Welcome to your favourite source for Intune news and exciting goodies from the community!
Community Content
We start this week with a useful script from Phil Jorgensen for anyone using Config Manager and Lenovo devices. The script and guide will run through installing Thin Installer, downloading the drivers for the machine and then installing them.
https://blog.lenovocdrt.com/#/2023/scripted_repo_creation
Next, we have two posts from Damien Van Robaeys looking at the Advanced Endpoint Analytics functionality in the Intune Suite. The first post gives an overview of the device anomalies functionality, what is does and how to enable it.
https://www.systanddeploy.com/2023/03/advanced-endpoint-analytics-devices.html
Damien’s second post digs down into the world of Graph to look at how you can use the output in a more automated way
https://www.systanddeploy.com/2023/03/managing-advanced-endpoint-analytics.html
Another new feature in the Intune Suite is Microsoft Tunnel for Mobile Application Management which is covered in-depth here by Peter van der Woude
If you are using Samsung Knox E-fota, at some point you’ll need to create a new app secret for the Intune connection. This guide from Timmy Andersson will show you how
Somesh Pathak has released part three of the series looking at Apple management, this one looks at Apple Business Manager/School Manager and Business Essentials
https://www.intuneirl.com/apple-school-managerapple-business-manager-or-apple-business-essentials/
Now for a look at all things Windows 365 in a multi-part tips and tricks from Sune Thomsen. The first part looks at how you can make the connection from the end-user device as quick and responsive as possible
The second part covers improving the experience after logging in
Now for four! posts from Thiago Beier, the first showing how to send an alert to a teams channel when a device is enrolled into Autopilot
https://thiagobeier.wordpress.com/2023/03/17/monitor-intune-device-enrollment-using-teams-channel/
As a follow-on, Thiago has released a script to enroll a device using a provisioning package
https://thiagobeier.wordpress.com/2023/03/21/enroll-windows-device-using-ppkg/
Thiago’s second post is useful when packaging and deploying your apps, an easy to use PowerShell script to grab your applications uninstall keys
https://thiagobeier.wordpress.com/2023/03/19/use-powershell-to-find-application-uninstall-keys/
This script and post from Thiago shows how to create a group based on the last sync date to move your old devices into a different group (maybe for more strict CA for example)
On a similar notification theme, Jannik Reinhard uses a PowerShell script and Azure Automation to email a list of enrolled devices
https://jannikreinhard.com/2023/03/19/how-to-get-an-report-with-all-new-enrolled-devices/
Next, Niklas Tinner has some excellent hints and tips for troubleshooting policies and apps at the device level
https://oceanleaf.ch/troubleshooting-intune-policies-and-apps/
Some very compelling arguments for using Windows 365 (or AVD) cloud PCs in this post from Ola Ström which should hopefully help you convince your execs
This post from Vidya M A puts together 13 videos from the HTMD channel to help you make your design decisions when deploying Intune into a new environment
https://www.anoopcnair.com/13-episodes-of-free-intune-design-decision/
An exciting new addition to Autopatch is the ability to customize your update deferrals, find out more in this post from Jitesh Kumar
https://www.anoopcnair.com/customize-windows-update-autopatch-settings/
Another how-to guide from Niklas Rast, this time running through the pre-provisioning (was white-glove) process
Now we have four posts from Émile Cabot, with the first two looking at the new store integration. Émile’s first post covers the new ability to deploy store apps in the system context directly within Intune
https://www.checkyourlogs.net/deploying-uwp-apps-using-the-system-context/
The second post, shows how to use the new integration to remove applications from machines
https://www.checkyourlogs.net/uninstalling-microsoft-store-apps-in-intune/
And Émile’s third post looks at conditional access, how to create your policies, some policy recommendations and more importantly, how they work with break-glass accounts
https://www.checkyourlogs.net/creating-conditional-access-policies-and-break-glass-accounts/
The fourth post shows how to enable App and Browser control via Settings Catalog
https://www.checkyourlogs.net/app-browser-control/
If you are using nested groups and they have stopped updating, check out this post from René Laas with some suggestions which will (hopefully) fix the issue
https://endpointcave.com/help-my-azure-ad-dynamic-group-does-not-update/
Following the release of the driver and firmware servicing tool, David Brook has put together an excellent PowerShell module to make management easier
https://euc365.com/post/driver-firmware-servicing-powershell-module/
Should your environment have some WLAN’s which you don’t want users connecting to, this PowerShell script from Joymalya Basu Roy will block it for you
You can now force store apps during Autopilot ESP. This article from Arno van Dijk shows how and also some tips for monitoring and troubleshooting the installation
Next, find out how to fix the pesky 0x80070032 Autopilot reset error in this post from Prajwal Desai
A second post from Prajwal and one worth bookmarking, all of the latest Intune releases and what is included
If you want to go passwordless with Azure AD, you will need to leverage TAP to onboard your users to configure their authentication. This post from Simon Håkansson will run you through the process
https://simonhakansson.com/passwordless-authenticator-configuration-ddb0fa70d32f
Thomas Marcussen has updated the script to check Autopilot pre-requisites and added some useful new checks. Find out more here
This post and script from Niall Brady will automate setting group tags on multiple autopilot devices including installing any required modules
If you are using Windows 365, this post from Aresh Sarkari will show you how to send any alerts to a Teams Channel using Azure Automation
For shared devices, you may find after a while disk space starts to suffer from stale user profiles. This proactive remediation from Florian Salzmann can either report on, or clear out profiles over a certain age
https://scloud.work/en/user-profile-clean-up-intune/
Should you find any users getting a temporary profile on an AVD/FSLogix setup, have a read of this post from Gannon Novak on what to look for
This post from Paul Winstanley shows how to deploy Edge and Chrome extensions via Intune (in this case Okta, but it applies to any extensions)
https://sccmentor.com/2023/03/23/deploying-the-okta-extension-to-edge-and-chrome-via-intune/
If you’re an HP house, Simon Skotheimsvik has released part 3 of the HP Connect for Intune series, this one with an in-depth look at BIOS settings
Sune Thomsen has released the next part of the Windows 365 End-User Deep dive, this one delving into the world of multi-media redirection
In case you missed the news, Update Compliance is now end-of-life and has been replaced by Windows Update for Business Reports. The setup is slightly different, follow this guide from Jeroen Burgerhout to configure in your environment
https://www.burgerhout.org/enable-windows-update-for-business-reports/
Mergers and acquisitions can be a real headache for IT staff, trying to combine two entire environments into one but without completely ruining the user experience. This post from Shehan Perera looks at your options at the Azure AD level
https://shehanperera.com/2023/03/24/aad-cross-tenant-sync/
The third post looking at Zero Trust from Sander Rozemuller is now out, this one covering the different ways to protect your user accounts
https://www.rozemuller.com/zero-trust-common-identity-and-device-access-protection/
As well as creating a Windows 365 restore point, you can also export one to an Azure Storage account opening up the ability to make a local VM from it. Find out more in this post from Dominiek Verham
Video Content
Now onto the video content for this week, starting with a video from Andy Jones demonstrating how to configure Intune and use “Locate Your Device” for Android devices
Next up, Dean Ellerby demonstrates how to package applications using the excellent PowerShell Application Deployment Toolkit (PSADT)
I’m sure we are all using Dynamic Groups at least for your Autopilot devices. For a full deep-dive into just what you can do with them, watch this video from John Savill, it is incredibly thorough as with all of John’s recordings!
The latest video from Anoop Nair looks at one of my favourite additions, Autopatch and how you can use it to automate patching on your cloud machines
A second video from Anoop, this time looking at security baselines, how to configure them, update them and some things to look out for when implementing them
In a similar theme, this video from Anoop looks at everything around Settings Catalog
Also looking at Autopatch, Dean Cefola looks at Autopatch from the tenant level and how to configure, enrol and onboard into the service
The latest intune.training video has been released, this one features Adam Gross and Steven Hosking and looks at how you can tweak Company Portal to stop it from displaying Microsoft Webapps (amongst other things)
A new video from Chander Mani Pandey takes a look at Graph Explorer and using it to manipulate Intune at the graph level
The final community content this week comes from Andy Malone with a look at what’s new in M365 including a look at the Intune Suite, Compliance policies and more
Microsoft Content
Now onto the Microsoft content, starting with a post from the Intune Support Team covering how to configure bitlocker via settings catalog
This post from Chris Morrissey looks at the different Windows monthly updates
The final part on the App confidence blog series comes from Aleks Lopez and Colby Haase and looks at monitoring application reliability and how to use App Assure if required
Another posts from Aleks to round this off this week, a new skilling snack covering the always tricky world of application compatibility
That’s it for this week, thanks to everyone for their incredible content! Have a great weekend