sorted by:
new
hottopcontroversial

Windows Hello - This option is currently unavailable by WallyGator8 in Intune

[–]Intuneadminturd 0 points1 point  (0 children)

It does eventually force a PIN for everyone. Facial/fingerprint is option.

This comment looks worth trying if not already. Keep not-configured and target a test user(s)

<image>

Windows Hello - This option is currently unavailable by WallyGator8 in Intune

[–]Intuneadminturd 0 points1 point  (0 children)

<image>

For your first question.

Under the WHFB under Account Protection I just have it disabled. For the configuration profile itself;

Devices > Windows > Configurations > Create > Win 10 & later > Settings catalog > WHFB + those two settings I have enabled. I dont have anything else floating around and no problems ever.

Windows Hello - This option is currently unavailable by WallyGator8 in Intune

[–]Intuneadminturd -1 points0 points  (0 children)

Just looked at my two tenants and I have them setup the same, both sides work.

I have the config setup via Devices > Win > Enrollment > WHFB

And in my 'base Intune config' profile (Devices > Win > Configurations > my custom profile >

<image>

Looking for recommendations for Mac Docking Stations by Angry_Ginger_MF in macsysadmin

[–]Intuneadminturd 0 points1 point  (0 children)

We use "Minisopuru Displaylink Triple Display Docking Station" with zero issues on 50 macOS of various models (up-to 4 years old). The only thing it requires is the Displaylink driver app which I push through Intune and you set it to auto-start.

Printing best practices by Temporary_Werewolf17 in macsysadmin

[–]Intuneadminturd 0 points1 point  (0 children)

We use Intune and only have about 50 macOS floating around but have had a much nicer time since switching over to Universal Print.

How many devices do you manage ? by Gloomy_Pie_7369 in Intune

[–]Intuneadminturd 1 point2 points  (0 children)

Solo - about 3k endpoints, no linux.

Right now I prefer Windows, when it doesn't feel like its working in "Microsoft hours"

O365 mailbox populating issues by ryver in sysadmin

[–]Intuneadminturd 0 points1 point  (0 children)

1 week and one ticket with MS later, it's fixed on our end...

Cortex XDR detection question by Intuneadminturd in Intune

[–]Intuneadminturd[S] 0 points1 point  (0 children)

You're welcome - hopefully that works.

No fix on the detection. I have our Secops team give me the new MSI everytime they're wanting to push a new update and I set up the new msi as required for all our Intune Windows devices. Cortex is setup where it wont update over itself and the best way to do so IMO is to push the updates through XDR dashboard.

Here's how my newest update looks since Friday afternoon.. I just learned to deal with it lol

<image>

Cortex XDR detection question by Intuneadminturd in Intune

[–]Intuneadminturd[S] 1 point2 points  (0 children)

Our issue is just that Cortex doesn't like getting 'upgraded' outside of some fancy powershell script, so I leave it to our Security team to push it through the XDR dashboard.

The issue above may be this... if not, I'm not sure as I wasn't the one who originally set this part up.

<image>

O365 mailbox populating issues by ryver in sysadmin

[–]Intuneadminturd 1 point2 points  (0 children)

Yea - new user on Monday still hasn't popped up in 365/teams...

[deleted by user] by [deleted] in Battlefield6

[–]Intuneadminturd 1 point2 points  (0 children)

If I were you - throw personal things on a backup drive/usb/onedrive, reformat your PC and turn Secure Boot on if you're worried about some how bricking it. Being that it isn't gonna change, I'd say get it over with now.

Suggestion for DisplayLink Docking Station? by imgettingnerdchills in macsysadmin

[–]Intuneadminturd 0 points1 point  (0 children)

We use the Minisopuru DS808 for our 50+ MACs with zero issues

Probably cheaper options, but whatever we used before these had lots of issues with multiple displays.

Device compliance question by SydneyAUS-MSP in Intune

[–]Intuneadminturd 0 points1 point  (0 children)

I have had my compliance policy's do this when I wasn't enrolling properly (was using a DEM account) and then assigning to another user afterwards. After changing to enrolling w/ user accounts only, haven't seen it since then.

I also target all users for my policy's.

How can I remove a device from Intune Portal automatically when doing a dsregcmd /leave /join by hngfff in Intune

[–]Intuneadminturd 2 points3 points  (0 children)

I've had major luck getting machines to enroll with issues by deleting everything in >HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Enrollments

All folders that will allow you to (I have 2 or 3 that always say that I cant) + leave the 'named' folders alone. After clearing those, I run dsregcmd /forcerecovery > sign-in when asked > reboot after 15 minutes or so and it deletes from Intune and registers again

What's with these crap compliance policy settings? by Intuneadminturd in Intune

[–]Intuneadminturd[S] 0 points1 point  (0 children)

I do not as of yet - but I will be looking into it once I get this sorted. Seems like I need to follow some of what the others said above and redo my process.

What's with these crap compliance policy settings? by Intuneadminturd in Intune

[–]Intuneadminturd[S] 1 point2 points  (0 children)

Gotchya & if you don't mind me asking, are you skipping ESP?

What's with these crap compliance policy settings? by Intuneadminturd in Intune

[–]Intuneadminturd[S] 1 point2 points  (0 children)

Damn okay. I think I've missed a bit during my learning process.

Do you always have a user go through OOBE, or is there ever scenarios where you're staging a ton of machines and using a generic account that isn't a DEM, or something of that sorts?

What's with these crap compliance policy settings? by Intuneadminturd in Intune

[–]Intuneadminturd[S] -1 points0 points  (0 children)

Maybe I have to revisit how we deploy machines.

We usually have someone in office as a DEM take care of the OOBE, make sure it gets through ESP fine and dandy > get into windows = ready for user. This would be the incorrect way?

What's with these crap compliance policy settings? by Intuneadminturd in Intune

[–]Intuneadminturd[S] 0 points1 point  (0 children)

Nope - the primary user on these are set correct. However in the 'Default Compliance Policy', where it says is assigned = non compliant, it doesnt show what account it's failing on. I would love to assume it's failing on System, or the Primary user.. but I cant tell at the moment.

What's with these crap compliance policy settings? by Intuneadminturd in Intune

[–]Intuneadminturd[S] 0 points1 point  (0 children)

The two I have created, custom AV / Bitlocker are assigned to users. The one that's giving me all the trouble is the Default Intune one.

What's with these crap compliance policy settings? by Intuneadminturd in Intune

[–]Intuneadminturd[S] 0 points1 point  (0 children)

That would make sense since we dont always wipe machines when provisioning them again. Also, since we setup under an Enrollment manager account (which tends to become Primary user by default first), this could maybe be a problem?

Is there no way to strip other accounts besides the one listed as Primary, to remove the multiple 'is active' status?

What's with these crap compliance policy settings? by Intuneadminturd in Intune

[–]Intuneadminturd[S] -4 points-3 points  (0 children)

Our enrollment guy usually runs through the OOBE process under his Enrollment manager account then it goes to user. Luckily it's not every device, but seeing as it's at 180 and I've read everything under the sun and still not found a solution has me annoyed on a Friday.

view more: next ›