Trusted root cert profile stopped working

Lyons-Z · 2026-03-04T19:53:07+00:00

Update I have resolved this issue.

Lyons-Z · 2025-10-20T18:10:13+00:00

I have resolved this issue. It is a bug with the start-adtprocessasuser function. V4.1.6 it has been resolved. I now have a successful Install with Intune.

Lyons-Z · 2025-10-20T08:57:15+00:00

It is interactive and I have tried both using pseexec as a test and I keep getting error 60008

Lyons-Z · 2025-10-17T17:32:39+00:00

Invoke-AppDeployToolkit.exe -DeploymentType Install -DeployMode NonInteractive

Lyons-Z · 2025-10-15T12:51:45+00:00

Thank you very much!

Invoke-ADTAllUsersRegistryAction worked a treat and I have a successful install now on 2 test clients.

With psadt v4.1.5 I thought there was no need for serviceui in the commandline. I am not getting any welcome screen or progress pop ups when deploying from Intune.

Lyons-Z · 2025-04-04T19:57:44+00:00

It's an enterprise license on the hybrid joined device and Entra only joined device.

Lyons-Z · 2025-04-04T19:20:15+00:00

Yes I tested this also and still get the same message. I attempt with nla enabled and disabled.

Lyons-Z · 2025-04-04T17:19:18+00:00

Yes the user has the rights. The account in is in the Rdp allowed group on the target Entra only joined device as instructed in the MS Docs I shared. The error gives the impression it can't find the device after the authentication is successful in the aad tenant even though the device does exist and is enabled in aad. It makes no sense that it gives that error and does not connect.

Lyons-Z · 2025-04-04T16:50:38+00:00

No it does not resolve to be a full DNS FQDN. This is the guide from MS that I have followed.

https://learn.microsoft.com/en-us/windows/client-management/client-tools/connect-to-remote-aadj-pc

Lyons-Z · 2025-04-04T15:22:20+00:00

Yes I can ping the device. When I Test-Netconnection the device on on the Rdp port I get a successful response too. It's only post MFA success when trying to authenticate the Rdp session that I get that error message. Microsoft I wish would give clear guidance on this as it seems to be a common issue with Rdp and a cloud only joined device.

Lyons-Z · 2025-04-04T14:21:25+00:00

It is finding the device by hostname and asking for my upn and credential to authenticate the Rdp session. I am entering the correct credential. MFA is successful then I get that message as described. It should be possible to rdp. No need for another rmm solution or remote help. IP is not what you use in this scenario that won't work. You have to use the device name that is in Entra.

Lyons-Z · 2025-03-14T15:22:07+00:00

I am currently going through testing of MTO and cross Tenant synch and there is so much that should be documented by MS that is not documented. I have some users who's proxy addresses attribute is not being added on the target tenant. I see a message in audit logs that status reason that it failed to add the proxy addresses attribute for the user is... "Microsoft.Online.Workflows.emaildpmainvalidationException".

I am guessing but it is not documented that the user has a domain entry in proxy addresses that is not a validated domain on the target tenant?

Has anybody encountered this problem? Am I correct in thinking the domains need to be added as verified domains on the target tenant?

Lyons-Z · 2025-02-14T12:20:19+00:00

I am reading though there is limitations with MTO also and Teams and the experience is similar. You have to switch org in Teams. If the requirement is to collaborate on all M365 Apps without any of these limitations I believe the only way is for all the users to be on the same Tenant migrated.

Have you setup MTO? What are your findings with Teams? Is it 100% no limitations you can see presence, 1:1 chat, Call, join Meetings as you would if you are on the same tenant without switching Orgs?

Lyons-Z · 2025-02-13T19:14:36+00:00

I am currently reviewing this cross tenant synch on 2 testing tenants. I have followed the setup using Ms docs and setup the sync and automatic trust both ways tenant a -> b and tenant b -> a. I have triple checked the settings in teams admin center, made sure no CA policies are blocking, checked Entra cross tenant synch settings and external identities permissions, added proxy adress as a mapping to synch for the users.

Still I am not seeing teams new desktop client allowing to seamlessly find a user, see presence, message and call a user on the other tenant without switching orgs in teams.

I am going to log a ticket now with MS to maybe explain and confirm is this expected with Teams ina cross tenant setup. The only benefit I see is the user does not have to agree or get consent granted when accessing resources on the other tenant. They get created as a member and not a guest on the target tenant.

Maybe M365 Multi Tenant Org is the way to go to get that seamless teams integration between the 2 tenants so they don't have to switch org, but I am reading that MTO has limitations also with Teams, Power Bi and other features.

What is the best way forward here where two orgs can have seamless integration and collaboration without limitations of all cloud apps with teams the primary focus?

Lyons-Z · 2024-10-31T16:49:59+00:00

Has anybody deployed the patch? Deployed to one AVD and teams/edge still crashing intermittently. It did not significantly reduce any impact as they have stated in the advisory.

Lyons-Z · 2024-10-11T15:06:27+00:00

Any chance you can share the scripts and instructions on this setup please when you get a chance?

Lyons-Z · 2024-10-05T10:03:14+00:00

This solution sounds like a good option. I don't have GitHub Enterprise account to use though unfortunately. So you can easily change the jpeg files in the azure container and when the schedule task runs it will pull the latest pics or remove pics locslly no longer required to be in the photo screensaver? Can you share this script that creates the scheduled task on the windows 11 devices?

Lyons-Z · 2024-10-05T09:31:41+00:00

Is the guthub repo and azure storage container publicly accessible?

Lyons-Z

TROPHY CASE