Skip to main content
MEM v ENNBEE - Battles with Modern Endpoint Management

Nick Benton

I’m Nick Benton (ennbee), an end-user computing specialist with over a decade of experience in consulting, architecture, design, and implementation of modern device management, and enterprise mobility solutions. I currently have the role of Principal Cloud Endpoint Consultant at Phoenix Software Ltd who are the Global Microsoft Partner of the Year for Modern Endpoint Management 2023, where my main focus is assisting customers in their road to a modern workplace cloud first approach, using Microsoft Intune, with a focus on migration, security and zero touch deployments.

I use this website as a platform to share content with the community, based on solutions I find, to problems encountered in real world scenarios.

Renaming Windows Autopilot v2 Devices
· loading
Microsoft Intune Windows 10 and later Windows Autopilot Windows Autopilot Device Preparation Custom Profiles
So Microsoft released Windows Autopilot Device Preparation, or more commonly known as APv2, into General Availability a little while ago. So with this production release we should be able to name our corporate owned Windows devices right Microsoft? Right?
Patching Gaps in the CIS Windows 11 Benchmark - Level 1 Windows Autopilot
· loading
Microsoft Intune Windows 10 and later Security Center for Internet Security (CIS) Windows Autopilot Windows Hello Settings Catalog PowerShell
With the CIS BitLocker and associated DMA settings reviewed and updated, now is time to delve into the Windows 11 specific settings that exist in the CIS Level 1 benchmark. What issues do they bring to Windows Autopilot, what solutions can we find? Honestly, who knows.
Patching Gaps in the CIS Windows 11 Benchmark - BitLocker
· loading
Microsoft Intune Windows 10 and later Security Center for Internet Security (CIS) Custom Profiles BitLocker Direct Memory Access Settings Catalog
Everyone loves a security benchmark, and with the imminent move to Windows 11 for everyone, the Center for Internet Security released version 3.0.1 of theirs, including a build kit for Microsoft Intune, but what does this build kit break for BitLocker encryption?
Creating Windows Autopilot Virtual Machines on macOS
· loading
Microsoft Intune macOS Windows Autopilot Windows Autopilot Device Preparation Device Enrolment
With all this chat about macOS device management in Microsoft Intune, I wonder how many people are macOS users but still need to test Microsoft Intune settings on Windows devices? Well fear not, there is a way to deploy a Windows Autopilot Virtual machine on your macOS device for testing.
Risk Based Windows 11 Feature Update Deployment - Automation
· loading
Microsoft Intune Windows 10 and later Software Updates Dynamic Groups PowerShell Graph API Automation
The final part in this series looks at how to bring everything together under a single, repeatable script, allowing for the capture of readiness state, the tagging of devices to support the distribution of Windows 11 23H2.
Configuring Google Chrome on macOS for Platform Single Sign-On
· loading
Microsoft Intune macOS Configuration Custom Profiles Security Conditional Access Platform SSO
With all the hype about Platform SSO on macOS devices, now is the time to try out not just the standard functionality, but the integration into web browsers such as Google Chrome. We take a look at how to configure this using Microsoft Intune.
Risk Based Windows 11 Feature Update Deployment - Feature Updates
· loading
Microsoft Intune Windows 10 and later Software Updates Dynamic Groups PowerShell Graph API
Using the data captured from a Windows 11 Feature Update Readiness report to successfully tag device attributes to device objects, and group them based on risk, we now look at how to deploy Feature Updates to these devices in a controlled manner.
Risk Based Windows 11 Feature Update Deployment - Device Attributes
· loading
Microsoft Intune Windows 10 and later Software Updates Dynamic Groups PowerShell Graph API Automation
Having looked into capturing the Feature Update Readiness data for Windows 11 23H2 for our Windows devices, we can now use this risk based data to tag them with their associated risk, grouping them together to allow for sensible Feature Update profile assignment.
Software Update Deployment Rings for Managed macOS Devices
· loading
Microsoft Intune macOS Software Updates Dynamic Groups Security National Cyber Security Centre (NCSC)
So you’ve pulled the trigger on managing macOS devices in Microsoft Intune, and with this year being the year of macOS for Microsoft (this seems like an oxymoron), you should probably look at how to handle software updates.