanita Baptiste and Kiran Alli
In March, Windows 11 will feature continuous innovation to receive new features ahead of a full feature update. Read more in this post from Harjit Dhaliwal
Some exciting new features here for Windows 11 including iOS phone link
The Windows 365 app for Windows 10 and 11 is now in general availability
The latest skilling snack is now out, this one comes from Hung Dang and looks at everything Autopilot
The Microsoft Intune suite is now out, find out more in this post from Michael Wallent
Looking at each individual feature of the new suite:
Managing purpose built devices from Eugenie Burrage
A look at Remote Help (also from Eugenie)
Remote tunnel for MAM on Android and iOS from Lance Crandall
Advanced Endpoint Analytics from Albert Cabello Serrano
Endpoint Privilege Management from Matt Call
Unpacking Endpoint Management
As mentioned at the start, there have been a whole series of Unpacking Endpoint Management Videos released. I’m not going to list everyone in the videos, but it’s the who’s who of experts!
The titles are self-explanatory so enjoy the content!
That was a lot of content! Thanks to everyone in the amazing community and have a great weekend!