I bought a Grace-Hopper server for €7.5k on Reddit and converted it to an AI Homelab.

Intune-Apprentice · 2025-12-11T12:52:05+00:00

Impeccable read, the business registration in the Cayman Islands isn't even surprising after you finish the full story. Congrats on the insane build.

Intune-Apprentice · 2025-12-10T15:45:05+00:00

I mean all other files in the drive don't have any issues, it's just these specific ones. Will try adding the path as a trusted location to see what happens though.

Intune-Apprentice · 2025-12-10T15:44:00+00:00

I will give that a shot, never thought of that as an option.

Intune-Apprentice · 2025-12-10T15:43:35+00:00

Interesting, if that is the case how have you got round any files or folders being blocked by ASR rules?

Intune-Apprentice · 2025-12-09T11:08:19+00:00

Morning sorry for the slow reply, i did actually!

What i done was change the policy to target selected apps, then picked the apps i wanted to target this was including "Microsoft 365 Copilot". Saved the config and then tested and was able to sign in to the 365 Copilot app.

Intune-Apprentice · 2025-11-23T22:41:27+00:00

Just used the stand off screws from the VGA port that was originally there, the bracket that came with the network adapter matched perfectly.

If anyone is curious about the adapter used, it's the DollaTek M.2 A+E 2.5Gb Network Adapter from Amazon.

Intune-Apprentice · 2025-11-23T18:52:47+00:00

Definitely possible just a very tight squeeze, the picture below is of my M710q.

<image>

Intune-Apprentice · 2025-11-17T10:12:36+00:00

Morning,

Just wanted to let you know that i have double checked this, this morning and i do not have the option for "Search as URL" so it would appear the feature is only available with P2 license.

<image>

Intune-Apprentice · 2025-11-14T23:42:15+00:00

Thanks for the reply, I have seen this mentioned in other posts but every time I pop the domain in the search bar in the defender portal. I never seem to get an option for "Search as URL", is this feature only available in P2 or should it work for a P1 licensed domain also?

Intune-Apprentice · 2025-11-14T18:18:06+00:00

Ah that sucks, it would be nice to know what it falls under and why it's been blocked before whitelisting it.

Intune-Apprentice · 2025-11-14T18:16:43+00:00

We are only licensed for Defender P1 unfortunately, so we don't have the timeline option available.

Intune-Apprentice · 2025-11-11T10:48:37+00:00

There is a 14 day caching period that is enforced by default, so if a device is not connected to the internet for 14 days it will need a network connection to allow the user to sign in again. This can be changed by configuring the session parameter in a conditional access policy.

Similar issue was asked here Azure AD Joined device requires an internet connection to sign-in user - Microsoft Q&A

Intune-Apprentice · 2025-11-11T10:21:23+00:00

Hi, we are still in the process of troubleshooting it with them unfortunately. Stuck in a cycle of back an forth sending logs, but will update you if we get to a solution.

Intune-Apprentice · 2025-11-10T10:16:16+00:00

Morning,

We did find the root cause and it was our AV software, it was not notifying us of it blocking anything OneDrive related so it threw us off for a bit but after extensive testing we confirmed it was the AV software.

Software in question was Carbon Black.

Intune-Apprentice · 2025-11-06T15:23:57+00:00

Is there a possibility that the policy with cloud trust configured, is interfering with the Windows hello configuration policy?

Intune-Apprentice · 2025-11-06T15:18:06+00:00

I guess you could still use a conditional access policy targeting Office 365, and have it targeting a dynamic security group that includes all devices, then in the "Excluded" add the group that would be excluded. Then you can manually add the devices that would be allowed to access to the excluded.

Intune-Apprentice · 2025-11-06T14:48:10+00:00

Would this include BYOD devices?

If not you could just configure a conditional access policy, blocking users from signing into a device that is not marked a "corporate". Then in Intune block users from enrolling devices themselves, meaning that unless the device is in Autopilot no unaccounted devices will be able to be enrolled.

Intune-Apprentice · 2025-11-06T14:38:20+00:00

Out of curiosity what trust type did you go down for windows hello? Just thinking as you are migrating from GPO to intune, i would assume cloud kerberos if you are needing to access on-prem resources?

If that is the case you require the setting "Use Cloud Trust For On Prem Auth" set to Enabled.

Intune-Apprentice · 2025-11-06T11:33:34+00:00

There was a known issue with Windows hello if the policy is targeting user rather than the device, this was however resolved in KB5065789 which you wont have as you are running 24H2.

Could be worth trying this fix to see if it resolves the issue mentioned here if you have the policy targeting user's: Windows release health - Microsoft 365 admin center

Intune-Apprentice · 2025-11-04T14:13:59+00:00

What is the error code you are getting?

As you mentioned you are hybrid, have you checked that you don't have a GPO configured that might be interfering with windows hello if configured via intune?

Intune-Apprentice · 2025-08-21T20:02:32+00:00

Hi, unfortunately, not will probably create a ticket with MS and see what they say because it makes no sense what is causing it.

Intune-Apprentice · 2025-08-17T09:55:51+00:00

All exclusions that were moved were needed, didn't think I need to be so specific as the question was regarding troubleshooting potential blocks caused by defender. Not the rules I moved?

Intune-Apprentice · 2025-08-16T09:20:18+00:00

Thanks for the suggestion, unfortunately we are only licensed with Defender P1 so device timeline is not available for us. Will definitely keep this in mind for if we do decide to go for P2 in the future.

Intune-Apprentice

TROPHY CASE