Welcome to this weeks Intune newsletter (hopefully) your number one source for Intune news and updates from the community and Microsoft.
Featured
After the success of last week’s trial, Dean Ellerby has selected another of this weeks posts to do a video demonstration so you can get a better feel for the update. This week the video looks at the new Organization Messages currently in preview and covered in the post from Peter Klapwijk below.
Community Content
We start this week with a post from Jitesh Kumar demonstrating how to import the Zoom ADMX templates and use them to manage Zoom settings via Intune
https://www.anoopcnair.com/zoom-settings-using-intune-administrative-templ/
A second post from Jitesh, this one looking at setting Intune Terms and Conditions which are displayed to the user during enrollment
https://www.anoopcnair.com/intune-terms-and-conditions-for-device-enroll/
In this third port from Jitesh, you can learn how to create a Linux Compliance policy for any newly managed Linux devices
https://www.anoopcnair.com/create-linux-compliance-policy-in-intune-portal/
Next, Aresh Sarkari demonstrates how to update an AVD golden image to include the monthly updates and deploy to your AVD estate
Niklas Tinner has been busy on Reddit and Twitter finding out the biggest challenges faced by people implementing and using Intune. This post looks at those challenges and offers advice to mitigate them
https://oceanleaf.ch/intune-challenges/
A second post this week from Niklas, looking at Windows Update for Business Reports (what was Update Compliance)
https://oceanleaf.ch/windows-update-for-business-reports-former-update-compliance/
Windows 365 has an excellent feature to upload files to your Cloud PC via the webclient, but you may find it fails to work. Read this post from Dominiek Verham to find out why and how to resolve.
A second post from Dominiek this week, this one looking at some of the excellent new features in Autopatch
Joymalya Basu Roy has an in-depth look at Linux management with Intune in this post with a full end-to-end enrollment. If you are unfamiliar with Linux, this would be an excellent starting point.
Also on the Linux theme, we have two posts from Christopher Mogis, the first looking at installing and using the new Teams Progressive Web App for Linux
https://www.ccmtune.fr/2022/11/microsoft-teams-progressive-web-app-on.html
The second post from Christopher shows how to install Microsoft Edge onto a machine running Ubuntu
https://www.ccmtune.fr/2022/11/how-to-install-microsoft-edge-on-ubuntu.html
A third post this week from Christopher, this is one I’m often asked about, how to deploy AppLocker via Intune, it’s quite a manual process so this post will come in useful if you are looking to implement it
https://www.ccmtune.fr/2022/11/how-to-implement-applocker-with.html
If you read last weeks newsletter you will have seen the new Intune device Inventory module from Florian Salzmann and Jannik Reinhard (if you didn’t, you can find the post here). This week Jannik introduces us to the UI which sits on top of the new module.
https://jannikreinhard.com/2022/11/13/intune-device-inventory-ui/
Florian Salzmann also has a new post looking at Windows Update for Business, how to deploy it, how it replaces WSUS and reporting from it
https://scloud.work/en/windows-updates-for-business/
Cloud Site Lists are a great new feature in the M365 admin centre. If you haven’t come across them and are still using the XML from the generator, check out this post from Tristan Tyson
https://tech.tristantyson.com/edgeiemodecloudsiteslist
Now we have two posts from Peter Klapwijk, starting with a script to enable users to switch the Windows 11 language via an application in Company Portal
Peter’s second post has a look at the Organizational Messages recently added into public preview in Intune to notify users of updates etc.
This post from Jan Bakker shows how to use on-prem AD attributes to help automate the starters and leavers process using Lifecycle Workflows
To protect your environment from bad actors enrolling devices into Intune, but without giving yourself a massive IT headache, have a look at Access Packages in this post from Nathan McNulty
https://blog.nathanmcnulty.com/intune-using-access-packages-to-enable-user-device-enrollment/
Rudy Ooms has looked at deploying Store apps via Winget in this deep-dive, including some potential issues you may come across (and how to resolve them)
Autopilot has some built in naming conventions, but what if you want something a bit more specific? Have a look at this guide from René Laas to find out how to extend the options using Microsoft Lists and Logic Apps
https://endpointcave.com/more-options-for-autopilot-naming-convention/
Michael Niehaus has looked at the time sync tool in Windows and some of the issues it can cause with Autopilot deployments in this post.
https://oofhours.com/2022/11/16/the-mysterious-case-of-broken-time-sync/
If you have ever had issues with on-prem AD accidents transferring to Azure AD, or are just worried about the possibility, have a look at this post from Shehan Perera
https://shehanperera.com/2022/11/17/aad-prevent-accidntial-deletions-1/
Next, Gannon Novak looks at the new Access Authentication Strength feature in Conditional Access and how to use it with a FIDO2 key
Mobile Network Protection has now gone live in MDE for Android and iOS. To find out how to deploy it, read this post from Somesh Pathak
A second post from Somesh this week, this one looking at onboarding iOS devices into Microsoft Defender for Endpoint without requiring any input from the end-user
Autopatch is a reasonably new addition (and constantly evolving). If you haven’t looked into it yet (I would recommend doing so), have a read of this post from Niels Kok
Now onto the video content for this week, starting with this from Manish Bangia looking at the different ways to enrol devices into Intune including demonstrations
Mattias Melkersen Kalvåg has released the latest part of the PSADT series which is well worth checking out if you’re into packaging
This video from Harvansh Singh will show you how to configure the firewall using Defender for Endpoint and Intune
CIS and NCSC Baselines are my starting point when deploying any new environment. To find out how to use the CIS Benchmark to implement your Intune policies, have a look at this video from Anoop Nair
In the latest intune.training, Jóhannes Geir Kristjansson, Jake Shackelford and Sean Bulger do some live coding on their introduction to Microsoft Graph.
The final community content this week is the first EM+S Discord Channel Community Live Event featuring Jonas Bøgvad, Shehan Perera, Joey Verlinden, Jannik Reinhard, Somesh Pathak, James Robinson (hidden in the background), oh and me.
Microsoft Content
Now onto the Microsoft news from this week starting with this new preview functionality to require that Intune changes must be approved by two accounts (multi-administrative approval, or MAA)
https://learn.microsoft.com/en-us/mem/intune/fundamentals/multi-admin-approval
This post from Robin Goldstein demonstrates how to use zero trust with external identities in Azure AD
This M365 deployment guide could be very useful, it covers apps, enteprise mode site lists, zero trust and a whole lot more.
Windows Update for Business reports replaces Update Compliance and no longer requires a Commercial ID to configure. To find out more, including how to deploy, follow this.
https://learn.microsoft.com/en-us/windows/deployment/update/wufb-reports-enable
As mentioned above, organizational messages are now in private preview, read this from Maggie Dakeva to find out more
The latest Intune What’s New has been released by Ramya Chitrakar and includes both the organizational messages and the MAA update above.
That’s it for this week, I hope you found this content as useful as I have! Have a great weekend
