Welcome to the pre-MVP summit newsletter, tomorrow I am off to Microsoft HQ to join other MVPs for our yearly get-together. Next week’s edition may be delayed as I will probably be either mid-air or jet-lagged.
For everyone attending, looking forward to seeing you there!
Community Content
If you’re having problems with Autopilot devices adding the user as an admin, check out this troubleshooting guide from Rudy Ooms
https://call4cloud.nl/2024/03/autopilot-escape-the-administrator/
We have a second post from Rudy, this one looking at TPM attestation issues on HP G9 devices
https://call4cloud.nl/2024/03/houston-we-have-a-tpm-attestation-problem/
Ugur Koc has released a new tool to quickly check the assignments against a group, user or device
https://ugurkoc.de/get-all-assignments-in-intune-for-a-user-group-or-device/
You can find the tool here:
https://intuneassignmentchecker.ugurkoc.de/
We now have two posts from Oliver Kieselbach, starting with news that the excellent SyncML viewer is available via Winget
https://oliverkieselbach.com/2024/03/04/syncml-viewer-via-winget/
Oliver’s second post runs through a full Wi-Fi setup using Cloud PKI and RADIUSaaS, well worth checking out!
Next, Joey Verlinden looks at the new preview ASR rules and what they block on devices
https://www.joeyverlinden.com/deploy-the-new-attack-surface-reduction-rules/
Michael Meier has a step-by-step guide to configuring Cloud PKI here
https://mikemdm.de/2024/03/03/first-look-at-intune-cloud-pki/
Learn how to create your own Intune Co-Pilot with Azure OpenAi with Jannik Reinhard
https://jannikreinhard.com/2024/03/03/create-your-own-intune-co-pilot-using-azure-openai-studio/
If you want to better manage your apps, use this script from Jorge Suarez to automatically create app based groups on detected apps
Salona Sahni has released part 7, 8 and 9 of the MDE series, this part looks at the MDE functionality in the security portal and it’s capabilities
https://www.cubicsolutions.de/microsoft-defender-for-endpoint-series-part-7/
If you’re hitting issues with Kerberos cloud trust and Entra Private access, check out this fix from Morten Knudsen
https://mortenknudsen.net/?p=2965
For those of you getting started with Autopilot, this guide from Lucas Magoni is well worth reading
https://racetocloud.com/microsoft-intune/windows-autopilot-enrollment/
Rahul Jindal has a useful KQL script here to quickly grab Microsoft Defender status from your devices
https://rahuljindalmyit.blogspot.com/2024/03/using-kql-to-capture-defender-status.html
Next, Jon Towles is putting together an excellent guide for those learning Intune from a Workspace One background. This first part looks at the Intune components to match those in WS1
https://mobile-jon.com/2024/03/05/the-workspace-one-admins-guide-to-intune-part-1/
This guide from Tim Beer runs through protecting your Windows BYOD with MAM for Edge
https://timbeer.com/2024/03/02/windows-mam-and-edge-enterprise-browser/
Tim also looks at web filtering in Entra Internet Access
Now for three posts from Somesh Pathak, starting with some guidance on blocking non Apple app stores on iOS devices after the EU verdict
https://www.intuneirl.com/alternative-app-stores-not-on-my-supervised-devices/
The next post looks at Secure Enclave and platform SSO for macOS
Somesh also looks at Cloud PKI here
Learn how to brand Edge for Business using Intune with Peter van der Woude
https://www.petervanderwoude.nl/post/adding-company-branding-to-microsoft-edge-for-business/
If you need users enrolling devices to automatically be added to local groups on the device itself, have a look at this script from Jose Schenardie
https://intune.tech/2024/03/06/Making-the-Entra-ID-enrolling-user-member-of-a-group.html
Niels Kok has an excellent new script here to enable drain mode on an AVD host when they fall non-compliant
https://www.nielskok.tech/azure-virtual-desktop/avd-drainmode-dependent-on-compliance/
Damien Van Robaeys has released part 4 of the Logic Apps getting started guide, this one covers connecting to Graph with a managed identity
https://www.systanddeploy.com/2024/03/getting-started-with-logic-apps-part-4.html
Next, Nicklas Olsen looks at how to map network drives using imported ADMX templates
https://www.learnintune.net/the-future-of-drivemapping/
Anand p has released a full end-to-end guide when deploying iOS devices with User Enrollment and Company Portal
https://www.cloudtekspace.com/post/configuringuserenrollmentwithcompanyportalforios
Learn how to implement CISA zero-touch using Microsoft tools here with Will Francillette
Daniel Bradley has a comprehensive run-through covering using CloudPKI and RADIUSaaS for full cloud based RADIUS management
https://ourcloudnetwork.com/setup-wireless-radius-auth-for-entra-joined-devices-and-cloud-pki/
If your users are having issues with the new Teams client, this remediation from Florian Salzmann can be triggered on demand to clear the cache
https://scloud.work/teams-cache-cleanup-on-demand/
Next, Simon Skotheimsvik looks at the new MFA settings in Entra and what to watch for if you’ve been using SMS for 2FA
https://skotheimsvik.no/entra-ids-mfa-evolution-your-sms-backdoor-is-now-obsolete
Video Content
Now onto the video content. The first one this week isn’t exactly Intune, but it’s SUDO for Windows so it had to be included. Thanks as usual for the excellent video from John Savill
Next, Chander Mani Pandey demonstrates the new Cloud PKI functionality
Dean Ellerby runs through configuring an under-used function of MDE here, web filtering.
Learn how to use Cloud PKI to encrypt your emails in this video from Andy Jones
We also have three videos from Steven Weiner, the first is the latest podcast episode looking at custom detection scripts with Justin Rice
Steve then expands this further by incoporating custom compliance and cloud PKI
Steve also looks at how to manage Windows Copilot using Intune
We have the latest Tackling Tech video from Harjit Dhaliwal, this episodes discusses moving to cloud native with Denis O’Shea
Snehasis Pani looks at how to migrate from JAMF to Intune here
Microsoft Content
Now onto the Microsoft content starting with news of Tech Community live from Rachelle Blanchard. Get your RSVP!!
Windows 365 Lockbox is now GA, find out more here from Derek Su
You can now deploy managed home screen as the default launcher on Samsung devices without any user interaction. Learn more in this article from Eugenie Burrage
That’s it for this week, have a great weekend and to anyone travelling to the summit, safe travels!
Thanks for your selection. 😉