It has been a big week for many with MVP renewals happening yesterday. Massive congratulations to those who have been renewed and for any of those who didn’t make it, you’ll always be an MVP with or without the little sticker!
Anyway, enough of my ramblings, you’re here for the good stuff…
Community Content
We start this week with a look at how you can set the language of your AVD session hosts with Azure Image Builder from Alex Durrant
Dustin Gullett looks at the various switches for MDE within Intune, what they do and how risky they could be (or not be) when turned on, especially for those using third party security products
Flipping Intune Switches – The Secret Sauce to Smarter Endpoint Security
Soemthing to be prepared for (or you may have experienced already on the preview channel), M365 apps are now deploying Companion Apps to the taskbar. Find out how to turn them off here from Jan Mulder
I’ve heard rumours that Lewis Barry is a fan of business premium licenses. This post from Lewis looks at how you can leverage the different components in the SKU to prevent ransomware attacks
How to prevent ransomware attacks using M365 Business Premium
It was an eventful team for the poor Intune Success Team and those behind Security Baselines with a post being taken out of proportion. Jon Towles looks at security baselines more here
If you are still giving users admin rights, there are better options available. Learn about some of them here from Jay Ralph
Intune Done Right: Killing Local Admin Rights Without Killing Productivity
By now you probably have update rings in place for Windows, Apps, maybe the odd policy, but what about your Defender updates? Follow this guide from Peter Klapwijk to add those to the managed list
This post from Niklas Tinner looks at some excellent community tools to help manage Intune environments
https://www.oceanleaf.ch/my-top-10-intune-community-tools/
You now have the option to block Bluetooth on managed Android Enterprise devices, find out how here from Peter van der Woude
If you are one of the few people using the built in Security Baselines, this script from Sander Rozemuller will help show what has changed in each new version
https://rozemuller.com/automated-intune-security-baseline-comparisons-with-powershell/
Next, Mark Orr covers how to enrol devices into autopilot during OOBE (although personally I would suggest the community version of the script with the -sysprep parameter)
Often overlooked, but actually suprisingly useful in stopping some phishing attacks, company branding is a quick win. Learn how to deploy it here from Ewelina Paczkowska
If you don’t have Entra ID Governance licensing, but still want to keep on top of guest accounts, try this guide from Jan Bakker
Video Content
Now for the video content starting with a thorough guide on configuring an SCCM lab from Dean Ellerby
We have another script here from Chander Mani Pandey to fix devices missing Windows updates via remediations
A second video/script showing how to bulk amend Intune groups with PowerShell and Graph
We have a new video from Steven Weiner, showing how to enable Personal Data Encryption on your OneDrive known folders to further protect your data
Microsoft Content
Onto the Microsoft content with updated guidance around the Security Baseline issue from the Intune Support Team
Hotpatch is now available for ARM64 devices as covered here by Nikita Deshpande
An excellent resource for all Windows update information here from Chris Morrissey, one for the bookmarks!
For those of your managing macOS, here is a troubleshooting guide for Intune Management Extension from Chris Kunze
Windows 11 24H2 now defaults to JScript9Legacy instead of JScript as covered here by Naveen Shankar
Learn how to use PowerBI and Graph to create a custom Windows 365 dashboard in this guide from Sean Bulger
That’s it for this week, have a great weekend!