2025.18 Intune News Roundup
The following is a roundup of Intune-related news, tips, and tricks for the 18th week of 2025 to help you stay InTune with Intune! These are sites I found this week that stood out to me and certainly is not comprehensive of everything posted online that week. If you have any resources for me that you would like my to include or even do a longer post on, please reach out on the “Submit a tip” page!
Windows 11 24H2 App Locker Issues
https://patchmypc.com/windows-11-24h2-applocker-powershell-constrained-language-broken
If you are using App Locker, you might want to pay attention to this post from Rudy Ooms. He states that on 24H2, “Constrained Language Mode is no longer enforced properly when AppLocker Script Rules are active.” This mean that PowerShell scripts can run unrestricted, creating a possible security issue. Read his post to find out more.
(Posted by Rudy Ooms on MEM LinkedIn page)
Delivery Optimization moved to Settings Catalog
Recently, Microsoft changed where you go to find the settings for Delivery Optimization. If your org uses these configurations, it might be worth checking out this post from Joost Gelijsteen to see how you might be affected by this change.
(Posted by Joost Gelijsteen on MEM LinkedIn page)
Troubleshooting Device Lock Screen Timeout Issues
https://patchmypc.com/intune-lock-screen-timeout-devices-locking-inactivity
In this blog post, Rudy Ooms discusses a possible behavior where user might experience a quick lockscreen timeout even though you might not have one configured in your tenant. This is a good one to know about in case you have users creating tickets complaining about it.
(Posted by Rudy Ooms on MEM LinkedIn page)
Benefits of Windows 365 Link
Back in November 2024, Microsoft announced Windows 365 Link, a Microsoft-designed thin client built specifically for users to connect to a Windows 365 client. In this post, Thomas Marcussen discusses some of the benefits of this device. A great read if you use W365.
(Posted by Thomas Marcussen on MEM LinkedIn page)
CIS Intune benchmarks updated
https://www.cisecurity.org/benchmark/intune
The CIS benchmarks for Microsoft Intune for Windows 10 and 11 has been updated to 4.0.0! If you have ever wondered about a great security benchmark for your tenant, these CIS benchmarks are a great place to start.
(Posted by Martin Himken on MEM LinkedIn page)
Windows Recall Overview
https://skiptotheendpoint.co.uk/from-criticism-to-confidence-windows-recall
As part of Copilot, Windows recall allows users of a compatible PC to view a scrollable and searchable snapshot of previous usage on their device. This post by James Robinson details the service, security considerations, and how to administer it in the enterprise. This is a great read if your considering enabling this setting for your users.
(Posted by James Robinson on MEM LinkedIn page)
Group Policy vs MDM Overview
If you have devices that are in a hybrid-joined environment, they can receive configurations from both Group Policy and Intune. Personally, this is one of the biggest reasons to stay away from hybrid-join on new deployments, but if your org requires this kind of setup, you need to be familiar with impact competing configurations may have. This blog post is a great overview of how this works and what you need to consider when deploying settings.
(Posted by Roman Radrun on MEM LinkedIn page)
Intune Automations Discussion
Automatiions in Intune are a great way to optimize the efficiency of your Intune tenant (and a great way to show off to your boss). This r/Intune thread is a great discussion on automations that admins use in their environment.
Acrobat Pro deployment discussion
Deploying Adobe Acrobat is pretty much a standard deployment in most org. Actually deploying it is anything but standard. This r/Intune thread is a great discussion on the different methods of deployment and the associated pros and cons. (Personally, I am partial to just deploying the Creative Cloud Launcher and allowing users download it if needed.)
Intune/Entra ID Admin Roles Report
Managing admin roles and elevated privileges in Intune and Entra ID can sometimes be a daunting task. To help with that, Roy Klooster has created a script that provides a report to help administrators analyze and audit their admin roles. NOTE: Test and use at your own risk.