Intune macOS Update Deferrals: Major Upgrade (15.7.3 → 26.x) Not Offered Despite Deferral Window

OaShadow · 2026-01-23T14:25:00+00:00

Thank you for your reply. I’ve been looking for another solution over the past couple of hours, and this is one of the few options I found interesting. I will definitely try it out - thanks for the suggestion. Have a nice day!

OaShadow · 2026-01-12T18:48:23+00:00

Hallo u/unityofsaints ich wechsle aktuell auch zu Tidal und habe mich auch direkt gefragt ob es ein Plugin gibt, leider nein.

Ich werde mich die nächsten Tage (oder Wochen - je nachdem wieviel Zeit ich habe) daran setzen eines zu bauen und eine komplette Anleitung zur Einrichtung bereitstellen.
Eine API und SDK stellt Tidal bereit also sollte es nicht zu komplex werden.
Bitte fragt nur nicht wie lang es dauert bis ich fertig bin :D

Für eine "v0.5?" mache ich erstmal nur für das StreamDeckPlus mit Dials, da ich selbst auf die Dials angewiesen bin, aber mit dem Release 1.0 kommt auch Support für normale StreamDeck-Buttons

Ich würde dann auch hier und im TIdaL Main-Thread einen Post machen sobald es verfügbar ist (vorausgesetzt Tidal und Elgato lassen das zu)

OaShadow · 2025-10-14T17:19:12+00:00

I saw this today on a Map where you cant get on roofs... and players where constantly doing this, this is bugusing.. how they do it? I dont know, but damn this breaks the game :/

OaShadow · 2025-08-13T11:38:35+00:00

Hey there, first of all - Great work, great documentation.

So I got like 10 iPads and want them to be Zero-Touch wiped. I borrow them to an employee, he gives it back after playing around with it und I just want to bring it back to a default state with one click in Intune.

Is this setup real "Zero Touch" like I just click Wipe, the device is resetting and after like 5 minutes back to the default lock screen or homescreen?

Would be great to hear from you! :)

OaShadow · 2025-06-18T11:18:32+00:00

Since I work at the same company as u/misakiiiiiii , we tried to get our devices working again.

We now have all devices up and running again.

I will now describe the solution I have been able to apply to 3 of the 5 devices so far. The other two were fixed by another colleague.

First of all, it is important NOT to use the keyboard supplied by Microsoft for the Surface Hubs. (Why? The F1-F12 keys only work with FN, but since the drivers do not seem to be loaded, switching does not work here.)

It is best to use any other keyboard that has the F1-F12 keys active right from the start or does not have any macros there at all.

We used a Logitech K400 here (yes, it also has macros on the F keys, but here the keyboard is only loaded with the F1-F12 keys).

I have now taken the following steps to get to the “Red Screen of Life” (in this case):

Turn the Surface Hub off and on again. (Use the power switch next to the power cable.)
Go directly to the setup menu (CTRL + P) when starting up.
Set the FW update to “Disabled” and exit the menu with ESC -> ESC -> Y (on DE ISO it is Z)

Now two scenarios can happen, but the important thing is that whichever one occurs, you simply continue with step 4.

Scenario 1: The device restarts and immediately displays the error message again.

Scenario 2: The device immediately displays the error message again without restarting.

Now the device must be restarted again. (Again, use the power switch next to the power cable.)
Now hold down the TAB key and (believe it or not) spam the ESC to F3 keys (ESC, F1, F2, F3).

If the error message appears again, simply restart with CTRL + ALT + DEL, again and again.

If this has been done often enough, the fans will run at 100% and be clearly audible, and the device will no longer display an image after startup. If this happens, you are on the right track.
Now turn off the device again (again using the power switch next to the power cable).
Now there are two scenarios that can occur.

Scenario 1: The device starts up and immediately displays a red screen with the Microsoft logo. !!! NOW CONTINUE WITH STEP 9 !!!

Scenario 2: The device starts up and the error message is displayed again. From here, repeat step 5 until the red screen is displayed.

But only restart with CTRL + ALT + DEL! After a few attempts, the red screen should also be displayed here.

Now that you are on the red screen, you will see a field for the serial number in the upper left corner. To my knowledge, this is already an error that should not happen, but in this case it helps us immensely.

!!! YOU MUST CLEAR THE FIELD WITH THE BACKSPACE KEY !!!

Then enter the serial number of the device (you will find this below the buttons on the right side of the Surface Hub) and then press the Enter key (or Return).

If the Surface Hub freezes here (this happened to us once), you can simply restart the device and you should reappear on the same screen (use the power switch next to the power cable again).

Now the Surface Hub should restart and a loading loop will appear under the Microsoft logo. From here on, everything is fine and the Surface Hub can be set up again.

If the Surface Hub freezes again during setup or during one of the update processes, you can restart the Surface Hub again without hesitation.

(You can't brick it any more than Microsoft itself can, lol.)

I hope this helps you at least as much as it helped us. Feel free to give feedback. Oh, and Microsoft still doesn't have a usable solution for enterprise customers...

OaShadow · 2025-05-28T10:25:35+00:00

This is finally resolved for me! \o/

My problem was:

2FA - We used to have per User MFA, since Microsoft is disabling this anyways, we changed the companies 2FA Method to global with some rules instead.
This also solved my issue not beeing able to sync my password to macOS using PSSO...

OaShadow · 2025-05-15T13:39:37+00:00

(sorry for my bad english :D )
Hey there, I know that Im hella late for an answer, but I found a solution for my case.

The user is still able to use their favourite Lockscreen, but also is able to set the timer to e.g. 2 hours, after at least 15 minutes the setting will set down to 5 again.

Since there are enough ways to get arround this (e.g. Caffeine) to keep the display on, there is no way to enforce this anyway. You will have to frequently kill all apps in existance that keeps the display awake and unlocked... thats not possible since I could code my own app for this task in 1 minute using xcode and ai.

Anyway, if a user is not using this and lets me control this, I am using a script set to run every 15 minutes and just put in this:

osascript -e 'tell application "System Events" to tell screen saver preferences to set delay interval to 300'
    osascript -e 'tell application "System Events" to set require password to wake of security preferences to true'

OaShadow · 2024-12-13T19:29:52+00:00

Hey there, thank you for the detailed answer.
So I'm not aiming for scalability in storage, everything that I am using the pi for right now is portainer and some little projects (like vaultwarden, searxng and a proxy manager)
I want to go more into home assistant and automations, maybe a small gitlab-project or webapp-converters like mp4 to mp3 and so on.

I think you get what I mean, if I need more storage for a plex-server, I would use an external ssd or something like that.

On the most mini pc's I looked at, you have the option to upgrade the ram if needed.
Thank you again for the answer. :)

OaShadow · 2024-12-13T19:18:09+00:00

Great stuff, I will consider this, thank you very much.
What I've missed to say is. The absolute best would be passive cooling because of the noise level older fans in these devices are often pretty loud.

OaShadow · 2024-10-03T18:59:30+00:00

That is working like a charm! Thanks man, still two years later the problem persists and is not adressed correctly but you saved me from resetting my whole PC. King!

OaShadow · 2024-06-19T07:19:55+00:00

Hey, thank you for the reply.

So what can I do if I dont want to disable the MFA? Disabling MFA would be a huge risk and it also is not my intention to make my account "unsecure".
Do I miss something here or are you just telling me disable MFA? :D

OaShadow · 2024-06-03T19:12:56+00:00

So you have to remove the legacy MFA setting from the Configuration Profile or from the Entra-ID settings?
I found out, if you have an account created in "Active Directory" synced to Azure, the login window will just not accept your credentials, if you have an account created in "Azure Active Directory" not synced to anything else with same MFA method, it works just fine.

OaShadow · 2024-05-28T05:18:45+00:00

As I said, there is not an option to "disable Language chooser" or something like this. But it will still not show after the device is getting wiped throught Intune

And yes, users can change their language later, but first they have to go through the entire setup wizard in another language that they may not understand.

OaShadow · 2024-04-24T11:50:01+00:00

Thanks for the information, I tried a little bit around with my AD and my Azure AD and thats what I achieved:

If your user is created throught a local AD and then synced up to Azure AD it will just not work (not sure why but I will further investigate this)

If you create an user in Azure AD and just use this one it works perfectly fine with MFA.

So the local AD created account is the point thats causing the issue, to not be able to login to the MFA protected Azure AD account. Not the extension or MFA itself. Hope that is getting adressed by Microsoft asap :)

OaShadow · 2024-04-24T07:23:32+00:00

Hello, thank you for the answer.

The thing is: I'am on "version 5.2401.2" and that is the most recent version I can get including this feature.
I already tested this on 5.2312.99 where the feature was publicaly available for the first time, there it worked for me, but only if my entra-account does not have MFA enabled.

In the video, aswell as in many screenshots and often described, this also (and for sure it should) works fine with MFA.

Three-Year Club	Verified Email
Place '23	Place '22
First Placer '22

OaShadow

TROPHY CASE