Another week, another newsletter, this one comes after a trip to Experts Live in Dubai, was great to see some of you there (and amazing just how global you all are, thank you!)
Lots of content this week and I can feel the excitement building for Ignite, sadly I can’t make this one in person, but will be keeping a close eye on the sessions and news to grab as much as I can for the following newsletter.
Community Content
Did you know that you can add device filters on your platform restrictions as well? See how you can use them to only block Windows Home devices from enrolling in this post from Nick Benton
https://www.oddsandendpoints.co.uk/posts/windows-block-home-editions/
If you are using App Control for Business and finding some apps being blocked, they could be using WIX which is used in many Windows Installer packages. Find the fix here from Jörgen Nilsson
Application Control for Business and the story of the unsigned WIX dll’s
For those of you running on business premium licenses and reaching your 300 user limit, this post from Lewis Barry is well worth a read to see the actual cost of “upgrading” to M365 E3
Graph rate limiting, or “throttling” is something many of you will never encounter, but when you do, it can really ruin your day. Learn what it is, what the rate limits are (if published) and how to tweak your scripts accordingly in this thorough post from Ben Whitmore
A beginners guide to Microsoft Graph API rate limiting in Intune
Next, Mr T-Bone looks at the new functionality in 25H2 to remove Microsoft Store apps via policy
Whilst things have improved a lot, shared PCs are still a lot more complex to configure than standard single-user devices. Fortunately Jeroen Burgerhout has a full guide here to set you on your way
https://www.burgerhout.org/mastering-windows-shared-pcs-with-microsoft-intune/
On the subject of shared PCs, Peter van der Woude looks at the policies you can configure to keep the user profiles and disk space under control
If you want to go passwordless, but are running hybrid identities, Jan Mulder has a solution for you here
For those licensed, there is no reason to avoid using PIM, it is such a powerful way to protect your admin accounts. This post from Ewelina Paczkowska runs through the end-to-end configuration including PIM groups to help manage admin accounts which require multiple roles
https://www.welkasworld.com/post/how-to-use-pim-with-rbac-roles-purview-exchange-and-more
Niklas Tinner checks out the new Cloud Apps in Windows 365, how to configure and how to use them here
https://www.oceanleaf.ch/windows-365-cloud-apps/
Craig Camacho looks at how to use Group Policy Analytics to review your on-prem GPOs (please don’t just throw them all in though)
Nicky De Westelinck has part 5 of the Android guide, this one looks at work profile Android Enterprise
Next, Kevin Malinoski looks at feature updates, how best to configure them and some useful tips from the field
Mastering Windows Feature Updates – A Health Check for Your Intune Policies
Now you can use a Win32 app instead of a platform script for Autopatch, Nicklas Olsen runs through how to migrate here
https://www.learnintune.net/windows-autopatch-migrate-to-win32-app/
For those using EAP-TLS for certificates in Intune, learn how it all works in this post from Joymalya Basu Roy
[BTS] – How Certificate-based Wi-Fi Profile from Intune Works?
Your devices are critical for zero trust implementation and this in-depth post from Andy Kemp runs through how to use Intune to achieve it
Video Content
Now for the video content, starting with a continuation on the last video on Conditional access from Jonathan Edwards, this one covering some scenarios you may well come across and how to configure your policies accordingly to ensure a productive, but secure environment.
Microsoft Content
Onto this weeks Microsoft content starting with the news that Autopatch is coming to GCC! If you want to finally start using it, check out this post from Chris Tulip
Learn all about how platform SSO for macOS works in this post from Farooque Mohammad
Windows 11 now has native passkey support, including 3rd party integrations! Find out all about it here from Katharine Holdsworth
A very important one, some secure boot certificates will expire in June 2026 and must be renewed by then. This post from Ashis Chatterjee covers everything you need to know
That’s all for this week, have a great weekend!