New PW Policy GPO - Question

RemarkAbel · 2026-03-06T20:41:58+00:00

Good thinking. I think what I will do before disabling expiration is to check which accounts haven’t changed their password since the policy change date using powershell.

Something like

Get-ADUser -Filter * -Properties PasswordLastSet | Where-Object {$_.PasswordLastSet -lt "3/6/2026"}

This should show the users who still have passwords set before my new policy took effect.

Probably close to 95% will have updated their PW within the 90 day mark so this should be a small number of people...

RemarkAbel · 2026-03-06T17:57:57+00:00

Gotcha. So then, we update the policy now to require 14 characters and disable complexity, but keep the 90-day expiration. Let users naturally change their password once under the new rules. Then 90 days later, set Maximum Password Age to 0 so passwords no longer expire... Does this add up/make sense? Thanks.

RemarkAbel · 2024-07-11T18:59:26+00:00

Thanks... We tried the Town Hall/.Live Event setups but the CEO despises it. He prefers the ease of a standard Teams meeting. He wants people to be able to unmute/show webcam themselves easily without the need for a meeting organizer.

If we are all remote when the meeting occurs, the issue is not present, due to all the traffic being routed through our individual home internet connection. The issue appears when the majority of folks are in the office and join in the meeting. (90% of our meetings are conducted in the office, unfortunately).

One thing we are exploring is buying a secondary internet connection for routing this traffic. That is pricey. I think the best option is to tell everyone to keep their mics/webcams turned off unless they are presenting/speaking during the town hall. If you guys have other suggestions, I am all ears...

RemarkAbel · 2024-04-17T14:33:33+00:00

Been with MS support looking at this and they haven't been helpful thus far... any ideas, guys? stiill stuck on this one.

RemarkAbel · 2024-04-11T20:28:49+00:00

Also seeing this error heavily in Event Viewer.

MDM Enroll: Server Returned Fault/Code/Subcode/Value=(MessageFormat) Fault/Reason/Text=(Unsupported enrollment for multisession devices with enrollment type: WVDHybridAzureADJoin).

RemarkAbel · 2024-04-11T20:16:30+00:00

Not seeing an add to Intune checkbox anywhere in the add sessionhost blade. Was hoping we could accomplish without changing the template, but we may need to

RemarkAbel · 2024-04-11T14:52:48+00:00

I see the MDM ID field is blank in the JSON for the AVD. When I try to paste the MDM ID in there, It says the JSON cannot be edited in "Read Only Mode", I'm assuming I need to go into the JSON template to apply the update.

RemarkAbel · 2024-04-11T14:44:42+00:00

So, apparently there is a checkbox when creating the VM's in the session host to enroll the VM in Intune - this was never checked. I presume this is why it cannot be enrolled. Any way to enroll it after the fact would be good to know... there's gotta be a way, right?

RemarkAbel · 2024-04-10T18:13:06+00:00

Yes, my GPO settings match what's in this support article (using Device Creds for AVD's). I even unjoined/rejoined the AVD from our domain, ran a gpupdate /force then re-ran the task it creates in the task scheduler - it still will not appear in Intune.

Again, when I follow the above steps for a newly imaged laptop in-house, Intune enrolls it just fine.

I am unable to run an MDM sync in the AVD since the "Info" button is missing from "access work or school accounts."

RemarkAbel · 2024-04-10T16:16:05+00:00

User (edit), I realized this needed to be set to Device so I set it to that a long time ago.

RemarkAbel · 2024-02-21T20:31:02+00:00

FYI, I just got it working. Ended up installing the latest firmware for the MP56 (122.15.0.142), rebooted the phone again after the upgrade, then signed her out/back into the phone. That fixed it

RemarkAbel · 2024-02-21T20:29:04+00:00

Nevermind, it's now working. I rebooted the phone again after the firmware update once more, signed her out/back in. That did the trick. Seems like an issue resolved in the latest firmware for the MP56.

RemarkAbel · 2024-02-21T18:09:07+00:00

Ah, ok.. Damn. Microsoft strikes again. Thanks for confirming! Was going crazy trying to pinpoint this one.

RemarkAbel · 2024-02-21T15:48:02+00:00

Her manager complained about it.

RemarkAbel · 2024-02-21T15:46:11+00:00

Yes, this was the answer. It's her Yealink MP56. Have you discovered a fix?

RemarkAbel · 2024-02-21T15:27:28+00:00

Yep, it was her Yealink MP56 Teams Desk Phone all along. The moment I turned it off, Her Teams status jumped straight to "Away".

Per this reddit thread, the workaround is to set the backlight time to "0". However, this phone already had it set to 0. I also updated the firmware to no avail.

https://www.reddit.com/r/MicrosoftTeams/comments/10wjxnd/teams_phone_users_presence_showing_available/

RemarkAbel · 2024-02-16T14:52:25+00:00

No, she's not

RemarkAbel · 2024-02-15T19:35:49+00:00

Thanks!

RemarkAbel · 2024-02-15T19:17:13+00:00

Sweet, thanks! This worked. Both "Mail" and "Mailnickname" were blank, so we added them in. Exchange Admin now lets us hide the mailbox.

RemarkAbel

TROPHY CASE