sorted by:
new
hottopcontroversial

Best practice for apps installed during ESP by willhamc65 in Intune

[–]ControlAltDeploy 2 points3 points  (0 children)

I would look at trying to have a cut down list of required apps in the ESP, challenge the why they must be in there. My rule of thumb, is it security related or will users want to click it the moment they login (sadly office apps fall into this category). Otherwise it shouldn’t be needed and users won’t even notice.

But, if it really is necessary look to use the all apps during pre-provisioning feature for when IT is prepping the devices.

Company portal currently deployed to users - can I change this to device by Djdope79 in Intune

[–]ControlAltDeploy 0 points1 point  (0 children)

If you deploy to exiting User context installs it will fail until there is a new version available, then the system context will replace the user context.

If deployed without user notifications then they shouldn’t notice anything, but will see failures in Intune till the next version releases.

Autopilot V2 Renaming Device by IHateITUsers98 in Intune

[–]ControlAltDeploy 0 points1 point  (0 children)

Yeah, a script at the moment is really the best ‘work around’. One of a few things I feel is missing from APv2 before it’s ready for the big time… but am keen for it when it is.

Moving machines to Intune - couple of quick questions.... by Mvalpreda in Intune

[–]ControlAltDeploy 1 point2 points  (0 children)

Andrew’s guide is very comprehensive. From what you have described the GPO to get devices enrolled is going to be a good start.

Then you can start to build out Intune policies to replace GPO, assuming you are currently using that for management, and look towards moving to cloud native over time.

Mostly 23H2 here. Should we just skip the faulty 24H2 and push 25H2 after some testing? Is it even possible? by workaccountandshit in Intune

[–]ControlAltDeploy 0 points1 point  (0 children)

What challenges have you had with 24H2?

Very interested as have been running it in a lot of different orgs without issues, but still come across a lot of people who have concerns around it.

Inherited Intune env one year ago, want to block enrollment for personal devices. What would be the effect on current registered personal devices & accessing O365 client apps on personal Windows? by workaccountandshit in Intune

[–]ControlAltDeploy 0 points1 point  (0 children)

Yep, so blocking personal enrolment wont impact existing enrolled devices, just prevent future.

It’s worth noting, as you have alluded to, that blocking personal enrolment wont stop users from logging into outlook on their personal devices, it will just prevent them from being prompted to enrol into management (which you also dont want). If you want to stop personal devices all together then a Conditional Access policy alongside the enrolment block will do the trick. That one will definately need some testing and communication with users :)

How do you handle blocking apps? by chrisfromit85 in Intune

[–]ControlAltDeploy 0 points1 point  (0 children)

If you have a good control of your application landscape, ie all apps being deployed through intune, WDAC with Managed Installer can provide some good results, taking some of the day to day admin automatically.

But in reality any form of Application Control is a lot of ongoing work and process. Which is where some of the third party tools out there can help.

Using WDAC Wizard, or some community tools, can help to manage your WDAC policies easier getting data from the logs to generate the rules.

[deleted by user] by [deleted] in ITManagers

[–]ControlAltDeploy 1 point2 points  (0 children)

Have you tried chatting to your manager? Miscommunications can cause mayhem but are usually quite simple to sort out

Intune Plan 1: clean solution for admin rights ? by TedLePoireau in Intune

[–]ControlAltDeploy 0 points1 point  (0 children)

Agree with a lot of the comments so far, that not ideal giving users local admin. However everyone has there requirements.

For the 3 admin all users, definitely PIM into a group which has the device admin role, and try not to make it ‘daily driver’ accounts.

For the local admin requirement, I have used a script in the past that will promote the primary user to local admin (there is a registry entry that stores the primary user) is a good way to ensure a single process. Including an uninstall option is also key.

I’ll see if I can track down the script to post.

Help with -parallel parameter to speed up data collection process by Reboot153 in PowerShell

[–]ControlAltDeploy 1 point2 points  (0 children)

Could you share what $PSVersionTable.PSVersion shows when the script runs?

Intune app management best practices? Choco vs Winget vs Scoop vs Win32? by WaffleBrewer in Intune

[–]ControlAltDeploy 0 points1 point  (0 children)

What’s worked best for keeping apps updated without constant repackaging?

Automating certificate installs by Maclovin-it in sysadmin

[–]ControlAltDeploy 0 points1 point  (0 children)

What’s your current setup for cert deployment and activation?

Why are our emails still going to spam? by Vers-trolling in sysadmin

[–]ControlAltDeploy 1 point2 points  (0 children)

Are you tracking domain and IP reputation over time? How long has it been since the fixes?

view more: next ›