What's new in Microsoft Intune (2405)
HTML-код
- Опубликовано: 9 июн 2024
- MSEndpointMgr team is ready with yet another season of What's new in Microsoft Intune.
We go through all of the new implemented features for Windows in the last months and at the same time, demo and talk through how they could be utilized in your environment.
2405
(02:05) Monitor device delete actions
(05:25) Customize your Intune admin center experience
(07:35) Autopilot device prep
(21:05) Updated Company Portal (Preview)
(29:10) Updated security baseline for Microsoft Defender for Endpoint
(35:30) End user access to BitLocker Recovery Keys for enrolled Windows devices
(43:20) New version of Windows hardware attestation report
(48:25) Optional Feature updates
(54:35) Stage Android device enrollment
(59:55) Encryption stopped working, what happened?
#MSIntune #ConfigMgr #Reports #Windows10 #Windows11 #Winget #Debug #WhatsNewInMicrosoftIntune #MDE #Security #Android
I really love your videos. Keep up the excellent work!
Thank you very much!
Sorry for the terrible sound, I had forgotten to move my mic closer (it's standing behind my monitor) 😅
Great insight with the Bitlocker policy. Maybe Mattias could show us how he set up the log analytics workspace and show us some more example queries?
Yep I can indeed do that.
Thanks guys - looking forward to the macOS stuff :)
Thanks Pelle.
Nickolaj, I know your office isn't done yet, but maybe grab some cushions or towels or something to reduce the echo in the room a bit?? It's hard to hear you. Thanks!
Noted. Thanks for the feedback!
Thanks again guys. Would be interested to hear how you guys are exporting the log files to do your own reporting? Is it Automated?
Hey thank you for the message. Can you elaborate on what logs you would like to export in terms of reporting?
11:55 - We were too eager and added many of our computer to Autopilot in the beginning before we knew what it would do in the back end and ended up with a whole load of these temporary entra objects (they show up as NO_SERIAL in many reports). Is there any way of removing them? We have since removed all but required devices from the AP Device list.
18:28 - I added the correct SP as the owner of the group but the ADP Profile keeps removing it after I save the profile. No idea what's happening. I also don't have the tuple csv upload option yet so I'm wondering if those are related.
Finally - first time watching this series, well done! The only critique I have is Nickolaj's voice is a bit difficult to hear due to the room echo. Perhaps a headset mic or dedicated lapel mic would be better?
I see that can become a problem. I don’t think there really is any solution to it other that what you already done.
Could be issues in your tenant. Do you see same behaviour if you try another one?
I will buy a new Mic for Nickolaj 😂 thanks for the comment 👌🏻
@@MSEndpointMgr Ah okay, maybe I will need to open a support ticket because the Object ID's of these NO_SERIAL devices don't show up anywhere (Entra or Intune).
I don't have another tenant to try with but I will try creating a new group to test with.
Hooray for Nickolaj 😛
@@MrMarcLaflamme sounds like a good idea!
@@MSEndpointMgr it didn’t work 🙁. I’ve only found one other user so far who has experienced this (on Michael Niehaus’s blog). It’s very odd. I dread having to open a support ticket with MS.
@@MrMarcLaflamme sounds like it. Let us know how it went
hello guys, may i get your query to find out changes described in video? :)
Sure 😀
IntuneAuditLogs
| extend AdminAccount = tostring(parse_json(tostring(parse_json(Properties).Actor)).UPN)
| extend AdminAccount = iff(isnotempty(AdminAccount), AdminAccount, tostring(parse_json(tostring(parse_json(Properties).Actor)).ApplicationName))
| extend AdminDetailsURI = iif(AdminAccount !contains "System", strcat('portal.azure.com/#view/Microsoft_AAD_UsersAndTenants/UserProfileMenuBlade/~/overview/userId/', AdminAccount), "")
| extend ApplicationName_ = tostring(parse_json(tostring(parse_json(Properties).Actor)).ApplicationName)
| extend Application = tostring(parse_json(tostring(parse_json(Properties).Actor)).Application)
| extend ModifiedProps = tostring(parse_json(tostring(parse_json(tostring(parse_json(Properties).Targets))[0].ModifiedProperties))[0].Name)
| extend New_ = tostring(parse_json(tostring(parse_json(tostring(parse_json(Properties).Targets))[0].ModifiedProperties))[0].New)
| extend Old_ = tostring(parse_json(tostring(parse_json(tostring(parse_json(Properties).Targets))[0].ModifiedProperties))[0].Old)
| extend IsDelegatedAdmin_ = tostring(parse_json(tostring(parse_json(Properties).Actor)).IsDelegatedAdmin)
| extend ObjectId_ = tostring(parse_json(tostring(parse_json(Properties).Actor)).ObjectId)
| extend Action = tostring(parse_json(tostring(parse_json(Properties).TargetDisplayNames))[0])
| extend AuditEventId = tostring(parse_json(Properties).AuditEventId)
| where isnotempty(Application)
| project
TimeGenerated,
AdminAccount,
OperationName,
Action,
ResultType,
AdminDetailsURI,
AuditEventId
1st 😀
Lovely 🥳👏🏻