I’m back from my holidays and it’s back to business as usual!
Community Content
We start this week with a continuation on the theme of certificate authentication and PKI from Maxime Guillemin. This one looks at using certification based authentication for your macOS devices
https://cloudflow.be/macos-and-certificate-bases-authentication/
If you’ve ever tried to troubleshoot an Android or iOS device (it’s always an exec) and talk them through re-installing apps, you will particularly enjoy this new Intune feature. You can now remove and re-install apps and configurations remotely. Learn more here with Peter van der Woude
You may have noticed the firewall rule migration tool was removed when the old MS-Graph and AzureAD modules were deprecated. Fortunately Nick Benton has fixed the script here
https://memv.ennbee.uk/posts/firewall-rule-policy-conversion
Next, Rahul Jindal runs through configuring MDE PUA for macOS devices
https://rahuljindalmyit.blogspot.com/2024/07/enabling-pua-as-part-of-defender-for.html
We now have two posts from Daniel Bradley. The first is essential for those of you hit by Crowdstrike last week (I hope you’re all doing ok) and shows how to bulk rotate your Bitlocker keys with Graph. If you’ve had to give the keys to anyone during remediations, make sure you rotate them now (and LAPS passwords)
https://ourcloudnetwork.com/how-to-rotate-bitlocker-keys-with-microsoft-graph-powershell/
Daniel’s second post is an important announcement. Soon you will not be able to create custom OMA-URI policies for any settings available in Settings Catalog. It’s time to review your environments for any legacy policies!
https://ourcloudnetwork.com/microsoft-to-start-blocking-custom-oma-uri-settings-in-intune/
Following on from that, Daniel has a script to see if the settings exist in Settings Catalog
https://ourcloudnetwork.com/how-to-find-settings-in-the-setting-catalog-by-custom-oma-uri/
We have a couple of posts with fixes for Crowdstrike for any of you still mopping up. The first comes from Brooks Peppin and shows how to create a bootable WinPE ISO to boot and remove the faulty sys files
https://brookspeppin.com/2024/07/20/how-to-create-a-no-prompt-bootable-winpe-iso-crowdstrike-fix/
The second comes from Jon Towles and shows how to use Remediations within Intune to deploy a fix
https://mobile-jon.com/2024/07/19/using-intune-remediations-to-address-massive-crowdstrike-outage/
If you’re in the unfortunate position where machines come with McAfee pre-installed, check out this guide from Gannon Novak
https://smbtothecloud.com/the-moving-target-of-removing-mcafee-products-with-intune/
Next, Ugur Koc looks at how you can use extension attributes in Entra to include Intune device information, including all the scripts you will need
https://ugurkoc.de/from-intune-to-entraid-add-custom-data-to-the-extension-attributes/
If you want to exclude users from FSLogix with Intune managed AVD hosts, check out this post from Niels Kok
https://www.nielskok.tech/azure-virtual-desktop/excluding-users-from-fslogix-for-intune-managed-avd/
We have a look at MDM hardening and recovery CSP here with Rudy Ooms
https://call4cloud.nl/2024/07/the-killing-of-a-not-hardened-mdm-enrollment/
We finally have a fix for the enterprise subscription block, no more Windows pro for those on E3/E5. We can thank Rudy for that one and you can read all about it here
https://call4cloud.nl/2024/07/kb5040527-fixes-subscription-activation-issues/
Find out the new features and functions in Intune here with James Robinson
https://skiptotheendpoint.co.uk/intune-settings-rundown-2024-07-22
We have a new W365 security baseline now available. Learn more about it in this post from Jan Mulder
https://wolkenman.wordpress.com/2024/07/24/new-windows-365-security-baseline-version-24h1/
If you are considering using thin clients to access W365 or AVD, this post from Dominiek Verham is well worth checking out
Video Content
Now onto the video content starting with a method to automatically rotate your Bitlocker keys (and a further update) from Steve Weiner
We also have a new podcast from Steve, this one features Max Allen and looks at the magic of grouptags amongst other things
For macOS users, Dean Ellerby looks at how Root3 can handle your application management and updates
Microsoft Content
We have some exciting news from Microsoft this week as well (don’t we every week!)
The first is a new permissions prompt for your macOS users to make the notification experience more reliable. This one comes from the Intune Support Team
There is also a recovery tool available for the Crowdstrike issue, also from the Intune Support Team
A very exciting roadmap item, device inventory is coming soon to Intune!
https://www.microsoft.com/en-us/microsoft-365/roadmap?filters=&searchterms=408170
Next, Rishita Sarin runs through JIT registration and compliance for iOS
Find out what’s new in the 2407 release with Scott Sawyer
That’s it for this week, have an amazing weekend!