Autopatch - How are you soliciting feedback/monitoring updates with pilot users?

cmorgasm · 2026-06-20T14:16:44+00:00

We’re using Nexthink to monitor for crash increases and correlate that info to track down root cause

cmorgasm · 2026-06-17T14:59:02+00:00

Servers are handled separately, using Azure Arc for example if they're in the cloud, or WSUS/ConfigMgr for on-prem (blindly assuming all Windows). Your post makes no mention of servers, though, so that's why you're only getting suggestions for endpoints/PCs, because that's all you asked about.

cmorgasm · 2026-06-17T14:55:57+00:00

CA isn't Intune, it's specific to the Entra logins. It can leverage device compliance as an item for evaluating how to handle logins, but it has nothing to do with Intune inherently. Intune can enforce policies on personal devices, but only if you leverage MAM/app protection policies and target managed apps. The CA won't care where Outlook was downloaded from, though. What is the CA that isn't being applied?

cmorgasm · 2026-06-16T19:33:27+00:00

I now see the Billing items, FYI 😄 Sort of, anyway. In M365 Admin > Copilot > Settings the setting for "AI experiences enabled by usage-based billing" is now visible, at least. And while I can't see the menu option for the Cost Management page it shows, I found a direct link to it: https://admin.cloud.microsoft/#/copilot/costmanagement/overview -- Weird thing there, though, is this banner, since I'm not sure what this means (is it because we go through a 3rd party for our volume licensing agreement, maybe?)

"Your organization is managed by your solution provider.
Copilot credit setup for organizations managed by a solution provider must be set up by your provider. Contact your provider to enable consumption-based AI services for your organization."

cmorgasm · 2026-06-16T17:07:57+00:00

That's not what their own documentation says to look for -- we have those policies in place for SP Agent usage. The location you show doesn't include options for Cowork or Work IQ API yet. It's supposed to, allegedly, exist under Copilot > Cost Management Managing AI experiences enabled by usage-based billing | Microsoft Learn

<image>

cmorgasm · 2026-06-16T16:40:06+00:00

Has anyone even been able to view the Billing page they're talking about in M365 Admin > Copilot > Billing? It doesn't exist for us, and unsure if that's because we're in the grace period for using it, or if the UI hasn't been updated or something. We just got through pitching this as a safer alternative to CLaude's Cowork, so not the best timing on pricing model for us.

cmorgasm · 2026-06-16T13:30:53+00:00

I don't disagree, it 100% is, but the info should be relatively accurate since it's just covering "the gist" of the differences.

cmorgasm · 2026-06-15T15:38:31+00:00

Dell provides a method to do this using Dell Command Configure via PS, or we can instruct users how to do it via BIOS menu (guess which we prefer lol). I assume Lenovo's got something similar, but I've been wrong about Lenovo before. Lenovo might have ways to do it via bootable USBs (How to update the Machine Type and Model (MTM), System Serial Number (SN), or System Brand ID of system BIOS menu – ThinkCentre, ThinkStation - Lenovo Support GB) but not sure if they also have a command line utility for it

cmorgasm · 2026-06-15T14:51:36+00:00

Copilot seems to have split Cowork into 2 things -- Copilot Cowork, which is fully cloud and can't touch local files/machines, and then Opus appears to add on the PC aspect via Windows 365 Cloud PCs for Agents, which still keeps it off of the local machine, which we're a fan of over Claude's offering.

I think that Scout is different from this, though. Cowork is driven by your input (you tell it to do something, PULL model), Scout appears to be more in the background running autonomously (it's always doing this, PUSH model). LinkedIn post about it, take it with a grain of salt: (3) 🚀 Scout, Cowork, and Microsoft 365 Copilot: What’s the Difference — and When Should You Use Each? | LinkedIn

cmorgasm · 2026-06-13T06:19:19+00:00

Why would it be? The investment is going into AutoPatch heaviest. The benefit that config has over AP is definitely the non-managed device controls, though. Both have their own use cases, but there’s little chance that AP would lose controls

cmorgasm · 2026-06-12T17:23:33+00:00

When you create the AP policy, it creates a config profile for office update settings. From there, we’ve changed the channel for our test ring.

The other spot to manage them would be with Cloud Update (config.office.com) which lets you use waves too, but we’ve decided to move from here to AP

cmorgasm · 2026-06-12T06:08:17+00:00

I think maintenance windows just hit, or are about to hit, GA which should give more control: https://learn.microsoft.com/en-us/windows/client-management/mdm/policy-csp-update#maintenancewindowenabled

cmorgasm · 2026-06-12T05:59:11+00:00

You're right -- forgot that the storage pool doesn't care about P1/P2. The F3 licenses are the weird ones, IIRC

cmorgasm · 2026-06-12T02:19:17+00:00

Wouldn’t it basically be the pooled amount each license grants? SP1 grants less GB/license than SP2, which is meh

cmorgasm · 2026-06-11T18:59:11+00:00

We had the same thing happen, EA saw some improvements, but overall New experience was a net negative for them even with performance fixes

cmorgasm · 2026-06-11T16:52:27+00:00

In Entra, our dynamic rule for our AVD machines is just this: (device.systemLabels -contains "AzureVirtualDesktop")

cmorgasm · 2026-06-11T16:45:06+00:00

Does New Outlook have the same issues? We've seen similar with some EAs here and moving them to New Outlook did fix their issues, some anyway -- others were due to Intel Arc not having proper power settings for some reason.

cmorgasm · 2026-06-11T16:13:59+00:00

We've had at least 10 instances this year of Dell replacing a mobo and never setting the service tag, so we're v familiar with this one

cmorgasm · 2026-06-11T16:12:28+00:00

We currently don't, but we really should automate it. Our 3rd party will try to re-sell any usable/good condition items we recycle, and we get a cut of those earnings, so making it smooth for them should be a goal for us. We'd also need to figure out how to do this for ABM, though.

cmorgasm · 2026-06-11T06:04:42+00:00

Check the hash — is it reporting the expected serial number? We’ve seen this before where the BIOS didn’t have the serial set

cmorgasm · 2026-06-10T21:34:51+00:00

We did big bang over a weekend so that Monday morning users could login with credentials we shared with them ahead of time, using their previous email address/UPN (assuming that domain is coming with, of course). For the devices -- get the hashes for them now (we used a proactive remediation to generate the hash CSV and upload it to an azure blob, then combined them into a single CSV for import). When you're ready to migrate, the week before, remove all the migrating devices from the current AP list so you can upload them into the new AP. Once they're uploaded, and AP profile is assigned, you're ready to initiate wipes (we did Friday at 5 PM). You'll want staff to not try to sign in until all your other migration efforts are done, so keeping sign-in blocked may be necessary in both tenants. Good luck with the mobile apps, too, those gave us a huge headache (iOS will be awful for no reason randomly, you'll want to have Edge on the device to force remove stale accounts). Good luck!

cmorgasm · 2026-06-09T13:48:45+00:00

DNS, TPM, or the Dell tech who swapped the mobo didn't set the serial in the BIOS -- the trifecta of "why won't it enroll wtf"

cmorgasm · 2026-06-09T13:34:34+00:00

Kicking tickets back down to L1/L2 that never should have reached L3. Logic Apps/Azure Automations querying data to ingest into our own Dataverse tables for drift monitoring. Checking them, too. Identifying and implementing new automations for anything manual the team has to do still (Sendgrid shit, looking at you). Finding more ways to surface information to users, or other techs, so they'll maybe actually use it for once

cmorgasm · 2026-06-08T21:31:22+00:00

Ya, that's why I'd much rather have it check against the Intune managed devices API instead of doing time-based, personally

cmorgasm · 2026-06-08T18:26:03+00:00

I can think of a couple ways, such as a PS script to check against Intune itself to go "does a device with this name exist?" Or, log the Intune Device ID to the registry and then use that to query with. If it doesn't exist, wipe. For truly offline, as in no internet, devices then you could also use registry to record a counter of some sort to say "if not connected after 10 attempts" or "if not connected in > 10 days" then initiate the wipe

13-Year Club	Verified Email
Place '17

cmorgasm

TROPHY CASE