Security
Software Update Deployment Rings for Managed macOS Devices
·
loading
Intune
Apple
macOS
Updates
Groups
Security
I’ve been waiting a little while to put this post together, as unlike the monthly release of Windows Updates, macOS updates come few and far between, with the recent release of Sonoma 14.4 on March 7th 2024, giving me an actual update to test any phased update configurations.
Remediating BitLocker DMA Exception Errors with Microsoft Intune
·
loading
Intune
BitLocker
PowerShell
Windows 10 and later
Security
Silently encrypting Windows 10 and later devices in Microsoft Intune isn’t anything new, removing reliance on Administrator permissions to encrypt a device during either Windows Autopilot or otherwise, as long as your configuration meets the pre-requisites and you’re only using a TPM (Trusted Platform Module) as a pre-boot authentication method.
Creating Reusable Groups of Firewall Settings for Microsoft Online Services
·
loading
Intune
Security
PowerShell
Graph API
Settings Catalog
Windows 10 and later
If you’ve been living under a rock, or you don’t have to deal with firewall and proxy requirements for accessing Microsoft Online services, you probably won’t be aware that Microsoft publish their URLs and IP addresses for their services using a web service.
A Flexible Approach to Microsoft Update Deployments
·
loading
Intune
Windows 10 and later
Updates
Groups
Security
So this isn’t the first time we’ve looked at improving the management of updates using Microsoft Intune, and probably won’t be the last time either, especially with declarative device management looming, for Apple and hopefully Windows devices, covering configuration of software updates.
Keeping Windows Store Apps Updated with Microsoft Intune
·
loading
Intune
Windows 10 and later
Updates
Remediation
Apps
PowerShell
Windows Autopilot
Security
So we’re all onboard with the New Microsoft Store, and deploying both UWP and Win32 apps from Microsoft Intune is an absolute breeze, and reduces the effort of deploying applications to a click click next OK exercise. What about the UWP apps that are already installed on a Windows Autopilot device, shouldn’t we give them a bit of love?
Using Entra ID Device Attributes for Conditional Access Exceptions
·
loading
PowerShell
Graph API
Security
Conditional Access
Imagine you’ve spent time getting your Windows devices enrolled into Intune, they’re all getting Device Compliance policies, and you’ve finally pulled the trigger on your shiny new Conditional Access Policy that require device compliance for all your users across Windows devices, and low and behold, you’ve broken access to Microsoft 365 authenticated services from your Remote Desktop service environment, or even VDI environments.
Modernising Microsoft Intune Firewall Rule Policies
·
loading
Intune
Windows 10 and later
PowerShell
Graph API
Settings Catalog
Security
If you’ve ever experienced the joys of migrating Group Policy and in particular Windows Defender Firewall rules away from Group Policy to Microsoft Intune, you’ve probably encountered the Rule Migration Tool, and for now this tool has worked well, beavering away grabbing firewall rules from a source Windows 10 or later device and punting them straight in Microsoft Intune.
Intelligent Phased Windows Update for Business Deployments
·
loading
Intune
Windows 10 and later
Updates
Groups
Security
You might have been asked the question, especially from organisations that currently utilise Microsoft Configuration Manager, about how you mimic existing Device Collections used for Software Update deployments in Microsoft Intune.
With Configuration Manager having the backing of Microsoft SQL, and a hardware inventory that collects every granular detail about Windows devices, splitting out your device estate into logical phases is very easy to achieve.
Revisiting macOS National Cyber Security Centre Security Settings
·
loading
Intune
Apple
macOS
Security
NCSC
Configuration
We looked at some of the ways to secure macOS devices in Microsoft Intune, aligned with the NCSC platform guidance in macOS National Cyber Security Centre Security Settings in Intune, but this was when macOS device management in Intune was, at best, in beta.