Welcome all to this weeks Intune Newsletter on an early Easter weekend which does mean an extra long weekend for me!
Community Content
We start this week with a look at the new Declarative Device Management functionality for your Apple devices from Thomas Marcussen
With Windows 10 EOL looming, Nick Benton runs through how to create a Win11 readiness report using Graph in this first part of a new series
https://memv.ennbee.uk/posts/windows-11-risk-based-deployment-part1/
https://ccmexec.com/2024/03/intune-custom-compliance-check-that-credential-guard-is-running/
Learn how to use Intune Cloud PKI with your own CA in this post from Peter van der Woude
https://www.petervanderwoude.nl/post/using-a-byoca-with-microsoft-cloud-pki/
We now have two posts from Rahul Jindal looking at Apple SSO, starting with configuring SSO for iOS using Settings Catalog
https://rahuljindalmyit.blogspot.com/2024/03/configuring-microsoft-enterprise-sso.html
Then moving on to configuring it for macOS devices
https://rahuljindalmyit.blogspot.com/2024/03/reduce-app-sign-in-prompts-with-sso-on.html
Michael Niehaus looks at some of the interesting Autopilot discussions from the last week here
https://oofhours.com/2024/03/22/autopilot-topics-of-the-week/
For those of you running SCCM, this script from Timmy Andersson will export and import your PowerShell Run Scripts
https://timmyit.com/2024/03/23/export-and-import-configmgr-run-scripts/
Manish Bangia shows how to use Regex in your dynamic group queries in this post
https://www.manishbangia.com/create-dynamic-group-using-regex-in-microsoft-entra-id/
If you want to audit your end-user devices to ensure they are meeting your baselines, try this script from Simon Hartmann Eriksen which deploys and runs HardeningKitty on your endpoints via Intune
https://www.simsenblog.dk/2024/03/24/hardeningkitty-audit-baseline-with-intune/
Next, Michael Meier looks at all things EPM, configuring it and the end user experience for all of the options including the new Support Approved setting
https://mikemdm.de/2024/03/24/intune-endpoint-privilege-management/
Joost Gelijsteen also looks at EPM, concentrating on the Support Approved option including the end-user experience and what’s happening on the device
https://joostgelijsteen.com/support-approved-in-epm/
A big talking point this week, enrolling devices with a fake JSON file. Maurice Daly and Sandy Zeng look at the risks and suggestions on ensuring a secure environment
https://msendpointmgr.com/2024/03/25/autopilot-tenant-security-risk/
If you want a deep dive into support approved EPM, find a Rudy Ooms special here
If you are using the Intune App Factory and hitting a permissions error, Nickolaj Andersen has the fix here
https://msendpointmgr.com/2024/03/27/intune-app-factory-fix-could-not-fetch-access-token-for-azure/
Looking to get started with Cloud PKI to manage your certs? Follow this guide from Torbjorn (Mr T-Bone) Granheden
https://www.tbone.se/2024/03/27/introduction-to-microsoft-cloud-pki/
Whether you want to block or fully manage the new Outlook client, this post from Florian Salzmann has you covered
https://scloud.work/handling-the-new-outlook-with-intune/
Next, Nicklas Olsen looks at the new Config Refresh functionality, how it works and how to pause it
https://www.learnintune.net/config-refresh-lets-pause-it/
Andy Jones starts a new series on automatic device onboarding with Power Automate in this comprehensive post
https://move2modern.uk/index.php/2024/03/28/part-1-automate-your-onboarding-with-power-automate/
There are new settings in the Entra portal covering Admin rights which are well worth checking in your tenants. You can find out more in this post from Rudy Ooms
https://call4cloud.nl/2024/03/local-administrator-and-autopilot-settings-and-entra-settings-oh-my/
If you want to automate it, check out this post from Daniel Bradley
https://ourcloudnetwork.com/limit-local-administrators-on-microsoft-entra-joined-devices/
Video Content
Now onto the video content starting with two MVP summit conversations from Dean Ellerby. These two feature Daniel McLoughlin and James Robinson
We have the latest Unpacking Endpoint Management video featuring Steve Thomas, Emily Blundo, Danny Guillory Jr, Rachelle Blanchard and Sarahzin Shane. This episode covers data protection, security and a bit of AI
Next, we have three videos from Steve Weiner, the first is the latest part of the cloud native series covering securing your cloud native devices and a zero trust approach
Steve also looks at the Autopilot JSON injection issue and how to protect against it
Steve also starts a new set of videos looking at recipes in the Microsoft Intune cookbook (available at all good bookshops!), starting with your Windows update rings
We now have the next Windows in the Cloud AMA featuring Ben Murphy, Abe Pineda, Anusha Reddy and Doug Coombs. This one covers reporting, monitoring and insights
The latest intune.training video has arrived and covers personal iOS device enrollment with Adam Gross and Steven Hosking
Microsoft Content
Now for the Microsoft news and announcements from this week, starting with the ability to expedite non-security updates in Intune. Find out more here from Surabhi Calla
Onboarding into MDE just became a whole lot easier. Learn more in this article from Laura Arrizza
With Ramya’s exciting move to the Defender team, the what’s new in the latest Intune release this week comes from Scott Sawyer and you can find it here
The latest skilling snack is here and looks at all things Copilot for Windows from Rama Shastri
That’s all for this week, have a great weekend!