Welcome to 2025
I hope you had a lovely break and hopefully some much needed time off.
It’s a bumper newsletter with 2 weeks worth of content, a surprising amount of content for the random week of confusion
Community Content
We start this week/year with a look at how to use the Microsoft Zero Trust workshop to plan your security posture, why not start 2025 as you mean to go on. Read more here from Lewis Barry
With Windows 10 EOL now getting nearer, why not consider using the inevitable hardware refresh to go cloud native. Here are 10 advantages of making the switch from Mads Johansen
https://evil365.com/intune/autopilot/Top10-Reasons-CloudNative/
We couldn’t start 2025 without a Rudy Ooms flow-chart special! This one looks at the shift of resource access policies from MDM to MMP-C
From the old school MDM stack to MMP-C: What’s going to change in 2025
Next, learn how to monitor the Intune connector health using Power Automate in this comprehensive post from Rahul Jindal
https://rahuljindalmyit.blogspot.com/2024/12/microsoft-intune-connector-health.html
I see an increase in both AVD and W365 usage this year. To make sure your cloud devices are secure, check out this post from Thomas Marcussen
Enhancing Your Security Posture in Windows 365 and Azure Virtual Desktop
Thomas also looks at what to expect across Intune and Win365 in 2025
Joël Prins also looks at how you can secure access to your cloud PCs including securing the device initiating the connection
https://www.intothecloud.eu/secure-your-cloudpc/
Following on from Ugur Koc’s excellent solution for onboarding Linux devices (here), Somesh Pathak has built an ESP for Linux which you can read about here
Seamless Intune Enrollment for Linux: Building a Better Setup Experience
Administrator Protection is a new feature to further protect elevated accounts to just-in-time access. Learn how to setup and use it here from Peter van der Woude
Per Larson also looks at Administrator Protection here including what’s happening behing the scenes and the end-user experience
https://osddeployment.dk/2024/12/28/how-does-windows-administrator-protection-works-on-your-personal-device/
Next, Torbjorn (Mr T-Bone) Granheden looks at all of the configuration settings for Edge on Android and iOS and what they all do
Branding and customizing Edge: AI Browser with Intune in iOS and Android
Continuing the Graph series, Steve Weiner looks at the Patch and Delete commands and what they do
https://www.getrubix.com/blog/patch-and-delete-for-the-holidays
Now for two posts from Jan Mulder, starting with looking at how to secure and monitor your WSL2 installs
Jan has also released a PowerShell module to run directly on end-user devices to retrieve Intune logs, a very useful tool
Powershell module for localy collect diagnostics package with get-intunelogs
Intune now supports Ubuntu 24.04 LTS and this guide from Michael Meier runs through how to enrol your devices
Michael Niehaus has updated the excellent Autopilot Branding script, this is well worth checking out!
Michael’s second post is a must-read this week, delving into the murky waters of Windows licensing and imaging devices
A defender and sentinel deep dive from Ben Whitmore in this excellent post covering how to ensure you are only ingesting the most important data from IME
Michael Frank looks at security implications of using BITS and what you can do to protect yourselves here
https://michaelsendpoint.com/security/bitsadmin.html
Ugur Koc has released an update to the excellent Intune Assignment Checker tool which you can find here
https://github.com/ugurkocde/IntuneAssignmentChecker
If you want to quickly check what is assigned to a group, this script from Timmy Andersson is worth adding to your collection
Intune – get all required assigned apps for all entra ID groups
If you’re looking to get started with PowerBI reporting and Intune, check out this guide from Aaron Falkner
For anyone experiencing an error during WHfB setup, have a look at a fix here from Niall Brady
Fixing Windows Hello for Business PIN setup error, something went wrong – error code: 0x801c0451
Learn about hotpatch for Windows 11 in this post from Dominiek Verham
Video Content
Now for the video content, starting with a look at the new Enhanced Device Inventory functionality from Craig Camacho
Next, Ben Whitmore and Michael Mardahl look at your options when securely authenticating to Graph
We have two videos from Johan Arwidmark’s famous ConfigMas, starting with a look at what’s new in SCCM 2409
The second video looks at driver management in SCCM
We also have a video from Steve Weiner looking at 5 things to make sure you are not doing in Intune moving into 2025
This video from Chander Mani Pandey shows how to use a Remediation to track your Windows update compliance across the estate
Microsoft Content
Learn about phishing resistant passkeys in Entra ID in this post from Farooque Mohammad
That’s it for this week, have a tremendous weekend