We are edging ever closer to Christmas, although first we will have a Halloween special next week (and I still have 3 more conferences to go before Christmas). A special welcome to the many new subscribers this week, I hope you find this useful!
Community Content
We start this week with two posts from Kenneth van Surksum, starting with how to stop your unmanaged devices from using Edge Password Sync to keep data controlled (it’s more complex than you would think!)
Balancing Control and Convenience: Preventing Edge Password Sync on Unmanaged Devices
Kenneth’s has also updated the excellent Conditional Access baseline which is well worth checking out for anyone getting started
Conditional Access Baseline October 2025 (v2025-10) Available on GitHub
Sebastian F. Markdanner continues looking at security across the tenant, this third part covers how to use authentication contexts to protect your data
Following the look at ever increasing cumulative updates, Michael Niehaus has also looked at the size of feature updates here
Next, Tim Beer has released a set of baselines when getting started with Defender for Endpoint
Microsoft Defender for Endpoint: Starting with a secure Recommended Settings Baseline
This is one I’ve had before, how to hide certain items from the Windows Settings (especially in education). Peter van der Woude shows how to configure it here
If you’re managing an HP Fleet, you can now manage BIOS settings via Intune via HP Connect. Learn more in this post from Nicky De Westelinck
Nicky also has the third part of the complete Android guide, this one covering managing Kiosk devices
Hailey Phillips has released another excellent new tool/script. This one uses CI/CD pipelines to automate promotion of policies between tenants, think of update rings, but for policies!
https://github.com/AllwaysHyPe/IntuneStack
Device Isolation is now GA in Defender for Endpoint and one excellent use is wiping an infected device. Learn how here with Thomas Verheyden
Remotely Intune wipe devices in Defender for Endpoint isolation mode!
You can now get FIDO2 security cards for extra security! Learn more here from Ewelina Paczkowska
https://www.welkasworld.com/post/physical-security-cards-phish-resistant-authentication-with-a-twist
There is a pop-up message coming to a Chromium based browser near you which you probably want to avoid. Jan Mulder shows how to configure a policy to avoid it here
Configure Browser Policy to Preserve OneDrive and SharePoint Web Performance and Offline Capability
RBAC in Intune isn’t exactly straight forward, most just give everyone Intune Administrator and call it a day. Fortunately Jeroen Burgerhout has a best practice guide here along with an export of all of the options
https://www.burgerhout.org/intune-rbac-best-practices-and-a-handy-excel-matrix/
While we wait for an Intune version of GPP, this post and script(s) from Joey Verlinden can run scripts on login to complete those tasks
Some tenants default to O365 for MDM which stops Intune enrollment, fix it in this guide from Gannon Novak
https://smbtothecloud.com/fixing-existing-office-365-mobile-mdm-enrollments/
Video Content
Onto the video content, starting with an essential, but sadly overlooked feature in Intune, LAPS. Learn how to configure it in this tutorial from Nick Ross
If you’re stick of Windows 11 bloat, Steve Weiner shows how to use the new Intune policy to automatically remove it (Enterprise only, sorry business premium users)
Steve also looks at how to enable the new Windows Backup functionality
Dean Ellerby has a correct guide on getting started with Autopilot, a very useful starting point
Microsoft Content
Now for the all-important Microsoft news, starting with a look at how AI and Windows 11 could shape the future of your workday from Stefan Kinnestrand
Settings Catalog has had an update for 25H2 with many new settings added, take a look at them in this post from Mayur Jahdav
For those of you still upgrading to Windows 11, here are 10 tips from Microsoft staff and MVPs to help you along the way, put together by Lindsey Miller
That’s all for this week, have an amazing weekend!