The summer holidays are rapidly approaching and hopefully much needed downtime for many of you. Before that I may see you at Workplace Ninjas Oslo, or Workplace Ninjas UK in Edinburgh (tickets still available!)
Until then, here is your exciting selection of weekly Intune content…
Community Content
If you have compliance policies which require Defender to be fully updated, you might have needed to add a grace period which is never ideal. This script from Peter Klapwijk can be deployed during Autopilot to ensure they are updated from login
Update Windows Defender during Windows Autopilot enrollments
If you want to let native WinGet handle your application updates, check out these scripts from Harm Veenstra
Another WinGet script, this one can be used to deploy any Winget application via parameters from Michael Frank
https://michaelsendpoint.com/intune/install_winget_apps.html
When dealing with numerous devices in the same office location, Intune and Autopilot can be bandwidth heavy. Fine when your users are at home, not so good when a Windows update triggers across thousands on the same network. Learn how to use Delivery Optimization and Connected Cache to ease the load here from Dustin Gullett
Boost Your Bandwidth: A Friendly Guide to Delivery Optimization and Connected Cache
If you’re managing Windows kiosk devices, or planning to in the future, this post from Meyyalazhan Venkatachalam is worth checking out
If you’ve wondered how LAPS works and how to get started with it (including the new 24H2 account management features), check out this guide from Albin Klinaku
https://www.indefent.com/intune-and-windows-laps-the-new-guide/
Hotpatching is here! Learn what it does, how to configure it and more in this post from Sucheta Gawade
Now you know how to configure Hotpatching, if you want to use it with arm64 devices, please read this warning (and fix) from Maxime Guillemin before your device start to break
https://cloudflow.be/warning-hotpatching-on-arm64-will-fail-unless-you-do-this-first/blog-post/
Next, Jörgen Nilsson looks at the new settings in the Windows 11 Security Baseline and how to activate them on existing policies
New settings in Intune Security Baseline Windows 11 24H2 -2504
For those licensed with Intune Suite, Nicklas Olsen runs through how to get started with Enterprise App Management here
https://www.learnintune.net/intune-suite-enterprise-app-management/
If your unlicensed users are running amok in your tenant, get notified with this script from Damien Van Robaeys
https://www.systanddeploy.com/2025/05/be-notified-by-mail-of-users-with.html
There’s nothing worse than getting an urgent call from a user in a panic because their machine “has been hacked” only to walk up and close the browser window. Fortunately, Edge now includes a new scareware blocker to deal with this (and maybe scarecrows). Find out more here from Peter van der Woude
Preventing scareware with scareware blocker in Microsoft Edge
Whilst deploying a custom start menu and taskbar is (relatively) easy with Windows, it’s not quite as straight forward on macOS. If this is something your users are requesting, try this guide from Tom Machado
Duplicating CA policies can be a long-winded process. If it’s something you need to do regularly, this browser extension from Daniel Bradley will come in very useful
Export Conditional Access Policy Files With CA Policy Copier
Learn how to deploy and manage Outlook admins with Intune here from Shehab Noaman
Manage Outlook Client Add-ins using Intune: A Complete Guide for IT Admins
If you’re looking to use the new 24H2 LAPS settings, but have a mixed estate, this post from Simon Skotheimsvik will help
Looking for Cyber Essentials? Make sure you’re patching (honestly, even without cyber essentials you should be patching). Learn more in this post from Lewis Barry
The Cyber Essentials Guide for Windows OS and Driver Patching: Intune Edition
Video Content
Now for this weeks video content with the latest in the M365 business guide looking at Attack Disruption in Defender for Endpoint from Steve Weiner
Steve also looks at how to improve the Autopilot ESP with a custom script to postpone apps until OOBE has completed
Steve also has a follow-up video here clarifying some information and a bug:
Microsoft Content
Onto the Microsoft content, starting with a guide for migrating your BitLocker keys from existing SCCM environments into Intune from Herbert Fuchs
Prepare for the upcoming deprecation of vbscript now with these tips from Raina Sharma
If you couldn’t make it to build, here are the key Windows sessions for you to catch up on from Harjit Dhaliwal. Also note the save the date at the bottom, Tech Community Live on 9th June!
That’s all for this week, have a great weekend!