Welcome to another exciting weekly newsletter with incredible content from both the community and Microsoft.
Community Content
We start this week with an excellent Proactive Remediation from Harm Veenstra to fix any unquoted services and block a potential security exploit
Now we have two posts from Dominiek Verham covering Windows 365 custom images, starting with how to create a custom image for your environment
Dominiek’s second post then shows how you can optimize your new image for ultimate performance
This Proactive remediation from Jorge Suarez will show users a friendly Toast message when their device is due a reboot
https://www.jorgeasaur.us/proactive-remediation-to-remind-windows-users-to-reboot/
Security Baselines are great for quickly securing a new environment, but they currently don’t use Settings Catalog and can be a few versions behind the downloadable ones from Microsoft. This post from Simon Hartmann Eriksen shows how to use ADMX ingestion to grab and configure the latest versions.
Shishir Kushawaha has released a WPF GUI to create your Intunewin applications without having to use the command line utility
https://www.powerofpowershell.com/post/powershell-wpf-gui-to-create-intunewin-application
Shishir has also released a script to deploy compliance policie:
If you have deployed Windows LAPS (maybe based on one of the many previous community posts), you may now want to know how to rotate the passwords. This post from Peter van der Woude has you covered.
Mike Danoski has released an Excel spreadsheet containing all of the settings currently available in Settings Catalog (over 12000 of them!). Something definitely worth bookmarking
https://github.com/IntunePMFiles/DeviceConfig/blob/main/Settings%20Definitions%20Export%203-23.xlsx
If you use Cisco Anyconnect and have macOS devices, this post from Hubert Maslowski will show you how to deploy the application using Intune
https://hmaslowski.com/home/f/cisco-anyconnect-client-deployment-for-mac-with-microsoft-intune
Michael Meier has released the second part looking at ingesting Intune data into PowerBi via a CosmosDB. This part covers adding data into the environment configured in part 1
Next, Niklas Tinner demonstrates how to use PowerShell to create a custom role in Azure AD
https://niklastinner.medium.com/create-entra-azure-ad-custom-roles-with-powershell-94b2754adb82
If you want to automate your AVD deployment, this comprehensive post from Aresh Sarkari shows you how to do so using Terraform
We all know how critical logs are for troubleshooting, but FSLogix only stores them for 2 days by default which sometimes just isn’t enough. In this post, Gannon Novak shows how to increase the retention period
We have a second post from Gannon troubleshooting an issue with HAADJ joined machines which have previously been enrolled into MAM
With the release of version 111 of Chrome, it can now natively support conditional access using CloudAPAuthEnabled and ADMX ingestion. This post from Rahul Jindal will run you through the steps
https://rahuljindalmyit.blogspot.com/2023/05/configure-cloudapauthenabled-to-support.html
Now for two posts from Daniel Bradley, the first showing how to grab the LAPS password using Graph
Daniel’s second post/script uses Graph to output a list of inactive users
A welcome addition to Outlook is the ability to sync signatures across devices, but there are some occasions where you don’t want this enabled. Florian Salzmann runs through your options to disable it in this post
https://scloud.work/en/deactivate-outlook-signature-sync/
A new feature for Azure AD groups, you can now configure them directly for PIM which is a great addition (if you are licensed for it). This post from Shehan Perera shows how to configure it
https://shehanperera.com/2023/05/09/aad-pim-groups-01/
Should you need to block the C drive on your cloud PCs, have a read of this post from Devraj Mukherjee
You can now configure Remote Help to sit behind Conditional Access policies as an extra layer of security. Follow this post from Mattias Melkersen Kalvåg
Next, David Brook looks at how to authenticate against the Log Analytics API using PowerShell to ingest data into PowerBi
https://euc365.com/post/2023-05-06-log-analytics-api-data-access-with-service-prinicipals/
Jonas Bøgvad looks at the differences between modern and legacy authentication in this post (and why you should be using modern auth!)
https://blog.skymadesimple.io/modern-auth-vs-legacy-auth/
Vidya M A also compares modern and legacy authentication in this post:
https://www.anoopcnair.com/modern-vs-legacy-azure-active-directory-auth/
If you have a lot of conditional access policies (or a lot of admins messing with them), this script from Sander Rozemuller will show you how to automatically inform you of the status of each policy
https://www.rozemuller.com/check-conditional-access-policy-effect-automated/
Another week, another CVE, this time it’s Boot Manager. For a quick fix while you apply the KB, use this script from Gary Blok
To learn more about RBAC and how it can help with your global organizations, read this post form Octavio Rodríguez
If you are about to start your Intune journey, this post from Martin McGregor points out some of the things to consider before you start
https://devicie.com/articles/key-considerations-for-intune-project
Video Content
Now onto the video content for this week starting with a look at deploying updates using WUfB from Manish Bangia
Next, Chander Mani Pandey runs through how to configure Windows LAPS
We have a new Tackling Tech video from Harjit Dhaliwal, this one looking at managing Windows Updates from the expert Aria Carley
We also have the next installment of the Graph 101 from the team at intune.training. In this one Ben Reader runs through Graph authentication alongside Jóhannes Geir Kristjansson, Jake Shackelford and Sean Bulger
Dean Cefola looks at the new AVD custom image templates which has just entered public preview in this video
This video from John Savill demonstrates how to use PowerShell and Graph to retrieve your Azure AD LAPS passwords
This video from Jakub Piesik shows how you can use Entra accounts to sign-in to an Ubuntu device
A second video from Jakub, this one demonstrating how to deploy an eSim using Intune
This new video from Anoop Nair looks at the new Intune architecture diagram from Microsoft and how it differs from the previous one
Microsoft Content
Now for the Microsoft content, starting with a support tip from Michael Dineen on the Intune Support Team on how to restrict and remove applications on iOS and Android
As covered in Dean’s video above, here is the official announcement of the AVD Custom Image Templates from Tom Hickling
The latest skilling snack is out, this one comes from Joe Lurie and looks at managing your shared and frontline devices
That’s it for this week, have an amazing weekend!!
