My travels continue, after a lovely time in Göteborg visiting my good friends at Agdiwo, I have spent this week in København for Experts Live Denmark (great to meet so many of you) and on Sunday I’m off again, to Experts Live Germany at Leipzig. If you are attending, stop by and say hello!
After announcing the second edition of my book (and some lovely reviews online), here is a link if you want to order it: https://mybook.to/5Awy
Community Content
There is a new setting withing MDM scopes to finally block Windows Home devices when added via Work or School Account. This is definitely one you should make sure is configured in your tenant. Find out more here from Mr T-Bone
The Intune Administrator role is often given out far too easily and it is a lot more powerful than many think. Learn how to lock it down with RBAC and why this is so important in this post from James Robinson
https://skiptotheendpoint.co.uk/intune-administrator-is-the-new-domain-admin/
Next, Kenneth van Surksum looks at the new Risk Remediation feature within your Conditional Access policies
Sometimes browser sessions are a lot more persistent than you have them configured for, like a particularly pesky sales person. This thorough post from Peter Klapwijk looks at how this happens and also how to block it
Finally! For ages the old Windows Remote Desktop app has complained about migrating to the Windows app, but at the same time, the Windows app didn’t support RDP which made migrating a little bit impossible. Fortunately the functionality is now there as covered by Dieter Kempeneers
If you are hitting a 614 error when using MAM on a device previously MDM managed, you can find the fix here from Eswar Koneti
iOS Intune MAM Apps Showing “Your organization will remove its data for this account (614)”
Simon Hartmann Eriksen has built a very useful tool to quickly build .mobileconfig files for macOS apps
If you want a way to prompt users to update their self-service installed apps, try this remediation from Jóhannes Geir Kristjánsson
Lewis Barry has created this very useful new app to list everything available in Settings Catalog without having to create a new policy just to check if a setting exists. One for your bookmarks…
Deep dive into the inner workings of Intune MAM in this excellent post from Joost Gelijsteen
Mobile Application Management Explained: How Intune MAM Works!
If your machine has failed during Autopilot due to an app install, this post from Daniel Gebler shows how to bypass the issue and let ESP complete (and then fix the issue hopefully)
https://danzi.blog/save-a-failed-autopilot-enrollment/
We have a very useful new troubleshooting tool from Florian Salzmann which grabs some popular scripts and adds them all to one useful UI to make device troubleshooting easier
https://scloud.work/intune-diagnostic-tool/
If you are looking to build your AVD machines in a better way than a golden image, this new series from Alex Durrant is well worth checking out. The first part configures the prerequisites for Azure Image Builder and future parts dig into the actual use of it
https://modernworkspacehub.com/automate-avd-images-azure-image-builder-part-1/
For those of you testing the new first sign-in restore functionality, watch your CA policies don’t cause issues. Simon Skotheimsvik has some troubleshooting steps to follow here
Troubleshooting Windows First Sign‑in Restore When Conditional Access Gets in the Way
This post from Kevin Malinoski runs through configuring Autopilot Device Prep with a few hints and tips along the way
Video Content
Now onto the video content, starting with a Win32 app which uses the new PowerShell script installer to rename devices during ESP from Manish Bangia
Next, Jonathan Edwards looks at the new Risk Remediation functionality in Conditional Access
Jonathan also shows how to use the What If tool in conditional access, which is fantastic but so rarely used
This video from Steve Weiner looks at some excellent tips and tricks for speeding up your Autopilot deployment
Microsoft Content
Now for this weeks Microsoft content, starting with instructions on how to enable https in connected cache from the Intune support team
Windows first sign-in restore is now GA, learn how to use it here from Miranda Leschke
The all important what’s new in Intune for February from Scott Sawyer
That’s all for this week, have a great weekend!