Hello and welcome! Another week, another load of exciting content for you to digest!
Community Content
We start this week with a guide from Snehasis Pani to deploying dmg apps directly in Intune for your macOS devices rather than re-packaging or using a third part tool
https://www.anoopcnair.com/how-to-deploy-dmg-apps-in-macos-using-intune/
If you are looking to increase your security posture and meet CIS baselines, renaming and disabling the Guest account is always a good start. Follow this guide from Abhinav Rana to find out how.
https://www.anoopcnair.com/rename-the-guest-account-name-using-intune/
Authentication Context is a useful new security feature in AAD. This post from Shehan Perera looks at using it alongside strong authentication to further secure your PIM assignments
https://shehanperera.com/2023/03/15/how-to-use-auth-context-on-pim-01/
The second part of Will Francillette‘s excellent new guide on M365 DSC has been released, this time looking at the initial setup, installation, configuring your authentication method and exporting your first configuration profiles.
One of the new features of the new Intune Suite is the Microsoft Tunnel for mobile apps to provide a secure VPN connection for your LOB applications. This post from Peter van der Woude runs you through how to use it.
If you want to block downloading of data from within M365 on unmanaged devices, this Conditional Access policy from Simon Skotheimsvik is your answer.
Next, Niklas Tinner shows which settings you need to get Intune and Defender for Endpoint to play nicely together, including a policy to handle the difference in groups
https://oceanleaf.ch/the-bridge-from-intune-to-defender-for-endpoint/
These four guides from Niklas Rast show the steps involved in enrolling macOS, iOS, Android and Windows 11 devices into Intune.
https://niklasrast.wordpress.com/2023/03/13/microsoft-intune-enrollment-guide-for-macos/
https://niklasrast.wordpress.com/2023/03/15/microsoft-intune-enrollment-guide-for-ios/
https://niklasrast.wordpress.com/2023/03/10/microsoft-intune-enrollment-guide-for-windows-11/
Now for three posts from Prajwal Desai, the first is a thorough guide to creating your Wi-Fi profile within Intune
If you’ve used Autopilot logs, you may have come across the 0x800700a1 error. Prajwal’s second post shows how to resolve it.
Prajwal’s third post runs through the many different ways to disable Windows Hello for Business
This post from Thiago Beier looks at stale devices in Intune, how to identify and clean them up
https://thiagobeier.wordpress.com/2023/03/13/intune-stale-devices-part-1/
And part 2 using PowerShell:
https://thiagobeier.wordpress.com/2023/03/15/intune-stale-devices-part-2/
If you need to bulk update device categories, René Laas shows you which Graph commands to use in this post
https://endpointcave.com/update-device-category-via-graph-api/
This incredibly in-depth post from Eric Woodruff looks at all things around App Registrations, well worth reading.
If you’ve ever had to deploy Adobe Photoshop (or other Creative Cloud apps), you have my sympathy! Fortunately, Jonathan Lefebvre has put together this thorough guide to make it easier moving forwards.
This script/function from Florent Nosari can be used to trigger scripts in Graph based on device actions, very useful for many tasks!
https://nosari20.github.io/posts/device-to-intune-channel/
Damien Van Robaeys has released a new version of the excellent SelfX tool which you can read about here
https://www.systanddeploy.com/2023/03/selfx-new-version-tool-allowing-users.html
One of my favourites of the week, Merill Fernando has released another incredible tool, this one documents your Conditional Access policies for you! No more spending hours messing with a Visio diagram
If you have machines on the dev rings, you may have noticed that the personal Teams has a habit of re-appearing. In this post, Jörgen Nilsson uses the success.cmd to block it on every update
This is a useful one if using Windows 365 with Azure network connections. To avoid downtime in the event of a region outage, follow this post from Aresh Sarkari to configure a secondary VNET connection
Printers! What a nightmare to deploy. If you are in the unfortunate position of having to do so, check out this wonderfully colourful application from Nicklas Ahlberg which will do the hard work for you.
https://www.rockenroll.tech/2023/03/14/rock-my-printers/
If you can use certificate based authentication for your app registrations, it is a more secure way of connecting. This post from Ben Whitmore runs through how to configure and use certificates for connections
This new script from Thomas Marcussen will quickly check your environment and devices to make sure they meet the pre-requisites for Autopilot
Now we have three posts from Benoit Hamet, starting with a look at the new Azure AD Recommendations for Applications in preview
https://blog.hametbenoit.info/2023/03/15/azure-ad-new-recommendations-for-applications-preview/
Benoit’s second post shows how you can use a URI scheme to connect to AVD without needing to subscribe to the workspace
Another new CA feature is Token Protection which is covered in the third post from Benoit
Along with certificates, you also need to make sure your iOS LOB apps don’t expire or you will find you can no longer deploy them. To setup an alert, follow this guide from Peter Klapwijk
These next two posts from Somesh Pathak are well worth reading if you are looking to manage iOS devices. These are the first two in a new thorough series with this first one looking at “why” you want to manage iOS devices
https://www.intuneirl.com/ios-device-management-with-microsoft-intune/
The second post shows how to get started with Automated Device Enrollment
https://www.intuneirl.com/getting-started-ade-mdm/
Paul Winstanley and Mike Marable have released the third part of their series covering Conditional Access, this one looks at forcing MFA for Azure Management
This excellent new script from Petri Paavola runs through your IME logs and outputs a timeline of exactly what is happening and when
https://github.com/petripaavola/Get-IntuneManagementExtensionDiagnostics
Microsoft have added Authenticator Lite into the new mobile app as covered here by Jan Bakker (including a look at what happens in Graph)
You can now configure your Intune managed machines to auto-subscribe to AVD and W365 via Settings Catalog or OMA-URI policies. Follow this guide from Nico Wyss to deploy to your environment
https://cloudfil.ch/auto-subscribe-rdp-client-for-avd-w365-via-intune/
Some exciting W365 news, you can now create your own restore point, read this post from Dominiek Verham to find out how
For anyone using pre-provisioning, this post from Rudy Ooms looks at the potential non-compliance issue when re-sealing a device and how to fix it
The latest post from Andrew Jones is now live and looks at how to configure and use Organizational Messages
This shell script from Nick Benton will help you deploy Teams Backgrounds to any macOS users in your estate
https://memv.ennbee.uk/posts/macos-teams-backgrounds/
Video Content
We start the video content this week with a deep dive into Win32 applications and how to troubleshoot from Chander Mani Pandey
Next, Anoop Nair looks at device cleanup rules and how they work/what they do
Anoop’s second video this week shows how to rename and disable the Administrator account using Settings Catalog
To manage your Surface devices with DFCI, have a look at this video from Jakub Piesik
The latest Windows 365 tips and tricks video is out now from Christiaan Brinkhoff featuring Trond E (Erik) Haavarstein
A short video from Dean Ellerby looking at the new personalised recommendations in Azure AD
Intune.Training season 2 is here with episode 1 looking at using Power Apps to manage Graph featuring Sean Bulger, Jake Shackelford and Jóhannes Kristjansson
Microsoft Content
Now for this weeks Microsoft content, starting with What’s new in Intune, especially the ability to add Store apps during ESP!
https://learn.microsoft.com/en-us/mem/intune/fundamentals/whats-new
Andy Cerat looks at the top 10 enhancements when managing Apple devices in this post
As mentioned above, you can now require Store apps in ESP. This official post from Juanita Baptiste covers it in detail
The final content of the week comes from the Intune support team with the exciting news that Windows servers will soon be listed as a new OS within Intune!
That’s it for this week, have a lovely weekend!