Intune Newsletter – 3rd February 2023

Welcome to this weeks exciting Intune news and content and it’s a long read this week. Grab a drink, get comfy and enjoy!

Community Content

We start this week with a look at the new troubleshooting tools in preview (release 2301) in this post from Nico Wyss

https://cloudfil.ch/how-to-troubleshoot-intune-issues-preview/


Aaron Parker has added an API for the excellent Evergreen tool should you find yourself in a situation where you can’t install PowerShell modules

https://stealthpuppy.com/evergreen/invoke/


MSIX App-Attach is a superb feature with AVD to move the applications away from the base OS and allow independant updates of each (amongst other things). This incredibly comprehensive post from Octavio Rodríguez will walk you through it from start to finish (excuse the dodgy looking link, I’ve translated it to save you the time)

https://www-deployment-mx.translate.goog/msix-app-attach-en-azure-virtual-desktop/?_x_tr_sl=auto&_x_tr_tl=en&_x_tr_hl=en-US&_x_tr_pto=wapp

A second post from Octavio this week, this one looking at the new Watermark feature in AVD

https://www-deployment-mx.translate.goog/marca-de-agua-y-proteccion-de-captura-de-pantalla-para-azure-virtual-desktop/?_x_tr_sl=auto&_x_tr_tl=en&_x_tr_hl=en-US&_x_tr_pto=wapp


The latest version of Niall Brady‘s excellent Windows 365 guide is now available, this time looking at Point-in-Time restores

https://www.windows-noob.com/forums/topic/23183-getting-started-with-windows-365-part-6-point-in-time-restore/


If you had in-house apps published to the old store and can’t find a way to add them with the new Store Integration, check out this post from Hauke Götze

https://www.linkedin.com/pulse/deploy-invisible-microsoft-store-apps-using-app-new-mechanism-g%C3%B6tze/


Jannik Reinhard has put together a useful script to quickly display device information including group membership, policy and app assignments

https://jannikreinhard.com/2023/01/29/get-assignments-of-an-device-via-powershell/


Compliance policies are great (and essential), but what happens if machines somehow slip through without one assigned? Fortunately a new report in 2301 will show these devices as looked at here by Jitesh Kumar

https://www.anoopcnair.com/intune-report-devices-without-compliance-policy/


Following on from last weeks post, Dominiek Verham looks at how to deploy a Windows 11 Kiosk machine, but allowing the use of the Windows 365 application

https://techlab.blog/windows-11-kiosk-with-the-windows-365-app/


Next, Jonas Bøgvad looks at the benefits of passwordless authentication and why you should be looking at implementing it (if you haven’t already done so)

https://blog.skymadesimple.io/passwordless-benefits/


Company Portal is a key application for Intune managed machines, especially for self-service applications. This post from Prajwal Desai runs through the deployment via the new store integration


This post from Liviu Barbat looks at how to deploy your own custom Line of Business apps to macOS devices using Intune


Font installations are still much harder than I would like and I usually end up creating a custom MSI to deploy them. This post/script from u/CloudInfra_net should make things easier

https://cloudinfra.net/how-to-deploy-fonts-using-intune/


Pavel Mirochnitchenko has put together scripts to automate your Intune background and lockscreen branding in this post, if you haven’t looked at the previous two posts on windows branding, they are well worth checking as well

https://www.linkedin.com/pulse/intune-advanced-automation-part-3-windows-branding-mirochnitchenko/


In the quest to ditch the domain join for all end-user devices, with FSLogix now supporting AAD authentication, AVD is also now an option (especially with Intune integration). This thorough guide from Gannon Novak will walk you through the process


If, like me, you prefer working directly in Graph, this post from Daniel Bradley shows you how to assign licenses to users

After the exam changes announced (MD-100/102 to MD-102 and MS100/101 to MS-102), Daniel’s second post is a study guide for the MS-102


Privacy controls for Office apps are cross-platform. To find out about how they work and how to assign them, have a look at this post from Peter van der Woude


This new script from Thomas Marcussen will quickly add users to an an AzureAD group for Windows 365 users


Licensing can be a bit of a minefield, but once you have your licenses in place, make sure you are getting the best value you can from them. This excellent post from Lewis Barry shows what you get in a Business Premium license


Azure AD Tenants, subscriptions, cloud trust, it can all get confusing for someone new to the cloud. This thorough post from Eric Woodruff should help you understand it all


Rudy Ooms has cracked open the troubleshooting toolkit again, this time looking at what happens when you click the Check Access button in Company Portal (or as I’m sure many of us do, hammer the button repeatedly)


When using Defender for Endpoint, you may have noticed any tags in Intune don’t match up to tags in the Defender portal. This post from Florian Salzmann will show you how to use your group (or scope) tags in MDE

https://scloud.work/en/defender-scope-tag-via-intune/


Damien Van Robaeys has been exploring hidden Lenovo sites again, this time here is an excellent site to look at the BIOS of Lenovo machines in a web browser, useful for documentation, troubleshooting (or talking through that user on the phone)

https://www.systanddeploy.com/2023/02/easily-taking-screenshots-of-bios.html?m=0


Sorting local admin on your AAD devices gives you many options (more when Windows LAPS launches), Simon Skotheimsvik reviews the options in this post


Nick Benton has put together a custom compliance script based on the iOS version on devices in this post

https://memv.ennbee.uk/posts/apple-os-update-compliance/


Benoit Hamet has also looked at the watermark functionality in AVD

https://blog.hametbenoit.info/2023/02/01/azure-virtual-desktop-you-can-now-enable-watermarking-preview/#.Y9qfx63P1qY


This post from Anand P shows how to use Conditional Access to block users from accessing email via native clients on un-managed devices

https://www.cloudtekspace.com/amp/block-exchange-online-email-on-unmanaged-devices


A nice packaging guide for executables here from CloudInfra

https://cloudinfra.net/how-to-deploy-exe-applications-using-intune/


This post from Niklas Tinner looks at Group Tags and the Autopilot information stored about a device

https://niklastinner.medium.com/the-discussion-about-group-tags-3407f8ce2a85


Next, Aresh Sarkari demonstrates how to configure Conditional Access policies for your AVD machines

https://askaresh.com/2023/02/03/compliance-policy-for-azure-virtual-desktop-session-host-virtual-machine-managed-via-microsoft-intune/?amp=1


Should you find yourself needing to bulk rename devices in Intune, check out this script from Ugur Koc


Another useful script, this one from Sander Rozemuller to bulk delete devices from AAD and Intune from a CSV

https://www.rozemuller.com/delete-aad-intune-devices-based-on-csv-and-graph-api/


Video Content

Now for the video content from this week, starting with a look at what’s new in Intune releases 2211 and 2212 with Mattias Melkersen Kalvåg and Nickolaj Andersen, an excellent starting point for looking at the new features available


Dean Ellerby has started a new YouTube channel (I’d recommend hitting subscribe) and the first video demonstrates how to deploy Zoom via Intune


If you want to move into the crazy world of Intune management, Chander Mani Pandey has put together some interview tips and tricks.

Chander’s second video looks at using Company Portal to manually enrol a device into Intune


The first of a new MS EMS Community podcast is now live featuring Jonas Bøgvad, Somesth Pathak, Eric Woodruff, Lewis Barry, James Robinson and someone else.


To find out more about winget and the new app store integration, this video featuring Mandar Chen, Roy MacLachlan, Danny Guillory Jr and Steve Thomas is well worth a watch.


The latest MVPBuzzchat with Christian Buckley and this episodes guest is our very own Manish Bangia


The latest ViaMonstra Academy video looking at all things Intune and ConfigMgr is now live featuring Johan Arwidmark, Andrew Johnson and guest Dean Ellerby

https://www.linkedin.com/video/event/urn:li:ugcPost:7026669473403195392/?isInternal=true


Some new content from Craig Camacho aka TheDeploymentGuy, this one looking at creating AAD groups based on the group tag, I’d suggest looking at the other videos and even hitting the subscribe button


Microsoft Content

Lots of Microsoft content this week as well, starting with a look at all of the exciting new features in Intune 2301

https://learn.microsoft.com/en-us/mem/intune/fundamentals/whats-new#filter-app-and-policy-assignments-by-the-devices-azure-ad-join-type-devicetrusttype


This article and video from Zachary Cavanell and Matt McSpirit demonstrates how to quickly setup and AVD environment

https://techcommunity.microsoft.com/t5/microsoft-mechanics-blog/azure-virtual-desktop-quick-setup/ba-p/3725054


Ramya Chitrakar looks at all of the exciting new features in 2301

https://techcommunity.microsoft.com/t5/microsoft-intune-blog/what-s-new-in-microsoft-intune-2301-january-edition/ba-p/3726015


One new feature worth looking at is the Intune Troubleshooting experience, you can find out more in this post from Jon Lynn

https://techcommunity.microsoft.com/t5/intune-customer-success/new-microsoft-intune-troubleshooting-experience/ba-p/3728338


If you are reading this, I imagine you’re working regularly with Intune. If so, join the Windows and Endpoint Manager Customer Connection Program, read more from Megan Hochstatter

https://techcommunity.microsoft.com/t5/windows-it-pro-blog/evolving-the-windows-and-endpoint-manager-customer-connection/ba-p/3725087


Whether for exams, knowledge or documentation, MS Learn is a key resource. Gita Sharma shares some tips on getting the most out of it.

https://techcommunity.microsoft.com/t5/microsoft-learn-blog/seven-things-you-should-know-about-microsoft-learn/ba-p/2319497


The Unpacking Endpoint Management series is a must-watch! This post from Rachelle Blanchard lists upcoming videos and links to on-demand content

https://techcommunity.microsoft.com/t5/microsoft-intune-blog/unpacking-endpoint-management-the-series-continues/ba-p/3728801


AVD watermarking is now in public preview to further protect your corporate content on non-corporate devices, find out more in this post from Serena Zheng

https://techcommunity.microsoft.com/t5/azure-virtual-desktop/watermarking-for-azure-virtual-desktop-public-preview/m-p/3729923


A gentle reminder that Update Compliance is soon to be EOL and you should be transitioning to Update for Business Reports. Find out more in this post from Akash Malhotra

https://techcommunity.microsoft.com/t5/windows-it-pro-blog/now-generally-available-windows-update-for-business-reports/ba-p/3677018


And finally a look at the exciting new features in Windows 365 including hardware acceleration and support for Windows 10 in the Windows 365 app!

https://learn.microsoft.com/en-us/windows-365/enterprise/whats-new


That’s it for this week, have an incredible weekend, the newsletter will be back same time next week!

1 thought on “Intune Newsletter – 3rd February 2023”

Leave a Comment