Intune Newsletter – 10th March 2023

Welcome to what will no doubt take up most of your afternoon, it’s another bumper edition!

Community Content

We start this week with a look at compliance policies and when they apply from Scott Duffey, a very interesting read.——2

Next up, Robin Hobo has written a thorough guide to deploying Windows 365 Enterprise

You can now remove VBScript from Windows 11 Apps and Features (if you’re feeling brave). Michael Niehaus looks at this new option in this post

As mentioned last week, the Intune suite has now been released. In this post, Shehan Perera looks at the features and costs in more details

One of the new features is Remote Help which Jannik Reinhard takes a deep dive into here

A new Proactive Remediations GitHub repository has been released by Jannik Reinhard, Joey Verlinden, Florian Salzmann (and me). You can find out more in these posts from Florian, Jannik and Joey

Paul Winstanley and Mike Marable have released part four of their conditional acceess series, this time covering enforcing MFA for guests

Also on the subject of conditional access, Simon Håkansson looks at using it to enforce passwordless authentication

Cleaning up devices in Intune is straight forward, but it’s not as straight forward in AAD. This script and Azure runbook from Jeroen Burgerhout will sort that for you and email you the results

Nico Wyss has also looked at clearing your stale devices here

If you would like to run this, or any other runbook directly from Teams, this post from Damien Van Robaeys has you covered

A new preview feature in conditional access is authentication strength. To find out how to enable it for your admins, read this guide from Mike van den Brandt

I’m sure you all have update rings for Windows and Office so why shouldn’t the same apply for Antivirus updates? Peter van der Woude shows you how to configure it here

If you are using PIM (and you should be), follow this post from Simon Skotheimsvik to enable alerts when an account is elevated

Next, Timmy Andersson looks at the new filter options in 2302 including some digging in Graph to see what else can be done

Niall Brady has released the third part of the series looking at encrypting devices during white glove provisioning, this one using PowerShell scripts, function apps and Win32 apps

The second part of Harri Jaakkonen‘s look at identity is out now, this one looks at conditional access and defender for identity

A second post from Harri, this one looking at the new preview features for identity management

Browser notifications feel very 1990s, yet they seem to be increasing in popularity. To turn them off centrally, follow this guide from Joymalya Basu Roy

This post from Prajwal Desai looks at all of the built-in reports for Windows 365 cloud PCs

A second post this week from Prajwal, this one has some useful troubleshooting tips if you are finding devices stuck in Autopilot without a policy assigned

For any Palo Alto users, Joey Verlinden has put together instructions for blocking access to your VPN via conditional access policy

Another leap into the hidden depths of Intune and Windows from Rudy Ooms, this time looking at reasons why store apps may not be installing

Having the camera accessible from a lockscreen on Windows could be a security issue in your environment. This post from Jitesh Kumar will show you how to disable it

Next, we have a thorough guide on enrolling iOS devices from Malepati Naren

If you are managing macOS devices, this post from Snehasis Pani shows how to grab device diagnostic logs from the machines

How do you handle testing and deploying new apps which are core and deployed to All Users (or All Devices)? If this is a question you want to answer, Thiago Beier has your answer

Following in from this, Thiago has also released a script to automate the filter updating

With the release of Intune Suite, you might want to switch over to Remote Help for managing your customers, but if you’re an MSP managing multiple tenants, switching it on is a reasonably time consuming task. Fortunately Aresh Sarkari has a script which you can run to do the hard work for you

MFA is a popular topic this week! This post from Jan Bakker shows how to set a preferred MFA option within Azure to nudge towards the more secure methods.

Sander Rozemuller has also put together some scripts to automate the configuration of Conditional Access to follow zero trust

Whilst you can’t directly mix user and device assignments, there are ways around it as covered by Niklas Tinner here

In this next post, Gannon Novak looks at user extension attributes and how you can use Graph to add your own

If you are using Azure Automation runbooks with Run-As accounts, you need to start migrating them to Managed Identities. This post from Brad Wyatt will show you how

One of the new features which has been less publicised is the ability to publish Win32 apps as available to devices as well as users. Read more in this post from Torbjorn (Mr T-Bone) Granheden

Now we have an exciting 3 part series from Ben Whitmore and Michael Mardahl looking at AAD Cloud Trust. Part 1 looks at the Why, WHfB and the difference between cloud and key trust

Part two runs through configuring it on-prem and in Intune

And part three looks at migrating from key trust and general troubleshooting

Some good news on the identity front, a new central management interface for authentication, rather than having to jump between portals all of the time. This post from Michael Mardahl, Maurice Daly and Jan Ketil Skanke takes a closer look.

Video Content

Now onto the video content, starting with the latest Namaste Techies with Anoop Nair and Harjit Dhaliwal, looking at, amongst other things, the new continuous innovation in Windows 11

This excellent video from Nick Ross helps secure your Intune tenant, be sure to grab a copy of the matrix as well

We now have another two videos from Anoop Nair, covering enrolling and removing a BYOD from Intune via Company portal and the Settings App

And this video from Anoop runs through the process to setup Apple Business Manager and Intune integration

Anoop’s been busy this week! This video covers an essential item if you are trying to meet CIS/NCSC baselines, handling of Guest accounts

Whilst you can deploy Office using the GUI, you may find you get a much better Autopilot experience packaging a Win32. This video from Craig Camacho runs through how to do so

This video from Manish Bangia looks at Windowd Update for Business, why you should use it and suggestions for setting it up

The latest video is out, this one is for your macOS users looking at using Settings Catalog to configure updates with Adam Gross and Steven Hosking

Whilst on the topic of macOS, Dean Ellerby runs through using Conditional Access to force users to enrol their macOS devices into Intune

A look at what’s new in Intune 2302, the Intune Suite and more in this video from Mattias Melkersen and Nickolaj Andersen

This months MS EMS Community Podcast is now out featuring Shehan Parera, Joey Verlinden, Truls Dahlsveen, Eric Woodruff, Jonas Bøgvad, James Robinson and me (mostly observing this week)

The final community content this week comes from Andy Malone with special guest Jeremy Chapman looking at the Intune Suite

Microsoft Content

Now for the Microsoft content. We start with an event to look at the new Intune Suite. Sign up to Tech Accelerator 11th-12th April to find out more. Read this article from Rachelle Blanchard for more information

Delivery Optimization reports are now included in Windows Update for Business reports as covered by Carmen Forsmann here

The next skilling snack has been released, this one covering Windows 365 and AVD from Christian Montoya

Another busy week! Have a great weekend everyone

Leave a Comment