Community Content
This weeks first post is a must-read for anyone managing macOS devices. Ugur Koc has created a script to block users from installing apps using Homebrew
https://ugurkoc.de/block-homebrew-on-macos-with-intune/
Hybrid workers are an excellent solution if you are hitting the limits or restrictions on standard automation runbooks. Find out how to configure and use them in this post from Torbjorn (Mr T-Bone) Granheden
https://www.tbone.se/2024/01/09/build-hybrid-worker-to-run-intune-automation-tasks/
Next, Rahul Jindal looks at Entra Global Secure Access including configuring it and looking at how it works.
https://rahuljindalmyit.blogspot.com/2024/01/enable-manage-global-secure-access-for.html
Jannik Reinhard has created another excellent AI powered tool. This one takes your input and create Intune remediations for you, including a button to add the scripts into Intune!
https://jannikreinhard.com/2024/01/07/gpt-remediation-creator/
On the subject of scripts, if you need to retrieve any back from Intune, follow this guide from Sujin Nelladath on how to do so using Graph explorer
https://www.anoopcnair.com/intune-retrieve-powershell-scripts-msgraph/
Learn how to configure and use multi-admin approval for scripts within Intune in this post from Jan Mulder
https://wolkenman.wordpress.com/2024/01/08/intune-multi-admin-approval/
Whilst most machines come with Winget pre-installed, it usually needs an update before it will launch which can take 15 minutes or more. This script from Daniel Bradley will install the latest version for you during Autopilot
https://ourcloudnetwork.com/how-to-install-winget-using-intune/
We have a second post from Daniel, looking at the different ways to deploy M365 apps, including a useful script to download directly from CDN
https://ourcloudnetwork.com/how-to-deploy-microsoft-365-apps-with-intune/
If you need to add Apple devices into your ABM environment but don’t have a device running macOS, this post from Timmy Andersson shows you how to use Apple Configurator on iOS to import them.
Stephan van Rooij has released a new tool to quickly package and deploy Winget apps to Intune. You can find all about it at the new website here
Learn how to deploy the Cisco Umbrella roaming client here with Gannon Novak
https://smbtothecloud.com/deploy-the-cisco-umbrella-roaming-client-with-intune/
Dynamic device tagging is now generally available for Defender for Endpoint. Find out how to use it in this post from Joey Verlinden
https://www.joeyverlinden.com/dynamic-rules-for-device-tagging-in-microsoft-defender/
Unless you are running shared devices, you probably don’t want any machines without a primary user assigned. This logic app from Damien Van Robaeys will report on any and then upload to SharePoint in CSV format
https://www.systanddeploy.com/2024/01/export-devices-without-primary-users-to.html
I imagine many of you will want to control enabling Windows Copilot across your devices. This post from Ola Ström will show you how to block and allow it
https://www.olastrom.com/2024/copilot-in-windows-how-to-turn-it-off-using-ms-intune
If you are not currently using Windows safeguard holds, this post from Thomas Marcussen is well worth reading!
https://blog.thomasmarcussen.com/key-things-to-know-about-windows-safeguard-holds/
Vidya Sasidharan has been lucky enough to test out the cloud PKI functionality coming soon to the Intune Suite. You can learn all about it here
https://www.anoopcnair.com/root-issuing-ca-using-intune-cloud-pki-service/
If you have apps which will need a restart on completion, this post about grace periods from Peter van der Woude is worth reading
https://www.petervanderwoude.nl/post/working-with-the-restart-grace-period-of-win32-apps/
Next, Nick Benton shows how to use device extension attributes alongside conditional access filters
https://memv.ennbee.uk/posts/device-attributes-cap/
Rudy Ooms has gone digging into EPM again, this time trying to work out what the new ECS feature could be
https://call4cloud.nl/2024/01/race-for-experiments-epm-vs-ecs/
Video Content
Now onto the video content, starting with how to get MSIX files directly from the vendor with Dean Cefola
Next, we have a very comprehensive tutorial from Saurav Sarkar covering Apple enrollment with Intune
The latest Workplace Ninja User Group UK meeting features Ugur Koc and looks at a quick way to offboard devices. The slides are also linked below the video
The slides are here:
Chander Mani Pandey continues the macOS management series, this video covers configuring the MDM push certificate
We have the latest GetRubix podcast, this time Steven Weiner discusses WDAC with Craig Ranger
Microsoft Content
Our first Microsoft content this week comes from Jonas Ohmsen and looks at iOS device management in its entirety
One of the beta device configuration report APIs is being removed. Learn more about how this here from the Intune support team
That’s it for this week, have a great weekend!
Thanks for this selection.