A slight calming on the APv2 posts this week, but Config Refresh has now gone GA which is one to setup in your tenants! A special week for me this week as well with the launch of my EUCToolbox apps after many many hours spent writing them all
Community Content
With the announcement of Recall for Windows, Peter van der Woude looks at your options for managing Windows AI features using Intune here
https://www.petervanderwoude.nl/post/managing-windows-ai-features
If you’re running Windows Pro and business premium licenses, you’ll notice the background and lockscreen policies won’t work. If you also need to constantly keep changing the wallpaper, check out this solution from Ahmad Aoun
Intune Config Refresh is finally live and is a great way to keep your devices in line. Find out more in this post from Joost Gelijsteen
https://joostgelijsteen.com/intune-config-refresh
Florian Salzmann also looks at the new config refresh functionality here
https://scloud.work/config-refresh-microsoft-intune
If you want to allow WHfB, but not force it during OOBE, check out this guide from Nicklas Ahlberg
https://www.rockenroll.tech/2024/06/17/windows-11-whfb-disablepostlogonprovisioning
Jon Towles continues the Windows 11 best practice series, this one covers settings and policies to improve the user experience
https://mobile-jon.com/2024/06/17/windows-11-best-practices-part-four-user-experience
If you are using the CIS build kit to secure your environment, this new series from Nick Benton and Jonathan Fallis is worth a look. The first part looks at Bitlocker settings
https://memv.ennbee.uk/posts/windows-cis-patching-gaps-part1
Intune now supports HTML in non-compliance notifications so we can finally make them look more appealing as covered here by Jan Mulder
https://wolkenman.wordpress.com/2024/06/15/compliance-notifications-html-formatting
Back in the olden days, you could add Autopilot devices in the Store for Business. That functionality has now been removed as covered here by Michael Niehaus
https://oofhours.com/2024/06/14/rip-autopilot-support-in-store-for-business
Michael has also discovered that MSI apps now use DO, find out more here
https://oofhours.com/2024/06/19/msi-apps-are-now-downloaded-using-delivery-optimization
Next, Matias Magnus Andersen shares a Defender for Endpoint hunting query to track which versions of macOS you have across your estate
This post from Joymalya Basu Roy looks at Autopilot V2 and how it compares to V1
https://joymalya.com/autopilot-device-preparation-embrace-the-future
Maxime Guillemin has released the second part looking at Cloud PKI, this one covers linking it into Conditional access
https://cloudflow.be/certificate-based-authentication-with-microsoft-cloud-pki-part-2
For a full run-through of APv2 setup, follow this guide from Joery Van den Bosch
https://intunestuff.com/2024/06/19/autopilot-device-preparation-apv2
Andy Jones also looks at the new Autopilot with some thoughts and findings along the way
Intune will soon only support macOS 13 and iOS 16 and higher devices. Find out if you will have any out-of-support devices here from Daniel Bradley
https://ourcloudnetwork.com/microsoft-intune-to-require-ios-16-and-macos-13
When using Copilot for Edge, it has the option to access the current website which could mean data being sent to a different country (could be an issue for those in the EU). Jörgen Nilsson looks at your options here
https://ccmexec.com/2024/06/copilot-in-edge-sidebar-and-access-to-current-webpage
If you want to (carefully) upgrade unsupported devices to Windows 11 using Intune, follow this guide from Mads Johansen
https://evil365.com/windows%2011/ForceWindows11-Upgrade-UnsupportedHardware
Rudy Ooms looks at the importance of the Just-in-Time group for APv2 in this journey into the logs
https://call4cloud.nl/2024/06/autopilot-device-preparation-and-the-enrollment-time-grouping
Keep track of any licenses assigned to disabled users with a Teams notification using this script from Damien Van Robaeys
https://www.systanddeploy.com/2024/06/be-notified-by-mailteams-of-intune.html
Conditional access is the unsung hero in securing your tenant, but get it wrong and you’ll know about it! Fortunately Niklas Tinner has an excellent getting started guide here
https://oceanleaf.ch/conditional-access-starter-guide
One to bookmark next from James Robinson where you can find out new policy settings and UI changes in Intune in one place
https://skiptotheendpoint.co.uk/intune-settings-rundown-2024-06-20
Video Content
Now onto the video content starting with two app themed videos from Steve Weiner, the first looking at how to deploy M365 apps (Office) in Intune
Steve’s second video then covers deploying the new Teams app
After looking at Robopack previously, Steve now looks at Patch My PC
Dean Ellerby has released an updated Autopilot guide covering the existing v1 process
We have the latest Unpacking endpoint management video (and the last of the season), this one covering managing macOS devices with Steve Thomas, Rachelle Blanchard, Danny Guillory Jr, Arnab Biswas and Benjamin Flamm
Microsoft Content
Now for the Microsoft content with the news that MAM for AVD and Win365 is in preview from Kingston Hui
We now have even more granular RBAC control over security policies in Intune as covered here by Laura Arrizza
That’s it for this week, have a great weekend!