Welcome to this weeks newsletter with a whole additional section for some Tech Community Live videos direct from Microsoft. This is also the first newsletter running from a new mailing application so fingers crossed if you are a subscriber you are reading this!
Community Content
We start this week looking at the history and future of Endpoint management from Simon Hartmann Eriksen. I’m looking forward to seeing the rest of this series.
https://www.simsenblog.dk/2023/06/19/future-client-zero-trust/
Ugur Koc has released an excellent website which aggregates key community websites and includes the ability to bookmark posts of interest directly into the web page. It also includes a summary of each post. Well worth checking out
Ugur has also released a new toold to make enrolling your Ubuntu devices much easier
https://ugurkoc.de/linux2intune-linux-enrollment-in-intune/
We can’t have a newsletter without at least one LAPS post, it’s a very popular addition in the community! This one comes from Joost Gelijsteen and looks at what happens when a password is rotated and where to look in the logs to see what is happening.
https://joostgelijsteen.com/password-rotation-by-laps/
Whilst you cannot directly enrol servers into Intune, you can now deploy policies from Intune to your servers using Defender for Endpoint. Find out more in this post from Dean Ellerby
https://www.linkedin.com/pulse/manage-windows-servers-defender-endpoint-intune-dean-ellerby/
Book out some time for this one, it’s another Rudy Ooms deep dive, as a follow on to the previous MMP-C post (also worth reading). This one looks at what happens with MMP-C enrollment after EPM is activated
https://call4cloud.nl/2023/06/the-infernal-mmp-c-discovery/
We have a second post from Rudy this week, this time delving into what happens when you login to a device with a LAPS account:
https://call4cloud.nl/2023/06/a-guide-to-recognizing-your-post-authentication-actions/
WDAC is a powerful tool, but it’s a pain to configure. If you want to restrict your machines to only install applications from Intune, check out this post from Michael Meier
https://mikemdm.de/2023/06/18/deploy-a-basic-wdac-policy-with-intune-as-managed-installer/
Next, we have part 8 of the excellent Conditional Access series from Paul Winstanley and Mike Marable. This time it covers how to handle your unmanaged devices.
Niall Brady has released an update to a previous post looking at location redirection on Windows 365 machines
https://www.niallbrady.com/2023/06/16/an-update-about-location-redirection-on-windows-365-cloud-pcs/
Whilst not strictly Intune related, this list of 20 useful wmi classes from Shishir Kushawaha will be useful in your custom compliance policies
Thiago Beier has been helping me improve the community fork of get-windowsautopilotinfo. You can find out more here and please get involved too!
Thiago has also released part 2 of the series looking at Autopilot deployment profiles, this time looking at AADJ devices
https://thiagobeier.wordpress.com/2023/06/21/windows-autopilot-deployment-profiles-part-2/
This comprehensive post from Vidya M A runs through all of the available security policies across your Intune tenant
https://www.anoopcnair.com/intune-security-policy-configuration-options/
You can now manage Visual Studio directly from Intune using settings catalog without having to ingest any ADMX policies. Find out more in this post from Peter van der Woude
https://www.petervanderwoude.nl/post/managing-updates-for-visual-studio/
A new feature in Conditional Access (although a paid addition) is Workload Identities as covered in this post from Gannon Novak
https://smbtothecloud.com/testing-conditional-access-for-workload-identities/
Shehan Perera looks at how to use Azure PIM for Groups to configure and manage access to your Intune Built in Roles in this post
https://shehanperera.com/2023/06/21/intune-rbac-01/
Never let your Apple certificates expire, it hurts! To learn how to renew them, follow this guide from Jitesh Kumar
https://www.anoopcnair.com/how-to-renew-apple-vpp-tokens-in-intune/
Windows 365 boot is an exciting new feature which I can see being especially useful for multi-user kiosk style devices, especially when paired with a frontline license. This post from Ola StrΓΆm runs through the end to end process to configure and deploy
https://www.olastrom.com/2023/boot-directly-to-your-cloud-pc
If you want to test Windows 365 boot, but don’t have a spare machine, this post from Roy Apalnes will show you how you can test it in Hyper-V!
https://www.linkedin.com/pulse/windows-365-boot-from-virtual-machine-roy-apalnes/
You can now ingest custom CSS into AzureAD to customise the display further. Have a read of this post from Jan Bakker to find out how
https://janbakker.tech/company-branding-and-custom-css-in-azure-active-directory/
The one downside with LAPS is it does not automatically create a custom account for you which means you either need the use a CSP, or PowerShell. Niels Kok has put together a very useful Remediation here to take care of that for you
https://www.nielskok.tech/intune/windows-laps-user-via-remediations/
Timmy Andersson has updated an article showing how to rename devices with PowerShell and Graph with the update covering using the new graph SDK
https://timmyit.com/2023/06/23/intune-rename-devices-with-powershell-and-microsoft-graph-module/
If you want to keep your machines online using Intune, check out this guide from Florian Salzmann
https://scloud.work/en/intune-energy-always-on/
Video Content
We start the video content this week with a deep dive into Endpoint Privilege Management from Saurabh Sarkar
Next, Andy Malone gives an introduction to Intune to quickly get started
Now for two videos from Alex de Jong, the first looking at managing updates for your Windows and Apple devices using Intune
The second video from Alex looks at managing cloud applications using Intune and Defender for Endpoint/Cloud apps
This video from Anoop Nair shows how to use Defender for Endpoint to block ChatGPT in your estate
A new intune.training video has been released, this one features Ben Reader and Steven Hosking and looks at using an Event Hub to store and access your Intune event data
John Bryntze has released a full 10-part series showing how to fully manage your macOS devices
Jordan Gross runs through the new MAM for Microsoft Edge (including Windows!) here
Tech Community Live Video
We have a selection of Microsoft AMAs now from Tech Community live starting with the June 2023 Windows 365 AMA featuring Christian Montoya, Andrew Miyasato and Christiaan Brinkhoff
The next AMA looks at management of Android and Linux devices with Max Stein, Lothar Zeitler, Clay Taylor and Courtenay Bernier
And next up, an AMA on EPM with Joe Lurie, Matt Call and Danny Guillory Jr
Now the AMA on managing your Apple devices, iOS, iPadOS and macOS from Joe Lurie, Aman Haq and Arnab Biswas
Finally we have an AMA around Windows updates, drivers, firmware and Autopatch from Joe Lurie, Viraf Gandhi, David Guyer, Whit Williams and Chris Sires
Microsoft Content
Now onto the Microsoft content starting with a look at the modernised Intune device compliance reports from Tyler Castaldo
Intune is now moving to support the new Google Play API as discussed here from the Intune support team
Find out how to use Graph to retrieve app reporting data
The M365 Copilot technical requirements have been released from Yana Terukhova
Application Control Policies are now in Private Preview, find out how to deploy them here:
https://learn.microsoft.com/en-us/mem/intune/protect/endpoint-security-app-control-policy
Find out all of the exciting new features in the Intune June release from Ramya Chitrakar
That’s it from this week, have a great weekend!