Intune Newsletter – 4th July 2025

For many of you, summer is here (it’s certainly been hot enough!).  I have a much needed break coming up, but I’ll try and keep this coming, even if it is a bit less wordy than usual 🙂


Community Content

We start this week with a look at how you can force your estate to just use Edge for browsing with a relatively unknown policy (which actually just deploys a custom applocker policy).   Learn more here from Peter van der Woude

Blocking other browsers with policies for Microsoft Edge (be careful)


Next, Jonas Bøgvad looks at some warnings available across M365 to help reduce any potential mistakes when managing your estate

https://blog.skymadesimple.io/from-warnings-that-dont-help-to-ones-that-do/


The new Arm64 support in applications is proving a very popular addition as covered here by Michael Meier

Intune Win32 App Requirement rules now support ARM64 architecture


Also by Florian Salzmann

Deploy Win32 Apps to ARM Devices with Intune – No More Workarounds


Mads Johansen looks at some of the new features being introduced in Windows 11 25H2

https://evil365.com/windows11/5Exciting-Windows11-Feature/


Multi-admin approval is under-used in Intune (possibly because it’s only applicable to a limited section).  Learn how to configure and use it in this post from Jan Mulder

Multi Admin Approval for Intune Roles (RBAC)


Behaviour monitoring for macOS is a very useful feature now available in MDE.  Rahul Jindal runs through how to set it up and use it here

https://rahuljindalmyit.blogspot.com/2025/06/behaviour-monitoring-in-defender-for.html


There is a new ADMX for 25H2 to automatically remove the Windows store app (bloat), shared here by Michael Niehaus

A policy to remove Windows apps…


Next, Sandy Zeng has released a second part of the excellent series covering adding Windows 11 languages and region settings with scripts.  I can see this being really useful for many companies!

Managing Windows 11 languages and region settings (Part 2) – Keyboard layout


This post from Peter Klapwijk covers how to create and using deployment rings for your deployments of pretty much anything in Intune

Create deployment ring groups for Microsoft Intune


Peter’s post also inspired Eswar Koneti to demonstrate another way using Regex

Automating Intune Deployment Rings Using Entra ID Dynamic Groups and Regex

Eswar also has a script to detect any apps with Arm64 enabled and disable it across them all

https://www.systemcenterdudes.com/intune-arm64-support-for-win32-apps-a-powershell-approach/ 


Torbjorn (Mr T-Bone) Granheden has updated the already excellent script to set the primary user, it can now create groups based on domain suffix as well

Set Intune Primary User and Group


Next, Tobias Eriksson looks at Android Staging Profiles and how to use them with enrollment

A quick look on Staging Profiles for Android in Intune

Tobias also has a useful script to setting up TAP for multiple users at once

How to configure TAP (Temporary Access Pass) in Entra ID for multiple users using Powershell


Gannon Novak has created a useful script for bulk changing Autopilot groups tags via Graph

https://smbtothecloud.com/bulk-change-autopilot-group-tags-by-pc-model/


Video Content

Now onto the video content, starting with a video from Jeroen Burgerhout showing why everyone should be using Autopatch


Chander Mani Pandey runs through using a new script to quickly create Win32 apps using PowerShell and Graph


Steve Weiner looks at how to use Autopilot Device Prep with Windows 365 frontline here


Microsoft Content

We have a lot of Microsoft news this week as well, starting by looking at how to prepare for 25H2 from Jason Leznek

https://techcommunity.microsoft.com/t5/windows-it-pro-blog/get-ready-for-windows-11-version-25h2/ba-p/4426437


Eric Moe has the Windows News You can Use for June here

https://techcommunity.microsoft.com/t5/windows-it-pro-blog/windows-news-you-can-use-june-2025/ba-p/4428003


There is an issue with the latest security baseline, if you upgrade, it won’t keep any changes you have made and you need to manually re-create them.  Something to keep in mind if you are using them (or ideally, just don’t).

https://techcommunity.microsoft.com/blog/IntuneCustomerSuccess/known-issue-customizations-not-saved-with-security-baseline-policy-update/4428588


Next, Peter Egerton covers how to manage warehouse devices with Intune

https://techcommunity.microsoft.com/blog/IntuneCustomerSuccess/from-the-frontlines-managing-warehouse-devices-with-microsoft-intune/4428928


Learn how to deploy filevault for macOS in this article from Marc Nahum

https://techcommunity.microsoft.com/blog/IntuneCustomerSuccess/deploying-macos-filevault-with-microsoft-intune/4429575


That’s it for this week, have a great weekend!

Leave a Comment