Intune Newsletter – 23rd April 2023

Community Content
Video Content
Microsoft Content

Welcome all to this weeks Intune newsletter, slightly late due to the exciting MVP conference, a long journey and me trying to work out what time it is!

Community Content

We have all mis-typed domains before, but attackers are grabbing these domains to target your users in a phishing attack. This post from René Laas shows how to enable typo-protection for Edge with an Intune policy to add a layer of protection

https://endpointcave.com/enable-website-typo-protection-to-help-against-phishing-attacks/


For those of you managing macOS devices, Hubert Maslowski has a very thorough guide here to deploy Security Baselines to protect these devices

https://hmaslowski.com/home/f/macos-security-hardening-with-microsoft-intune


Niels Kok has put together a very useful PowerShell module to quickly enable or disable Autoscaling on your AVD host pools

https://www.nielskok.tech/azure-virtual-desktop/enable-or-disable-autoscaling-on-avd-hostpool-with-powershell/


We all hate printers and know that paperless is the way forward, but sadly we still have users who insist on printing! With the free prints for users on M365 E3 or E5, now may be a good time to look at the Universal Print offering from Microsoft. To find out more and how to configure and deploy it, have a look at this post from Simon Skotheimsvik


Ákos Bakos has released part 9 of the excellent OSDCloud Series (the previous ones are well worth checking out), this time looking at how to automate OSDCloud to kick in during OOBE

https://akosbakos.ch/osdcloud-9-oobe-challenges/

Now for two posts from Thiago Beier, the first is an update to the previous guide/script to enrol windows devices using a ppkg. This update includes support for group tags directly within the package.

https://thiagobeier.wordpress.com/2023/04/14/enroll-windows-device-using-ppkg-part-2/

Thiago’s second post is a Proactive Remediation to deploy Outlook templates to your users from Azure blob storage

https://thiagobeier.wordpress.com/2023/04/19/distribute-outlook-templates-from-intune/


Linux support in Intune keeps on improving and with 2303 we gained the ability to deploy bash scripts to your Ubuntu-based devices. To find out how, read this post from Jannik Reinhard

https://jannikreinhard.com/2023/04/16/creating-and-configuring-bash-scripts-for-ubuntu-devices-in-intune/


Buckle up, Rudy Ooms has been digging about in Windows again. This time looking at device compliance and issues with Health Attestation. Be prepared for a thorough explore of the inner workings as usual.


To enable safe browsing on your Android and iOS devices running Chrome, follow this guide from Rahul Jindal

https://rahuljindalmyit.blogspot.com/2023/04/use-safe-browsing-in-google-chrome-on.html


Next, Niklas Tinner looks at the different options available currently to handle your users who need administrative rights

https://oceanleaf.ch/local-admin-privilege-management-with-intune/


Shishir Kushawaha has created a useful PowerShell script with GUI to be able to rapidly validate your machines have configured correctly using Autopilot

https://www.powerofpowershell.com/post/device-validation-with-powershell-wpf-gui-post-imaging-or-autopilot


This custom compliance script from Harm Veenstra will mark any devices as not compliant if they have additional local administrators outside of the ones from Azure roles.


Florent Nosari has built a GUI front-end for your PowerShell scripts, still in beta, but well worth checking out

https://github.com/nosari20/Windows-Desktop-Script-UI


Windows 365 Frontline is now in public preview and is an exciting additon to the Windows 365 family of licenses. This post from Ola Ström tells you all you need to know

https://www.olastrom.com/2023/windows-365-frontline-lets-talk-about-it


Now you know all about Windows 365 frontline, how about a couple of posts from Prajwal Desai digging into the subject further, starting with how to provision your newly licensed devices.

Now you have provisioned your devices, in order to free up the license for the next user, you’ll need to make sure they have closed fully. Hopefully the users will simply log out, but just in case, a time limit is always a good backup. Find out how in Prajwal’s second post


If you want to go full passwordless, you will want to look at using TAP to onboard your users and setup their devices. This post from Simon Håkansson runs you through the process

https://simonhakansson.com/passwordless-onboarding-in-windows-temporary-access-pass-25bb75efe570


Naming your AAD joined, Autopilot devices is a straight forward process, but when dealing with hybrid-joined, it’s a bit more complex. Ideally you would just ditch the AD join, but for those who can’t yet, this script from Gannon Novak should help with the naming

https://smbtothecloud.com/naming-hybrid-azure-ad-joined-autopilot-devices-automatically-using-a-custom-prefix-and-serial-number/


This very in-depth post from Sander Rozemuller shows you how to automatically create a passwordless break-glass account as extra protection should you accidentally lock out your admins!

https://www.rozemuller.com/passwordless-multilayered-break-glass-alternative-automated/


Now for the next three parts of the series covering HP Sure Recovery from Gary Blok


Jannik Reinhard has put together a script to use OpenAI and Azure Voice services and created an Intune Voice Bot

https://jannikreinhard.com/2023/04/23/intune-ai-voice-bot/


With the release of Windows LAPS, we have many items from the community around it:

This one from Nicky De Westelinck

https://nickydewestelinck.medium.com/enable-windows-laps-management-with-microsoft-intune-c3f3d531ab4a


And from Bradley Wyatt


Also from Rahul Jindal

https://rahuljindalmyit.blogspot.com/2023/04/windows-laps-with-microsoft-entra-azure.html


And Moe Kinani

https://cloudbymoe.com/f/windows-laps-is-finally-here


Video Content

Now onto this weeks video content starting with a look at what’s new in Windows 365 2303 with Mattias Melkersen Kalvåg, Donna Ryan and Femi Adebaro


Also looking at the latest additions to Windows 365, we have the Ask Me Anything with Christian Montoya, Sam Tulimat, Abraham Pineda, Colby Hanley, Donna Ryan and Go Komatsu


Microsoft Content

Now for a look at the Microsoft content this week, starting with more Windows 365 content with news that machines are now encrypted at the host level. Find out more from Ankur Biswas here

https://techcommunity.microsoft.com/t5/windows-it-pro-blog/windows-365-cloud-pcs-now-secured-with-encryption-at-host/ba-p/3794368


The weekly skilling snack is here and always well worth reading! This week it looks at all things Windows Update for Business from the expert in the field, Aria Carley

https://techcommunity.microsoft.com/t5/windows-it-pro-blog/skilling-snack-using-windows-update-for-business/ba-p/3801349


Have a look at how the Intune Suite can simplify your endpoint management in this article from Jason Roszak

https://www.microsoft.com/en-us/security/blog/2023/04/19/simplified-endpoint-management-with-microsoft-intune-suite-adopting-a-long-term-approach-with-intelligence-and-automation/


Here is the official announcement of LAPS with AAD from the Intune Support Team

https://techcommunity.microsoft.com/t5/intune-customer-success/announcing-windows-laps-management-through-microsoft-intune/ba-p/3801584


The final content comes from Ramya Chitrakar with a look at what’s new in the 2304 release

https://techcommunity.microsoft.com/t5/microsoft-intune-blog/what-s-new-in-microsoft-intune-2304-april-edition/ba-p/3802437


That’s it for this week, have a great weekend (what’s left of it). Hopefully business as usual next week with a Friday release!

Leave a Comment