Congratulations, you have completed the first week back and hopefully by now are on top of your Inbox.
It’s been a quieter week this week (I think we had more content Christmas week) which is probably everyone playing catch-up and lacking the free time, but there is enough here to get you to the weekend and of course, it’s quality, not quantity!
Community Content
We start this week with a look at how Intune could be used to exploit your devices and how you can monitor for it in this post from Thomas Kurth
Gerry Hampson continues the excellent series in Intune Agents (if you haven’t yet read the first two, start there!). This one looks at the policy configuration agent
http://gerryhampsoncm.blogspot.com/2026/01/my-first-look-at-intune-agents-part3.html
If you’re tired of people not logging out of shared devices, try this script from Nick Benton
https://www.oddsandendpoints.co.uk/posts/windows-idle-logoff/
I know the future is all about employee self-service, but does setting default apps in Windows really have to be this complicated? Allester Padovani runs through how to configure it here
https://endpointtechblog.com/blog/how-to-deploy-windows-default-apps-with-microsoft-intune
I’m sure you all have break-glass accounts, but how many are being used for quick changes? If this sounds familiar, or you are genuinely not sure, have a read of this post from Roman Padrun
https://www.cloudcook.ch/breakglass-accounts-how-to-do-them-properly-without-cheating/
Next, Ugur Koc has put together a website containing a lot of Intune community tools here. Make sure you add any you think are missing though!
https://www.awesomeintune.com/
You have your CA policies nicely running, stopping access from certain countries and then an exec goes on holiday. Traditionally you would probably add an exception on that policy and set a reminder for when they return, then forget. Daniel Bradley shows how you can use Graph to set time based policies here
It’s 2026 and that means one thing, secure boot certificate expiry. Grab this remediation script from Kevin Malinoski to see how many of your devices haven’t updated yet
Kick Off 2026 Right: Audit Your Windows Endpoints for Secure Boot Certificate Readiness
Kiosks, iOS, Android, Windows, single-app, multi-app, I’ve always found them to be easily the most troublesome thing to build. If you are building a multi-app Windows kiosk, this guide from Dustin Gullett should help immensely
Kiosk Chaos to Calm. Building Multi-App Assigned Access with Intune
With PC components getting a lot more expensive (thanks AI), you might be trying to get a bit more life out of your existing fleet. Monitor disk usage and remediate it with this dashboard and scripts from Damien Van Robaeys
https://www.systanddeploy.com/2026/01/disk-size-usage-dashboard-understand.html
Next, Michael Mardahl has a fix for the latest potential back-door hackers can use to access your tenant and fortunately it’s easy to implement, learn more here
If you haven’t heard (or tried) Windows 365 Reserve, it’s an excellent option for forgotten/lost/broken devices. Find out more about it here from Dominiek Verham
Video Content
Now for the video content, with the second part of Win32 app packaging series from Manish Bangia. This one is looking at deploying more complex applications, in the demo, .Net Framework 3.5
Microsoft Content
Onto the Microsoft content with the all important Windows News you can use for December from Eric Moe
That’s all for this week, have a fantastic weekend!