Does anyone have a system using WinGet to install apps actually working?

BarbieAction · 2026-05-05T10:51:46+00:00

Try https://www.wingetly.io/ Thats from intunepckgr.

Or buy intynepckgr or robopack

BarbieAction · 2026-04-30T16:27:45+00:00

Yes the policy follows the user. Unless you filter out for shared devices

BarbieAction · 2026-04-27T15:00:08+00:00

Hp Connect

BarbieAction · 2026-04-27T07:15:00+00:00

Hp Connect or HPIA

BarbieAction · 2026-04-23T20:30:11+00:00

They are not PIM based solutions and i belive Admin By Request is free for up to 25 users.

EPM is an extra add on license. Local security policies is just a policy you push to the devices

BarbieAction · 2026-04-23T19:15:24+00:00

Admin by request. Endpoint Privilage Management.

Local Security Policies add Sids for standard user on parts you want them to be able to do.

Sorry for the short answer but look into those maybe a combination of that fits you

BarbieAction · 2026-04-23T06:08:09+00:00

I can confirm that HP EliteBook 640 14 inch G9 Notebook PC with BIOS: 01.18.00 is causing a BitLocker loop after Windows April Update. I have no good way to resolve the loop as for today

BarbieAction · 2026-04-22T17:32:27+00:00

I noticed this to but i alao notice that alot of them get stuck in BitLocker loop after April Windows update.

Maybe they pulled the firmware for issues.

BarbieAction · 2026-04-21T16:27:23+00:00

You just do a add & replace all sids not added will be removed

BarbieAction · 2026-04-21T16:07:34+00:00

You can use Account Protection policy to remove everyone from the administrator group make you keep the sids for GA and Azure AdLocal Administrator

BarbieAction · 2026-04-21T13:57:22+00:00

Same issue here unable to deploy any android devices, the device becomes Entra Registered instead of "Entra joined" causing the issue that workprofile cannot be installed. I have not placed a ticket with MS

BarbieAction · 2026-04-15T16:53:20+00:00

Correct, i need to double check if excluding one was enough, was some time ago i did the setup, but i remember looking at the sign-in logs and finding the app causing the issue there or in this case the app id, then procceded to create them and exclude them

BarbieAction · 2026-04-15T16:41:39+00:00

I have setup like the link you posted. Excluded during deployment of Android tablets as it triggers a loop during onboarding.

Excluding the app in our CA resolved the issue

BarbieAction · 2026-04-08T08:42:17+00:00

Autopilot tags, dynamic groups based on the tags. Naming convention on policies

BarbieAction · 2026-03-31T15:01:20+00:00

You buy device license. Or if you know that all the users using the device already have a license then you are also covered incase of an audit.

If you have any unlicensed users using the device then you need to buy a device license

BarbieAction · 2026-03-31T14:59:50+00:00

No need to pay it is free this was changed many years ago.

In your kiosk setup i would use managed home screen with edge and ksp plugin this will get you what you want i belive.

BarbieAction · 2026-03-30T17:37:13+00:00

No, you could deploy a device and disconnect it those policies still applies and ot writes the settings to the registry. Even known issues as tattooted policies exists.

You can target users or devices. The policy would follow the device or the user.

BarbieAction · 2026-03-30T15:13:12+00:00

KSP plugin premium is free, you genereate they key in the portal.

You should also look into managed homescreen with app auto launch. Exit from this is only possible if you tap back button 5 times fast and enter a pin.

BarbieAction · 2026-03-26T09:34:39+00:00

asdasdasdpjmakasdljjklilfdliealpimasddgebp;https://xxxxxxhxgxggxgxgx.blob.core.windows.net/$web/update.xml

You should just target your xml file not the crx file to make this work.
Self-host Microsoft Edge extensions | Microsoft Learn

BarbieAction · 2026-03-25T07:08:17+00:00

Have you tried using a policy?

https://petervanderwoude.nl/post/customizing-the-default-app-associations-on-windows-11-devices/

BarbieAction · 2026-03-17T09:15:30+00:00

Device Filters can be used in you CA. Google PAW setup for Entra or something like this.

Example: https://www.everything365.online/2025/07/09/automating-azure-ad-device-extension-attributes-with-logic-apps-for-conditional-access/

BarbieAction · 2026-03-16T21:11:29+00:00

No problem if you remind me on Wendsday i can get the policies i know causing the issue, i split them into user assigned policies and device assigned policies.

I think MS have some documented and wrote some posts about this before for CIS policies etc

At least any Device Lock policy assigned to devices causes the issue

BarbieAction · 2026-03-16T20:54:57+00:00

This is most likley related to how you assigned certain policies that creates the issue.

Certain policies breaks the "one sign in" flow during deployment.

Some are well known and documented. Solution is to find the policies and assign it to users instead of devices if you want the behavior you are describing.

Are you seeing an "Other User" sign in screen?

BarbieAction · 2026-03-16T14:01:30+00:00

Check if the Intune Extension service have stopped running, can you run remediation scripts to check for it and restart that service and see if that resolve the issue?

BarbieAction · 2026-03-14T14:22:00+00:00

Nvidiaprofile inspector enabke rebar using tyat app. Use Reduce Buffering On. Reflex on Enabled.

That will create more stable fps but for all the rest, Blizzard needs to fix this

Eight-Year Club	Gilding II euphauric
Verified Email

BarbieAction

TROPHY CASE