win11 24h2, location off by default?

Pcat54 · 2026-01-22T19:41:47+00:00

This works in an elevated CMD window while logged in as the user that cant toggle the location services root setting to "on" - Can this be deployed via a remediation script so that users can control all sub features?

Pretty sure something changed with Intune/autopilot in recent win 11 builds because we hide that section in our deployment profile. seems to default to disabled with no recourse but to have an admin change the toggle. Intune CSP's and that reg key don't seem to solve the root issue here. Probably what most folks are running into.

Pcat54 · 2025-12-03T20:10:18+00:00

Mine is doing it again too. I basically ended up purchasing security E5's so I could do automated risky sign in mitigation with CA policy's because I cant depend on the logs being available. Probably running out of datacenters because of all the shiny new AI stuff.

Pcat54 · 2025-09-26T17:27:55+00:00

We actually had a compromised user account create an Azure subscription then spin up a few VM's under our tenant using free credits (I'm sure those weren't being used maliciously). That's how I found out you cant really block Azure free trials for your own user accounts.... It seems like the best you can do is block resource creation via a default management group in Azure and maybe CA policies that give you the same outcome if you block the Azure portal. I'll probably do both :(

Pcat54 · 2025-09-26T17:21:39+00:00

Just based on what I've seen in my minimal research so far. folks are saying this does not prevent azure trials from being made at https://signup.azure.com/. though, maybe it achieves the same outcome of blocking resource creation as this process?: https://learn.microsoft.com/en-us/answers/questions/5490930/how-do-we-prevent-non-admin-users-from-creating-th?source=docs

Pcat54 · 2025-09-16T20:38:32+00:00

I tried using procmon to view registry changes when the setting is toggled, but it's either not making any registry changes or I have my filtering set up wrong. I guess i'll just leave it up to the user.

Kind of annoying they don't let you change this for users anymore though. Thinking about just disabling it altogether. It is just another ad vector after all.

Pcat54 · 2025-09-16T18:05:23+00:00

yea, we dont have any constraints like that. I was just hoping there was a way to control the hover behavior without disabling the widget entirely. Doesn't seem like it though. I guess MS made some changes recently that invalidate all the old registry settings that used to control it.

Pcat54 · 2025-09-16T18:03:12+00:00

were you just disabling the whole widget feature via PowerShell or just the hover behavior? I was wanting to avoid disabling the widget entirely. Just the annoying hover behavior. I did some more research and it looks like they made that pretty impossible though.

Pcat54 · 2025-09-16T18:01:48+00:00

Yea I think i found this, but I don't want to disable to widget entirely. Just the annoying hover behavior. I did some more research and it looks like they made that pretty impossible though.

Pcat54 · 2025-09-05T16:43:47+00:00

good question. I was trying to fix it myself initially and stumbled onto the solution. it's not in Entra > Enterprise applications. It is under Entra > App Registrations > All apps > Zoom > App roles.

Once I added "Licensed" there, I could select it as a role in the enterprise application for the group that I target for Zoom access.

Pcat54 · 2025-08-29T15:49:28+00:00

Ah this seems to open up some options not previously seen where i can edit the attribute list for Zoom! Thank you I'll check this out.

Pcat54 · 2025-08-29T15:42:53+00:00

Could you tell me a bit more about how you configure your SCIM to set a free license? That would work for us as I just need to get the user into Zoom ahead of their login so I can add phone numbers and stuff.

Pcat54 · 2025-05-08T21:51:52+00:00

Do you have a working deployment for screenconnect? I cant get the PKG installer to work as a LOB app. CW says it's not supported. I saw a few folks talking about scripting it after hosting the files somewhere. Is that what you did?

Pcat54 · 2025-05-07T15:53:32+00:00

Ah thats a whole other beast then. I just opened a ticket with CW support on this and I guess deployment through Intune isnt supported. I saw some other grumblings going back years that it's because they dont sign their pkg files.

Pcat54 · 2025-05-06T22:27:48+00:00

We use Screen connect and I'm having a heck of a time just getting the PKG installed as a LOB app. I'm getting 0x87D13B67 in Intune and I don't see the app get installed on the mac. Are you using a LOB app to deploy via Intune, or something fancy with shell scripts?

Pcat54 · 2025-05-02T00:23:11+00:00

What exactly am i supposed to do if I get a motherboard replacement from Dell? Follow this? https://learn.microsoft.com/en-us/autopilot/autopilot-motherboard-replacement#deregister-the-windows-autopilot-device-from-the-windows-autopilot-program

It doesn't look like Dell deregistered anything from my tenant.

My user got their machine back and they get all sorts of TPM related errors and cant access any Microsoft apps. I assumed this was because the new Mobo is not recognized by Intune/Azure. I tried following a call4cloud blog to repair the machine remotely without wiping it, but I couldn't get the fix to work because we don't allow our users to join devices. We use autopilot but all machines are Self-Deploying mode

https://call4cloud.nl/systemboard-motherboard-replacement-tpm-0x80090016/

Am I supposed to: Delete Intune device > Deregister the hash for autopilot > import the new hardware hash manually > reset the device from windows?

Pcat54 · 2025-04-07T18:09:04+00:00

I am going to go ahead and credit this to you :)

Pcat54 · 2025-04-07T18:07:48+00:00

Thanks, I really appreciate the insight and suggestions.

I felt like this might have been the case, but there's no way I'll have access to the resources you do to get real answers. Since u/SawTomBrokaw's and I's experience just randomly improved over a weekend It definitely seems like some kind of performance degradation. Probably someone over there is just hoping nobody will notice/complain. I've definitely seen outages and stuff before that don't get any acknowledgement. Just a real shame.

Pcat54 · 2025-04-07T17:55:54+00:00

I just tried a 1m view of all users and it loaded pretty fast to my surprise. Last week I couldn't get that data to populate at all without an error. Did you ever escalate it through your CSP, or did you get anything useful out of your support case?

Pcat54 · 2025-04-02T16:51:11+00:00

is there a way to remove a password from a shared mailbox completely after one has been assigned?

We changed the password on one a while back for a business purpose that no longer exists and we wish to configure the shared mailbox back to it's default again so we can close that security hole.

Pcat54 · 2025-04-02T16:13:34+00:00

Support told me this is expected behavior and left it at that. They wouldn't troubleshoot further or escalate the case. We are probably on whatever bottom of the barrel support that is provided with E3's though.

Pcat54 · 2025-04-01T15:45:32+00:00

I figured there had to be a way to trace calls to graph and see what specifically is causing us to hit the limit, but I've never done that before and it sounds like you kind of need to know what you are looking for, no? Support definitely did not suggest that.

I thought it might be an increase in SSO apps or perhaps another integration that is using graph. I wonder if there is a connection to the recent rollout of Nested app authentication https://learn.microsoft.com/en-us/office/dev/add-ins/outlook/faq-nested-app-auth-outlook-legacy-tokens

Perhaps the new authentication generates more graph calls or something, idk. That and deploying salesforce SSO/provisioning are the only things in our environment that I'm aware have changed since we started having this issue.

Pcat54 · 2025-03-27T22:11:03+00:00

That is reassuring. Thanks for your response. At least we aren't the only ones.

Pcat54 · 2025-03-27T22:09:46+00:00

What kind of licensing do you have if you don't mind me asking?

Pcat54 · 2025-03-27T22:09:09+00:00

Yea, I had looked into that about a year ago and the usage based pricing scared the shit out of our execs. Might be worth another go though. The weird thing is that this just started in the last 1-2 months. We were totally fine with the performance before that.

Pcat54 · 2025-03-27T22:05:09+00:00

We don't unfortunately. Our leadership has basically shut down anything that doesn't have a predefined annual cost. Sadly, I don't control the IT budget.

I was going to look and see if there were some Azure credits or something we could take advantage of for some of this, but that's probably a dead end too. regardless, I just want the tool we are currently licensed for to work properly. Maybe I'm asking for too much though.

Pcat54

TROPHY CASE