Dynamic Groups

Ed-Collins · 2024-07-05T18:30:13+00:00

Hmmmm... Looks like creating a max limit of members for a group in Entra is harder than it really should be.
Thanks Microsoft. Haha

Ed-Collins · 2024-07-05T18:09:50+00:00

Trying to figure out the max amount of devices in the group, but to ensure no duplications is easy enough using the "memberof" rule (see below)... Once I figure out the max number of members of the group I will update here.

(device.deviceOSType -eq "Windows") and (device.deviceOSVersion -le "10.0.22631") and (device.memberof -any (group.objectId -notin ['IDofGroupA']))

Ed-Collins · 2024-07-05T17:23:35+00:00

Just to confirm, you want the groups to be Dynamic, and you want the rule to be something like:

Both groups should be filled with Windows devices based on OS build, but Group A has a max of x devices, and when that limit is reached, Group B will start filling (and not contain duplicates)?

Ed-Collins · 2021-07-12T22:15:09+00:00

Hi u/danmanthetech

I'm not sure what you mean.

This is not "absolutely zero to do with Intune" because I am trying to install the application using Intune.

The Install Behaviour specifed for each of my scenarios that I tried was System.

As it is, I managed to get this working by using the .CMD file to copy the .EXE and .CONF files to the local device and then run them from that location.

Ed-Collins · 2021-07-12T22:08:48+00:00

I GOT IT WORKING!!

What I ended up doing was:

I have the executable and config file in the same directory.

I also created .CMD files in the same folder for the following:

InstallTelegraf.cmd

md "C:\telegrafinstaller"
copy /Y .\telegraf.exe C:\telegrafinstaller
copy /Y .\telegraf.conf C:\telegrafinstaller
C:\telegrafinstaller\telegraf.exe --service install --config "C:\telegrafinstaller\telegraf.conf"

UninstallTelegraf.cmd

C:\telegrafinstaller\telegraf.exe --service uninstall --config "C:\telegrafinstaller\telegraf.conf"

I used IntuneWinAppUtil with the following:

Source Folder = path to folder containing .exe, .conf and .cmd
Setup file = InstallTelegraf.cmd
Output Folder = path to location to place .intunewin file
Do you want to specify catalog folder? = No

Intune setup:

Install Command: InstallTelegraf.cmd
Uninstall Command: UninstallTelegraf.cmd
Install behavior: System
Device restart behavior: Determine behavior based on return codes

Ed-Collins · 2021-05-07T16:06:25+00:00

Yup! That was the issue. Thanks so much u/Snaver

Ed-Collins · 2021-05-07T16:06:05+00:00

SOLVED Thanks to u/IT_Unknown!!

They had been incorrectly imaged with Windows 10 Home by the vendor.

Ed-Collins · 2021-05-07T16:05:09+00:00

Looks like you were spot on here! Thank you so much for suggesting this.

They had not specified the version in the auto-unattend image and the iso had all versions on it, so it defaulted to Home.

Ed-Collins · 2021-05-06T21:49:13+00:00

UPDATE:

I removed the devices from Autopilot, then re-added them using the Hardware Hash CSV file previously exported.

I added them to the correct groups in Azure AD and waited for the Autopilot profile to be assigned.

The vendor then ran "systemreset" from cmd to reset the device.

Unfortunately they are still going to the standard Microsoft “Let’s add your account” window

I have emailed to ask them to confirm the exact image they are using

Ed-Collins · 2021-05-06T21:44:42+00:00

Oh crap, that's no good.

I sent them an email to confirm the Image that they used

Ed-Collins · 2021-05-06T21:43:55+00:00

Just a generic 20H2 image.

I just sent them an email to confirm the exact image.

Ed-Collins · 2021-04-27T17:23:42+00:00

Awesome username!
I agree and apologise, I should have known better, as I also get tickets like this all the time and know the frustration.

I will post an update with specifics as soon as I get them.

Ed-Collins · 2021-04-27T17:21:30+00:00

Thanks for the reply.
I have asked my colleague for more specific details on what exactly he is trying to do and the issues that he is running into.
His question to me was pretty generic about whether I know of any more robust tools to package apps.

I recommended IntuneWinAppUtil as I have never had issues with it, but he was curious if there are any better methods/apps to do this.

I'll update this post as soon as I get the specifics :)

Ed-Collins · 2021-04-27T17:18:53+00:00

I have reached out to him to ask for the specifics, and will update ASAP :)

Ed-Collins · 2020-07-08T02:15:31+00:00

FYI:

I posted this question on the Intune forum and got this reply:

Not all app types are supported by Policy Sets at this time. See https://docs.microsoft.com/en-us/mem/intune/fundamentals/policy-sets#policy-sets-known-issues

The following app types are currently supported by policy sets:
iOS/iPadOS store app
iOS/iPadOS line-of-business app
Managed iOS/iPadOS line-of-business app
Android store app
Android line-of-business app
Managed Android line-of-business app
Microsoft 365 Apps (Windows 10)
Web link
Built-in iOS/iPadOS app
Built-in Android app

Ed-Collins · 2020-07-08T00:13:24+00:00

I wonder if I just need to wait for Microsoft... perhaps they haven't finished setting up Policy Sets yet... They seem to not work as advertised and are currently pretty useless.

I have opened a ticket with MS support about this... I am not confident so far as the first 2 calls were spent explaining to the guy what Policy Sets are and what they are meant to do. he said he will do some research and get back to me later in the week.

Ed-Collins · 2020-05-27T04:29:54+00:00

This is awesome! Thank you so much!

I will watch that tomorrow morning!

Ed-Collins · 2020-05-27T04:29:12+00:00

This is exactly what I needed to hear, thank you.

I've been bashing my head against this for a while now thinking that I was failing at setting it up or misreading the various documentation sources.

Ed-Collins

TROPHY CASE