Welcome again to your exciting dose of Intune news and what a way to end February! If you are attending Experts Live in Copenhagen next week, please stop-by and say hello. For those who can’t make it, I’ll be at others this year…

Now, for the important stuff:

Community Content

We start this week with a deep dive into Graph PowerShell authentication from Ben Whitmore, including a full script for if you want to build your own authentication flow isntead of using the SDK

Understanding OAuth: Coding the authentication flow yourself vs using an SDK

Steve Weiner looks at the new Multi-Device query in this next post

https://www.getrubix.com/blog/getting-started-with-multi-device-query

Are all of the IDs and UPNs of MAM confusing you? Are there just too many acronyms in IT? If you want to get to grips with all of the IDs in MAM, check out this post from Steffen Schwerdtfeger

https://www.manage-everything.cloud/post/demystifying-ios-ipados-app-protection-understanding-intunemamupn-intunemamoid-and-intunemamdevic

Timezones are always troublesome and I’ve lost count how many machines start off thinking they are in Seattle. If you want to automatically set it during Autopilot, try this script from Peter Klapwijk

Automatically configure the time zone (during Autopilot enrollment)

Peter also continues the onboarding-offboarding automation, this time emailing you when W365 provisioning completes

Build your own user onboarding automation: Send a notification when Windows 365 provisioning is finished

If you are running hybrid devices, but want to make the most of passwordless authentication, try this guide from Michael Frank

https://michaelsendpoint.com/entra/hybrid_passwordless.html

Remediations are great, especially with the on-demand functionality. But sometimes they go wrong and it’s nice to know where and why. To get a better understanding of how to view the logs to troubleshoot, check out this post from Jon Towles

Troubleshooting and Logging Intune Remediations

Next, Tim Beer looks at the MDE Baseline and the Windows Baseline and what happens if two settings conflict

Defender For Endpoint Baseline vs Windows Baseline conflict and considerations

Did you know you can expedite quality updates as well as security ones? If not, make sure you read this post from Peter van der Woude

Expediting Windows quality updates

If you are using DEM accounts with Autopilot, please stop! Learn why in this post from Rudy Ooms

Why Using a DEM Account for Windows Autopilot is a Bad Idea

Learn how to add devices to Entra groups during an SCCM task sequence in this post from Damien Van Robaeys

https://www.systanddeploy.com/2025/02/automatically-add-device-to-entra-id.html

Dustin Gullett continues looking at security baselines, this time how to assess them against CIS using Defender

https://www.linkedin.com/pulse/security-baselines-cis-compliance-rollout-monitor-tweak-gullett-xpufc

If you are getting started with macOS, this post from Jeroen Burgerhout covers configuring your security policies and compliance

https://www.burgerhout.org/managing-macos-security-and-compliance-in-intune/

CIS benchmarks are great for guidance, but they always need checking before deploying. Find out what could happen if not in this post from Oktay Sari

https://allthingscloud.blog/how-i-accidentally-fort-knoxd-myself/

Learn how to setup Security Copilot for Intune and some all-important cost saving tips here with Joery Van den Bosch

Security Copilot with Entra and Intune: The Ultimate Trio for Cybersecurity (and Maybe World Domination) – Part 1

If you are planning on deploying device bound passkeys, first have a read of some gotchas in this post from Jan Bakker

Things you should know before rolling out device-bound passkeys in Microsoft Authenticator App

Next, Joymalya Basu Roy troubleshoots M365 apps using the wrong update channel

https://joymalya.com/m365-enterprise-apps-the-case-of-wrong-update-channel-on-intune-managed-windows-devices/

Learn about the switch from using OMA to Declared Configuration for policy management in this post from Joost Gelijsteen

From OMA-DM to Declared Configuration: The Next Step in Windows Policy Enforcement

Video Content

Learn what’s new in the 2412 and 2501 Intune release with Mattias Melkersen Kalvåg and Peter van der Woude

Next, Sujin Nelladath runs through Intune Device Inventory

Steve Weiner runs through the always fun subject of configuring the start menu in Windows 11 using Intune

The latest Windows 365 AMA is here covering cloud security with Christian Montoya, Pratik Shah, Lavanya Kasarabada and Ryan Clark

Microsoft Content

Now onto the Microsoft content, starting with a guide on how to use Remote Help with users personal devices from Atil Gurcan

https://techcommunity.microsoft.com/t5/core-infrastructure-and-security/supporting-users-with-remote-help-on-personal-devices-unenrolled/ba-p/4384301

On the subject of personal devices, you can use filters to target different MAM policies for a minimum OS version. Find out more here from Wayne Bennett

https://techcommunity.microsoft.com/discussions/IntuneCustomerSuccess/using-filters-and-app-conditional-launch-to-control-the-os-version-with-microsof/4385180

The February Windows news is here from Thomas Trombley

https://techcommunity.microsoft.com/blog/windows-itpro-blog/windows-news-you-can-use-february-2025/4386453

If you are using the Intune Connector for AD, this post from Intune Support Team is a must-read

https://techcommunity.microsoft.com/blog/IntuneCustomerSuccess/microsoft-intune-connector-for-active-directory-security-update/4386898

See how Microsoft are using Device Query in-house here from Bankim Patel

https://techcommunity.microsoft.com/blog/devicemanagementmicrosoft/device-inventory-in-the-microsoft-environment/4386545

The latest skilling snack is here covering update driver management from Ryan Williams

https://techcommunity.microsoft.com/blog/windows-itpro-blog/skilling-snack-windows-driver-update-management/4386935

That’s it for this week, have a fantastic weekend!