Intune Newsletter – 12th May 2023

Welcome to another exciting weekly newsletter with incredible content from both the community and Microsoft.

Community Content

We start this week with an excellent Proactive Remediation from Harm Veenstra to fix any unquoted services and block a potential security exploit

Now we have two posts from Dominiek Verham covering Windows 365 custom images, starting with how to create a custom image for your environment

Dominiek’s second post then shows how you can optimize your new image for ultimate performance

This Proactive remediation from Jorge Suarez will show users a friendly Toast message when their device is due a reboot

Security Baselines are great for quickly securing a new environment, but they currently don’t use Settings Catalog and can be a few versions behind the downloadable ones from Microsoft. This post from Simon Hartmann Eriksen shows how to use ADMX ingestion to grab and configure the latest versions.

Shishir Kushawaha has released a WPF GUI to create your Intunewin applications without having to use the command line utility

Shishir has also released a script to deploy compliance policie:

If you have deployed Windows LAPS (maybe based on one of the many previous community posts), you may now want to know how to rotate the passwords. This post from Peter van der Woude has you covered.

Mike Danoski has released an Excel spreadsheet containing all of the settings currently available in Settings Catalog (over 12000 of them!). Something definitely worth bookmarking

If you use Cisco Anyconnect and have macOS devices, this post from Hubert Maslowski will show you how to deploy the application using Intune

Michael Meier has released the second part looking at ingesting Intune data into PowerBi via a CosmosDB. This part covers adding data into the environment configured in part 1

Next, Niklas Tinner demonstrates how to use PowerShell to create a custom role in Azure AD

If you want to automate your AVD deployment, this comprehensive post from Aresh Sarkari shows you how to do so using Terraform

We all know how critical logs are for troubleshooting, but FSLogix only stores them for 2 days by default which sometimes just isn’t enough. In this post, Gannon Novak shows how to increase the retention period

We have a second post from Gannon troubleshooting an issue with HAADJ joined machines which have previously been enrolled into MAM

With the release of version 111 of Chrome, it can now natively support conditional access using CloudAPAuthEnabled and ADMX ingestion. This post from Rahul Jindal will run you through the steps

Now for two posts from Daniel Bradley, the first showing how to grab the LAPS password using Graph

Daniel’s second post/script uses Graph to output a list of inactive users

A welcome addition to Outlook is the ability to sync signatures across devices, but there are some occasions where you don’t want this enabled. Florian Salzmann runs through your options to disable it in this post

A new feature for Azure AD groups, you can now configure them directly for PIM which is a great addition (if you are licensed for it). This post from Shehan Perera shows how to configure it

Should you need to block the C drive on your cloud PCs, have a read of this post from Devraj Mukherjee

You can now configure Remote Help to sit behind Conditional Access policies as an extra layer of security. Follow this post from Mattias Melkersen Kalvåg

Next, David Brook looks at how to authenticate against the Log Analytics API using PowerShell to ingest data into PowerBi

Jonas Bøgvad looks at the differences between modern and legacy authentication in this post (and why you should be using modern auth!)

Vidya M A also compares modern and legacy authentication in this post:

If you have a lot of conditional access policies (or a lot of admins messing with them), this script from Sander Rozemuller will show you how to automatically inform you of the status of each policy

Another week, another CVE, this time it’s Boot Manager. For a quick fix while you apply the KB, use this script from Gary Blok

To learn more about RBAC and how it can help with your global organizations, read this post form Octavio Rodríguez

If you are about to start your Intune journey, this post from Martin McGregor points out some of the things to consider before you start

Video Content

Now onto the video content for this week starting with a look at deploying updates using WUfB from Manish Bangia

Next, Chander Mani Pandey runs through how to configure Windows LAPS

We have a new Tackling Tech video from Harjit Dhaliwal, this one looking at managing Windows Updates from the expert Aria Carley

We also have the next installment of the Graph 101 from the team at In this one Ben Reader runs through Graph authentication alongside Jóhannes Geir Kristjansson, Jake Shackelford and Sean Bulger

Dean Cefola looks at the new AVD custom image templates which has just entered public preview in this video

This video from John Savill demonstrates how to use PowerShell and Graph to retrieve your Azure AD LAPS passwords

This video from Jakub Piesik shows how you can use Entra accounts to sign-in to an Ubuntu device

A second video from Jakub, this one demonstrating how to deploy an eSim using Intune

This new video from Anoop Nair looks at the new Intune architecture diagram from Microsoft and how it differs from the previous one

Microsoft Content

Now for the Microsoft content, starting with a support tip from Michael Dineen on the Intune Support Team on how to restrict and remove applications on iOS and Android

As covered in Dean’s video above, here is the official announcement of the AVD Custom Image Templates from Tom Hickling

The latest skilling snack is out, this one comes from Joe Lurie and looks at managing your shared and frontline devices

That’s it for this week, have an amazing weekend!!

Leave a Comment