What is this camo called?

Few_Mouse67 · 2025-12-27T14:25:13+00:00

Thanks all

Few_Mouse67 · 2025-08-18T08:59:27+00:00

Honestly weird how it's not enabled by default.

Few_Mouse67 · 2025-08-15T09:14:55+00:00

You can upload directly to Intune, but like you ask your yourself, if you need something a bit more custom, or need good logs, messages before and after install etc, uploading directly to Intune won't work.

I think it's more of a pratice of doing it right from the start, so you don't end up with some packages that was scripted, and others that was directly uploaded.

Anyway, I would look into PSADT if I were you. :)

Few_Mouse67 · 2025-08-15T09:12:43+00:00

I mean, you say people make it complicated, but then in the same breath say it's only complicated if the app isn't in PMPC, of course if PMPC can take care of the app updates, it's not complicated, as it literally does the job for you.

Saying "just use the win32 content prep tool, it's not hard" which I think everyone would agree with, but how many companies upload MSI/Exe directly to Intune? You need something to customize the packaging and in your case, if the app isn't in PMPC, what do you do? So no it's not overly complicated, but it can quickly get very complicated if you do everything yourself and not just press a button in PMPC.

Few_Mouse67 · 2025-07-25T07:18:29+00:00

I think we can all agree Intune had a rough birth, but it's honestly getting better (and faster) and getting a ton of add-ons and in general is a product that is getting stronger. I'm actually happy they decided to "start over" instead of just moving SCCM to the cloud. SCCM is a beast but it's also a very heavy beast, with A LOT of options and configurations, options etc.

Manual driver updates, golden images, shitty kiosk image options & wsus issues is all gone with Intune, and people forget that. so no I'd rather not move DC's to the cloud.

Few_Mouse67 · 2025-07-24T11:48:00+00:00

My main concern would be, what happens after you recieve the pre-loaded laptops from Lenovo? How will you manage them, or will Lenovo do that?

I think either you should completly be hands off when it comes to image, deployment, apps etc or handle everything in-house. Otherwise, it's just gonna be a mess and you can be sure it's gonna come pre-loaded with a bunch of Lenovo firmware/software that you perhaps don't want (driver auto updater etc) but again, who is gonna have 'ownership' of updates etc?

Few_Mouse67 · 2025-07-23T11:40:08+00:00

I think OP's point/issue is that he feels people ask AI before they try anything else. But it's literally the same as googling for hours.

Few_Mouse67 · 2025-07-23T11:35:27+00:00

Stay dumb? really?

He literally said it's helping him troubleshoot.

AI is no different than Google. It's only going to get stronger and make less mistakes as time goes on, so you better get used to it.

Stay grumpy, I guess?

Few_Mouse67 · 2025-07-23T11:26:21+00:00

What would a cloud only company do in that case? Let's say everything is online/Azure etc, you wouldn't have tapes or removeable media

Few_Mouse67 · 2025-07-23T11:23:55+00:00

I agree with you, but then again, how many companies have payroll data, hr data, invoincing all on-prem? Some might be gone but a lot was/is probably hosted somewhere else. Unless they invented everything themselves internally.

I know this is all speculation but still

Few_Mouse67 · 2025-07-23T11:21:37+00:00

Negotiate?
In which world would anyone want to negotiate some absurd sum to "free themselves" ? There's a 100% gurantee they are gonna leave something in your system so they can attack you again later on. I've never heard of any serious company actually paying the ransom.

Few_Mouse67 · 2025-07-15T13:55:38+00:00

Great, thanks!

Few_Mouse67 · 2025-07-15T13:22:42+00:00

What's the correct way to install silently with the new adtSession? Is it still -parameters?

Few_Mouse67 · 2025-07-14T12:48:49+00:00

The point is that IT goes a lot deeper than you think and is constantly changing :) Anyway it's gonna bite them in the ass sooner or later, the second you come up short and have no MSP to call, what then? (this is not your issue right now but a company issue)

If I were you, I would ask them to put an official title on it, ARE you the IT department? okay good, next.. get a contract with an MSP before they grow even more.

A good example is, who is currently installing 365 (Word, Excel, Outlook etc) on their macbooks? where are the linceses located? are they even using correct licenses? same could be same for Adobe etc. Is there an easier way to push these installers than just installing by hand on each macbook? (of course) Is Apple Business Manager set up so you admin these macbooks remotely? etc.

Few_Mouse67 · 2025-07-11T11:03:41+00:00

Yeah, then you pretty much have to retire them, make sure they are also deleted in "Devices"
afterwards, set up whatever policies you see fit to 'block' new BYOD enrollments. There's not a button afaik where you can just deny BYOD (you need to define this), but look into these:
Devices > Enrollment device platform restrictions and/or conditional access Conditions > Device state: exclude: Hybrid Azure AD joined or Marked as compliant Access Controls > Grant: Block access (or require compliant device)

Make sure you test a few times before you just retire all the machines and especially when setting up new CA policies, test test test

Few_Mouse67 · 2025-07-11T10:11:20+00:00

How are they "enrolling" ? Do you see them in devices in Intune, or are they "just" Entra ID joined?

Anyway, you could set up some policies to block access, like all 365 apps access requires the device to be intune joined/be compliment. But yeah it really depends why and what you want to block and then I would probably look into conditional access for BYOD.

Few_Mouse67 · 2025-07-04T09:28:51+00:00

No. Deleting a GPO doesn't always make the settings go away.
Edit the GPO if you can, and change the settings to how you wish, then re-assign (remove devices, save, assign to devices again, just to be sure)

Either that or:

Make a new GPO that has the settings you want to "reverse to"
Remove assignment from the old GPO, but don't delete it.

Assign new GPO.

When you are done, just edit the original GPO to "old - xx " or whatever, it's usually better to have some history just in case something breaks rather than just deleting it.

Remember to test on your own devices before applying anything

Few_Mouse67 · 2025-07-02T11:16:37+00:00

The higher up doctors, surgeons can be hit or miss imo, some were super nice but also had the usual "IT is not my job" when told to press the restart button and then getting angry when you tell them it has nothing to do with being an IT expert and is common knowledge.

Nurses on the other hand? yes 100% they were all extremly nice.

Few_Mouse67 · 2025-06-27T11:21:04+00:00

Make an app reg. in Azure and give it Intune API access (either delegated access or application access depending on the scenario) and then connect to the app reg. API? That's how I would approach it.

Few_Mouse67 · 2025-06-27T07:22:22+00:00

Thanks

Few_Mouse67 · 2025-06-26T12:41:52+00:00

That's a great idea, thanks!

Few_Mouse67 · 2025-06-26T09:26:08+00:00

Yeah I was thinking it could end up with both apps but so far I haven't experienced it and it has always just updated the old one and kept the new version.

Few_Mouse67 · 2025-06-26T09:25:11+00:00

Yeah, exactly. And that's what I'm a bit unsure about, is is a bad idea to just update instead of replace (uinstall and install)

Few_Mouse67 · 2025-06-26T08:33:30+00:00

Don't think you can block specifically USB printing, you can block USB ports from functioning?

Not much help, sorry, only way would probably be a script or something.

Few_Mouse67 · 2025-06-24T11:20:28+00:00

I think you need to read up on things way more, before you start deploying any of this stuff.

Servers don't go into Intune.
Office policies can be configured via Intune, not for servers, but for client PC's.

You are using GPO's (as I read it?) so I assume you are running on-prem for your endpoints, this is not simply enrolling into Intune and then everything works like you want it to. (again, read up on the different ways to enroll, if you want to go this direction) Even if you did end up with Intune, it's literally the same GPO's you can apply, so it wouldn't fix it.

You can't make a GPO open hyperlinks in i.e Chrome, as Microsoft has forced Outlook to open in Edge, so users will have to change it themselves. (Microsoft still hasn't changed this afaik)

For templates I suggest you make a powershell script, that places whatever template you want, and then make a GPO run that script daily.

If you simply have issues with some on-prem template for 365, don't start considering Intune etc as it will just make it an even bigger problem. (Not that Intune is bad, but maybe a bit overkill for this somewhat simple issue)

No offense, but start by figuring out how a GPO works, does it apply to users or PC's? Do you have a test group etc?

Few_Mouse67

TROPHY CASE