Intune Newsletter – 21st June 2024

A slight calming on the APv2 posts this week, but Config Refresh has now gone GA which is one to setup in your tenants! A special week for me this week as well with the launch of my EUCToolbox apps after many many hours spent writing them all

Community Content

With the announcement of Recall for Windows, Peter van der Woude looks at your options for managing Windows AI features using Intune here

https://www.petervanderwoude.nl/post/managing-windows-ai-features


If you’re running Windows Pro and business premium licenses, you’ll notice the background and lockscreen policies won’t work. If you also need to constantly keep changing the wallpaper, check out this solution from Ahmad Aoun

https://tunemdm.com/2024/06/17/configure-dynamic-wallpaper-and-lock-screen-images-using-intune-win32-app


Intune Config Refresh is finally live and is a great way to keep your devices in line. Find out more in this post from Joost Gelijsteen

https://joostgelijsteen.com/intune-config-refresh


Florian Salzmann also looks at the new config refresh functionality here

https://scloud.work/config-refresh-microsoft-intune


If you want to allow WHfB, but not force it during OOBE, check out this guide from Nicklas Ahlberg

https://www.rockenroll.tech/2024/06/17/windows-11-whfb-disablepostlogonprovisioning


Jon Towles continues the Windows 11 best practice series, this one covers settings and policies to improve the user experience

https://mobile-jon.com/2024/06/17/windows-11-best-practices-part-four-user-experience


If you are using the CIS build kit to secure your environment, this new series from Nick Benton and Jonathan Fallis is worth a look. The first part looks at Bitlocker settings

https://memv.ennbee.uk/posts/windows-cis-patching-gaps-part1


Intune now supports HTML in non-compliance notifications so we can finally make them look more appealing as covered here by Jan Mulder

https://wolkenman.wordpress.com/2024/06/15/compliance-notifications-html-formatting


Back in the olden days, you could add Autopilot devices in the Store for Business. That functionality has now been removed as covered here by Michael Niehaus

https://oofhours.com/2024/06/14/rip-autopilot-support-in-store-for-business

Michael has also discovered that MSI apps now use DO, find out more here

https://oofhours.com/2024/06/19/msi-apps-are-now-downloaded-using-delivery-optimization


Next, Matias Magnus Andersen shares a Defender for Endpoint hunting query to track which versions of macOS you have across your estate

https://epmstuff.wordpress.com/2024/06/14/macos-update-reporting-made-precise-and-simple-with-defender-for-endpoint


This post from Joymalya Basu Roy looks at Autopilot V2 and how it compares to V1

https://joymalya.com/autopilot-device-preparation-embrace-the-future


Maxime Guillemin has released the second part looking at Cloud PKI, this one covers linking it into Conditional access

https://cloudflow.be/certificate-based-authentication-with-microsoft-cloud-pki-part-2


For a full run-through of APv2 setup, follow this guide from Joery Van den Bosch

https://intunestuff.com/2024/06/19/autopilot-device-preparation-apv2


Andy Jones also looks at the new Autopilot with some thoughts and findings along the way

https://move2modern.uk/index.php/2024/06/18/autopilot-device-preparation-evolution-or-optional-add-on


Intune will soon only support macOS 13 and iOS 16 and higher devices. Find out if you will have any out-of-support devices here from Daniel Bradley

https://ourcloudnetwork.com/microsoft-intune-to-require-ios-16-and-macos-13


When using Copilot for Edge, it has the option to access the current website which could mean data being sent to a different country (could be an issue for those in the EU). J├Ârgen Nilsson looks at your options here

https://ccmexec.com/2024/06/copilot-in-edge-sidebar-and-access-to-current-webpage


If you want to (carefully) upgrade unsupported devices to Windows 11 using Intune, follow this guide from Mads Johansen

https://evil365.com/windows%2011/ForceWindows11-Upgrade-UnsupportedHardware


Rudy Ooms looks at the importance of the Just-in-Time group for APv2 in this journey into the logs

https://call4cloud.nl/2024/06/autopilot-device-preparation-and-the-enrollment-time-grouping


Keep track of any licenses assigned to disabled users with a Teams notification using this script from Damien Van Robaeys

https://www.systanddeploy.com/2024/06/be-notified-by-mailteams-of-intune.html


Conditional access is the unsung hero in securing your tenant, but get it wrong and you’ll know about it! Fortunately Niklas Tinner has an excellent getting started guide here

https://oceanleaf.ch/conditional-access-starter-guide


One to bookmark next from James Robinson where you can find out new policy settings and UI changes in Intune in one place

https://skiptotheendpoint.co.uk/intune-settings-rundown-2024-06-20


Video Content

Now onto the video content starting with two app themed videos from Steve Weiner, the first looking at how to deploy M365 apps (Office) in Intune

https://www.youtube.com/watch?v=8ukttJ204mw

Steve’s second video then covers deploying the new Teams app

https://www.youtube.com/watch?v=XV9X0io0RIE

After looking at Robopack previously, Steve now looks at Patch My PC

https://www.youtube.com/watch?v=LT2_mdUdg_8


Dean Ellerby has released an updated Autopilot guide covering the existing v1 process

https://www.youtube.com/watch?v=uZ2CG5w92Ao


We have the latest Unpacking endpoint management video (and the last of the season), this one covering managing macOS devices with Steve Thomas, Rachelle Blanchard, Danny Guillory Jr, Arnab Biswas and Benjamin Flamm

https://www.youtube.com/watch?v=NUAHfctSJwY


Microsoft Content

Now for the Microsoft content with the news that MAM for AVD and Win365 is in preview from Kingston Hui

https://techcommunity.microsoft.com/t5/windows-it-pro-blog/mam-preview-for-windows-365-and-azure-virtual-desktop/ba-p/4171051


We now have even more granular RBAC control over security policies in Intune as covered here by Laura Arrizza

https://techcommunity.microsoft.com/t5/intune-customer-success/granular-rbac-permissions-for-endpoint-security-workloads/ba-p/4172905


That’s it for this week, have a great weekend!

Leave a Comment