Welcome to this weeks newsletter and for those of you lucky enough to attend MMS, I hope you had a great time (and safe travels)
Community Content
We start this week with a look at how to manage your Chromebooks with Intune from Torbjorn (Mr T-Bone) Granheden. Well worth checking out if you are considering using Intune for your ChromeOS fleet as there are some gotchas.
https://www.tbone.se/2023/04/28/manage-chromebooks-with-intune/
This thorough post from Niall Brady looks at troubleshooting steps when Autopilot is failing during account setup, in particular when attempting to install certificates via SCEP/NDES,
LAPS is still proving to be a popular subject and we have a number of articles on it this week, starting with this one from Niklas Tinner covering how to use LAPS with Administrative Units for more granular control
https://niklastinner.medium.com/windows-laps-azure-ad-and-administrative-units-f3ca4972ec87
Niklas also has a post with a full guide to configure and deploy LAPS
https://oceanleaf.ch/windows-laps-guide/
Shehan Perera takes things one step further looking at the pre-requisites for deploying LAPS including configuring your Admin Units so your environment is fully configured ahead of deployment.
https://shehanperera.com/2023/05/01/prereqs-for-wlapsinaad-0/
Next, Florian Salzmann looks at the end-to-end process of deploying and using LAPS including password rotation
https://scloud.work/en/windows-laps-azure-ad/
Peter van der Woude also has an in-depth run through here
Marc-Andre Chartrand also looks at LAPS here
The final LAPS guide this week comes from Daniel Bradley
Now for something which isn’t LAPS (but it’s similar), this post from Chris Hudson gives a thorough look at the Endpoint Privilege Management functionality included in the Intune Suite
https://www.threesixtythrive365.com/post/intune-endpoint-privilege-management
This post from Michael Meier shows how to leverage CosmosDB, Automation and PowerBi to create reports from both Intune and data directly from your endpoints.
If you need to quickly grab a list of your Windows 365 machine names, check out this post from Prajwal Desai
No doubt many of you have started your Windows 11 deployment (or are planning to shortly). This script from Jannik Reinhard will give you a helpful dashboard to track the deployment progress and adoption of Windows 11 using Azure Automation.
https://jannikreinhard.com/2023/04/30/tracking-windows-11-upgrades-with-azure-automation-and-intune/
If you have Defender for Endpoint licensing and want to onboard your servers into it, this guide from Joey Verlinden will show you how to do so using Defender for Cloud
https://www.joeyverlinden.com/onboard-servers-to-mde-using-dfc/
Rudy Ooms has got the flowcharts out again, this one looking at logging with Endpoint Privilege Management and what happens when you elevate an application.
Azure AD Administrative units are a very useful tool which many are unaware of. To find out more, read this post from Thiago Beier
https://thiagobeier.wordpress.com/2023/05/03/whats-azure-ad-administrative-unit/
Apple now includes Rapid Security Response for iOS and macOS. To find out more and how to manage it using Intune, Somesh Pathak has you covered here
https://www.intuneirl.com/rapid-security-response/
You can now include Remote Help in your Conditional Access policies using an Azure Service Principal as covered here by Benoit Hamet
Next, René Laas looks at things you should consider when designing and building your compliance policies
https://endpointcave.com/a-method-to-implementing-an-effective-compliance-policy-design/
This post form Jan Bakker looks at the new Suspicious Activity and Fraud alert in Azure MFA
Video Content
Now onto the video content with part 2 of Andy Malone‘s look at configuring a new Intune tenant. This one covers deploying applications and securing your devices
John Savill has a deep dive into the world of LAPS in this latest video. Well worth a watch (and if you haven’t done so already, this is a channel which is definitely worth subscribing to)
John has also done a video looking at Hybrid AD Join (but don’t use it with Autopilot)
Nick Ross has looked at the additions to the April M365 update including the new additions in Intune from 5:13
Andy Jones has released part 5 of the series looking at how to enrol devices into ABM, this one covers enrolling devices using just an iOS device!
Peter Rising has released a beginners guide to Defender for Endpoint which is well worth checking out. Lots of great content from Peter so I’d recommend subscribing to the channel
Microsoft Content
Onto the Microsoft content now starting with a look at what changes are coming to harden your Windows devices from Namrata Bachwani
Windows Autopatch just keeps on improving and there have been some exciting new changes in the latest Intune release including Autopatch groups and policy health dashboard. This article from Lior Bela looks at what’s new
Exciting news for all admins, you can now sign up for Windows Service alerts in the M365 Dashboard. Find out more here from Mabel Gomes
Feedback is always welcome on all Microsoft products and LAPS is no exception. Jay Simmons shows how to submit your feedback in this post
The latest skilling snack has been released, this one covers Windows Update for Business Deployment Service from Surabhi Calla
That’s it for this week, thanks for reading and have a great weekend!