Community Content
We start this week with two macOS themed posts from Nick Benton, the first is a guide on how to deploy a Windows Autopilot machine from a macOS device
https://memv.ennbee.uk/posts/macos-windows-autopilot-utm
Nick’s second post runs through configuring NCSC security settings for macOS devices
https://memv.ennbee.uk/posts/macos-ncsc-settings
Sometimes you need to give users temporary access or exemption from Intune policies via assignment, but that gives you the headache of remembering to then remove it again. Automate these tasks using this script and runbook from Michael Meier
https://mikemdm.de/2024/06/02/time-based-group-membership-for-entra-devices
You may have noticed on Win11 24H2, there is now a “Learn about this picture” icon on the desktop which is very enterprise ready! Find out how to remove it in this post from Michael Niehaus
We now have a useful script from Jesse Weimer if you need to force MFA but also have OneDrive configure for your users
https://www.getrubix.com/blog/onedrive-are-you-there-its-me-mfa
Next, Steve Weiner has the second part covering Entra Public Access. This one looks at the experience for the end user
https://www.getrubix.com/blog/goodbye-vpn-part-2-the-public-access-user-experience
With Autopilot v2 now hitting tenants everywhere, there has been a lot of excitement about it. First to publish (I think) was Joost Gelijsteen, first looking at the whole experience and then covering the use of Device Identifiers
https://joostgelijsteen.com/autopilot-device-preparation
https://joostgelijsteen.com/corporate-identifiers
Rudy Ooms then has a deep dive into this new functionality and what’s happened to the hardware hash
https://call4cloud.nl/2024/06/autopilot-device-preparation-the-hardware-hash-voyage-home
Rudy then also digs into the new flow and what happens when using device preparation
https://call4cloud.nl/2024/06/autopilot-device-preparation-flow
Jan Mulder has a full walkthrough covering setting up the new device preparation policy
https://wolkenman.wordpress.com/2024/06/03/windows-autopilot-device-preparation-walkthrough
As does Joey Verlinden here
https://www.joeyverlinden.com/windows-deployment-with-autopilot-device-preparation
Karan Rustagi also looks at the new functionality here
We have another run through of the new process here from Maxime Guillemin
https://cloudflow.be/first-look-at-windows-autopilot-device-preparation
Michael Niehaus also looks at the new functionality, the opinions of the creator of Autopilot V1 are always worth a read!
https://oofhours.com/2024/06/05/digging-into-windows-autopilot-v2
And some notes after testing it with 24H2
https://oofhours.com/2024/06/06/windows-autopilot-v2-experience-some-surprises-including-updates
If you want to script grabbing the device identifier, Simon Skotheimsvik has a script here
You can take this a step further and avoid the UI altogether using Graph if you follow this post from Damien Van Robaeys
https://www.systanddeploy.com/2024/06/autopilot-device-preparation-import.html
If you want to also use Graph to create the Autopilot policies, check this post from Daniel Bradley
https://ourcloudnetwork.com/how-to-deploy-autopilot-device-preparation-policies-with-powershell
If you didn’t know about the built in alerts for Windows 365 (which have expanded from the original 3), learn about them in this post from Ola Ström
https://www.olastrom.com/2024/alerts-for-windows-365
Jon Towles continues the Win11 best practices series, this time looking at your more advanced security options
https://mobile-jon.com/2024/06/03/windows-11-best-practices-part-three-security-advanced
If you want to add your devices to a group when Autopilot completes, follow this guide and logic app from Damien Van Robaeys
https://www.systanddeploy.com/2024/06/automatically-adding-devices-to-entra.html
Joery Van den Bosch continues the series on macOS management, this one looking at app deployment, DDM and much more!
You can now allow feature updates as optional updates for users to self-service deploy. Find out how in this guide from Peter van der Woude
You can now see devices which are missing entirely from Windows Update for Business reports to troubleshoot them further. You can follow this guide from Peter Klapwijk to alert you automatically
If you have devices to migrate from Android device administrator to Work profile, try this guide from Rahul Jindal
https://rahuljindalmyit.blogspot.com/2024/06/move-android-devices-from-device.html
Learn how you can use Intune to help harden Exchange online in this post from Shehan Perera
https://emsroute.com/2024/06/07/defending-exo-01
Video Content
Now for the video content, the first is a video to match the blog post earlier from Jesse Weimer covering MFA for OneDrive from Steven Weiner
Steve’s second video covers setting up Cloud Trust with WHfB
Steve also looks at the new Autopilot functionality here
Here is part 2 looking at personal vs corporate and how to automate your corporate device identifiers
Steve also covers how to use Graph and Azure Automation to add the device identifiers
Dean Ellerby has a video run through of the new Autopilot Device Preparation functionality here
Dean then looks at how the corporate identifier functionality works to allow corporate devices to enrol without having to unblock personal enrollment
And a quick video to clarify the issue around using identifiers
This video from Andy Jones looks at the newly redesigned managed home screen for Android devices
Now for four AMAs from Microsoft! Starting with everything Autopilot featuring Elé Ocholi, Hung Dang, Joe Lurie and Maggie Dakeva
The next AMA covers Windows updated with Aria Carley, Harman Thind, David Mebane and Mounica Battula
Moving to cloud native? Watch this AMA with Joe Lurie, Lavanya Lakshman, Jason Sandys, Rob York and Danny Guillory Jr
The last AMA looks at best practice and security for Windows 11 with Katharine Holdsworth, Kevin Sheehan, Abhijat Singh, Harish Krishnamurthy and Nazmus Sakib
This video from Vaishnav K looks at app supersedence and the new update functionality for available apps
Microsoft Content
Now for the Microsoft content, starting with an exciting new look for Company Portal from Maggie Dakeva
Here is the official announcement of Autopilot device preparation as well from Maggie Dakeva and Juanita Baptiste
If you are managing AVD or Windows 365, learn the proper way to manage device redirection in this new learn document
https://learn.microsoft.com/en-us/azure/virtual-desktop/client-device-redirection-intune
That’s it for this week, have a great weekend!