Hi folks!
I am running out of days for my “Twelve Days” timeframe, so I’m dropping a pile of topics here that I feel are important/helpful but less-known.
Apologies in advance for the brevity and link-breadcrumbs.
On-prem App Provisioning + MIM Connector Re-use
- For a loooong time, we have been waiting for the ability to provision on-prem users/apps as well as re-use existing MIM connectors. There are some caveats (a big one is no support for AD provisioning at this time) but there is good progress here.
Apps in Intune
- Use the Company Portal app for your private app repo on Windows 11 devices - Windows Application Management | Microsoft Learn
- TIP: If apps are mysteriously not showing up in the Company Portal, check your app assignments.  If you assign an app to devices/device groups (instead of users/user groups), the app won’t show up in the Company Portal.
- This is because the Company Portal is a based on the user sign-in – not the context of the device.
 
- TIP: Wanna see your Config Manager apps in the Company Portal along with your Intune apps (CMPivot in the example below)?
 
- TIP: If apps are mysteriously not showing up in the Company Portal, check your app assignments.  If you assign an app to devices/device groups (instead of users/user groups), the app won’t show up in the Company Portal.
Enable Company Portal to be the ‘user portal’ option for the Software Center option in Configuration Manager Client Settings
NOTE: Enabling that integration of CM apps into Company Portal does NOT break or disable Software Center, though – that still works fine:
- Below is a visual collage of the various ‘Application’ elements for a given Co-managed device from within the Intune portal:
- Discovered apps – A list of detected apps on a device.
- Applications – SCCM-based apps on a Co-managed device.
- Managed Apps – Intune deployed apps on a device.
 
- Coming in early 2024 - Intune Suite - Enterprise App Management
- Use our services and cloud infrastructure to test/re-test your Windows apps, even with your own OS image – take a close look at Test Base
- App Control for Business - makes it easier to control the apps that are allowed to run on Windows devices in your environment.
Surface Management Portal
Patch Windows. Better. From the Cloud.
- We’re bringing more and more capability and flexibility to cloud-based patching for Windows
- Autopatch – I’ll admit that I initially kicked this one aside.  However, it’s feature set has expanded VERY quickly and it can be a viable way to off-load the lion’s share of the mundane patching efforts for your Windows clients.  We have large enterprises succeeding with this.  
- A brief video I took part in back in April
- A lot of improvements came out in August, including a deployment guide.
 
- Soon, all the WUFB ‘stuff’ will fall under the ‘Autopatch’ brand (which is expanding)
Protect. Detect. Respond.
Defender for Identity is an amazing product. If you have it going in your enviro, you already know this. If you don't have it going yet, get to it - you'll sleep better. It proactively monitors network traffic/patterns and event logs for Active Directory (and ADFS and now ADCS/PKI).
- One example is watching for sensitive group changes.
- The portal will pop Incidents and/or Alerts details for monitored activities VERY quickly.
- But it can send you daily reports, too - Manage reports - Microsoft Defender for Identity | Microsoft Learn
- The 'usual suspects' like Domain Admins are tagged as sensitive, but of course, you can tag your own, too:
- The "Report" is a multi-tabbed XLS with all the ‘who/what/where/when’ glory.
"Happy little clouds"
This Visio evolved from an ad-hoc whiteboard drawing during a customer discussion about endpoint and server management - enjoy the Bob Ross (RIP)
A series recap (so far):
- The Twelve Days of Blog-mas: No.1 - A Creative Use for Intune Remediations - Microsoft Community Hub
- The Twelve Days of Blog-mas: No.2 - Windows Web Sign in and Passwordless - Microsoft Community Hub
- The Twelve Days of Blog-mas: No.3 - Windows Local Admin Password Solution (LAPS) - Microsoft Communi...
- The Twelve Days of Blog-mas: No.4 - Sync Cloud Groups from AAD/Entra ID back to Active Directory - M...
- The Twelve Days of Blog-mas: No.5 - The Endpoint Management Jigsaw - Microsoft Community Hub
- The Twelve Days of Blog-mas: No.6 - The Reporting Edition - Microsoft Community Hub
- The Twelve Days of Blog-mas: No.7 - Architecture Visuals - for Your Reference or Your Own Docs - Mic...
- The Twelve Days of Blog-mas: No.8 - The Evolution of Windows Server Management - Microsoft Community Hub
- The Twelve Days of Blog-mas: No.9 - It’s a Multi-Tenant and Cross-Platform World: Part I - Microsoft Community Hub
- The Twelve Days of Blog-mas: No.10 - It’s a Multi-Tenant and Cross-Platform World: Part II - Microsoft Community Hub
See ya tomorrow!
Hilde