Welcome to another Intune newsletter filled with astounding content from this incredible community!

View Online

Community Content

We start this week with a look at the often underused filters with Joost Gelijsteen, the only way to exclude devices from user based assignments!

https://joostgelijsteen.com/filtering-youre-way-around

Next, Peter van der Woude looks at options when dealing with Windows BYOD (whilst avoiding enrolling them)

https://www.petervanderwoude.nl/post/working-with-personal-windows-devices

We now have two posts from Rahul Jindal, the first looking at how to use conditional launch with MAM and the end user experience

https://rahuljindalmyit.blogspot.com/2024/05/using-conditional-launch-in-intune-app.html

Rahul’s second post demonstrates how to give your macOS users access to Visio

https://rahuljindalmyit.blogspot.com/2024/05/microsoft-visio-for-macos.html

If you’re hitting issues with certificate connectors, this in-depth post from Joymalya Basu Roy has troubleshooting steps for you to follow

https://joymalya.com/intune-certificate-connector-certificate-expired

Michael Meier continues the config as code series, this one demonstrating how to create a custom OMA-URI WDAC policy in Azure Devops

https://mikemdm.de/2024/05/12/create-wdac-policy-in-azure-devops-config-as-a-code-part-3

If you are using Enterprise SSO and want to switch to Platform SSO, this post from Florian Salzmann will help make it a smooth transition and avoid 10002 errors

https://scloud.work/intune-assigment-error-10002-platform-sso

Florian also runs through using Platform SSO and Entra Join on your macOS devices

https://scloud.work/entra-join-platform-sso-for-macos-with-intune

To use LAPS, you (currently) need to create an admin account first. Learn the different ways of doing so in this post from Curtis Cannon

https://traversecloud.co.uk/create-local-accounts-on-managed-devices-with-intune

One of the key advantages of using Endpoint Security settings over standard config policies is that you can delegate access to the security team without letting them see everything. Follow this guide from Jan Mulder to see how to set up the permissions from within MDE

https://wolkenman.wordpress.com/2024/05/15/mde-intune-permissions

With the recent security risk from Quick Assist, Jan also has a remediation here to remove it

https://wolkenman.wordpress.com/2024/05/17/remove-quick-assist

Jon Towles has released the second part of the Windows 11 best practice series, this one covers your security policies

https://mobile-jon.com/2024/05/14/windows-11-best-practices-part-two-security

This post from Thomas Marcussen shows how to use Intune for the ultimate Apple Device management experience

https://blog.thomasmarcussen.com/enhancing-apple-device-management-with-microsoft-intune

If you need a bit of flex in your W365 frontline licensing, check out concurrency buffer as covered here by Dominiek Verham

https://techlab.blog/the-frontline-concurrency-buffer-explained

Niklas Tinner looks at using exclusions and access packages with Conditional Access to improve your security posture

https://niklastinner.medium.com/conditional-access-exclusion-management-ea1495fdd820

Video Content

Now onto the video content, starting with a demo of Platform SSO from Steven Weiner

https://www.youtube.com/watch?v=0CQvQs9C4eQ

If you’re using the excellent autopilot branding script but noticed an issue with the search icon, Steve has you covered in this second video

https://www.youtube.com/watch?v=mBfy1IYsf20

Steve also demonstrates how to use Windows Sandbox for app testing

https://www.youtube.com/watch?v=wb_AghwDGoM

Learn all about Copilot for Security from the Microsoft experts including some exciting demos, featuring Lavanya Lakshman, Mike Danoski, Zach Dvorak, Ravi Ashok and Amit Ghodke

https://www.youtube.com/watch?v=WluiktKiIQs

Next, Dean Ellerby looks at the new Cloud version of Patch My PC

https://www.youtube.com/watch?v=QkZIRcDCszk

Next, Andy Jones runs through how to setup and use platform SSO for macOS

https://www.youtube.com/watch?v=E8NoqkZJ5Xg

Microsoft Content

Now for the Microsoft content this week, starting with a look at how to protect your corporate data in Edge using conditional access and app protection from Santos Martinez

https://techcommunity.microsoft.com/t5/intune-customer-success/secure-your-corporate-data-using-microsoft-edge-for-business/ba-p/4137256

If you have Teams devices running as Device Admin, this is a must read from Tabish Javed

https://techcommunity.microsoft.com/t5/microsoft-teams-support/moving-teams-android-devices-to-aosp-device-management/ba-p/4140893

That’s all for this week, have an amazing weekend!