Welcome to what will no doubt take up most of your afternoon, it’s another bumper edition!
Community Content
We start this week with a look at compliance policies and when they apply from Scott Duffey, a very interesting read.
Next up, Robin Hobo has written a thorough guide to deploying Windows 365 Enterprise
https://www.linkedin.com/pulse/windows-365-enterprise-ultimate-step-by-step-deployment-robin-hobo/
You can now remove VBScript from Windows 11 Apps and Features (if you’re feeling brave). Michael Niehaus looks at this new option in this post
https://oofhours.com/2023/03/03/vbscript-as-a-removable-windows-11-feature/
As mentioned last week, the Intune suite has now been released. In this post, Shehan Perera looks at the features and costs in more details
https://shehanperera.com/2023/03/05/intune-plans-01/
One of the new features is Remote Help which Jannik Reinhard takes a deep dive into here
https://jannikreinhard.com/2023/03/05/intune-suite-part-1-easy-start-with-remote-help/
A new Proactive Remediations GitHub repository has been released by Jannik Reinhard, Joey Verlinden, Florian Salzmann (and me). You can find out more in these posts from Florian, Jannik and Joey
https://scloud.work/en/proactive-remediation-community-repository/
https://www.joeyverlinden.com/endpoint-analysis-proactive-remediation-community-repository/
https://jannikreinhard.com/2023/03/10/endpoint-analytics-remediation-script-community-repository/
Paul Winstanley and Mike Marable have released part four of their conditional acceess series, this time covering enforcing MFA for guests
Also on the subject of conditional access, Simon Håkansson looks at using it to enforce passwordless authentication
https://0fflinedocs.medium.com/enforce-passwordless-authentication-c12534c3e5dd
Cleaning up devices in Intune is straight forward, but it’s not as straight forward in AAD. This script and Azure runbook from Jeroen Burgerhout will sort that for you and email you the results
https://www.burgerhout.org/device-clean-up-in-azuread-intune/
Nico Wyss has also looked at clearing your stale devices here
https://cloudfil.ch/how-to-clean-up-your-cloud-managed-devices-in-intune-autopilot-and-aad/
If you would like to run this, or any other runbook directly from Teams, this post from Damien Van Robaeys has you covered
https://www.systanddeploy.com/2023/03/running-azure-automation-runbookscript.html
A new preview feature in conditional access is authentication strength. To find out how to enable it for your admins, read this guide from Mike van den Brandt
I’m sure you all have update rings for Windows and Office so why shouldn’t the same apply for Antivirus updates? Peter van der Woude shows you how to configure it here
If you are using PIM (and you should be), follow this post from Simon Skotheimsvik to enable alerts when an account is elevated
Next, Timmy Andersson looks at the new filter options in 2302 including some digging in Graph to see what else can be done
Niall Brady has released the third part of the series looking at encrypting devices during white glove provisioning, this one using PowerShell scripts, function apps and Win32 apps
The second part of Harri Jaakkonen‘s look at identity is out now, this one looks at conditional access and defender for identity
A second post from Harri, this one looking at the new preview features for identity management
Browser notifications feel very 1990s, yet they seem to be increasing in popularity. To turn them off centrally, follow this guide from Joymalya Basu Roy
This post from Prajwal Desai looks at all of the built-in reports for Windows 365 cloud PCs
A second post this week from Prajwal, this one has some useful troubleshooting tips if you are finding devices stuck in Autopilot without a policy assigned
For any Palo Alto users, Joey Verlinden has put together instructions for blocking access to your VPN via conditional access policy
Another leap into the hidden depths of Intune and Windows from Rudy Ooms, this time looking at reasons why store apps may not be installing
Having the camera accessible from a lockscreen on Windows could be a security issue in your environment. This post from Jitesh Kumar will show you how to disable it
https://www.anoopcnair.com/prevent-enabling-lock-screen-camera-intune/
Next, we have a thorough guide on enrolling iOS devices from Malepati Naren
https://www.anoopcnair.com/enroll-ios-ipados-devices-in-intune/
If you are managing macOS devices, this post from Snehasis Pani shows how to grab device diagnostic logs from the machines
https://www.anoopcnair.com/how-to-collect-intune-logs-from-macos-devices/
How do you handle testing and deploying new apps which are core and deployed to All Users (or All Devices)? If this is a question you want to answer, Thiago Beier has your answer
https://thiagobeier.wordpress.com/2023/03/06/app-phased-deployment-in-intune/
Following in from this, Thiago has also released a script to automate the filter updating
https://thiagobeier.wordpress.com/2023/03/09/automated-filter-population-in-intune/
With the release of Intune Suite, you might want to switch over to Remote Help for managing your customers, but if you’re an MSP managing multiple tenants, switching it on is a reasonably time consuming task. Fortunately Aresh Sarkari has a script which you can run to do the hard work for you
MFA is a popular topic this week! This post from Jan Bakker shows how to set a preferred MFA option within Azure to nudge towards the more secure methods.
Sander Rozemuller has also put together some scripts to automate the configuration of Conditional Access to follow zero trust
https://www.rozemuller.com/protect-privileged-accounts-the-zero-trust-way-automated/
Whilst you can’t directly mix user and device assignments, there are ways around it as covered by Niklas Tinner here
https://niklastinner.medium.com/the-way-around-device-and-user-assignments-mixing-2c049266daaa
In this next post, Gannon Novak looks at user extension attributes and how you can use Graph to add your own
If you are using Azure Automation runbooks with Run-As accounts, you need to start migrating them to Managed Identities. This post from Brad Wyatt will show you how
One of the new features which has been less publicised is the ability to publish Win32 apps as available to devices as well as users. Read more in this post from Torbjorn (Mr T-Bone) Granheden
https://www.tbone.se/2023/03/09/publish-win32-apps-to-device-groups-in-company-portal/
Now we have an exciting 3 part series from Ben Whitmore and Michael Mardahl looking at AAD Cloud Trust. Part 1 looks at the Why, WHfB and the difference between cloud and key trust
Part two runs through configuring it on-prem and in Intune
And part three looks at migrating from key trust and general troubleshooting
Some good news on the identity front, a new central management interface for authentication, rather than having to jump between portals all of the time. This post from Michael Mardahl, Maurice Daly and Jan Ketil Skanke takes a closer look.
Video Content
Now onto the video content, starting with the latest Namaste Techies with Anoop Nair and Harjit Dhaliwal, looking at, amongst other things, the new continuous innovation in Windows 11
This excellent video from Nick Ross helps secure your Intune tenant, be sure to grab a copy of the matrix as well
We now have another two videos from Anoop Nair, covering enrolling and removing a BYOD from Intune via Company portal and the Settings App
And this video from Anoop runs through the process to setup Apple Business Manager and Intune integration
Anoop’s been busy this week! This video covers an essential item if you are trying to meet CIS/NCSC baselines, handling of Guest accounts
Whilst you can deploy Office using the GUI, you may find you get a much better Autopilot experience packaging a Win32. This video from Craig Camacho runs through how to do so
This video from Manish Bangia looks at Windowd Update for Business, why you should use it and suggestions for setting it up
The latest intune.training video is out, this one is for your macOS users looking at using Settings Catalog to configure updates with Adam Gross and Steven Hosking
Whilst on the topic of macOS, Dean Ellerby runs through using Conditional Access to force users to enrol their macOS devices into Intune
A look at what’s new in Intune 2302, the Intune Suite and more in this video from Mattias Melkersen and Nickolaj Andersen
This months MS EMS Community Podcast is now out featuring Shehan Parera, Joey Verlinden, Truls Dahlsveen, Eric Woodruff, Jonas Bøgvad, James Robinson and me (mostly observing this week)
The final community content this week comes from Andy Malone with special guest Jeremy Chapman looking at the Intune Suite
Microsoft Content
Now for the Microsoft content. We start with an event to look at the new Intune Suite. Sign up to Tech Accelerator 11th-12th April to find out more. Read this article from Rachelle Blanchard for more information
Delivery Optimization reports are now included in Windows Update for Business reports as covered by Carmen Forsmann here
The next skilling snack has been released, this one covering Windows 365 and AVD from Christian Montoya
Another busy week! Have a great weekend everyone
