RoboPack
Comparing Package Managers – Andrew Taylor Patch My PC v Robopack – Package Managers Bake-Off Robopack A bis Z: Alles, was du wissen musst – AI & Modern Device Management
EntraID Connect versus Cloud Connect
Feature Connect sync Cloud sync Connect to single on-premises AD forest ● ● Connect to multiple on-premises AD forests ● ● Connect to multiple disconnected on-premises AD forests ● Lightweight agent installation model ● Multiple active agents for high availability ● Support for user objects ● ● Support for group objects ● ● Support for contact objects ● ● Support
Win 11 Upgrade – few important things
Upgrade Plans PreReqs Wi-Fi profile changes Credential Guard overview | Microsoft Learn Default enablement Starting in Windows 11, 22H2 and Windows Server 2025, VBS and Credential Guard are enabled by default on devices that meet the requirements. The default enablement is without UEFI Lock, thus allowing administrators to disable Credential Guard remotely if needed. When Credential Guard is enabled, VBS is automatically enabled too. Security Baseline
Autopilot (V1) vs Device Preparation (V2)
Feature Windows Autopilotdevice preparation Windows Autopilot Features Support for Government Community Cloud High (GCCH) and Department of Defense (DoD) environments. Faster, more consistent provisioning experience. Near real-time monitoring and troubleshooting info. Support for multiple device types (HoloLens, Teams Meeting Room). Many customization options for the provisioning experience. Supported modes User-driven. User-driven. Pre-provisioned. Self-deploying. Existing devices. Join types supported Microsoft Entra join.
Naming Conventions Intune & Entra ID etc.
Intune Policy Configuration Platform – Set – Profile Type – Setting name [(optional info)] – Version Platform Set Profile Type Setting name optional info Version Indicator for platform type e.g. Win, macOS Indictor profile set e.g. Default, Kiosk, SharedDevices, PAW Indicator profile type e.g. Device restrictions, Custom Indicator setting e.g. Edge Favorites, for Custom AreaName/PolicyName Optional flag indicator e.g. test
Device identity and management architecture
If you are planning to manage your devices via EntraID in the clud in the future, there are some architectural decisions to be made in the area of device identity, device management and the type and manner of synchronization tools and methods. I will try to summarize the main decision paths as briefly as possible to give you an idea
Ignite 2024: new Intune Announcements
Microsoft Intune Windows 365 Safety Artificial intelligence
New Update (in Preview) for Defender for Endpoint: Enroll devices without joining them to Azure AD:
New Update (in Preview) for Defender for Endpoint: Enroll devices without joining them to Azure AD: You need to enable the preview-feature in the Defender for Endpoint-Portal: Settings > Endpoints > Advanced features > Preview features And create a dynamic group based on the systemLabels property containing the “MDEManaged” value to get all MDE-managed devices “Important: If a Windows device was managed by Defender for Endpoint via
Microsoft Intune product family
High-level architecture Source: Microsoft Overview Intune Azure AD (Entra) – Identity and access management Defender – Security