Intune Newsletter – 12th January 2024

View Online

Community Content

This weeks first post is a must-read for anyone managing macOS devices. Ugur Koc has created a script to block users from installing apps using Homebrew

https://ugurkoc.de/block-homebrew-on-macos-with-intune/

Hybrid workers are an excellent solution if you are hitting the limits or restrictions on standard automation runbooks. Find out how to configure and use them in this post from Torbjorn (Mr T-Bone) Granheden

https://www.tbone.se/2024/01/09/build-hybrid-worker-to-run-intune-automation-tasks/

Next, Rahul Jindal looks at Entra Global Secure Access including configuring it and looking at how it works.

https://rahuljindalmyit.blogspot.com/2024/01/enable-manage-global-secure-access-for.html

Jannik Reinhard has created another excellent AI powered tool. This one takes your input and create Intune remediations for you, including a button to add the scripts into Intune!

https://jannikreinhard.com/2024/01/07/gpt-remediation-creator/

On the subject of scripts, if you need to retrieve any back from Intune, follow this guide from Sujin Nelladath on how to do so using Graph explorer

https://www.anoopcnair.com/intune-retrieve-powershell-scripts-msgraph/

Learn how to configure and use multi-admin approval for scripts within Intune in this post from Jan Mulder

https://wolkenman.wordpress.com/2024/01/08/intune-multi-admin-approval/

Whilst most machines come with Winget pre-installed, it usually needs an update before it will launch which can take 15 minutes or more. This script from Daniel Bradley will install the latest version for you during Autopilot

https://ourcloudnetwork.com/how-to-install-winget-using-intune/

We have a second post from Daniel, looking at the different ways to deploy M365 apps, including a useful script to download directly from CDN

https://ourcloudnetwork.com/how-to-deploy-microsoft-365-apps-with-intune/

If you need to add Apple devices into your ABM environment but don’t have a device running macOS, this post from Timmy Andersson shows you how to use Apple Configurator on iOS to import them.

https://timmyit.com/2024/01/08/use-apple-configurator-on-ios-to-add-device-to-apple-business-manager-school-manager-without-a-mac/

Stephan van Rooij has released a new tool to quickly package and deploy Winget apps to Intune. You can find all about it at the new website here

https://wintuner.app/

Learn how to deploy the Cisco Umbrella roaming client here with Gannon Novak

https://smbtothecloud.com/deploy-the-cisco-umbrella-roaming-client-with-intune/

Dynamic device tagging is now generally available for Defender for Endpoint. Find out how to use it in this post from Joey Verlinden

https://www.joeyverlinden.com/dynamic-rules-for-device-tagging-in-microsoft-defender/

Unless you are running shared devices, you probably don’t want any machines without a primary user assigned. This logic app from Damien Van Robaeys will report on any and then upload to SharePoint in CSV format

https://www.systanddeploy.com/2024/01/export-devices-without-primary-users-to.html

I imagine many of you will want to control enabling Windows Copilot across your devices. This post from Ola Ström will show you how to block and allow it

https://www.olastrom.com/2024/copilot-in-windows-how-to-turn-it-off-using-ms-intune

If you are not currently using Windows safeguard holds, this post from Thomas Marcussen is well worth reading!

https://blog.thomasmarcussen.com/key-things-to-know-about-windows-safeguard-holds/

Vidya Sasidharan has been lucky enough to test out the cloud PKI functionality coming soon to the Intune Suite. You can learn all about it here

https://www.anoopcnair.com/root-issuing-ca-using-intune-cloud-pki-service/

If you have apps which will need a restart on completion, this post about grace periods from Peter van der Woude is worth reading

https://www.petervanderwoude.nl/post/working-with-the-restart-grace-period-of-win32-apps/

Next, Nick Benton shows how to use device extension attributes alongside conditional access filters

https://memv.ennbee.uk/posts/device-attributes-cap/

Rudy Ooms has gone digging into EPM again, this time trying to work out what the new ECS feature could be

https://call4cloud.nl/2024/01/race-for-experiments-epm-vs-ecs/

Video Content

Now onto the video content, starting with how to get MSIX files directly from the vendor with Dean Cefola

https://www.youtube.com/watch?v=bqW0ZbcLOaQ

Next, we have a very comprehensive tutorial from Saurav Sarkar covering Apple enrollment with Intune

https://www.youtube.com/watch?v=_GnW22pi1Og

The latest Workplace Ninja User Group UK meeting features Ugur Koc and looks at a quick way to offboard devices. The slides are also linked below the video

https://www.youtube.com/watch?v=o4zDg6ZLo4I

The slides are here:

https://github.com/ugurkocde/meetup_slides/blob/main/WPNUK_01092024_Offboarding_devices_from_Intune_EntraID_and_Autopilot.pdf

Chander Mani Pandey continues the macOS management series, this video covers configuring the MDM push certificate

https://www.youtube.com/watch?v=wc8UBze0ub8

We have the latest GetRubix podcast, this time Steven Weiner discusses WDAC with Craig Ranger

https://www.youtube.com/watch?v=4Zl1Be6ydRc

Microsoft Content

Our first Microsoft content this week comes from Jonas Ohmsen and looks at iOS device management in its entirety

https://techcommunity.microsoft.com/t5/core-infrastructure-and-security/intune-ios-ipados-management-in-a-nutshell/ba-p/4015363

One of the beta device configuration report APIs is being removed. Learn more about how this here from the Intune support team

https://techcommunity.microsoft.com/t5/intune-customer-success/removal-of-several-microsoft-graph-beta-api-s-for-intune-device/ba-p/4027667

That’s it for this week, have a great weekend!