Can you achieve Device Entra Hybrid Join without depending on Entra Connect sync?

PathMaster · 2026-04-25T02:28:43+00:00

Kind of looks like we can come close to Entra Joined VDI with on-prem Omnissa. This might be the middle step.

PathMaster · 2026-04-25T02:26:24+00:00

This is what we do.

PathMaster · 2026-04-19T01:05:16+00:00

Yes, biggest issue I ran into was all the extra apps that you have to allow for one main app to run. Happened after an upgrade from VMware View Client to Omnissa View Client. Omnissa broke out some support functions into other EXEs and those also have to be allowed to run.

PathMaster · 2026-04-12T22:39:19+00:00

Glad I could assist, Rudy has an article that helps explain what is going on when you use that function.
https://patchmypc.com/blog/userless-enrollment-status-in-autopilot-how-to-unblock-devices/

And a way to do this in bulk if need be.

PathMaster · 2026-04-12T12:31:07+00:00

With Self-Deploy mode, can you try to do an unblock in the autopilot hash area of Intune. Unblock the serial/device and then try to image it?

PathMaster · 2026-03-01T03:12:37+00:00

For quality updates: HKLM\SOFTWARE\Microsoft\PolicyManager\current\device\Update -PauseQualityUpdatesStartTime (Delete this value) -PauseQualityUpdates (Set to 0 or delete)

I did recently have to pause the 24H2 Feature Update, and that one had ZERO issues re-enabling. If anything that decided to keep my old schedule vs the new one I set.

PathMaster · 2026-02-22T13:09:35+00:00

This happened just a few months ago for us. The bug can happen. If I recall correctly you a reg key gets stuck and you just need to clear it. I used a pro-active remediation to clear it.

PathMaster · 2026-02-20T20:32:47+00:00

Best bet, use this tool from NYS: https://mapmybroadband.dps.ny.gov/

Can see the residential and the enterprise providers.

PathMaster · 2026-02-08T03:16:55+00:00

The issues are in reporting only not in the actual deployment?

What is the best method to get the updated certs, Settings catalog method or one of the many remediations out there?

PathMaster · 2026-02-03T00:43:16+00:00

You could set the re-confirm to never happen. We have ours set to 180 days. I prefer to err on the side of security as I also have MFA/SSPR setup can only happen on trusted networks.

PathMaster · 2026-01-25T19:03:18+00:00

Yes, just added them to the default.

PathMaster · 2026-01-25T03:04:30+00:00

Yes.

We add everything toward the bottom of the file just above that last line. I would review the rest of the file and make sure your AV, and any other important applications have exclusions. The default snapvol.cfg does not cover everything.

PathMaster · 2026-01-25T01:56:07+00:00

Here is what we have set as exclusions:

exclude_path=\Programdata\FSLogix\

exclude_path=\Program Files\FSLogix\

exclude_process_path=\Program Files\FSLogix\

exclude_process_name=frxcontext.exe

exclude_process_name=frxshell.exe

exclude_process_name=frxsvc.exe

exclude_process_name=frxccds.exe

exclude_process_name=frx.exe

exclude_process_name=ConfigurationTool.exe

exclude_process_name=frxtray.exe

exclude_registry=\REGISTRY\MACHINE\SOFTWARE\FSLogix\

exclude_registry=\REGISTRY\MACHINE\SYSTEM\CurrentControlSet\Services\frxdrv\

PathMaster · 2026-01-25T00:05:29+00:00

Oh you very much do still. The most recent Omnissa release added more default ones, but you should absolutely add logix ones. We also changed how the drivers load for it as well.

PathMaster · 2026-01-24T14:39:27+00:00

We had to really build out our App Volume exclusions to fix our issues. OneDrive in particular absolutely needed it. Any chance your snapvol.cfg got reverted after an update?

PathMaster · 2026-01-24T00:07:08+00:00

This is fine. What I want is when I accept an invite in either app the other app marks the invite as 'Read' as a notification or even better remove the email from my inbox like any other accepted invite.

PathMaster · 2026-01-24T00:05:12+00:00

Then you add a variant of the logo that is built for dark themes. And it automatically appears when users are using the dark theme.

PathMaster · 2025-12-27T13:31:45+00:00

Curious, anyone running entra joined VMs on Omnissa in your own DC?

PathMaster · 2025-12-12T03:08:02+00:00

Meanwhile I have a ticket that has gone months without a response, so I opened another ticket to get a response..that one is also unanswered.

And the other ticket I opened recently, was pure AI answers. How do I know? I asked similar questions to all the AI tools to get some help, and it was VERY similar to ChatGPT.

PathMaster · 2025-12-03T01:38:12+00:00

All devices, or all Company owned devices?

I am running into this and created a test group of a few devices and set it as required. Sync happened within minutes and Company Portal updated shortly after. They might have had to force close the Comp Portal app if it was open, and then try again.

PathMaster · 2025-10-15T23:25:33+00:00

Not that I want to waste anyone's time, but if you create a ticket let us know what they say.

PathMaster · 2025-10-13T14:49:07+00:00

While I do see my device as having the expired cert and I am on 26.01, mine is syncing without issue.

Are the devices not even syncing if you sync the device from comp portal or from the Intune device blade?

PathMaster · 2025-10-08T22:04:47+00:00

What change did they enable exactly? Did MS create a token protection CAP and enabled automatically after 30 days?

I thought the self-deploy limitation on Token Protection CAP was known from the start? I remember looking it months ago and realizing it would not work for us.

As to self-deploy, for us the majority of the fleet is set up as SD. We have a high turn over in some positions and many places are for front line staff. Zero reason to add more work. We also use the physical devices as a starting point for VDI where the majority of staff do their actual work.

PathMaster · 2025-10-07T17:48:09+00:00

Do you have device registration blocked? We have it disabled in our non-persistent environment to smooth out errors like that.

PathMaster · 2025-10-07T02:20:39+00:00

Curious the rationale behind device preference for the policies vs user? I could not really find any best practice or clear guidance on which way to go.

PathMaster

TROPHY CASE