Welcome all to this weeks Tech Accelerator special newsletter, there is an extra section this week to include all of the great videos from the Tech Accelerator event. For anyone attending the MVP summit next week, I look forward to seeing you. Due to travelling and time differences, next weeks newsletter may be slightly delayed!
Community Content
We start this week with a look at Automation Runbooks in Azure and how you can use them to automate a lot of your daily tasks within Intune from Jannik Reinhard
If you want to get further details from your PowerShell script output without having to delve into the registry on devices, have a look at this script and module from Matt Dobing which outputs transcripts to Azure Blob storage
https://mrdobing.github.io/device%20management/reporting/2023/intune-reporting-101/
We all know about the Security Baselines for Windows, Edge and Windows 365, but here Nicky De Westelinck has used the Microsoft Security and Compliance Toolkit to create a baseline for M365 apps using Settings Catalog
On a similar note, Rahul Jindal does something very similar for the latest Microsoft Edge baselines which are newer than the ones currently available within Intune Security Baselines
https://rahuljindalmyit.blogspot.com/2023/04/deploying-latest-microsoft-edge.html
Next up, we have a script from Shishir Kushawaha which can be run during OOBE to enrol a device into Autopilot including adding a group tag
Now for two posts from Jitesh Kumar, the first of which is a detailed run-through on configuring custom compliance policies for Linux devices using bash scripts and JSON
https://www.anoopcnair.com/custom-compliance-policies-linux-devices-intune/
Jitesh’s second post looks at some of the exciting new features in the Config Manager 2303 upgrade
https://www.anoopcnair.com/sccm-2303-upgrade-guide-new-features/
With the discovery of the new MacStealer Malware for macOS devices, Snehasis Pani looks at how you can use Intune to protect your devices
https://www.anoopcnair.com/how-to-block-macstealer-malware-using-intune/
On the subject of malware, this post from Abhinav Rana shows how to configure a boot start driver policy to further protect your devices right from boot
https://www.anoopcnair.com/boot-start-driver-initialization-policy/
Laptop docks are great things, but keeping on top of the firmware is a lengthy job and usually vital to keeping them running nicely. If you are using HP docks, this PowerShell script from Gary Blok can be deployed in Intune or Config Manager to keep them updated
Now for two Proactive Remediations from Thiago Beier, the first one will create a new admin account on your devices and reset the password on any others it finds so you can be sure no-one has sneaky admin rights!
https://thiagobeier.wordpress.com/2023/04/10/proactive-remediation-recover-local-admin/
Thiago’s second proac pops up a toast notification if your hybrid-AD joined devices don’t have the correct hostname so whatever issues can be resolved
The 7th part of the series on Conditional Access has been released from Paul Winstanley and Mike Marable this one running through forcing MFA for risky sign-ins, what a risky sign-in is and what happens when it happens
This post from Nico Wyss looks at Bash script deployment for your Linux devices with an example script to test it out (don’t use in production though)
https://cloudfil.ch/linux-bash-script-deployment-with-intune/
Sander Rozemuller has put together a new set of posts to automate your journey towards zero trust and this is the place to find them all. As others are released, they will also be added so it’s worth bookmarking
https://www.rozemuller.com/zero-to-zero-trust-automation-index/
This post from Peter van der Woude looks at how to configure and use Endpoint Privilege Management
If you are not the sole administrator in your domain, you may want to look at mutli-admin approval to give you peace of mind that no-one is going wild with policy changes (or deletions!) Dominiek Verham looks at it further in this post
The release of Config Manager 2303 has been an exciting one for many and in these two posts, Prajwal Desai looks at some of the new features
And then a step-by-step guide to updating your instance to the new version
Benoit Lecours has also released a step-by-step upgrade guide here
If you’re using Lenovo Thin Installer, this script from Philip Jorgensen can be deployed to keep it updated
https://blog.lenovocdrt.com/#/2023/ti_winget_pr
Another Rudy Ooms deep dive, this time looking at what happens if you change an EPM rule with some complex flow-charts!
An exciting PowerApp from Michael Meier which can be used across platforms to perform Autopilot tasks including scanning a QR code to enrol devices
This excellent new website from Shehan Perera gives a high-level overview of everything to do with Intune/Autopilot with hyperlinks to the relevant MS documentation. One worth bookmarking!
Video Content
Now onto the video content, starting with a look at Windows Autopatch from Lior Bela, Michael Cureton and Mike Hilderbrand
With Windows 365 for Frontline workers now in public preview, Christiaan Brinkhoff, Colby Hanley and Sam Tulimat look at it further
In this video, Shravana Mukherjee and Lior Bela speak to Dean Ellerby, Sandy Zeng and Adam Gross about the new Intune Suite
Tech Accelerator
There have been some excellent videos this week in Tech Accelerator which you will find here, featuring:
Steve Dispensa, Ramya Chitrakar, Jason Roszak, Dilip Radhakrishnan, Matt Call, Lavanya Lakshman, Danny Guillory Jr, Joe Lurie, Dave Randall, Jessica Yang, Oluchi Chukwunyere, Kara Wang
Microsoft Content
Now for the Microsoft community content, starting with a look at what’s new in Autopatch from Lior Bela
Windows LAPS is now available (with Azure AD hopefully coming soon). Find out more here from Jay Simmons
If you are using Windows Update for Business Reports, you can now route different device data to different workspaces based on AAD group membership as covered here by Aaron Oneal
Part of the new Config Manager updates allows more data from tenant attached devices to be displayed in endpoint security operational reports
The latest skilling snack is out, looking at the Windows lifecycle, from Jason Leznek
That’s it for this week, have a great weekend!