Welcome back to all of you who have been at MMS, I look forward to hearing the stories! I’ve even seen some posts this week written whilst there, that’s dedication!
We have had some big Microsoft announcements in macOS management this week too, check them out below
Community Content
Quick off the mark this week is Somesh Pathak with a number of posts looking at the new macOS functionality, starting with a deep dive into Platform SSO and troubleshooting steps:
Next, Somesh looks at how secure enclave works with platform SSO to secure your devices
The third post from Somesh includes a script to create a comprehensive application inventory of your macOS devices
https://www.intuneirl.com/why-application-inventory-is-the-unsung-hero-of-macos-security
With passkeys now in private preview, learn all about them and how to implement them here with Jonas Bøgvad
https://blog.skymadesimple.io/what-is-passkeys
Next, Torbjorn (Mr T-Bone) Granheden looks at how you can use Entra Global Secure access to provide zero trust access to on-prem resources for your remote workers
https://www.tbone.se/2024/05/08/zerotrust-network-access-with-microsoft-entra-global-secure-access
Now for three deep dives from Rudy Ooms, the first looking at exactly what’s happening during the “Registering your device for mobile management” phase in ESP
https://call4cloud.nl/2024/03/under-the-hood-preparing-your-device-for-mobile-device-management
If your enterprise activation has broken due to a new KB, check out the fixes in Rudy’s second post
https://call4cloud.nl/2024/05/kb5036980-breaks-upgrade-windows11-enterprise
Another troubleshooting special, for anyone struggling to install the EPM agent on hybrid devices, this post has you covered
This post from Niklas Tinner is an excellent overview of Intune macOS capabilities and what is coming soon
https://oceanleaf.ch/intune-macos
Jon Towles has another excellent blog series, this one covering best practices for Windows 11. The first installment covers onboarding devices
https://mobile-jon.com/2024/05/06/windows-11-best-practices-part-one-onboarding
Next, Nick Benton has the third part of the series covering Windows 11 phased deployment based on risk, this one covering the feature update policies
https://memv.ennbee.uk/posts/windows-11-risk-based-deployment-part3
We have a second post from Nick this week, this one looks at configuring Chrome with platform SSO on macOS
https://memv.ennbee.uk/posts/macos-platformsso-google-chrome
Graph is an incredibly powerful tool and one I think all Intune and Entra admins should know (I’ve even heard there is a book on it!). Once you get into larger tenants, you may start hitting throttling though. This post from Sander Rozemuller looks at your options
https://www.rozemuller.com/graph-api-in-automation-at-scale
For a smooth transition from 32-bit to 64-bit office, try this approach from Daniel Gebler using PSADT and ODT
https://danzi.blog/office-upgade-to-64-bit-in-an-organization
Damien Van Robaeys has created a new dashboard, this one to display if your Lenovo devices are running a current BIOS version
https://www.systanddeploy.com/2024/05/lenovo-bios-versions-dashboard-uptodate.html
This post from Peter Klapwijk includes a useful logic app to alert users when their device is out of date
https://www.inthecloud247.com/automatically-inform-your-users-on-outdated-windows-devices
Direct from MMS, Simon Skotheimsvik runs through how to retrieve scripts uploaded to Intune
https://skotheimsvik.no/intune-script-recovery-shortcut-skip-graph-permissions
Next, Ola Ström looks at some tips and tricks when using the Intune console
https://www.olastrom.com/2024/5-things-you-didnt-know-you-could-do-in-microsoft-intune
Learn how to use web based enrollment for iOS here with Jonathan Lefebvre
https://www.systemcenterdudes.com/how-to-use-intune-web-based-enrollment-for-ios-in-intune
Niall Brady continues the excellent series on user-provisioned device cleaning for purchasing themselves. This one includes scripts and azure functions for logging and a look at the full process
https://www.niallbrady.com/2024/05/08/pc-buyback-for-windows-autopilot-devices-part-3
Whilst your cloud PCs are often easier to manage, they still need some TLC now and again. Learn all about using cloud PC maintenance windows here with Dominiek Verham
https://techlab.blog/cloud-pc-maintenance-windows-explained
If you’re hitting an error with a large site-to-zone policy, you can find your answer here from Mads Johansen
https://evil365.com/intune/TheMysterious-Intune-PolicyError
Video Content
Now onto the video content, starting with many videos from Steven Weiner starting with a look at how to use Azure automation with PowerShell to run scripts from your device without needing to share app reg secrets.
Steve’s second video shows how to use toast notifications on first boot after Autopilot to send users to company portal
If you need to detect whether your device is still in OOBE, follow this video
Steve’s final video this week demonstrates configuring and using Windows 365 boot
Plus part two
This excellent video from Rachelle Blanchard, Mabel Gomes, Santoshi Kandula looks at all things Graph for Windows and Intune including the product lifecycle
The one you’ve all been waiting for, platform SSO for macOS is here…
The Log Analytics agent is being deprecated soon. If you’re using it in your AVD configuration, follow this video from Dean Cefola to update your environment
You can now upload directly to Intune from Master Packager as demonstrated in this video
Microsoft Content
A lot of excitement around this one, learn all about platform SSO for macOS direct from the main source for all Intune and macOS news, Lior Bela
Lior also has news on device attestation for mobile devices (some selected ones initially)
That’s it for this week, have a great weekend!