View Online

Welcome to another exciting newsletter, bristiling with amazing content!

Community Content

We start with a look at the new “config refresh” functionality and how to enable it in your tenant from Peter van der Woude

https://www.petervanderwoude.nl/post/scheduling-automatic-policy-refreshes-for-windows-devices-without-requiring-a-check-in/

Nicklas Ahlberg also looks at Config Refresh and how to deploy it in this post

https://www.rockenroll.tech/2023/10/17/windows-11-config-refresh/

There is a new addition to conditional access to require MFA when accessing admin portals. Learn all about it here with Joey Verlinden

https://www.joeyverlinden.com/require-mfa-for-microsoft-admin-portals/

If you are managing macOS devices, this post from Somesh Pathak is well worth reading around managing updates of your Microsoft applications

https://www.intuneirl.com/streamline-your-mac-experience-with-ms-auto-update-tool/

A second post from Somesh this week looking at some recent errors with Windows Defender

https://www.intuneirl.com/guardians-unexpected-defiance-when-defender-goes-astray/

Rudy Ooms has released part 7 of the series looking at WinDc, this one investigating the refresh task seen on Intune joined devices

https://call4cloud.nl/2023/10/the-positively-true-adventures-of-the-alleged-migraterefreshtask/

If you manage any Intel NUC devices, you can use this script from Damien Van Robaeys to manage the BIOS settings on them

https://www.systanddeploy.com/2023/10/managing-bios-settings-on-intel-nuc.html

If you want to auto-assign Android Managed Google Play apps, check out this Logic App from René Laas

https://endpointcave.com/auto-assign-android-managed-google-play-apps/

For many, MDM scopes in Entra are a set and forget config, but sometimes those settings can cause issues as Shehan Perera found here

https://shehanperera.com/2023/10/16/mdm-user-scopes/

If you want to lock down your devices to allow printing to only certain approved printers, follow this guide from Katy Nicholson

https://katystech.blog/mem/restrict-printing

Next, learn all about custom device compliance, including a useful example with Harvansh Singh

https://endusersupports.com/index.php/2023/10/13/custom-device-compliance-policy-in-intune/

This excellent post from Jose Schenardie shows how to use the Windows Update log generation tool, deploy and run silently and grab the output remotely!

https://intune.tech/2023/10/18/Automate-Windows-Update-logs-generation-and-collection.html

Next, we have a post and script from Prajwal Desai showing how to create a local admin account on your macOS devices using Intune

https://www.prajwaldesai.com/create-a-local-admin-account-on-macos-using-intune/

On the subject of admin rights, learn how you can use access packages to provide temporary admin rights on your Intune managed devices in this post from Niklas Rast

https://niklasrast.com/2023/10/19/empowering-users-with-self-service-local-admin-rights-via-azure-ad-access-packages/

Whilst Settings Catalog keeps growing, there are times where manipulating the registry is a better (or only) approach. In this post, Florian Salzmann looks at the different ways to deploy registry keys using Intune

https://scloud.work/registry-key-with-intune/

Stephan van Rooij has released a new win32 prep tool which is fully open source and cross platform, well worth checking out

https://svrooij.io/2023/10/19/open-source-intune-content-prep

A new script from Harm Veenstra to report on the status of your autopilot profiles, devices and sync status

https://powershellisfun.com/2023/10/19/intune-autopilot-report-using-microsoft-graph/

If you are managing AVD machines, this post from Gannon Novak contains a remediation to deploy the Teams Machine wide installer to your hosts

https://smbtothecloud.com/keep-teams-machine-wide-installer-updated-on-avd-or-other-vdi-with-intune-remediations/

Learn how to use Graph to deploy incompatible winget store apps in this post from Sander Rozemuller

https://rozemuller.com/windows-store-app-not-supported-in-preview-in-intune/

Video Content

Now onto the video content, starting with a new series from the team at MSEndpointMgr, this time featuring Nickolaj Andersen, Mattias Melkersen Kalvåg and special guest Lavanya Lakshman covering all things Anomaly detection and Settings insights

https://www.youtube.com/watch?v=iU-7WHh3mk0

We also have a special edition of Windows in the Cloud from the Workplace Ninja Summit covering all things AVD and Win365 featuring Christiaan Brinkhoff, Morten Pedholt, Peter Daalmans and Ola Ström

https://www.youtube.com/watch?v=77SLVHCaHZw

The latest intune.training video is now live with Steven Hosking and Adam Gross. This one covers provisioning Android devices using Intune

https://www.youtube.com/watch?v=fR42uROrgsY

Microsoft Content

Now onto the Microsoft content, starting with news that you can now use EPM with your Windows 365 machine from Matt Shadbolt

https://techcommunity.microsoft.com/t5/microsoft-intune-blog/microsoft-intune-endpoint-privilege-management-for-windows-365/ba-p/3955940

We also have an excellent Intune migrations getting started guide here

https://download.microsoft.com/download/0/1/6/01612024-9e77-491a-b1fd-d3fb7a420927/Getting%20Started%20with%20Intune%20Migrations.pdf

The latest skilling snack has arrived and comes from Rafal Sosnowski looking at all things Bitlocker

https://techcommunity.microsoft.com/t5/windows-it-pro-blog/skilling-snack-bitlocker-management-for-enterprises/ba-p/3950803

Learn how to get early access to Intune Security Copilot here from Shravana Mukherjee and Lavanya Lakshman

https://techcommunity.microsoft.com/t5/microsoft-intune-blog/security-copilot-with-microsoft-intune-early-access-program/ba-p/3957274

That’s it for this week, have an amazing weekend!