Welcome to this weeks newsletter, your place to catch up on all things Intune, Entra and more! It’s a bumper one this week with lots of Intune suite news.
Community Content
We start this week with a look at another new Windows 365 feature in public preview, this time it’s shared mode for Win365 boot from Dominiek Verham
https://techlab.blog/windows-365-boot-shared-mode/
Dominiek also looks at the other preview functionality, dedicated mode
https://techlab.blog/windows-365-boot-dedicated-mode/
Next, Peter van der Woude looks at IME logs, what’s in them and how to work with them
Niall Brady and Paul Winstanley have added a new post in their series covering Windows 365, this one looking at dedicated boot
https://www.niallbrady.com/2024/01/29/a-quick-look-at-windows-365-boot-dedicated-mode/
You may have noticed it is difficult to deploy desktop shortcuts to Windows store apps (Appx and MSIX), Florian Salzmann has a script here to sort that for you!
https://scloud.work/create-desktop-shortcuts-for-windows-apps/
If you are considering security baselines, or haven’t yet deployed them, this post from Shehan Perera is well worth checking out
https://emsroute.com/2024/01/27/intune-security-baseline-1/
Shehan has also written this helpful post to rapidly onboard devices into MDE
https://emsroute.com/2024/02/01/managed-by-mde-01/
A third post from Shehan, this time looking at Enterprise app management
https://emsroute.com/2024/02/02/microsoft-intune-enterprise-app-catalog-is-here/
If you’re having any autopilot issues, it could be a Windows update as covered here by Michael Niehaus
https://oofhours.com/2024/01/26/autopilot-randomly-not-working-perhaps-kb5033055-is-to-blame/
We have a second post from Michael with an update to the excellent Autopilot branding script
https://oofhours.com/2024/01/31/autopilot-branding-app-improvements/
The latest Windows 11 build can automatically create an account for LAPS to save scripts or policies which error. If you want to disable it, follow this guide from Daniel Bradley
https://ourcloudnetwork.com/how-to-enable-automatic-account-creation-with-laps-in-intune/
We have a second post from Daniel this week showing how to deploy apps with the new Enterprise App Management which has gone GA for those with Intune Suite
https://ourcloudnetwork.com/how-to-deploy-apps-from-the-enterprise-app-catalog-in-intune/
Michael Meier also looks at the new Enterprise App catalog functionality here
https://mikemdm.de/2024/02/01/enterprise-app-catalog-now-available-in-intune-suite/
If you’re managing macOS devices, the Mac Evaluation Utility could prove useful as described here by Somesh Pathak
https://www.intuneirl.com/uncover-the-secrets-of-appleseed-part-iii-mastering-the-tools/
Thomas Marcussen has found an issue with another windows update which could cause issues with SSO
https://blog.thomasmarcussen.com/user-is-required-to-permit-sso-windows-11/
Jannik Reinhard has been experimenting with device enrollment and has potential found a way to re-enrol them without needing to wipe
https://jannikreinhard.com/2024/01/29/reenrol-devices-without-wipe/
If you have users who need to RDP into their machines, but don’t want to allow others to do so, have a look at this script from Jörgen Nilsson
https://ccmexec.com/2024/01/enable-rdp-access-only-to-the-enrolled-by-user-in-windows-using-intune/
With the release of the LAPS account creation in the latest canary builds, Rudy Ooms has gone digging to find out how it all works, many flow charts within…
https://call4cloud.nl/2024/01/windows-laps-under-the-hood-automatic-account-management/
Rudy also has a deep dive into the new Device Query functionality to see how it all works here
https://call4cloud.nl/2024/02/device-query-a-mad-max-feature/
A third post from Rudy, this time troubleshooting device query
https://call4cloud.nl/2024/02/five-push-notifications-at-device-query/
If you’re one of those with issues installing Windows updates due to recovery partition sizes, Nick Benton has instructions here on how to fix it using remediations
https://memv.ennbee.uk/posts/winre-parition-resize-kb5034441/
Learn how to use Group Policy Analytics to assist in your cloud migration in this post from Niklas Rast
We also have Device Query now in GA for Intune suite users which may look familiar to those who use (or used) CMPivot. Learn all about it here from Chris Hudson
https://www.threesixtythrive365.com/post/intune-device-query-intune-advanced-analytics
Joost Gelijsteen also tests the new Device Query functionality in this post
https://joostgelijsteen.com/intune-device-query/
If you allow BYOD, MAM is essential to protecting your data. This post from Tom Machado runs through configuring it and the end user experience
https://poemtomdm.fr/2024/02/01/intune-mam-policies-the-key-to-protecting-data-on-unmanaged-devices/
Learn how to deploy power plans using remediations in this post from Trevor Jones
https://smsagent.blog/2024/02/01/deploying-a-custom-power-plan-with-intune-remediations/
The latest insider build also includes support for Config Refresh. This post from Nicklas Olsen shows how to configure it
https://www.learnintune.net/config-refresh/
Next, Peter Klapwijk has a script to automatically set the time zone during Autopilot OOBE
https://www.inthecloud247.com/automatically-configure-the-time-zone-during-autopilot-enrollment/
With the many new releases for the Intune suite, Niklas Tinner runs through exactly what is included now
https://oceanleaf.ch/unboxing-the-intune-suite/
Video Content
Now onto the video content, starting with a look at how to handle conflicts when using Apple Business Manager federation from Dean Ellerby
Next, Steven Weiner extends the series looking at the PowerShell SDK, this one covering invoking web requests.
Steve’s second video shows how to make a POST call in Graph to create items within Intune/Entra
Putting everything learned from the previous videos together, Steve demonstrates how to use these new skills to create a script to cleanup primary users
Steve is joined by Dominick Fidotta to discuss Intune macOS management in the latest podcast
The latest unpacking endpoint management episode is here featuring Clay Taylor, Rachelle Blanchard, Steve Thomas and Danny Guillory Jr. This one covers zero trust, the secure future initiative and more
Niklas Tinner has released the next episode of the Win365 starter series, this one covers reporting and remote actions from the Intune console
The latest intune.training video is here, this one covers device compliance with Adam Gross and Steven Hosking
Chander Mani Pandey looks at the Enterprise App Management functionality in this video
As we have seen, lots of new Intune Suite features have gone GA so the Windows IT Pro team have released videos explaining them all:
Tunnel for MAM
Enterprise app management:
Advanced Analytics
EPM
Management of speciality devices
Remote help:
Cloud PKI:
Also a Microsoft mechanics video on the whole suite
Microsoft Content
We start the Microsoft content this week with some best practice recommendations when starting your device cloud journey from Jason Roszak
You can now run a report on expedited update readiness in Graph, find out more here with Surabhi Calla
That’s it for this week, have an amazing weekend and to those of you attending the Workplace Ninja UK meetup next week, I’ll see you there!
Thanks.
I will try the laps account.