- Welcome to episode 373 of the Microsoft Cloud IT Pro Podcast recorded live on March 22nd, 2024. This is a show about Microsoft 365 and Azure from the perspective of it pros and end users where we discuss the topic or recent news and how it relates to you. This episode wraps up our discussion on Microsoft Intune and managing your organization's devices, apps, and endpoint security.
In this episode, we'll be delving into the endpoint security pillar of Intune, which includes antivirus, disc encryption and firewall settings. We'll explore the various tools and features available to help you secure your organization's endpoints. Okay. I have a question for you completely unrelated to our topic today. Why? When I share a screen in teams, does it always put this little here? I can drag it over this little window right here with the little videos.
Why does it always put it on the window I'm sharing instead of one of my other monitors? Because - While that window is visible for you, it is not visible to the people that you were sharing with. So, so only, only you see only me that little pop, even - Though it shows up in my preview of what I'm sharing? - Yes. Like I see no little window right now. Well, - I moved it off, but you didn't see it when I was dragging it around. - All we see is your mouse. Yes.
- Which I guess if it's not showing, I always figured it was because it always shows in the preview of what I'm showing. Like I expect the preview to actually be indicative of what everybody else sees. Not, not what everybody sees. - I expect teams to use the right GPU and have color accuracy for my camera. They can't do those things either. like, you know, I think we all have our expectations, but yes, my my understanding is nobody ever sees that little window. Only you do.
- Only I do. Okay. - I always minimize it 'cause it just gets in the way. Like I do not need to see it kind of thing. Right. But nobody else can see it either. - I always tend to full screen it because that's the only way I can see the chat unless I pull up my other team's window to see the chat. Yeah. Huh. All right. Oh, so Tori just said he could see a small window dragging around in the video share. Oh, you know what Tori? That's because you're not seeing the teams share.
You are seeing the OBS share through a virtual camera, so you would be able to see - It. I'm seeing the teams - Share, but Scott is seeing the teams share because we have sharing video windows going all over the place. This is not a convoluted setup at all. - not in the slightest. All right, you, you ready to go? - Yeah, I'm ready to go. So we have managed to spend three entire episodes talking about Intune. Scott and I have one. So we are gonna talk about device security today.
But someone had a question and for the life of me, I can't remember which platform I saw it on, it may have been on Twitter, XX, Twitter X, Twitter could have been on threads, I can't remember. But remember last week we talked about app installations and like deploying applications to endpoints through Intune. And the question was could we talk about how you troubleshoot app installations? Like I'm in Intune, I'm pushing this out to devices, presumably anywhere.
It isn't necessarily within proximity to me. Inevitably because devices are different and because apps are apps, you might get installation failures, whether it's on Android, iOS, windows, et cetera. There is some documentation out there. So there are some app installation troubleshooting steps where they do give you some of the error codes that can help. So they have like Android app installation, error codes, they have some for iOS and that's one method to get some of those.
There's also some troubleshooting guidelines as well for things you can go through to support or to diagnose those app installations. The documentation is pretty good in how you do it, in terms of guiding you through where you would go about finding it, how to go pull some of the diagnostics because there is logging out there for it.
And the one thing that is a little odd about this, and this is kind of what I wanted to hit on, it goes along with the documentation, but it didn't feel like the documentation was super clear when it came to this is a lot of times when you're dealing with Intune, you would think I should go to the Intune and go to the application.
And in the application you get a report of it succeeded on 20 devices and failed on five and then you can go look at those five failed devices and click on those failed devices. I would expect to like see some more information there. It's like a dumb screen where it literally gives you a little bit of text and doesn't show anything at all. Super, not helpful. And that part for me at least, is a little confusing. I always forget, I'm like, okay, here's the report of all the failures.
Let me go look at the diagnostic data. What you can actually do to help diagnose it and if you're watching the video is I'll throw it on the screen in a screenshot 'cause I grabbed it from my clients and then obfuscated a bunch of the data. But you actually go like into your devices. So instead of going through the applications, if you go to Intune and click on devices, and then within the devices screen in Intune is a managed app section.
So it's like down the left side where once you're on the device, you have hardware discovered apps, device compliance, app configuration, all of those and eventually get to managed apps where you can see a list of those applications on that device that are deployed through Intune.
If you then go into those managed apps and click the application from that report that failed an installation, you can actually click, there's a link in there to show the details of an app installation failure where you can go look at details, but you also have a collect diagnostics option in there where you can go essentially pull a bunch of diagnostics from that device to help you look through the logs and troubleshoot why that application failed.
- Funny enough, , this is covered in the docs , it's just, it's just the next doc down from the error codes. - From the error codes one. Yeah. See and I saw that, but it's like they walk you through the Intune center and then support and troubleshoot and users and all of that. I'm like, just go to the device list. - Yeah, so, so, so you can get to where you need to be. So, so a couple interesting things here.
So, uh, I, I don't know that folks ever pick up this nuance and this is kind of a, a pro tip that goes across at least the Azure documentation. It appears to across Intune and things as well. So even though you're in Microsoft Learn, you're in a different repo for docs right now. So quite often troubleshooting docs don't manifest in like product docs. So it's, it's, it's interesting, right? If you look across like all these, all, all these headings in the table of contents here.
Yep. Or like your TOC on the left hand side, these are totally things that don't appear in the regular Intune docs and that's because this is all part of the troubleshooting docs, which is owned by a different team, blah blah blah, all those kinds of things. So if you're ever looking to do troubleshooting in a given area, and like I said, this looks like it holds true across Intune and it's certainly true across Azure.
Just go to Google, Bing, duck, go your, your favorite search engine of choice and type in, you know, blah blah blah thing, troubleshooting. And that will usually take you to like the overview for the troubleshooting repo, which even though it's part of support or part of learn not microsoft.com, it takes you into like that different area of learn so that you can get to all of that troubleshooting information. It's such a weird thing. I don't know why it's done that way, but it's, - I'm with you.
I feel like it should be in with the Intune documentation because that's normally where you'd go to find what do I do if it doesn't work like it's supposed to. - Yeah. I take all like my documentation for my product areas, I use like a copy as an example.
So like in easy copy when you go to the overview page, I have links on the overview page that I've put there over to all our troubleshooting guides just to make it a little bit easier for customers to kind of like not have to the mental math of like, yeah, where, where's the troubleshooting information for this thing and how does that come together?
So yeah, if, if folks are interested, like usually troubleshooting also provides you not just, hey, it's broken kind of guidance, but you can also derive like how is it supposed to work guidance out of it.
So for something that's kind of massive like Intune the suite, it's kinda worth coming over here and taking a look and seeing what kind of trouble do people run into because you, you know, even in your case like app installation here, app installation and app deployment is different depending on the device. Like there's a big difference between Windows versus say like iOS or deploying an A PK on Android, things like that.
So even like the troubleshooting steps you take and how you diagnose that could be slightly different across the stack. - Yes, a hundred percent. So that is how I go through and start troubleshooting these. Hopefully you can troubleshoot and get to the bottom of all this without having to physically get access to the device. Um, but there is that option to go into those devices or see this is where the documentation for me, it's like go to troubleshoot support.
And I was like, I've never even seen this UI before. If you go through troubleshoot support, I just go straight to devices. - I think they're taking you, there's kind of a canonical URL for troubleshooting for Intune and they've got it linked in the doc there. I think they're kind of trying to direct you into that. AKA ms, uh, URL that that pops up along the way. So yeah, it's in there. Where is it? Oh, it's right above the user in group. - Oh, down here. Yeah, - Again, why not make that easier?
I don't know. I don't know. In the do - Right up at the top where it says select, troubleshoot and support or sign into the windows at Intune center. Why not? Like put that ak.ms link right up here by select troubleshoot and support or go to aka.ms into troubleshooting. I mean that seems like it would be right - Up here at the top. A PR away from you to fix. Yeah. - Okay. , aren't they going away from prs? I should go put one in.
- No. So what is going away is I, I believe GitHub issues and triage. So the triage happens more through the feedback mechanisms, but all this stuff is still hosted in GitHub, still available for prs, community contributions, all that kind of thing. - I can go find the GitHub repo that this is in somewhere. - This is in like github.com/microsoft/support docs or something like that. - Interesting. Yep. App troubleshooting.
There you have it in a nutshell just - To loop it back around like there's troubleshooting across all these areas. You're - Trying to get me to a part four, you're gonna see how long you can drag this out. We can No, - No, I'm not, I think this is important stuff for people to know, right? Like you gotta read the manual, there's lots of stuff out there.
We'll, we'll put a link in the show notes to Guy and I put a link in the chat just to kind of like the broad overview page for all the Intune support stuff, but it dives you in pretty quick. Um, but depending on what you're doing, you gotta be careful. Like, so like one of the weird things about like Intune support docs, I, I don't know if you caught onto this, is you're like, Hey, I want to do app something.
So usually they direct you into like app application policies first before they actually direct you into like application installation or things like that. So, you know, make, make sure you make sure you're reading all the words on the page and landing up at the right heading before you get too deep into it. - Oh yes, absolutely. Do you feel overwhelmed by trying to manage your Office 365 environment? Are you facing unexpected issues that disrupt your company's productivity?
Intelligent is here to help much like you take your car to the mechanic that has specialized knowledge on how to best keep your car running Intelligent helps you with your Microsoft Cloud environment because that's their expertise. Intelligent keeps up with the latest updates in the Microsoft Cloud to help keep your business running smoothly and ahead of the curve.
Whether you are a small organization with just a few users up to an organization of several thousand employees, they want to partner with you to implement and administer your Microsoft Cloud technology, visit them at intelligent.com/podcast. That's I-N-T-E-L-L-I-G-I-N k.com/podcast for more information or to schedule a 30 minute call to get started with them today. Remember Intelligent focuses on the Microsoft cloud so you can focus on your business.
So all right, continuing on, - Let's get back. So yeah, we've gotta get through pillar three today. So we've previously discussed devices and apps and now that takes us to endpoints and endpoint security. So there's a whole bunch of things that endpoint and endpoint security including antivirus, disc encryptions, say like BitLocker on your Windows client devices also includes firewall configurations.
So you kinda wanna start at the top, like let's talk through what endpoint security is and we can touch on those items - For sure. And this is one of those two. I feel like Intune does this more so than some of the other admin centers and maybe it's because they haven't updated the navigation yet to be more modern. You know how like SharePoint Exchange, we have headers, then you can expand it and get to like some menu items.
Yep. Intune, I feel like you click stuff and it like you just keep it's layer on top of layer on top of layer where to your point you see endpoint security and you're like, oh I can go click check out endpoint security and then it absolutely does go into antivirus and dis encryption and you can even that from there. You get into Microsoft Defender for endpoint, like there's a lot of stuff under endpoint security in Intune itself. Well, - I mean we're back to that.
It's a whole suite of products, right? It's not a single product, it's not just one. So you gotta find the right part of that suite of products that you want to kind of tweak and and play around with. - Yeah. In this will, since I originally came up with this, I feel like Microsoft has made some updates. I couldn't put my finger on when it changed, but I was in here the other day and I'm like, I think this is different now than it used to be. And we can talk about that.
So kind of going from the top down to your point, once you get into endpoint security and Intune, you have like your overview tab and you have your all devices tab that similar to a lot of other areas where overviews just kinda gonna give you a few links, some documentation, and then all devices just shows you a list of all your devices similar to your device list that you'd pull up, um, anywhere else in Intune.
But the next one down that's interesting, and this is one of those that I feel like has changed is the security baselines. So what Microsoft, one of the things they do at endpoint security is they have several like default baselines that you can apply that are Microsoft recommended security configurations.
So one of these is Windows 10, you have one that's Microsoft Defender for endpoint, one that's Edge and then one that's Windows 365 if you're deploying the whole cloud PC thing, I think, or that one may even be, I should look, is Windows 365? That might even be like desktop windows. No, uh, it should be desktop. Yeah, it should be desktop like the E three and E five SKUs, which are slightly different than Windows 10 or Windows 11 primarily 'cause of some stuff that's included in them.
That could be another discussion. Scott, what's the difference between Windows 365 and Windows 11? . - , - All right, squirrel taking notes. And then Microsoft 365 apps for enterprise. So your desktop apps, word Outlook, exchange, some of those, these used to, if I rem if I'm remembering right in my head, not give you a lot of, like, you'd go in and turn these on and they were like, it gave you certain settings but you didn't always have as much visibility into 'em.
Now if you go into one of these security baselines, you can create a profile and it essentially goes through, and I should actually drag this over, it goes through, uh, some of those device policies we actually talked about a few episodes ago, and it has a bunch of those policies pre-configured with certain settings.
So whether it's things about, uh, runtimes or auto play or configuring BitLocker on devices, uh, there's stuff in here about like data protection and direct memory access, file explorer settings and data execution prevention, firewall, power, remote assistance, search wifi instead of kinda having a, it used to be a little bit more of an obfuscated view, I would say, of the policy where you were like applying certain settings rather than just creating another, uh, configuration profile.
And this is just kind of a shortcut or a different way to create different configuration profiles for your devices with some of those settings pre-configured based on Microsoft's recommendations. - I don't know if this has been your experience. I, I've seen at least for client devices, like WIN windows and things like that, security baselines here don't seem to be as fraught with, you know, some, some of the downsides that come with them in like the identity world, right?
Where if I enable this security baseline here, all this other stuff gets shut off and I might want this, but then I need this, but then I can't use the baseline. Like these are client OSS and applications that have been out there for a long time. So most of the security baselines, they just kind of make sense. Like, like there there's not many downsides to taking a look at them and uh, and and lighting them up. The other thing is monitoring the baselines is pretty easy to do over here as well.
So like if you're going through and you're thinking about like, hey I wanna spin up, you know, a given set of a given set of configuration items in this profile, monitoring them is fairly easy as well. So you get kind of nice built in dashboarding and visualizations for compliance checks, like which devices are compliant, which users are compliant, those sorts of things.
- Yep. So I couldn't remember Scott, I was looking and this I think is where I've still gotten stuck, they haven't fixed this yet, is you'll notice that like my configuration profiles and I am sharing my screen, but if I went back to my devices and my configuration profiles, that baseline policy doesn't, well it's using a lot of the same settings. It doesn't show up as one of those configuration profiles for Windows.
Yeah. and one trap that I have run into, like you said, they're pretty straightforward and yeah, you go deploy 'em, push 'em out there. But if you've already done a configuration profile, say for BitLocker, and then you go turn on like a baseline policy that also has BitLocker stuff in it, it can get a little confusing.
And I've had clients get tripped up over this where they had BitLocker enabled as part of a baseline policy and then maybe they had BitLocker enabled as part of a configuration policy. And then another thing you can do is endpoint security is you can go into disc encryption and create a policy here that also does BitLocker. So well, what I have seen is they're starting to have, they used to not have the exact same settings in all of those different places.
So depending on which place you configure BitLocker, you'd get different options available. And some of them worked and others didn't. It looks like they've started unifying that, but you could have different BitLocker policies created in like three different places and they all start fighting with each other. - I think it's like anything else, you kinda have to choose the path you're gonna go down and then stick to that. And it goes back to recognizing it's a suite of stuff, right?
It's, it's, it's, it's a suite of services that are out there. So you know, as customers I think we feel that pain of, hey there, there are sometimes 2, 3, 4 different ways to do any given thing here because ultimately those came out of like 2, 3, 4 different products that somehow ended up in this suite of things and it's just taking time to rationalize it and get it to where it needs to be for - Sure.
So just one of those things I would say definitely be aware of is that, and as we're going through these with other things, we talked about security baselines and I kind of skipped one then we talked about BitLocker disc encryption, which you have, you can create policies too. We talked about BitLocker, but this also works for Mac os. You don't have baselines for Mac os, that's only Windows.
But disen encryption you can go in, create disc encryption policies for, uh, windows for Mac OX to uh, enforce FileVault. But another one of those that can conflict, you can have in a couple different places. This, this is also where you would go in and configure things like antivirus policies.
Uh, so if you are using something like Defender for Endpoint and you wanna go in and set up various policies around antivirus, what's on, what's enabled, different scan types and this again, windows, macOS Linux, you can also do Windows server in here, which is an interesting option that you don't have in all of the endpoint management.
But going in and setting up defender updates, antivirus exclusions, antivirus configurations, and even some of the Windows security experience is all managed from an antivirus perspective in here as well. And it'll give you, this is also, I'm gonna say, I'm trying to think where with time, how much we talk about. This is also where you can go see like what devices do I have that have pending updates or pending full scans, manual steps, failures, even different unhealthy endpoints.
So if you are trying to manage your endpoints and if you have ones that are unhealthy or ones that actually have active malware on them, that reporting also comes into your endpoint security here.
This does integrate and I've, I've seen this as well a few places where there's also a balance here between endpoint security and the security center where certain things that maybe will get picked up in endpoint security, surface in the security center or vice versa to get certain things to show up in the security center, you actually do have to go over here to endpoint security.
There's a little bit of a, um, not a little bit, there's a lot of interaction more so than other areas between endpoint security here and the security center from what I've seen. Yeah, - I think it tends to be one of those things where like diagnostics is built into Intune. Like it's there out of the box for you, right? Like you don't have to go, uh, like many things you have to go like light up and turn on diagnostics.
Like I I, I know it's like a bad example but like the M 365 audit log, right? Like all right, I'm gonna go crank that up and turn it on kind of thing. Like this is a place where you just have diagnostics out of the box. So I think it makes it easier to, to integrate with and and light all that up. But you have to know the right place to go to get the information.
I think that's still the confusing thing about it. I - Mean other things that are in here firewall, that's pretty straightforward again too. Configuring firewall, endpoint privilege management. Have you looked much at endpoint privilege management? Scott, this is one that I haven't done a lot with in endpoint security. - I have not played around with this one at all. , - This is one, I think I have it here - If I'm remembering right, like yeah, you got the docs there.
This one is primarily about being able to do like user elevation. So you know, getting away from hey I have like a separate admin account and a regular user account. Just being able to take your regular user account and get whatever kind of privileged operation you need on the client Done. - Yeah, that's essentially what it is.
And Sean is in the chat and he said this requires either Intune Suite or P two and I will give that disclaimer, the tenant we are looking at has every Intune license lit up by Believe. So I, to light everything up that we're talking about may require Intune suite, which is indeed an add-on to the normal Intune.
I think we talked about that in the first episode, but so, - So, so just from the docs it says Intune suite or there's a standalone not license for EPM, which I don't remember seeing a standalone license for EPM, but I don't know, maybe it's available in some tenant somewhere. - Maybe there's probably a standalone license for just about anything now. But yeah, this is what you were talking about.
It's like you have standard users, maybe there's certain tasks that require a related of a late bid elevated privileges, application installs, device drivers. And this isn't laps, so this isn't updating their account or giving them like admin creds, it's just allowing them to elevate permissions to perform certain tasks within Windows. Yes. - So I think it is important to call out EPM is Windows only.
Yep, it's Windows 10, windows 11. It's not just things like app installations, it's also elevated file access and, and a couple of other things that you can do with it. But I don't know, given the licensing restriction, I don't, I don't know how broadly applicable that is. - Yeah, I don't know that it's, I have not run into many people that are using that particular one endpoint detection response.
This is one I wanted to hit on too because this is another one that ties into Security Center EDR in Intune or an endpoint security. And I ran into this with a client where they were like, oh yeah, we wanna deploy EDR and have EDR for all of our endpoints.
And you go into EDR and endpoint security and go in and create a policy and this is another one, windows 10 11 server, Linux, Mac os like this policy is literally you give it a name and your configuration settings are enable it or disable it and there's three settings, , there's Enable Defender. Yeah, it's like enable it for the client, enable sample sharing. And then the third one is telemetry reporting, which is actually deprecated.
So I guess really there's only two and then you just go apply it to all your endpoints. This one, there's no reporting, there's no response actions in EDR. It's literally the policy to enable EDR. And then what it does is it enables you to collect that extra data, like you said, kinda like the unified audit log where it's you go turn it on and then anything else you do with EDR is all done from within security.microsoft.com or the security center.
There's like no EDR type actions, responses, hunting, any of that that would happen within endpoint security and Intune itself. So I think one thing to kinda keep in mind with all of this is that Intune is a lot about pushing stuff out to your devices, configuring your end points. It's not so much about taking action on them and maybe you'll get a little reporting sprinkled into endpoint security or into Intune - Just a little bit - just a little bit.
Even the reports in here are not, they get you some basic information, but the reporting in Intune is, could use some work or again, it's expected that you're gonna, if you're doing all this, you're gonna have security center and you can just go over to security center and get a lot of it. So yeah, that's a weird, that's - Fun times in the Intune suite. - Yeah. What else do we have in here? EDR app control for business, I can't remember.
This one's still in preview. This is another one that I have not used. Policies that trust app installs for Managed installers. So this is, we should gonna learn about managed installers and have control for business. We're gonna learn on the fly. Scott, I think this is really managing what people are allowed to install, maybe outside of app deployments from Intune Business Barriers trusted by your organization as authorized sources for application installation.
- I tend to think of this one and it might be not the right way to think about it, but like software center for Intune. Like, you know, give me, gimme a set of things out there that I'm allowed to install from trusted sources and they're kind of a allow listed, you know, for for my organization. - Yep. Said managed installers. Yeah, where it's watching what installers are doing doesn't support applications.
Self update. If an application was deployed by managed installer and later updates itself won't include original information. Yeah and can, I don't know what the licensing is for this one. This is one that, it just hasn't been a common one in the organizations I've done. Maybe other organizations are using it. Not super popular from what I've done. You've got a few others in here as well. Attack surface reduction policies.
Another one that I haven't done, I need to do more with Endpoint security. Scott, anybody wants some endpoint security stuff? Oh, did they move web protection in here? That's the legacy edge though. Web big protection, isolating apps and browsers. Some application control on here as well.
So setting up like let's go spin up application by restricting applications that you're allowed to run code that executes again really just weighs a lot of the endpoint security is stuff to lock down what users are allowed to do on their devices. This one's gonna be geared more towards those applications. Do do, do account protection, device compliance, conditional access, device compliance, conditional access. Those are going to go right back into those intro settings.
Those are not new device compliance or new conditional access. It's going right back into the device compliance that we were talked about. Devices, what, two episodes ago. Conditional access is your enter ID conditional access account protection. This is where, this is a new one. Scott, we should mention this one is where the new lapses for Azure ad based lapse.
And this was one that I did have clients asking about, I dunno, two or three years ago as they were coming from on-prem ad where they had lapsed the local admin password solution where users could go in request essentially admin credentials to go perform a certain task. It would rotate on a regular basis. Uh, there hasn't been a solution for that if you're in an intra ID only environment and they rolled this out in preview maybe a year ago or so. Now it's not a preview, now it's a GA feature.
So if you did use Lapse on-prem or if you're looking for another one of those solutions where, you know what, every user by default should be a standard user. Maybe we wanna give them admin creds every once in a while because they need them to install an application or perform a certain task. But you can now roll out lapse in ID within the account protection in your endpoint security. Other than that, I mean I think that's it. This is probably the least.
There's a lot of policies in here, but that's really a lot of what this is, is just going in and enabling some of these policies for all of your endpoints. The last one I guess is Microsoft Defender for Endpoint.
If you wanna go in, set that up and configure different settings around endpoint security and enabling defender to enforce endpoint security configurations, what level of devices you want to connect from Android, iOS to Microsoft Defender for endpoint and a little bit of reporting around devices that have been onboarded. So overall, I think that walks through endpoint security at a high level. You - Took us way further than we intended there. Oh, half, you know,
- With endpoint security. Yeah, - Yeah. You, you went, you went beyond your own notes called - An audible. I did go beyond my own notes. I just get in here and start looking at the admin center. I shouldn't have pulled up the admin center. That's my, that was my problem, right? I start playing around with stuff. I - Mean, at the end of the day, I think it really is like, yeah, there, there, there's some of like the bells and whistles stuff that you called out.
But in, in my mind, like endpoint security really does come down to encryption policies. It's your implementation of baselines, potentially firewalls and antivirus. Anything outside of that is really just like above and beyond icing on the cake kind of thing. - I agree. And those are the four, like those four that you mentioned are the biggest ones that I do have clients implementing the, those are the ones I want.
They want those baselines secure their own points, make sure antivirus is running, if they're using Defender on that encryption and firewall. I would say the next common one is probably lapse where I've had more questions about lapse than some of the other stuff around privilege, endpoint management, NAP controls, and I guess EDR is the other one. If you have EDR, I would say turn it on because it doesn't affect your devices at all. It's not like it's pushing out policies or limiting stuff.
The EDR stuff. And there are some comments in the chat about that. It does have leave some to be desired, but it's really just pushing additional data into your security center to help detect issues and respond to threats or compromises within your environment. So that's the other way I would say go set up a policy, turn it on and as much data as you can get can be helpful when you do need it. Yep. With that, do we finally make it
through Intune, Scott? I think - We've gone all the way through Intune. If we have, we're we're, we're gonna have to go back to an Azure thing after this. - Yeah, you get to pick then. Do you have anything to tease us with? Are you gonna commit to anything yet? No. Well yeah, if anybody has any questions about Intune, let us know. Like we did talk about the One app troubleshooting app installations, but it is, it's fun. Scott, I've enjoyed Intune.
There's a lot of stuff in Intune, a lot of stuff you can do particularly around securing your endpoint. So it's been a fun one for me to work on. A fun one. I know Sean has done a bunch of work in Intune as well. He really enjoys Intune, so let us know. And with that we'll wrap up the Intune episodes and get to our weekends of fixing routers and internet. Sounds like a plan. All right, well thanks Scott. Enjoy your weekend and we'll talk to you again soon.
All right, thanks Ben. If you enjoyed the podcast, go leave us a five star rating in iTunes. It helps to get the word out so more IT pros can learn about Office 365 and Azure. If you have any questions you want us to address on the show or feedback about the show, feel free to reach out via our website, Twitter, or Facebook. Thanks again for listening and have a great day.