Its been a while and because there was a fair bit of interest in version 1 of my Autopilot Quick Links document I thought it was time to make some updates. Thanks so much to all the great blogs and articles community members have produced. If you are researching or learning about Microsoft Autopilot life is made so much easier when you have a quick reference guide, right ?  These are blogs and videos i've come across and also include resources others have requested to be added to IQL. They have helped me in my learning expererience so I wanted to share this for you to benefit from. As always if you find this useful then please provide some feedback or send me your links to articles and I will contiunue to maintain this list. In the meantime feel free to download the PDF document. Happy learning. 

Filters were introduced to Intune around mid 2021 and for some reason have mainly escaped me up to this point. I like many have used Dynamic groups as the default approach when needing to narrow down the  assignment of compliance policies, configuration profiles and applications. Filters however bring a number of welcome improvements to the table we will go through in this blog.

Filters introduce a way of applying advanced targeting and in some scenarios performance benefits to help you replace the use of dynamic group assignment. When it comes to defining and applying Filters you typically need to make the right architectural decisions for your own Intune deployments but filters add a new layer of targeting definitely worth considering. The natural way of structuring your users and devices hasn't changed by creating Azure Active Directory 'Groups'. By creating these you are defining a hierarchy and structure that reflects your organisation which may be through specific teams of people such as the 'Sales team' or device types 'Windows 11 devices'.  These are still relevant and provide the baseline for assignment to your applications, policies and profiles. For each of these groups where Microsoft have added the option for filters, you now have the ability to narrow the assignment scope that best fits your needs.

We do need to mention 'Virtual Groups' as these include 'All users' and 'All devices' and by default they don't have any management overhead meaning there is no need to first create or make changes for these. Its worth noting that every time you create a new group (one that has never been used before in an Intune assignment) they go through a first-time setup process together with a membership sync. This first sync will always take longer than subsequent (incremental) syncs. The upside to these virtual groups is that they are stable and highly optimized for assignment. The use of these may be few and far between so most admins will break down all users and all devices into sub groups. As a result the groups you create need to be synchronized from Azure AD and evaluated for assignment. And therein lies the major benefit for me, the performance of assignment. I have seen technical community requests for information when it comes to dynamic group assignment for example. The underlying issue is it sometimes takes longer than expected especially on larger group assignments to verify the members that apply to the dynamic groups which can then delay an app or policy being deployed or even delay an enrolment. 

July 8th, 2022 by Andrew Jones

I’m sure you will agree that using passwords is on a road to extinction. Hi there is this blog post Im going to cover the topic of security and going Password-less using FIDO2 Security keys. If you would prefer to watch the video version of this head over to Youtube https://youtu.be/Kq74imD6KPY
In this blog I will cover setting up Azure AD, Microsoft Intune and registering a hardware security key for a single test user.
Let me start by saying a special thanks to Feitian who kindly provided me with three of their FIDO2 security keys. And I’ll be using one of these the K26 to demonstrate how it works in a Password-less experience.
Before we dive into the detail, we first need to look at some of the background and put some context around this topic. Recent statistics show around 81% of cyberattacks are due to comprised username or passwords. So, when we look at the use of passwords, old security approaches in the enterprise simply no longer apply. When we think about it the only people who like passwords are hackers. We have to create and remember them which is why help desks get so many calls and not only are they expensive to manage but easy for hackers to guess.
So the first approach and one quickly becoming a standard is to turn on multi-factor authentication which reduces the risk considerably. We won’t go into setting this up or configuring this here but take a look at the Microsoft article in how to achieve this.  Enable Azure AD Multi-Factor Authentication - Microsoft Entra | Microsoft Docs
It is important to highlight that 2 factor Authentication using passwords is not the most convenient and secure method we can use. The diagram below shows a representation of the current guidance on this.

the When you're looking to migrate your infrastructure into the cloud they're generally two areas of concern
that pop up time and time again, these include your applications and group policy objects (GPOs). So in this blog I'm going to look at how you collect your group policy objects, analyse them within Microsoft Intune, and deploy available settings to Windows devices. 

When examining a GPO policy within Intune, you'll first require a GPO report file. This you can either create directly or create a backup of an existing Group Policy object and requires a report .xml file. To achieve this, launch your group policy management within your own environment (Domain) and navigate to the group policy objects. Select a specific GPO for examining and then right click that GPO to make a backup. You will need to select your destination and then take a a copy of what is the gpreport.xml file. This will then be the report file you can use to import into your Intune environment.
 
With your gpreport file saved Login to Microsoft Endpoint Manager admin center using an Intune administrator or  Global Admin account and navigate to: Devices > Group Policy analytics.
 Please note: this is currently still in preview at the time of doing this blog but i'm hoping it will become GA fairly soon (Fingers crossed). 
Import your GPO into Intune
​The next step is to hit the import option and select the report file you backed up previously. After you have imported the gpreport.xml file it will first show that it's being processed and then that it has been 
imported. Go ahead and close that option after which the page will start showing details straight away. 
If we take a look at my actual imported gpreport.xml in more detail you will notice that basically what it has  imported is a computer GPO which has a number of settings. The setting types contained within this group policy includes things like clear text password, lockout bad count and minimum password age.

So i'm a little late to the game on this I know but when it comes to proactive remediations with Intune it is a bit of a waiting game. I'm obviously referring to that short time frame before you start seeing some great examples appearing within the community. There are now probably 100's of great blogs and PR packages created which address real life issues and help simplify an admin's role. We can all learn by example but also why reinvent the wheel.
    
On my own path to understanding what Proactive Remediations are and how they can be applied I have used many of these to better my knowledge so I thought Id create a Quick links on these for you guys. A big thanks to all early adopters and especially those willing to share their experience and hard work. 

Watch out for my forthcoming YouTube video where I introduce and test out Proactive Remediations for myself and even develop my own to share. Meanwhile take a look and download my 10 getting started links provided by community members.