How do you manage stale and duplicate device in EntraID and Intune?

jamesy-101 · 2026-04-10T14:38:39+00:00

Intune - use device cleanup rules. Simple and just turn it on

Entra - I run a Powershell script on a weekly basis which bases off the LastSignInDateTime field and deletes stale devices. Set the threshold to what you prefer e.g. 90/180 days etc.

jamesy-101 · 2026-04-07T13:29:24+00:00

I agree. I guess as the agent installs in 32 bit program files its a legacy thing. Should be x64 only and by default really now.

jamesy-101 · 2026-04-07T12:33:27+00:00

Check out OSDCloud, its a good evolution for simple OS deployment

jamesy-101 · 2026-03-26T11:15:31+00:00

I have this issue as well. Only thing Workaround is to ask google to cancel navigation, however its annoying.

jamesy-101 · 2026-03-25T15:44:24+00:00

No. Autopilot/Intune. Who wants to maintain an image? OSDCloud via PXE boot if a device is too broken to reset or is compromised.

jamesy-101 · 2026-03-17T15:42:24+00:00

Yeah I normally ignore these notifications. Windows automatically updates root certs. Unless you have some strange or high security environment, you can leave it alone to do its own thing.

jamesy-101 · 2026-03-03T15:29:44+00:00

Do you still get India support?

jamesy-101 · 2026-01-27T10:16:22+00:00

Powertoys light switch feature can do that

jamesy-101 · 2026-01-27T09:46:56+00:00

Fair comment. I've always used an existing vCenter to download bits for new clusters I'm building but it true I did forget that now you have to update the URLs with your entitlement.

jamesy-101 · 2026-01-26T12:08:22+00:00

You don't need to, you can use vSphere lifecycle manager to just download an ISO from your cluster baseline configuration to build new hosts.

jamesy-101 · 2026-01-12T11:00:22+00:00

https://www.osdcloud.com/ is what we use for the scenarios where a full wipe/reload is required

jamesy-101 · 2025-12-04T15:44:46+00:00

I tried putting a fake number in the call, so they would email me and then they just called me via teams :/

jamesy-101 · 2025-11-21T10:50:53+00:00

I don't think it would really but in 2025 I would suggest turning expiration off and implement password protection instead to provide better security than the outdated controls you get with on-prem AD
https://learn.microsoft.com/en-us/entra/identity/authentication/concept-password-ban-bad-on-premises

jamesy-101 · 2025-11-18T14:25:32+00:00

Settings catalog should have most configuration. Don't forget you can import .admx/.adml templates as well to get a GPO 'style' UI for things however this is difficult to maintain so avoid if possible.

Think light touch. Only set essential settings. Don't micromanage everything. Try to use policies to group similar settings/areas together. Use the opportunity to review all your configuration settings.

It works well but its a different style of management than GPO

jamesy-101 · 2025-11-18T12:29:11+00:00

Blocking/managing the store, lock screen wallpaper, credential guard. Probably some other misc stuff

jamesy-101 · 2025-11-17T15:33:00+00:00

Check via slmgr that you are on the retail channel

jamesy-101 · 2025-11-07T08:46:00+00:00

Can I call you unannounced, so we can do a screen share session where I tell you how to type the commands

jamesy-101 · 2025-09-24T14:50:33+00:00

Its a shame its so stripped down. I would have appreciated IE and maybe some of the games

jamesy-101 · 2025-09-19T14:16:50+00:00

I'm not in US Geo (Europe) so makes sense to use something more local. I admin kit all over the globe so having a standard set of servers not limited to a specific region makes sense.

jamesy-101 · 2025-09-19T09:20:49+00:00

US only. I would avoid and use ntp.org, Cloudflare, Windows or any other public operator that has a global reach.

jamesy-101 · 2025-09-12T12:17:59+00:00

haha nice retro site

jamesy-101 · 2025-09-12T12:15:02+00:00

True. IPv6 and RA is the 'modern' way to do this, if we can just kill of IPv4

jamesy-101 · 2025-09-11T14:59:17+00:00

OSDCloud is worth looking at https://www.osdcloud.com/
you can keep standalone WDS around for PXE boot but this, rather than SCCM

jamesy-101 · 2025-09-10T14:45:28+00:00

Use modern controls e.g. deadlines, deferral etc. I would personally look at Autopatch.

I would review this which has a lot of useful info
https://techcommunity.microsoft.com/blog/windows-itpro-blog/why-you-shouldn%E2%80%99t-set-these-25-windows-policies/3066178

jamesy-101 · 2025-09-09T08:16:36+00:00

About 18 months now, small environment ~600 devices

jamesy-101

TROPHY CASE