The Twelve Days of Blog-mas: No.11 – The Kitchen Sink

Hi folks!

I am running out of days for my “Twelve Days” timeframe, so I'm dropping a pile of topics here that I feel are important/helpful but less-known.

Apologies in advance for the brevity and link-breadcrumbs.

On-prem App Provisioning + MIM Connector Re-use

  • For a loooong time, we have been waiting for the ability to provision on-prem users/apps as well as re-use existing MIM connectors.  There are some caveats (a big one is no support for AD provisioning at this time) but there is good progress here.

Apps in Intune


  • Use the Company Portal app for your private app repo on Windows 11 devices – Windows Application Man…
    • TIP: If apps are mysteriously not showing up in the Company Portal, check your app assignments.  If you assign an app to devices/device groups (instead of users/user groups), the app won't show up in the Company Portal.
      • This is because the Company Portal is a based on the user sign-in – not the context of the device.
    • TIP: Wanna see your Config Manager apps in the Company Portal along with your Intune apps (CMPivot in the example below)? 


 Enable Company Portal to be the ‘user portal' option for the Software Center option in Configuration Manager Client Settings



NOTE: Enabling that integration of CM apps into Company Portal does NOT break or disable Software Center, though – that still works fine:


  • Below is a visual collage of the various ‘Application' elements for a given Co-managed device from within the Intune portal:
    • Discovered apps – A list of detected apps on a device.
    • Applications – SCCM-based apps on a Co-managed device.
    • Managed Apps – Intune deployed apps on a device.


  • Coming in early 2024 – Intune Suite – Enterprise App Management
  • Use our services and cloud infrastructure to test/re-test your Windows apps, even with your own OS image – take a close look at Test Base
  • App Control for Business – makes it easier to control the apps that are allowed to run on Windows devices in your environment.

Surface Management Portal




Patch Windows.  Better.  From the Cloud.

  • We're bringing more and more capability and flexibility to cloud-based patching for Windows
  • Autopatch – I'll admit that I initially kicked this one aside.  However, it's feature set has expanded VERY quickly and it can be a viable way to off-load the lion's share of the mundane patching efforts for your Windows clients.  We have large enterprises succeeding with this.  
  • Soon, all the WUFB ‘stuff' will fall under the ‘Autopatch' brand (which is expanding)

Protect.  Detect.  Respond.

Defender for Identity is an amazing product.  If you have it going in your enviro, you already know this.  If you don't have it going yet, get to it – you'll sleep better.  It proactively monitors traffic/patterns and event logs for (and ADFS and now ADCS/PKI). 



  • The ‘usual suspects' like Domain Admins are tagged as sensitive, but of course, you can tag your own, too:


  • The “Report” is a multi-tabbed XLS with all the ‘who/what/where/when' glory. 


“Happy little clouds”

This Visio evolved from an ad-hoc whiteboard drawing during a customer discussion about endpoint and server management – enjoy the Bob Ross (RIP)


A series recap (so far):

  1. The Twelve Days of Blog-mas: No.1 – A Creative Use for Intune Remediations – Microsoft Community Hub
  2. The Twelve Days of Blog-mas: No.2 – Windows Web Sign in and Passwordless – Microsoft Community Hub
  3. The Twelve Days of Blog-mas: No.3 – Windows Local Admin Password Solution (LAPS) – Microsoft Communi…
  4. The Twelve Days of Blog-mas: No.4 – Sync Cloud Groups from AAD/Entra ID back to Active Directory – M…
  5. The Twelve Days of Blog-mas: No.5 – The Endpoint Management Jigsaw – Microsoft Community Hub
  6. The Twelve Days of Blog-mas: No.6 – The Reporting Edition – Microsoft Community Hub
  7. The Twelve Days of Blog-mas: No.7 – Architecture Visuals – for Your Reference or Your Own Docs – Mic…
  8. The Twelve Days of Blog-mas: No.8 – The Evolution of Windows Server Management – Microsoft Community…
  9. The Twelve Days of Blog-mas: No.9 – It's a Multi-Tenant and Cross-Platform World: Part I – Microsoft…
  10. The Twelve Days of Blog-mas: No.10 – It's a Multi-Tenant and Cross-Platform World: Part II – Microso…

See ya tomorrow!



This article was originally published by Microsoft's Core Infrastructure and Security Blog. You can find the original article here.