It’s May already and the weather has been great this week, hopefully that continues into the summer! The warm weather hasn’t stopped this community though, we still have plenty of exciting content this week!
Community Content
We start this week with a useful script from Joe Loveless to help create fully random groups for your deployment waves
https://joeloveless.com/2025/04/entra-grouprandomization/
Jan Mulder continues the Cloud PKI series, this one demonstrating how to use a Device certificate with Defender for Cloud Apps to help identify your corporate devices
Part 3 – Defender for Cloud Apps Device Identification and Cloud PKI
If you are having issues with scheduled tasks not running on Windows 365 machines, you may well find the fix in this post from Michael Meier
Next, Tim Beer looks at security copilot for Intune, what it can do to help you, how much it costs and asks the question, should I be concerned as an Intune admin?
Microsoft Security Copilot in Intune: Navigating the Shifting Tides of Device Management
On the subject of AI, Peter van der Woude looks at how you can connect Power Automate and Microsoft 365 Copilot to make your Intune alerts a lot more thorough
Making Intune notifications smarter by using a Copilot agent
We now have two posts from Joery Van den Bosch, starting with a logic app to make EPM requests pop-up in your Teams to save having to constantly monitor the Intune portal (or wait until the user shouts)
Microsoft Enpoint Privileged Management (EPM) – Achieve better notifications
Joery’s second post looks at the new Intune Vulnerability Remediation agent which is now in preview as part as Security Copilot Agents
Introducing Security Copilot Agent – Intune Vulnerability Remediation Agent (Preview)
Windows Recall, it’s been looming for a while now, but looks like it may finally be arriving on a supported device near you. Learn all about it and how to control it at an enterprise level in this post from James Robinson
https://skiptotheendpoint.co.uk/from-criticism-to-confidence-windows-recall/
Custom compliance is often overlooked in Intune and it’s actually a very powerful option. You can find out how to use it here from Florian Salzmann
https://scloud.work/custom-compliance-windows-intune/
If you are looking at ways to control and manage admins on your devices, this post from Joël Prins is worth a read
https://intothecloud.eu/p/local-admin-segmentation
Always keep an eye on your Intune data, it’s essential for a secure estate. This post from Rod Trent covers some of the key things to look at
https://myitforum.substack.com/p/monitoring-and-analyzing-device-data
If you’re having issues with app installs, checking the logs will normally give some good clues. This example for Beyond Trust from Mecken Swyter will definitely help
https://meckenswyter.com/intune/intall-win32-apps-with-verbose-logging
You may have noticed Admin Templates (non imported) have now been retired and we are moving to Settings Catalog. Find out what that means to you here from Joost Gelijsteen
Windows device configuration policies are moving to Settings catalog template. What you need to know
For those of you considering Windows 365 link, here are some of the main benefits from Thomas Marcussen
If you’re ditching your on-prem infrastructure, this guide (with scripts) from Gannon Novak will help migrate your users to cloud only identities
https://smbtothecloud.com/how-to-convert-ad-connect-synchronized-users-to-cloud-managed-identities/
Entra group creep is definitely a thing, you create a group for something temporary and forget to delete it. Then in 6 months you want to tidy up and can’t remember if it’s still used. You could click through everything in the portal, or you could use this script from Amir Sayes
Is This Group Even Being Used? Introducing Get-IntuneAssignments!
If you need to troubleshoot Autopilot, Michael Niehaus has updated the go-to script to support Autopilot Device Prep as well as lots of other things, read all about it here
Arno van Dijk has a new series covering Intune Suite components, starting with a look at Enterprise App Management
https://www.xplorethecloud.nl/l/blog-series-intune-suite-part-1-enterprise-app-management/
Video Content
Now for the video content, starting with a look at securing your privileged users and their devices from Dean Ellerby
Next, we have a new tool from MSEndpointMgr to help manage your Windows updates with Nickolaj Andersen, Mattias Melkersen Kalvåg and special guest Johan Arwidmark
We have the latest Windows 365 AMA covering the Windows app on Android with Christian Montoya, Ankur Biswas, Rishi Pochiraju and Kingston Hui
Steve Weiner runs through using PowerShell and Entra extension attributes to create custom Intune groups here, well worth checking out
Learn all about Autopatch, especially now it is included in most licenses in this video from Jonathan Edwards
Microsoft Content
Onto the Microsoft content, starting with the official announcement of Security Copilot agents from Dilip Radhakrishnan
The all important Windows news and updates here from Thomas Trombley
That’s all for this week, have a great weekend!