It’s the penultimate newsletter before Christmas and hopefully the festivities are in full swing wherever you are. This content is still flowing in thick and fast though!
Community Content
We start this week with a look at the data leakage prevention options in Windows 365, how to configure them and how they look from Peter van der Woude
https://www.petervanderwoude.nl/post/discouraging-data-leakage-on-windows-365/
Next, Jannik Reinhard gives an excellent run through of how Copilots work, well worth a read!
If you support macOS devices, these scripts from Ugur Koc will add custom attributes to list the last reboot time and any local admins
https://ugurkoc.de/get-local-admins-and-last-reboot-time-on-macos-devices-using-custom-attributes/
This post from Kenneth van Surksum looks at the Security Service Edge in Entra including Entra Internet Access and Entra private access
Learn all about Endpoint Privilege Management here with Manish Bangia
https://www.manishbangia.com/how-to-use-endpoint-privilege-management-using-intune/
If you want to make your Intune reports more accessible, this post from Damien Van Robaeys shows how to use logic apps to export them into CSV and then move them into SharePoint
https://www.systanddeploy.com/2023/12/exporting-custom-intune-report-to-csv.html
Matias Magnus Andersen has some excellent KQL queries here for using Defender for Endpoint to report on your feature and quality updates
Some more detective work from Rudy Ooms here, this time looking at an issue when migrating a machine from Workspace One to Intune
https://call4cloud.nl/2023/12/the-0xd000000d-job-2-nutty-by-intune/
Next, Harm Veenstra runs through how to configure and use custom requirements scripts for Intune apps
https://powershellisfun.com/2023/12/08/microsoft-intune-powershell-additional-requirement-rules/
Now for two posts from Brad Wyatt, the first looking at the new Graph functionality to review the last successful sign-in date and time of a user
The second post from Brad looks at the new Graph CLI recently released by Microsoft
https://www.thelazyadministrator.com/2023/12/11/the-microsoft-graph-command-line-interface-cli/
With the release of the new Teams client for VDI, Jon Towles looks at how to deploy to Windows 365, requirements, optimizations and improvements
https://mobile-jon.com/2023/12/10/the-new-teams-client-comes-windows-365-cloud-pcs/
Tom Machado has a useful mobileconfig file here to allow Chrome to auto-update on your macOS devices. Incredibly useful to have, especially for any zero-day vulnerabilities
You may have an RMM in place in your organization, whether from legacy setups, or from an MSP managing your devices. Learn more about RMMs and whether you still need them with Intune here with Lewis Barry
https://conditionalaccess.uk/what-is-your-rmm-actually-doing/
Oliver Kieselbach has released an update to the excellent SyncML tool to work with the new declared configuration functionality
https://oliverkieselbach.com/2023/12/12/new-syncml-viewer-version/
For those of you managing AVD machines, learn how to use Azure Monitor to keep an eye on them here with Niels Kok, including automating the setup!
https://www.nielskok.tech/azure-virtual-desktop/monitoring-avd-with-azure-monitor/
We have a second post from Niels this week with an excellent script for clearing up your Entra joined AVD session hosts
https://www.nielskok.tech/azure-virtual-desktop/automating-cleanup-entra-joined-avd-hosts/
Following on from a previous post on grouping on hardware inventory, Gowdhaman Karthikeyan looks at using batching in Graph to improve performance in large environments
https://blogs.gowdhaman.in/intune-graph-api-json-batching/
Dennis Rietveld has released more device hardening policies, this time for iOS. If you haven’t checked out the others, make sure you do
https://github.com/R33Dfield/iOSHardening
Next, Liviu Barbat has a deep-dive into Win32 app availability and deadlines
https://patchtuesday.com/blog/intune-win32-apps/
If you have devices enrolled with Android Device manager, this post from Malepati Naren runs through migrating them to work profile
https://www.anoopcnair.com/device-admin-mode-to-android-work-intune/
This post from Paul Vilcu looks at Intnue logs, the tools available and the log locations
https://mem.zone/intune/intune-logs-deep-dive/
If you want to configure LAPS but use a custom admin account without creating a custom CSP policy, check out this remediation script from Daniel Bradley
https://ourcloudnetwork.com/how-to-create-a-local-admin-account-on-windows-devices-with-intune/
This post from Michael Niehaus shows why you should password protect your SCCM boot media
Learn about your options for unmanaged Windows devices included a MAM walkthrough here from Gannon Novak
https://smbtothecloud.com/handling-unmanaged-windows-devices-using-windows-mam-with-intune/
Jitesh Kumar looks at the new additions in the 2312 December Intune release here
https://www.anoopcnair.com/intune-2312-december-update-new-features/
Setup your devices with Intune to fully prepare for copilot. Find out what is required in this post from Simon Skotheimsvik
https://skotheimsvik.no/boost-your-copilot-prepare-your-devices-now-with-intune-mastery
Learn all about the Edge management service to add an extra security layer to your browsers in this post from Jose Schenardie
https://intune.tech/2023/12/15/Getting-started-with-Microsoft-Edge-management-service.html
Video Content
Now onto the video content, starting with a look at how to automate Intune reporting with Azure Automation and managed identities from Chander Mani Pandey
This video from Steven Weiner runs through the full process to enrol a macOS device into Intune
Steve has followed this up with a video covering macOS app deployment
We also have the second in the new podcast series from Steve, this one features Derrick Ferrell to talk about Defender for Endpoint
Niklas Tinner and Jannik Reinhard look at the Intune Suite announcements from the Technical Takeoff here
The latest video from the Workplace Ninja UK User group features presentations from Neil McLoughlin on app deployment for Cloud VDI and Nicklas Olsen on MAM for Windows
The latest intune.training video is here and this one covers the different ways to provision your Windows devices with Adam Gross, Steven Hosking and Jóhannes Geir Kristjánsson
With the holiday season looming, Dean Ellerby looks at ways you can secure your environment to lower your attack surface over the festive break (and beyond)
Microsoft Content
Learn about what’s new in the 2312 Intune release in this weeks first Microsoft news
https://learn.microsoft.com/en-us/mem/intune/fundamentals/whats-new
Imagine a world without print drivers! This may soon be a reality with the modern Windows print experience as explained here by Johnathan Norman. One step towards the printerless utopia!
For anyone in the EU, this is a MUST READ. Starting in the New Year, your users will be prompted to continue to sign-in to Office apps on the first launch on every device (it will display once only), but there is no way to stop the prompt. Read more here with Adam Steenwyk
That’s it for this week, have an amazing weekend!!