Can you believe another week has passed already!  The year is absolutely flying by, it would be nice if the weather caught up though.

Still a lot of excitement around the new device view and App catalogue in Intune, you may spot a theme in this weeks content.

• Community Content
• Video Content
• Microsoft Content

---

Community Content

We start this week with a look at the beta Time based controls in conditional access (via Graph only currently) from Sebastian F. Markdanner, including how to implement, troubleshoot and some good use cases for them

https://www.chanceofsecurity.com/post/time-based-conditional-access

---

We now have two posts from Joery Van den Bosch, the first taking a look at the new public preview device view in Intune

Check out the New Intune Device view!

Joery’s second post dives into the latest App inventory properties catalog

App inventory for Windows devices in Microsoft Intune

---

App inventory is very popular this week, Michael Meier covers how to configure and use it here

Intune introduces a new enhanced App inventory

---

Ben Whitmore takes it one step further, showing how it works and where to look in the logs to troubleshoot

Introducing Intune’s New App Inventory Feature

---

If you are looking at getting started with Windows 365, this end to end guide from Michael Frank is a great starting point

https://michaelsendpoint.com/intune/win365.html#2

---

This post from Craig Camacho digs into Intune platform scripts, some examples and more importantly, finding the logs to go with them

Intune Platform Scripts. What They Do, How to Use Them, and What to Watch Out For

---

Next, Imran Awan has created scripts to prompt the users to configure WHfB if they haven’t already done so, including support for Okta

https://modernizingmobility.blogspot.com/2026/05/automating-windows-hello-for-business.html

---

For your non-Intune devices, onboarding into MDE is now a lot easier thanks to the new onboarding tool.  Learn more here from Jeffrey Appel

Simplified onboarding of Microsoft Defender for Endpoint using the Defender deployment tool

---

Further protect your PAWs in Entra by putting them in Admin Units with restricted permissions as covered here by Jan Mulder

Restricted Management Administrative Unit for PAW Workstations

---

Peter van der Woude runs through how to use the native Intune functionality to remove Microsoft store apps here

Dynamically removing preinstalled Microsoft Store apps using native functionality

---

We have two posts from Thomas Marcussen now, starting with what causes a sign-in prompt when deploying iOS store apps on your managed devices

Fix the iTunes Sign-In Prompt on Intune-Managed iPhones: iOS Store App vs VPP Device Licensing

Thomas has also released a new executable to quickly activate your Entra PIM roles directly from your device

PIM Tray: Activate Microsoft Entra ID PIM Roles From the Windows Tray

---

Can you ever have too many global admins?  The answer is obviously yes, but how many should you have?  Daniel Bradley looks at that question here and how to make sure they are properly protected

How Many Global Admins Should I Have in Microsoft 365?

---

This post and script from Jorge Suarez creates dynamic Entra groups based on the models of your devices

https://www.jorgeasaur.us/creating-dynamic-device-model-groups-in-entra-with-powershell

---

Have you ever wondered exactly what happens when you use Platform SSO with macOS?  You’re in luck, Somesh Pathak has a deep dive here, everything you could possibly ever need to know

PSSO Just Got Smarter: Platform SSO in macOS Setup Assistant — A Deep Dive

---

Track your Windows update failures with this remediation from Chris (if you’re reading this Chris, send me an email so I can tag you properly)

Tracking Windows Update Failures with Intune

---

You can now remotely suspend the managed home screen to make troubleshooting so much easier!  Learn more here with Kevin Malinoski

Managed Home Screen Just Got Way Better: Intune Admins Can Now Suspend It Remotely – No More Exit PIN Needed (Samsung & More)

---

Video Content

Now for this weeks video content starting with 3 must-have CA policies for your tenant from Jonathan Edwards

---

This video from Dean Ellerby looks at Multi-Admin approval within Intune which I imagine many people turned on in a panic without actually looking into it fully.  Well, now is the time to learn more about it, especially just what it can’t do

---

Learn how to remove those Copilot apps that no-one wants or uses from Windows 11 by following this video from Steve Weiner

---

Microsoft Content

Let’s see the exciting news from Microsoft this week, although this first one is a fix rather than news.  If you’re having issues upgrading your Microsoft Tunnel server, there is a script here from the Intune Support Team to fix it

https://techcommunity.microsoft.com/blog/IntuneCustomerSuccess/known-issue-upgrading-microsoft-tunnel-version-20260129-1/4517935

---

For those of you sitting behind proxies and firewalls, this post from Dave Roth shows what to configure for a better Windows update experience

https://techcommunity.microsoft.com/t5/windows-it-pro-blog/configuring-firewall-and-proxies-for-smooth-windows-updates/ba-p/4517913

---

For macOS admins, this new setting in Platform SSO allows users to sign in and configure with their Entra accounts prior to hitting the desktop.  Learn more here from Iris Yuning Ye

https://techcommunity.microsoft.com/blog/IntuneCustomerSuccess/new-platform-sso-with-registration-during-automated-device-enrollment-on-macos/4519846

---

That’s all for this week, have an amazing weekend!