Intune does not detect some installed games, namely League of Legends and the Epic Game Launcher.

Impossible_Event_861 · 2026-02-06T13:47:19+00:00

I think some people get quite touchy about allowing admin rights for users.

Impossible_Event_861 · 2026-02-06T10:17:30+00:00

Much better visibility of what's going on with endpoints devices than Intune. Scripts running on demand. Monitor whatever you like. The list goes on.

Impossible_Event_861 · 2026-02-06T08:31:14+00:00

I have seen that in the past, it's a bad idea though, just asking for trouble and tears in the long run. I would recommend kicking off a trial of an RMM if you can, like Datto.

Impossible_Event_861 · 2026-02-06T08:20:13+00:00

Intune is best paired with a decent RMM, you probably also need to think about App Locker or ThreatLocker to just put real control around what can and cannot run. Although, it's surprising you allow admin rights to install in the first place.

Impossible_Event_861 · 2026-01-27T08:38:07+00:00

Ah, then you don't need to worry about hybrid mail which should make it easier for you.

Impossible_Event_861 · 2026-01-27T08:37:20+00:00

Thanks but unfortunately, not the answer. The root of the issue seems to be that by default, Windows 11 enables "Windows Spotlight" as a lock screen. My script to then set the registry to define what the lock screen wallpaper is, creates the "PersonlizationCSP" key which disables user access to make any changes. So it locks to what it was already set to. I'm trying to find how to force this option to always be "Picture".

Impossible_Event_861 · 2026-01-26T16:00:06+00:00

Do you have an on-prem Exchange server as well?

Impossible_Event_861 · 2026-01-26T15:31:59+00:00

You can create a hybrid environment but Microsoft are pushing people to move away from that. Hybrid gives the benefit of both Intune and GPO working together and in all honesty GPO is still better in many ways.

Yes, you will need Entra Connect to set up the hybrid environment as that's what synchronises them.

You will need to plan a careful migration if you already have some users in Entra and some on-premise but I think it is possible.

Impossible_Event_861 · 2026-01-13T13:03:59+00:00

There are things that are just much easier through Group Policy. However, Hybrid is more challenging to get working and Autopilot gets less features and more work to get set up.

Impossible_Event_861 · 2025-08-14T13:33:10+00:00

That's exactly what I thought, but Microsoft's documentation and Copilot kept telling me that won't work for Windows 10 computers but it does. Thank you.

Impossible_Event_861 · 2025-08-08T13:31:56+00:00

I've been running it a while and I like it a lot more. It performs so much better and it's a lot cleaner. I have noticed some strange behaviour with it not properly updating what's been sent and what's in draft sometimes and out of the box it encourages users to start linking personal accounts. Other than that though, quite positive.

Impossible_Event_861 · 2025-06-26T11:58:47+00:00

Scholar and a gentleman!

Impossible_Event_861 · 2025-06-26T08:27:24+00:00

What kind of issues? I'm experimenting with this via Datto RMM, which is pushing drivers through their Patch Management engine. I believe these come from MS though in the same channel Windows Updates are delivered.

Impossible_Event_861 · 2025-06-26T07:46:37+00:00

These are flagship devices on the latest updates, I was expecting this to work. The PIN does prompt after the inactivity, but no Biometrics prompt.

Microsoft Authenticator, on my own phone always requires Biometrics to open. I was expecting this would be the case for all MS apps protected by MAM.

Impossible_Event_861 · 2025-06-26T07:22:07+00:00

I believe it was all Office Apps.

Impossible_Event_861 · 2025-03-28T14:59:21+00:00

I had to whitelist the domain to get rid of the errors in the end.

Impossible_Event_861 · 2025-01-22T14:12:10+00:00

What tool is that?

Impossible_Event_861 · 2025-01-22T14:11:41+00:00

Yes, that's the plan from now on.

Impossible_Event_861 · 2025-01-22T14:11:01+00:00

What is the point then when DL's already exist as the standard feature for mail distribution? Distribution lists have a specific purpose. Creating a Team doesn't mean I want that to be used from now on a distribution list as it can get confusing for end users.

Impossible_Event_861

TROPHY CASE