Welcome to this weeks Intune Newsletter jam packed with incredible content.
Before I start, a special thanks to everyone at Microsoft involved in the Technical Takeoff and if you missed any of the videos you can find them here or on YouTube
Community Content
This weeks first post comes from Jannik Reinhard showing how to use an Azure DevOps Pipeline to move Intune items between tenants
https://jannikreinhard.com/2022/10/23/intune-devops-tools-move-objects-from-dev-to-prod-tenant/
In this post, Courtenay Bernier has developed a PowerApp to quickly look at groups assigned to Intune policies and applications as well as listing members of the groups!
Next, Christopher Mogis shows how to use Settings Catalog policies to configure Windows Power Options.
https://www.ccmtune.fr/2022/10/how-to-configure-windows-client-power.html?m=1
Microsoft have recently published guidelines for securing cloud machines. To find out more about the guidelines and what they contain, have a look at this post from Dominiek Verham
If you have been experimenting with ADMX importing within Intune, you will no doubt have come across some errors. Rudy Ooms has put together this post looking at some of these errors and digging into what’s causing them. Well worth checking out to get an idea of what’s happening behind the scenes.
Andy Jones has released version 2 of the excellent Intune Quicklinks (Autopilot version), a great reference point whether you are starting out, or using Intune daily.
https://move2modern.weebly.com/blog-posts/intune-quick-links-iql-version-2
With everyone moving towards soft phones, you may find yourself needing to enrol Teams phones into Intune and potentially hitting issues if you have personal devices blocked. Follow this guide from Jeroen Burgerhout to find out how to resolve these issues using Corporate Device Identifiers
https://www.burgerhout.org/how-to-add-teams-phones-in-to-intune/
Jan Ketil Skanke has put together a very useful script to deploy M365 apps using Win32, but grabbing the files directly during install to make sure that every new installation is using the latest versions without having to constantly update the app.
Windows 365 Cloud Machines are designed for quickly spinning up machines and then destroying them when no longer required, but this can clutter up Azure AD. This script from Morten Pedholt will clean them up for you.
Microsoft Security, Identity and Compliance is always updating and it can seem a struggle to keep up with everything (I know I struggle). Matt Soseman has some tips, tricks and key people to follow on social media to keep you updated in this post. Recommended reading!
Microsoft have added some Azure services to Intune so you may need to unblock some additional ports on your firewall. Fortunately Benoit HAMET has them listed here
https://blog.hametbenoit.info/2022/10/24/intune-updates-for-intune-network-endpoints/#.Y1bJn0zMJqY
I’m a big fan of MSIX packaging and App Attach, but it can be tricky to troubleshoot if you have a large AVD estate. Ryan Mangan has built a tool here with a log analytics workspace to quickly diagnose and troubleshoot any errors you may be experiencing.
https://ryanmangansitblog.com/2022/10/06/enterprise-msix-app-attach-troubleshooting-made-easy/
We have part 5 of the incredible series on OSD cloud from Ákos Bakos, this week looking at Azure integration and using Azure Storage to deploy custom images.
https://akosbakos.ch/osdcloud-5-azure-integration/
One of the new premium features announced at Ignite is Privilege Management Support. Jitesh Kumar has looked at it further in this post.
https://www.anoopcnair.com/intune-endpoint-privilege-management-support/
A second post from Jitesh, this one covering how to deploy Dell Support Assist via Intune
https://www.anoopcnair.com/deploy-dell-supportassist-using-intune/
Another Ignite announcement is the exciting new Windows 365 app which Ola Ström has tested and reviewed here.
https://www.olastrom.com/2022/the-windows-365-app
Two posts now from Shehan Perera, the first showing how to use KQL queries to interrogate Intune audit logs with some included examples.
https://shehanperera.com/2022/10/23/intuneauditlogs-1/
The second post looks at the new additions to the authenticator app to avoid MFA fatigue.
https://shehanperera.com/2022/10/26/ms-authenticator-improvements-1/
Sometimes you may find a user has over-requested a cloud PC spec, or equally as likely, are complaining it’s too slow. This post from Niall Brady will show you how to look at the utilisation of a W365 machine and resize as required.
https://www.windows-noob.com/forums/topic/23121-how-can-i-resize-a-windows-365-cloud-pc/
Part 6 of the Log Analytics series from Damien Van Robaeys, this post looks at creating a lab from a CSV with dummy data to start using the knowledge from the previous posts.
https://www.systanddeploy.com/2022/10/starting-with-log-analytics-part-6.html
Azure AD now has cross tenant access to take the headache out of multi-tenancy companies (or MSPs). Moe Kinani runs through how to set this up and what it looks like from the user side
https://cloudbymoe.com/f/mutual-trust-and-the-azure-ad-cross-tenants-access
If you are using Logic Apps, you will be aware that for most connectors you often need to login which is awkward if the person who set it up leaves the business. This post from Mattias Melkersen shows how to set up your Logic Apps to be user-independant.
A couple of new posts from Somesh Pathak looking at all things Apple. The first is a reminder that if you use Apple Business Manager you will need to accept the new terms to enrol new devices or add any new apps
Somesh has also posted part 3 of the series covering macOS management using Intune, this one looking at Compliance Policies, System Preferences and Device Restrictions
There are an incredible number of API permissions in Microsoft Graph, if you want to quickly view them all, have a look at this script from Niels Kok
Next, Thomas Marcussen looks at the new premium suite for Intune announced at Ignite and the new features included in it.
Now for multiple posts from Prajwal Desai, starting with a list of what has been added and updated on the latest Intune versions
This second post is a thorough guide on enrolling and managing Linux devices using Intune
Now you’ve enrolled your Linux device, you’ll need a compliance policy, this post covers that aspect for you
As much as we like to avoid it, there are times where users need local admin, hopefully just IT staff! To manage group memberships using Intune, have a read of this guide from Robin Hobo
If you have an on-prem CA, often for wireless authentication, you’ve probably heard of NDES and SCEP. For a thorough explaination of what they are and what they do, check out this post from Niklas Tinner
https://oceanleaf.ch/intune-ndes-scep-explained/
Oktay Sari was lucky enough to attend Ignite in person and has shared a post on what it was like as well as the key output from the event
https://allthingscloud.blog/microsoft-ignite-2022/
For a look at all of the highlights from the technical takeoff, have a read of this post from Johan Arwidmark
When looking at securing your endpoints, my two places to check first are CIS and NCSC, Jonas Bøgvad has looked at this NCSC guidelines in this latest article
https://blog.skymadesimple.io/national-cyber-security-centre-platform-guides/
Now onto the video content for this week, starting with this video from Mahammad kubaib looking at enrolling AVD devices into Intune and using it to manage them.
This weeks MVPbuzzChat is now out featuring Somesh Pathak and Christian Buckley
A new preview feature in Azure is VM Application definitions. This video from Dean Cefola looks at what they do and how to use them for your Azure VMs
Next up, Dean Ellerby looks at the new Conditional Access templates to quickly set up CA policies in your tenant.
Two videos this week from Jakub Piesik, first looking at the new Intune enrollment notifications
And the second uses Microsoft Access Packages to allow users to request a Windows 365 machine
The final community content this week comes from Manish Bangia showing how to bulk import into Azure AD Groups using the csv import templates
Microsoft Content
Now on for this weeks Microsoft content starting with a deep dive into expedited quality updates from Surabhi Calla
What’s new in Intune is always worth a read!
https://learn.microsoft.com/en-us/mem/intune/fundamentals/whats-new#week-of-october-24-2022
To look at any past or upcoming Intune events, this link it worth bookmarking
The Intune Support Team have done an excellent article explaining the Intune device object and the user principal name including a look at the Graph objects
Filter for apps is now in public preview within Conditional Access and is a powerful new addition. Read this from Alex Weinert to find out more.
One of my favourites from this week from Merill Fernando is a new way to quickly access Microsoft Portals without having to memorise every web address. If you work in Intune or Azure, I have a feeling you will use this constantly.
Windows Update for Business along with Graph is hugely powerful. This article from Angie Chen digs into the subject and even includes a Teams Bot to handle updates.
That’s it from this week, I hope you’ve enjoyed reading the posts as much as I have. Back for more next week!