Community Content
We start this week with a look at the Intune Suite and in particular EPM from Dominiek Verham
https://techlab.blog/a-first-look-at-the-microsoft-intune-suite-and-endpoint-privilege-management/
Dominiek has also followed up with a deeper dive into the product
Following on from last week’s part two of the Intune Suite review, Jannik Reinhard has released part three, this one looking at Advanced Endpoint Analytics
https://jannikreinhard.com/2023/04/02/intune-suite-part-3-advanced-endpoint-analytics/
This post from Sander Rozemuller demonstrates how to use App Protection and Conditional access to implement zero-trust, including automating the policy creation
https://www.rozemuller.com/zero-trust-data-protection-using-app-protection-policies-automated/
Passwordless authentication is rapidly becoming a reality. Here, Peter Klapwijk looks at the onboarding process for a passwordless user with TAP
Announced last week, you can now have multiple Azure Network Connections with Windows 365 for failover. This post from Niall Brady looks digs down further
Harri Jaakkonen has released part 6 of the Defender Suite series. This part runs through deploying, configuring and monitoring Microsoft Defender for Cloud
Harri has also looked at some of the upcoming exam changes which are always worth keeping an eye on
If you are starting out with iOS management, this post from Somesh Pathak (and the previous parts in the series) runs through configuring Apple Business Manager and onboarding devices into it
https://www.intuneirl.com/onboarding-to-abm/
Since the release of AVD and WIn365, there have been a lot of improvements to the remote desktop protocol to improve the end-user experience. To find out about the latest improvements, read this article from Vidya M A
https://www.anoopcnair.com/rdp-remote-desktop-protocol-improvements-hdx/
For your BYOD Android devices, this guide from Malepati Naren will run you through the full steps to configure your environment and onboard your devices.
https://www.anoopcnair.com/enroll-android-devices-to-android-for-work/
Aresh Sarkari has released a great PowerShell script to email you a list of the CVEs released each month
Presentation Mode can be quite useful for quickly changing system settings, but you may be in an environment where you don’t want users changing them. To disable it via Intune or GPO, follow this guide from Prajwal Desai
I use Windows Sandbox a lot for testing all-sorts, it’s so much easier knowing if something goes wrong, you can just destroy the machine. Find out how to configure it and use a plugin to run directly in the sandbox with this post from Harm Veenstra
Now for three posts from Thiago Beier starting with a Proactive Remediation to remediate an accidental app install, in this case DrawIO
https://thiagobeier.wordpress.com/2023/03/31/intune-proactive-remediation-detect-and-remove-drawio/
Thiago’s second post runs through the process of creating an Azure AD Application for when you want to automate your scripts without requiring user authentication
https://thiagobeier.wordpress.com/2023/04/03/create-an-azure-ad-application/
As a follow-up, Thiago covers how to use your newly created Azure AD apps with a self-signed certificate
https://thiagobeier.wordpress.com/2023/04/05/azure-ad-application-self-signed-certificate/
Within Microsoft Graph you can view Windows Autopilot Deployment events to find out exactly what’s happened for your enrolled machines. In this post, Peter van der Woude has looked further at what can be found and how to filter on it
You can now use the Image builder within the Azure Portal for a GUI to configure your AVD session host images instead of having to use PowerShell. Johan Vanneuville has released this walk-through to show you how to use it
Whilst you have been able to use a naming convention on standard Autopilot machines for years, until now, it hasn’t been an option for a cloud PC. Fortunately this has now changed and Ola Ström has looked at this new feature here
Restarting a machine on ESP completion is not quite as easy as you would expect. Fortunately Gannon Novak has put together a script/app which you can deploy to trigger a reboot upon completion.
If you want to deploy MDE but are sitting behind a proxy server, have a look at this post from Will Francillette and the linked articles from Brian Baldock with the different ways to create your connection
https://www.french365connection.co.uk/post/mde-windows-disconnected-environment-decision-tree
There can be multiple ways to deploy an Intune policy, often within different blades of the admin console and you may come across the dreaded Conflict error where you have inadvertently deployed the same setting in two different places. To troubleshoot these, have a look at this thorough post from Shehan Perera
https://shehanperera.com/2023/04/05/intune-policy-conflicts-01/
Another new feature in 2303 which has had less coverage than the likes of EPM is the ability to deploy custom batch scripts to your Intune managed Linux devices. Fortunately Jitesh Kumar has covered it here
https://www.anoopcnair.com/deploy-linux-bash-script-using-intune/
Next up, we have a script from Christopher Mogis to quickly rename your machines
https://www.ccmtune.fr/2023/04/rename-devices-with-powershell-and.html
Some of you or your customers may still be using 3rd party AV. Until you can convince them to switch to Defender, you can use a custom compliance policy to ensure whatever AV they are using is active and in good health following this guide from Nick Benton
https://memv.ennbee.uk/posts/custom-compliance-third-party-av/
This post from Niklas Tinner runs through how to configure your devices to sleep and lock when the lid is closed, obviously use with care for any users with a docking station!
Have you ever wondered just what’s happening when you enable and configure EPM? Wonder no more, Rudy Ooms is on the case with another deep dive into the depths of your machine
If you have Defender for Endpoint P2 licensing, it includes the excellent Vulnerability Management tools. This in-depth post from Jeffrey Appel looks at what it does, how to configure it and why you should be using it.
Jeffrey is also starting a new series looking at Defender for Cloud, this is well worth keeping an eye on
This post (translated hence the unusual URL) from Octavio Rodríguez shows how to deploy a custom start menu to your Windows 11 devices using Intune
The built-in diagnostics tool in Intune is excellent, but wouldn’t it be even better if it could grab the logs from your own custom apps and scripts. Read this post from Florian Salzmann to find out how
https://scloud.work/en/collect-diagnostics-custom/
Niels Kok has put together a script to check if a particular application is installed on any of your machines (in this case TikTok), you can grab a copy here
https://www.nielskok.tech/intune/discover-specific-apps-on-intune-windows-devices/
With Update compliance now retired, you will need to switch to Windows Update for Business Reports. To configure it in your environment, follow this guide from Joost Gelijsteen
Windows Defender Smartscreen is a very useful tool which I would recommend deploying in your environment. This post from René Laas covers what it does and how to deploy it
https://endpointcave.com/protect-your-users-against-phishing-with-defender-smartscreen/
Video Content
Now onto the video content, starting with a deep dive into Conditional Access authentication strength with Andy Malone
This video from Anoop Nair looks at all things Autopatch
A second video from Anoop, this one looking at the future of Config Manager
Mattias Melkersen Kalvåg and Nickolaj Andersen look at what’s new in Intune version 2303 including the new EPM functionality and the improved troubleshooting tools amongst others
Following on from the previous episode looking at EPM (check if out if you haven’t watched it yet), this episode of Intune.Training features Lavanya Lakshman and Matt Call with an in-depth look at Advanced Endpoint Analytics. Hosted by Steven Hosking and micro-managed by Adam Gross (no guest host this time)
This webinar from the Patch My PC team covering enabling co-management and moving your workloads into Intune. Well worth checking out if you are running SCCM and looking to move to Intune.
Microsoft Content
Now onto the Microsoft news from the week starting with some exciting news from Harjit Dhaliwal. For anyone on M365 E3 or E5 you will now get 100 free Universal Prints per user per month (sadly you’ll still have to pay for the ink)
Next, this post from Ron Martinsen looks at why performance testing your cloud machines is so difficult and a look at some of the performance metrics for Windows 365
An update on the Store for Business changes and retirement dates next from the Intune Support Team
Windows 365 Frontline has now entered private preview with new provisioning options and settings to configure time-outs. You can find out more in this post from Sam Tulimat
Another new skilling snack, this one comes from Lior Bela and looks at Autopatch
The final content this week comes from Naveen Kumar Nooka and looks at the latest updates to the MSIX packaging tool