Intune Newsletter - 3rd March 2023

Welcome to another exciting newsletter, this week Microsoft released Unpacking Endpoint Management video series so there is a whole section dedicated to that!

Community Content

We start this week with the next part of Doug Petrole‘s monitoring month, this time looking at monitoring GPU metrics on your cloud machines

https://www.desktopsforeveryone.com/blog/monitoring-month-gpu-metrics

Nico Wyss has put together a useful script and post covering how to deploy apps without an obvious installer

https://cloudfil.ch/copy-program-folder/

Custom Compliance scripts were a welcome addition to Intune, especially for those of us who prefer PowerShell and they give you so many more options. To find out more and look at an example script, have a look at this post from Jannik Reinhard

https://jannikreinhard.com/2023/02/26/how-to-use-custom-compliance-script-example-script/

If you’re looking at managing your macOS fleet using Intune, this comprehensive post from Tom Machado demonstrates how to enrol them via Apple Business Manager

https://poemtomdm.fr/2023/02/26/enroll-a-corporate-macos-device-in-intune-through-apple-business-manager/

Filters are a very useful tool to speed up assignment and deployment without relying on dynamic groups. A new addition now allows you to see where you have filters assigned rather than having to go digging through your policies. To find out how, read this from Shehan Perera

https://shehanperera.com/2023/02/28/intune-filter-associated-assignments-01/

Now for three posts from Robin Hobo, the first looking at what you can do with autopilot pre-provisioning

https://www.linkedin.com/pulse/how-configure-windows-autopilot-pre-provisioning-robin-hobo/

Robin’s second post shows how to use local group membership to give users admin rights to invididual machines rather than using the AAD role which applies across all devices

https://www.linkedin.com/pulse/how-manage-local-user-group-membership-microsoft-intune-robin-hobo/?trackingId=5fVRyzK%2BQfeXefbQ25nLTQ%3D%3D

The third post from Robin runs through deploying Autopatch into Intune

https://www.linkedin.com/pulse/how-deploy-windows-autopatch-microsoft-intune-robin-hobo/

We all know PS scripts execute during ESP, but what about Proactive Remediations? Rudy Ooms has done some investigating, read on to find out the answer!

I Know How Many Minutes You Scored Last Autopilot Enrollment

Your Azure AD environment is critical to the security of your environment, no point in having a complex alarm system if you leave your front door wide open! To find out how to review and mitigate your AAD threats, read this comprehensive post from Harri Jaakkonen

Section 4 – Mitigate identity threats part 1 of 2

Have you ever wondered the difference between a personal and corporate device? What better way to learn than from the expert Scott Duffey in this post

https://scottduf.medium.com/about-intune-device-ownership-corporate-vs-personal-e19e877b9294?source=rss-e8fe211bb0aa——2

This post from Jitesh Kumar looks at all of the new features in the 2302 release (including the renaming!)

https://www.anoopcnair.com/new-feature-intune-service-release-2302-februar/

A second post from Jitesh, looking at the new Intune Suite, what it costs and what you get

https://www.anoopcnair.com/microsoft-intune-suite-for-endpoint-management/

Another new addition to Intune allows you to select the update ring for Defender for endpoint. Benoit Hamet has covered how in this post.

https://blog.hametbenoit.info/2023/02/27/intune-you-can-now-configure-microsoft-defender-update-behaviour-preview/

If you aren’t familiar with M365DSC, Will Francillette has released part 1 of a new series covering it’s full usage, this post is your introduction and overview.

https://www.french365connection.co.uk/post/m365dsc-getting-started-part-1-desired-state-configuration

For those of you using whiteglove/pre-provisioning, wouldn’t it be nice if those devices sitting ready on the shelf were already encrypted? Whilst not officially supported, Niall Brady has a way of doing just that in these articles

Encrypting devices during Windows Autopilot provisioning (WhiteGlove) – Part 1

Encrypting devices during Windows Autopilot provisioning (WhiteGlove) – Part 2

Niall and Paul Winstanley have also released part 7 of the Windows 365 getting started guide, this one looking at using Autopatch to keep them updated

Getting started with Windows 365 – Part 7. Patching your Cloud PCs with Windows Autopatch

Some users may have a requirement for OneDrive to be fully available offline, those who travel extensively for example. To configure it in your estate, use this excellent Proactive Remediation from Florian Salzmann

https://scloud.work/en/onedrive-desktop-offline/

I’m a big fan of FIDO2 security keys, but because I’m lazy, often just use Hello for Business face recognition. To make FIDO2 the default option for Windows, have a look at this post from Peter Klapwijk

Configure FIDO security keys as the default sign-in option for Windows

To further secure your machines, Microsoft Defender Application Guard for Office can protect you from malicious office files. This post from Peter van der Woude runs through the steps involved

Deploying Microsoft Defender Application Guard for Office

Struggling to convince yours execs and users to ditch Chrome? This post from Lewis Barry may help you push them towards and Edge only estate

Why Microsoft Edge is the best browser for business

Some very useful PowerShell commands here from Torbjorn (Mr T-Bone) Granheden to update your OS, apps and more

https://www.tbone.se/2023/02/27/update-your-windows-11-with-some-powerful-one-liners/

Did you know you can assign ASR rules to your servers in Intune, even when they aren’t enrolled? If not, read this post from Mattias Melkersen Kalvåg and start cloud managing your server estate!

Assign ASR rules to servers through Microsoft Intune Admin Center

This post from Niklas Tinner looks at the different ways to manage your Autopilot identities

https://oceanleaf.ch/autopilot-identities-and-assignments/

Next, Andy Jones looks at how to manually add a macOS device to Apple Business Manager

Episode 4 – Manually add a MacOS device to Apple Business Manager (ABM)

If you have field users who need to be able to change their IP address, but without giving them admin rights, check this script from Simon Skotheimsvik

How to Allow Field Engineers Change Their Local IP Address

For those of you using Remote Help, this post from Prajwal Desai shows you how to disable the chat functionality

How to Disable Remote Help Chat in Intune Admin Console

This post from René Laas shows the graph commands (and some useful app IDs) to deploy the new store apps without using the GUI

https://endpointcave.com/create-microsoft-store-apps-via-graph-api/

Pim Jacobs has released the second part covering Access Packages in Azure AD in this comprehensive post. I’d suggest reading part 1 if you haven’t done so already as well

https://identity-man.eu/2023/03/01/using-the-hidden-gems-in-azure-ad-access-packages-all-you-need-to-know-part-2/

This post from Niklas Tinner looks at the actions an end-user can take on their own device

https://niklastinner.medium.com/remote-actions-for-an-end-user-with-intune-97546fc3b60e

For anyone managing HP devices, have a read of this post from Gary Blok showing how to configure BIOS WiFi to use Sure Recover

HP WiFi BIOS Profiles – Auto Populate via ConfigMgr or Intune

As mentioned in the Microsoft content below, Windows 11 will soon be receiving new features outside of the feature update releases. If you want to turn this off, follow this guide from Michael Niehaus

https://oofhours.com/2023/03/02/want-to-block-windows-11-moments-that-add-new-features/

This post from Jeffrey Appel shows how to use SmartScreen to further protect your devices

Microsoft Defender SmartScreen – how to use SmartScreen and Phishing protection

Video Content

We start this weeks video content with a look at the Intune Management Extension from Chander Mani Pandey

Next up, Dean Ellerby demonstrates how to deploy the Zoom application MSI the proper way, via Win32

Andrew Jones has released part two of the series for managing your Apple devices, this one looking at connecting Apple Business Manager and Intune

Andy has also released episode 3 looking at enrolling apple devices manually into Apple Business Manager

Now for three videos from Anoop Nair, the first two running through how to use Intune filters, how they work, their limitations and more

Anoop’s third video shows how to deploy Windows Update for Business Reports and then use them.

This demo from Craig Camacho shows how to deploy a custom start menu on Windows 10 and 11

To learn more about Defender for Endpoint, this video featuring Paul Huijbregts, Justen Graves, Joe Anich and Ru Campbell is well worth a watch

To find out what’s new in Windows 365 Enterprise 2302, have look at this video from Donna Ryan and Mattias Melkersen Kalvåg

Microsoft Content

Now for the Microsoft content, starting with a look at all of the new features in 2302 from Ramya Chitrakar

https://techcommunity.microsoft.com/t5/microsoft-intune-blog/what-s-new-in-microsoft-intune-2302-february-edition/ba-p/3749170

You can now tell Intune to install apps during ESP on pre-provisioned devices as described in this post from Juanita Baptiste and Kiran Alli

https://techcommunity.microsoft.com/t5/intune-customer-success/update-to-windows-autopilot-pre-provisioning-process-for-app/ba-p/3752516

In March, Windows 11 will feature continuous innovation to receive new features ahead of a full feature update. Read more in this post from Harjit Dhaliwal

https://techcommunity.microsoft.com/t5/windows-it-pro-blog/continuous-innovation-coming-to-windows-11-in-march/ba-p/3754057

Some exciting new features here for Windows 11 including iOS phone link

https://blogs.windows.com/windowsexperience/2023/02/28/introducing-a-big-update-to-windows-11-making-the-everyday-easier-including-bringing-the-new-ai-powered-bing-to-the-taskbar/

The Windows 365 app for Windows 10 and 11 is now in general availability

https://techcommunity.microsoft.com/t5/windows-365/the-windows-365-app-for-windows-10-and-windows-11-is-now/m-p/3755306

The latest skilling snack is now out, this one comes from Hung Dang and looks at everything Autopilot

https://techcommunity.microsoft.com/t5/windows-it-pro-blog/skilling-snack-windows-autopilot/ba-p/3756518

The Microsoft Intune suite is now out, find out more in this post from Michael Wallent

https://www.microsoft.com/en-us/security/blog/2023/03/01/the-microsoft-intune-suite-fuels-cyber-safety-and-it-efficiency/

Looking at each individual feature of the new suite:

Managing purpose built devices from Eugenie Burrage

https://techcommunity.microsoft.com/t5/microsoft-intune-blog/protect-your-organization-s-purpose-built-devices-with-microsoft/ba-p/3755654

A look at Remote Help (also from Eugenie)

https://techcommunity.microsoft.com/t5/microsoft-intune-blog/remote-help-enhancements-speed-and-ease-secure-it-support/ba-p/3755686

Remote tunnel for MAM on Android and iOS from Lance Crandall

https://techcommunity.microsoft.com/t5/microsoft-intune-blog/announcing-microsoft-tunnel-for-mam-for-ios-and-android/ba-p/3755577

Advanced Endpoint Analytics from Albert Cabello Serrano

https://techcommunity.microsoft.com/t5/microsoft-intune-blog/introducing-advanced-endpoint-analytics-with-microsoft-intune/ba-p/3755507

Endpoint Privilege Management from Matt Call

https://techcommunity.microsoft.com/t5/microsoft-intune-blog/enable-windows-standard-users-with-endpoint-privilege-management/ba-p/3755710

Unpacking Endpoint Management

As mentioned at the start, there have been a whole series of Unpacking Endpoint Management Videos released. I’m not going to list everyone in the videos, but it’s the who’s who of experts!

The titles are self-explanatory so enjoy the content!