It’s another busy week in the Intune community with lots of great content to keep me out of trouble! This time next week I’ll be preparing for Experts Live in Copenhagen, I hope to see you there!
Community Content
We start this week with a useful runbook and script from Michael Meier to automatically add device identifiers for your VMs when using Autopilot Device prep
Automatically create corporate device identifiers for local running VMs
The latest podcast from Shehan Perera is here and it’s an Intune special with Anthony Porter and Andrew O’Young
If you want to use the 24H2 baseline, but want more control, here they are in Settings Catalog format from Tim Beer
Intune 24H2 Baseline as Individual Settings Catalog Profiles
For those of you with multiple Windows 365 machines, you might want to monitor the usage so you can make sure you don’t have unused machines using a license. This script from Tom Machado will hopefull save you some money!
Monitor and Track Cloud PC Usage from Intune in Bulk Effectively
Next, Ben Whitemore looks at the new Entra PowerShell module and whether you should start using it for your existing scripts
A Mini Dive into the Microsoft Entra PowerShell Module: An Intune Administrator’s Perspective
Now strong certificate mapping is being enforced, you may need to make changes within Intune as covered here by Joymalya Basu Roy
Understanding Strong Certificate Mapping Enforcement by Microsoft
For a high-level overview of how patching works with Intune, check out this post from Zab Rivera
https://www.zabrivera.com/intune-windows-patching-overview-a-birds-eye-view/
If you like a bit of risk in your life, consider using the built-in baselines. If you would rather a safe deployment, try this guide from Dustin Gullett
Next, here are some tips when moving to cloud native from Ola Ström
Configuring web kiosk mode has never been easy and there are many options to pick from. If you want a single app kiosk using Edge, try this guide from Peter van der Woude
Configuring a single app, full-screen kiosk with Microsoft Edge on Windows 11
Oliver Kieselbach has updated the excellent Autopilot Manager app to support device identifiers
If you are licensed for Remote Help, you may want to lock it down so it can only be used by certain users. Learn how here with Nicklas Ahlberg
Somesh Pathak has a deep dive into macOS platform SSO here looking at all of the available options
The Complete macOS SSO Playbook: Advanced Configuration Strategies Explained
Following on from the power automation released last week, Peter Klapwijk has the first in a new blog series here running through how to create a user onboarding automation yourself, starting with account enabling and using TAP
If you are using certificate based authentication for your WiFi and want to move to cloud native devices, this post from Jon Towles is a must-read
https://mobile-jon.com/2025/02/18/deep-dive-on-wireless-authentication-on-cloud-native-pcs/
Now for two posts from Joery Van den Bosch starting with a look at how to use TAP for passwordless sign-in on first setup
TAP (Temporary Access Pass), it’s not a dance… and Web Sign-in
With the final onboarding of Device Query for multiple devices, Joery looks at how to use Copilot to help with your KQL queries
Device Query for Multiple Devices – Security Copilot KQL generation
If you want a deep dive into the new multi-device functionality, have a read of this post from Rudy Ooms
Device Query for Multiple Devices, Device Inventory, and Single Device Query: Connecting the Dots
It’s obviously a popular release, also covered here by Joost Gelijsteen
Oktay Sari expands on the previous macOS security, looking at what you can configure on macOS for CIS Level 2
https://allthingscloud.blog/advanced-macos-protection-with-microsoft-intune-beyond-the-basics/
Next, Brady Widener looks at how you can rebuild devices with a USB stick and little to no user interaction!
https://www.edtechirl.com/p/zero-touch-usb-imaging-new-and-improved
To bulk import Intune policies, check out this script from Gannon Novak (and the backup one which goes with it)
https://smbtothecloud.com/bulk-import-intune-policies-and-configurations/
If you want to create a dynamic group to target just your Windows 11 devices, Damien Van Robaeys has the dynamic rule for you here
https://www.systanddeploy.com/2025/02/create-dynamic-entra-id-group-for.html
For those of you feeling incredibly brave, here is a script to redirect the downloads folder to OneDrive from Maxime Guillemin
Why I Finally Moved the “Dumpster” Downloads Folder to OneDrive
Prepare your environment for Copilot with this post from Simon Skotheimsvik
Video Content
Now for the video content, starting with a recap of the announcements at Ignite with Shady Khorshed, Fabio Bonolo and Jannik Reinhard
Steve Weiner looks at the better way to deploy Security Baselines in this video
We have the latest Tackling Tech series from Harjit Dhaliwal
Microsoft Content
Onto the Microsoft content with a guide on how to use Smartcard login from an Entra device to a domain joined server/AVD without line-of-sight from Dagmar Heidecker
A lot of you may be asked to remove and block Deepseek from your devices. Michael Dineen covers how on all of the main platforms here
Learn how to use payloadless PKG in macOS for scripting and other uses in this post from the Intune Support Team
That’s all for this week, have an amazing weekend and don’t forget to grab your tickets to Workplace Ninjas UK with the code “IntuneNewsletter”, they’re selling fast