Welcome to the second newsletter of 2025 (and according to the stats, the 142nd edition ever)
Community Content
We start this week with some excellent scripts to automate provisioning of Windows 365 machines from Paul Winstanley and Niall Brady
Automated Provisioning of Windows 365 Cloud PCs: Advanced Scripts
If you have found desktop icons disappearing on Windows kiosk devices, check out this post from Dustin Gullett
https://www.getrubix.com/blog/so-along-kiosk-desktop-icons
Copilot+ machines are soon going to be creeping their way into your managed estates. Control what the Copilot button does with this post from Ola Ström
iPads make very good kiosk type devices, but configuring them can be tricky. Learn how to configure an iPad in shared mode in this post from Anand P
https://www.cloudtekspace.com/post/configure-shared-ipad-using-microsoft-intune
To increase your security posture, you can specify which OS versions are allowed in the estate, it’s a bit of manual effort, but does block anything unsupported. Kenneth van Surksum runs through the options and how to configure them here
Governing OS Versions in Microsoft Intune: Best Practices and Configuration
Connected Cache is free and will both speed up downloads and reduce traffic overhears, it’s seems a no-brainer now. Peter van der Woude covers how to configure it here
Redirecting USB devices to cloud machines isn’t always as straight forward as you would like. Fortunately Michael Meier has instructions (and scripts) to help you out
Enable RemoteFX USB Redirection for AVD or Windows 365 using Intune
No matter how hard we try, users will always avoid rebooting devices. Hotpatch for Windows 11 Enterprise means at least your updates will be installed if they don’t. Learn more here from Torbjorn (Mr T-Bone) Granheden
If you’re trying to get an iOS device into a managed state without losing data, you might change your mind after reading James Vincent‘s guide here
Restore an unmanaged iOS Backup to a Supervised iOS Device and manage with MDM
Jon Towles has released an excellent remediation for those of you who need to rename your devices (cloud or hybrid). Worth checking out
For app packagers everywhere, learn how to read strings from within application files with sysinsternals tools in this post from Nick S
https://www.linkedin.com/pulse/strings-win32-deployment-intune-nick-schmitz-2dakc/
Finding a self-deploying device is registered to another tenant can be a troubleshooting nightmare! Luckily, Gannon Novak has a tip here to find the primary assigned tenant
https://smbtothecloud.com/identify-where-a-self-deploying-autopilot-device-is-registered
Next, we have a guide from Jatin Makhija for configuring SCEP and NDES
Video Content
Now for the video content, starting with a look at how to setup TAP for passwordless user onboarding from Mark Oldham
When looking to implement Conditional Access policies, it’s essential to test them first and report-only is the perfect option, but finding the report itself isn’t quite so straight forward. Learn how here with Steve Weiner
That’s it for this week, have an amazing weekend!