For many of you, summer is here (it’s certainly been hot enough!). I have a much needed break coming up, but I’ll try and keep this coming, even if it is a bit less wordy than usual 🙂
Community Content
We start this week with a look at how you can force your estate to just use Edge for browsing with a relatively unknown policy (which actually just deploys a custom applocker policy). Learn more here from Peter van der Woude
Blocking other browsers with policies for Microsoft Edge (be careful)
Next, Jonas Bøgvad looks at some warnings available across M365 to help reduce any potential mistakes when managing your estate
https://blog.skymadesimple.io/from-warnings-that-dont-help-to-ones-that-do/
The new Arm64 support in applications is proving a very popular addition as covered here by Michael Meier
Intune Win32 App Requirement rules now support ARM64 architecture
Also by Florian Salzmann
Deploy Win32 Apps to ARM Devices with Intune – No More Workarounds
Mads Johansen looks at some of the new features being introduced in Windows 11 25H2
https://evil365.com/windows11/5Exciting-Windows11-Feature/
Multi-admin approval is under-used in Intune (possibly because it’s only applicable to a limited section). Learn how to configure and use it in this post from Jan Mulder
Behaviour monitoring for macOS is a very useful feature now available in MDE. Rahul Jindal runs through how to set it up and use it here
https://rahuljindalmyit.blogspot.com/2025/06/behaviour-monitoring-in-defender-for.html
There is a new ADMX for 25H2 to automatically remove the Windows store app (bloat), shared here by Michael Niehaus
Next, Sandy Zeng has released a second part of the excellent series covering adding Windows 11 languages and region settings with scripts. I can see this being really useful for many companies!
Managing Windows 11 languages and region settings (Part 2) – Keyboard layout
This post from Peter Klapwijk covers how to create and using deployment rings for your deployments of pretty much anything in Intune
Peter’s post also inspired Eswar Koneti to demonstrate another way using Regex
Automating Intune Deployment Rings Using Entra ID Dynamic Groups and Regex
Eswar also has a script to detect any apps with Arm64 enabled and disable it across them all
https://www.systemcenterdudes.com/intune-arm64-support-for-win32-apps-a-powershell-approach/
Torbjorn (Mr T-Bone) Granheden has updated the already excellent script to set the primary user, it can now create groups based on domain suffix as well
Next, Tobias Eriksson looks at Android Staging Profiles and how to use them with enrollment
Tobias also has a useful script to setting up TAP for multiple users at once
How to configure TAP (Temporary Access Pass) in Entra ID for multiple users using Powershell
Gannon Novak has created a useful script for bulk changing Autopilot groups tags via Graph
https://smbtothecloud.com/bulk-change-autopilot-group-tags-by-pc-model/
Video Content
Now onto the video content, starting with a video from Jeroen Burgerhout showing why everyone should be using Autopatch
Chander Mani Pandey runs through using a new script to quickly create Win32 apps using PowerShell and Graph
Steve Weiner looks at how to use Autopilot Device Prep with Windows 365 frontline here
Microsoft Content
We have a lot of Microsoft news this week as well, starting by looking at how to prepare for 25H2 from Jason Leznek
Eric Moe has the Windows News You can Use for June here
There is an issue with the latest security baseline, if you upgrade, it won’t keep any changes you have made and you need to manually re-create them. Something to keep in mind if you are using them (or ideally, just don’t).
Next, Peter Egerton covers how to manage warehouse devices with Intune
Learn how to deploy filevault for macOS in this article from Marc Nahum
That’s it for this week, have a great weekend!