We are well into December now and there are definitely more hours in the dark than in daylight. Fortunately we have some ideal reading for those cold winter nights (or warm summer nights if you are south of the equator)
Community Content
Starting us this week, Jon Towles looks at how Intune compares to VMware Workspace One for macOS management after the massive improvements in the recent Intune releases, not to mention some Broad changes at VMware.
If you don’t use AnyDesk or Team Viewer, you probably want to block those as they could be a way for bad actors to infiltrate your devices. This guide from Niklas Rast will show you how to do so using WDAC
Next, Manish Bangia runs through remediations including how to check they are running in the IME logs
https://www.manishbangia.com/deploy-remediation-script-using-intune/
This comprehensive post from Kenneth van Surksum covers best practices when configuring your devices for Windows updates, included some exported policies for you to use
A second post from Kenneth looking at passkey authentication for Windows
https://www.vansurksum.com/2023/12/07/what-problem-do-passkeys-solve/
This excellent script from Gowdhaman Karthikeyan uses Entra attributes to group your devices based on any hardware attribute
https://blogs.gowdhaman.in/intune-grouping-based-on-hardware-inventory-data/
Niklas Tinner continues the Windows 365 series, this time looking at managing your W365 devices using Intune
https://oceanleaf.ch/windows-365-intune-management/
If you are currently using, or looking to use Dev drives, this post from Peter van der Woude will help you securely manage them
https://www.petervanderwoude.nl/post/managing-security-policies-for-dev-drive/
For anyone missing the WiFi menu after sending a macOS wipe from Intune, find a fix here from Simon Skotheimsvik
Learn how to deploy the Entra Global Secure Access client to your devices using Intune in this post from Daniel Bradley
https://ourcloudnetwork.com/how-to-deploy-the-global-secure-access-client-with-intune/
For those of you running Config Manager, you can now test ARM64 OS deployments. Find out how in this post from Niall Brady
https://www.niallbrady.com/2023/12/03/arm64-support-for-osd-added-to-configuration-manager/
On the subject of Config Manager, this script from Gary Blok will provide more information on what is happening during driver installations within a task sequence
https://garytown.com/dism-apply-drivers-tsprogressui-subbar
Jose Schenardie has released a very useful new PowerShell module to report on which browser extensions you have in your estate.
https://intune.tech/2023/12/06/Reporting-on-installed-browser-extensions.html
Now for two posts from Vidya Sasidharan looking at some of the features coming soon to Intune, starting with pivot query for real-time reporting (those with a Config Manager background will be especially pleased to see this one!)
https://www.anoopcnair.com/intune-pivot-query-real-time-reporting/
Vidya’s second post looks at a new report for Windows version distribution
https://www.anoopcnair.com/intune-monthly-patching-distribution-report/
You may have discovered that Azure runbooks have time and memory limits on them. To find a way around these, read this post from Torbjorn (Mr T-Bone) Granheden
https://www.tbone.se/2023/12/06/life-below-400-mb-in-azure-automation-with-intune-set-primaryuser/
LAPS is great, but you may want to apply an account lockout policy to it for some added protection. In the olden days you could just throw in a GPO, but those settings don’t yet exist in Intune. Fortunately Nicklas Ahlberg has put together a workaround here
https://www.rockenroll.tech/2023/11/29/windows-11-local-account-lockout-policy/
Jannik Reinhard has released the second part of the excellent guide covering best practices for Defender for Endpoint
Rudy Ooms has now gone digging into the Teams mobile app to fix an issue with group chats missing. If you are having the same issue, you can find the resolution here
https://call4cloud.nl/2023/12/the-day-that-the-microsoft-teams-group-chats-stood-still/
Niklas Tinner looks at some of the key take-aways from the Technical Takeoff last week in this post
https://niklastinner.medium.com/summarizing-microsoft-technical-takeoff-2023-80fc4e0fbdc0
Next, we have a comprehensive post from Oktay Sari looking at macOS management with Intune, especially looking at plist files and how they compare to Settings Catalog and mobileconfig
https://allthingscloud.blog/managing-macos-devices-with-microsoft-intune/
Video Content
Now onto the video content, starting with a look at the new “Windows App” for W365 and AVD as well as the new W365 switch&boot functionality from Andy Jones
Next, we have two posts from Chander Mani Pandey, the first looks at using Azure Runbooks for automating Intune reports
Chander’s second post shows how to disable Windows Copilot using Intune and a custom OMA-URI
When migrating between tenants, you have to deal with different user identities which can cause issues, especially with your primary users. This video from Steven Weiner shows how to fix this
Following on from this, Steve runs through the entire v3 migration tool
Steve has also started an interview podcast series, the first episode features Dustin Gullett and covers all things Windows 365
We have a new unpacking endpoint manager episode with Danny Guillory Jr and Steve Thomas (and the MEM user group) covering moving to Windows 11
Dean Ellerby looks at the Entra Private Access functionality in this video
We have the latest Intune.Training video next from Adam Gross and Steven Hosking. This one looks at provisioning Chrome OS devices using Intune
This video from Craig Camacho runs through device compliance with Intune and Entra Conditional Access
The latest EMS podcast is now live looking at all things Ignite with Jonas Bøgvad, Lewis Barry, James Robinson and Jóhannes Geir Kristjánsson
Microsoft Content
Now onto the Microsoft content, starting with a look at all of the accessibility features added to Windows in the past year from Divya Bhaskaran
https://blogs.windows.com/windowsexperience/2023/12/04/a-year-in-recap-windows-accessibility/
Next, we have more days of the “12 days of blog-mas” from Michael Hildebrand, starting with Windows LAPS config and usage
Day four covers synchronising your cloud groups back to on-prem AD
Day 5 looks at managing your endpoint and the different Microsoft options available, including how they fit together (plus some old-school screenshots)
Learn why now is the best time to move to cloud managed devices (send this to your executives if you need to convince them). This article is from Michael Wallent
Windows 10 End-of-support is looming! Find out your options here with Jason Leznek
That’s it for this week, have a great weekend!!