There's some companion apps coming to #Windows11 via the M365 Desktop Apps that might catch admins or users off-guard, so I've put some thoughts and information together in a mini-blog.
skiptotheendpoint.co.uk/m365-compani...
๐ฐ #OIB Windows v3.6 - Post-MMS Edition!
- More 24H2 baseline settings
- New LAPS account management
- M365 Apps Baseline!
Check out the release notes below:
github.com/SkipToTheEnd...
I'll find someone here to bring one back for you ๐
#MMSMOA is almost upon us!
Start your conference right with a dose of the #OpenIntuneBaseline, and asking a good question may reward you with a special shiny SkipToTheEndpoint sticker!
8am, Lakes B!
Sign up here: stte.me/mmsoib
๐ฌ #Windows Recall had a rocky start, but where do we stand now as it moves into GA? With a complete security overhaul, fresh admin controls, and a default-off strategy, the improvements are promising!
Interested to read a more optimistic view?
stte.me/recallisgreat
They've addressed the enterprise-readiness because yeah, the initial announcement was awful.
While I somewhat agree as I also work across physical and virtual devices, the security necessary for it so heavily ties it to a device.
I've been loving the Snapdragon Surface though!
After picking up a Surface and having some time to play with #Windows #Recall, I'm working on a blog all about it, but am already fed up with seeing posts about policy not working.
So let me make this as clear as I can:
It's an absolute pleasure to be invited back to the @mmsmoa.bsky.social to talk all about the #OpenIntuneBaseline!
Interested in how it all started? Not sure how to get the most of it in your environment? I'm stoked to be able to tell you all about it!
sched.co/1uF7c
I am deeply unhappy that these things now qualify as being "dad rock". And that I'm the dad.
๐ฐ OIB Windows v3.5 - 24H2 Baseline Edition!
A surprise drop of some settings and an updated 24H2 Intune baseline brings some of those additions (and some extra goodies) to the Windows OIB.
Check out the changelog below!
github.com/SkipToTheEnd...
Since about April last year. It's also a bypass to other policies blocking access to the Store (mostly).
Though those policies are largely security by obscurity and not a valid alternative to proper Application Control.
๐ฌ It's been a quiet couple of months on the #Intune front, so what's better than getting Intune 2501 in February!
New Edge settings, more Apple DDM, and CSP control over the upcoming #Windows #Recall feature.
skiptotheendpoint.co.uk/settings-run...
So you're saying I should have jumped straight to v95? ๐
The multiple entry points to configure things like this and WHfB confuse so many people.
Like Windows LAPS, I think they should only be configurable via Endpoint Security > Encryption.
๐จ #OpenIntuneBaseline Windows v3.4 Released!
New additions and some things to be aware of, such as the fact all policy names have been updated.
Thanks for all the community input. You guys rock.
Check out the release changelog below:
github.com/SkipToTheEnd...
Haha. Also not wrong.
That being said, I've seen the mechanism for configuring the start menu break like 5 times in the last few years. There's far better things for admins to be worrying about on a daily basis than chasing a goose with a knife ;)
Haha, tell me about it. That naming scheme alone is a labour of love.
If they're not descriptive and someone who's not sure can't at least take a guess at where a thing might be configured, what's the point?!
๐ฐ OIB 3.4 News!
I'm busy finalising changes/updates to v3.4 of the #OpenIntuneBaseline.
Some forewarning of a "breaking change" in that all policies have been renamed to show where they actually exist (ES - Endpoint Security, SC - Settings Catalog).
I still don't like it :(
Another day, another "x policy/remote action isn't working on our iOS devices" issue.
Just because you used Corp Identifiers, or switched it from Personal to Corp doesn't mean that device is Supervised.
Stuff won't work as you expect.
Enrol your devices properly, guys!
Is this another hilarious #Windows en-GB install media localisation issue where "checked" has been replaced with "ticked"?
24H2 26100.2605
Copy > Paste > Scale
Thanks! Glad they were valuable.
Pretty sure I just had to stop and disable AppArmor entirely, though I'm not sure if that's necessarily the best thing to do:
ubuntu.com/server/docs/...
๐ฌ Following from last week, Part 2 in the story of #Windows CSP and #Intune policy deployment.
ControlPolicyConflict, Policy Scope and MMP-C, oh my!
Happy Holidays!
skiptotheendpoint.co.uk/windows-csp-...
๐ฌ Do you administer #Intune or support Intune-managed devices?
Do you know how policy gets delivered to devices, and how the OS handles them?
Check out part 1 of 2 all about the nuance and intricacies of #Windows CSP's!
skiptotheendpoint.co.uk/windows-csp-...
Oh my I think it finally happened! The #Defender security "recommendation" to implement a now-defunct version of LAPS has disappeared!
Can't seem to find any official changelog though.
It's a Festivus miracle! ๐
There are also some super cool capabilities in the EMS, like a one-click way to automatically block all other browsers which deploys a pre-built AppLocker config in Intune!
learn.microsoft.com/en-us/deploy...
๐จYou can now enable monitoring of channels and updates in the #Edge Management Service!
learn.microsoft.com/en-us/deploy...
You may also notice all #Intune Settings Catalog policies in the "Configuration policies" list.
I'm writing a blog as there's some chance for danger here...
Is this #Defender #ASR recommendation notification new?!
Incredibly cool that it's analysed the logs, seen no audit or warn events and actively suggesting to deploy it with as associated user impact!
