September is here, the children are back to school and no doubt your workload has just doubled as everyone returns from holidays!
This weeks newsletter comes to you from Dortmund and the Cloud Identity Summit, as you read this, I’ll either be at the airport in Dusseldorf, or flying back home!
Win11 25H2 looms, be sure to check out the official post in the Microsoft content below.
Community Content
We start this week with something which I cannot stress the importance of enough, the enrolled user and compliance issues if you are enrolling with IT or DEM accounts. You really need to pay attention to this if you are enrolling with anything other than proper user based of self-deploying machines. Thank you Simon Skotheimsvik for putting this together!
With Windows Backup for Organisations now GA, Peter van der Woude looks at how to configure and use it here
If you’re having issues with device resets, it’s probably due to a recent update as covered here by Niall Brady and Paul Winstanley
Fortunately you can use Autopatch to expedite updates to fix that issue as Niall and Paul show you in this second post
Next, Joery Van den Bosch looks at multi-admin approval after the new additional functionality and also a gotcha to keep an eye out for
How to Set Up Intune Multi-Admin Approval with Ease – and a quirk
If you are looking to use Authentication Strengths in your CA policies, have a look at how it impacts both registration and B2B in this post from Jan Bakker
If you are hitting an Edge data directory error when setting up the Intune Connector, you can find the solution here from Peter Klapwijk
MFA on shared devices is a constant battle (and even more tricky on kiosks). If you are deploying shared devices, this guide from Chris Sellar will help you.
https://endpointmgt.com/p/intune-shared-devices-mfa-conditional-access/
For those managing HP devices, Claus Blaabjerg Hansen has everything you need here to keep your drivers up to date
Ewelina Paczkowska continues the excellent series covering all things Conditional Access (make sure you check out the previous posts too). This one looks at PIM, auth contexts and sensitive resources
If you have seen notices about secure boot certificates expiring, it is nothing to worry about as explained here by Mads Johansen
https://evil365.com/intune/SecureBoot-Cert-Expiration/
Everyone should have a document of the Intune config (and ideally keep it updated). This new tool from Ugur Koc will quickly generate it for you
https://www.intunedocumentation.com/
Rudy Ooms looks at the new functionality for quality updates during OOBE including what is happening behind the scenes here
Windows Autopilot now installs Windows Updates during setup (OOBE)
If you are managing Lenovo devices and want to switch to certificate based BIOS authentication using SCCM, try this guide from Philip Jorgensen
If you want to quickly check the latest Entra connect version, try this useful script from Will Francillette
https://www.french365connection.co.uk/post/entra-retrieve-entra-connect-version-information
Credential Guard and HVCI are now on by default in Windows 11. Learn more in this post from Thomas Marcussen
Windows 11 Security Boost – Credential Guard and HVCI Now Default
Video Content
Now for the video content, starting with a look at the different ways to deploy M365 apps from Dean Ellerby
Next, Niklas Tinner discusses some important Entra features with Sebastian Flæng Markdanner
Microsoft Content
Now for this weeks Microsoft content, starting with the all-important Windows News You can Use for August from Eric Moe with a lot of exciting announcements
Learn more about W11 25H2 in this post from Jason Leznek
We also have the latest skilling snack from Aria Hanson covering all things AI in Windows
That’s all for this week, have an amazing weekend!