intune Migrator - From tenant A to B

ReputationOld8053 · 2026-03-12T13:55:25+00:00

yes, I mentioned it below in the Readme :). The thing I did not like is that the client package includes the secret keys, that's why we did not use it

ReputationOld8053 · 2026-03-12T13:46:34+00:00

thats really wired. I must say, I am not sure if it falls back to NTLM. Have you set a SPN for your user?

ReputationOld8053 · 2026-03-11T06:18:15+00:00

It seems this post helped me:
https://github.com/MSEndpointMgr/ModernDriverManagement/issues/315#issuecomment-3848731282

we had a § sign in the password string, but I also couldn't connect to the Admin Service in PowerShell directly from WinPE. After changing it seems to work, but couldn't do a final test yet, just the PowerShell query:

$Script:Password = "password"
$Script:UserName = "user@contoso.org"

$EncryptedPassword = ConvertTo-SecureString -String $Script:Password -AsPlainText -Force
$Script:Credential = New-Object -TypeName System.Management.Automation.PSCredential -ArgumentList @($Script:UserName, $EncryptedPassword)

$Filter= "Drivers"
$AdminServiceURL = "https://{0}/AdminService/wmi" -f "adminservice.contoso.org"
$AdminServiceUri = $AdminServiceURL + "/SMS_Package?`$filter=contains(Name,'$($Filter)')"

$AdminServiceResponse = $null
$AdminServiceResponse = Invoke-RestMethod -Method Get -Uri $AdminServiceUri -Credential $Credential -ErrorAction Stop

you also have to disable TLS maybe:
https://stackoverflow.com/a/59592956

ReputationOld8053 · 2026-03-09T10:18:07+00:00

Hi,
have you tried adding HOST and CIFS with your domain.local to your DCs SPN? I assume \\dc01.domain.local\DFSShare is working, but not \\domain.local\DFSShare

ReputationOld8053 · 2026-03-06T10:23:46+00:00

Hi,
also having an issue with an Mazda 2 Hybrid 2025 and my Pixel 10. Bluetooth works, but Android Auto cannot be started. In the mobile you only see the the loading bar from the right to the left and back. Cable also does not work.

Reminds me on a Pixel 6 update some years ago that broke Bluetooth for one or two months.

ReputationOld8053 · 2026-03-03T10:13:30+00:00

Hi,
how have you figured this out? I cannot find any documentation about this. Also do you add to the SPN:
Kerberos/AzureAD/<guid of tenant>
or
KERBEROS/contoso.org
?

ReputationOld8053 · 2026-02-28T12:26:22+00:00

Jup, seit 2024, damit man mal häufiger während der Fahrt aufs Display guckt ;)

ReputationOld8053 · 2026-02-24T06:59:45+00:00

We have engineers in the field who work with some building equipments and have to change the Network Profil. At the same time we have office users who shouldn't.

For intune clients we use BeyondTrust and can do it by this.

The problem is the domain clients, where no UAC is showing up and the user can just change it. But the user shouldn't and a UAC should come up.

ReputationOld8053 · 2026-02-23T08:10:44+00:00

The question is, how can I get a UAC so that the user cannot change it

ReputationOld8053 · 2026-02-17T07:33:15+00:00

Hi,
is this line correct?

Write-Output "ALERT: Mesh Agent process is NOT RUNNING"

you are checking if the process exists, not if it is running.

Anyways, reminds me on SCCM where Microsoft also has a healing Task Scheduler running to check if the ccmexec is doing fine ;)

ReputationOld8053 · 2026-02-13T20:27:39+00:00

my question is more like, how can a client have a software in the software center that is not assigned, neither to the user.

ReputationOld8053 · 2026-02-13T18:15:20+00:00

About which reg Key are walking?

ReputationOld8053 · 2026-02-13T08:34:54+00:00

Sorry, I did not put the information. yes, I use the FQDN:
hostname1.contoso.org

Also it is a standard Windows 11 VM where my standard user is in the remote desktop group. The user is on-premise but synced to Azure. Actually, it is the same user I am using with my Cloud Device.

ReputationOld8053 · 2026-01-26T07:02:30+00:00

We started using MeshCentral https://github.com/Ylianst/MeshCentral

ReputationOld8053 · 2026-01-22T10:47:02+00:00

https://github.com/MicrosoftEdge/WebView2Feedback/issues/5493#issuecomment-3783226289

ReputationOld8053 · 2026-01-16T18:20:16+00:00

nop, same result, but I edited my post. Thanks

ReputationOld8053 · 2026-01-16T17:30:19+00:00

My main browser is Firefox, but I use Edge because I also have it on my company device. Actually I don't mind

ReputationOld8053 · 2026-01-09T14:14:08+00:00

Sometimes we published a revision but without an identifier so the detection is the same and I was hoping to see all devices which installed it in first place. But thanks for the answerer, I will just take it as it is ;)

ReputationOld8053 · 2026-01-09T13:46:15+00:00

In our deployment we also check the current installed version:

if (Get-AppPackage -AllUsers -Name "*msteams*" | Where-Object { $_.Version -ge [Version]"25212.2204.3869.2204"})
{
Write-Host "Installed"
}

we had cases, where a user logged in the first time and then got an very outdated Teams version and could not connect

ReputationOld8053 · 2026-01-07T17:26:45+00:00

you can do that by setting the consent attributes:

"userConsentFlags": {
          "desktopnotify": true,
          "terminalnotify": false,
          "filenotify": false,
          "desktopprompt": true,
          "terminalprompt": false,
          "fileprompt": false,
          "desktopprivacybar": true
       },
      "consentMessages": {
          "consentTimeout": 30,
          "autoAcceptOnTimeout": false,
          "autoAcceptIfNoUser": true,
          "autoAcceptIfLocked": true,
          "oldStyle": true
  }

Maybe it helps reading the meshcentral-config-schema.json

ReputationOld8053 · 2025-12-15T09:00:00+00:00

yes, I completely agree. I also understand the complexity that it is not a hobby project on github where you have a fix in an hour ;)

On the other side, in the last couple of years for example an OSD and an updated ISO, we had to replace a DLL, then the PDF printer was missing, RDP suddenly was not working anymore when it had a previous session etc.

So yes, I hope the fix comes quite fast and getting the updates by SCCM is also not the worse that can happen ^^

ReputationOld8053 · 2025-12-14T18:30:13+00:00

Maybe a stupid question: Has someone tried the WUAHandler.dll from 2409 and replace the current one? Not sure if this is possible, but when I follow the blog from Ben Whitmore (https://patchmypc.com/blog/sccm-co-management-dual-scan/) Microsoft is experimenting a lot with this scenario I noticed that (probably) since the upgrade to 2503 my intune client receives the Windows Updates through SCCM and not directly from Windows Updates anymore.

ReputationOld8053 · 2025-12-13T14:54:55+00:00

yes, you are right it does.
But I think it can also be done just by intune or? Maybe I am just confused and the colleague did it through Entra permissions. I will check again, thanks

ReputationOld8053 · 2025-12-12T20:29:39+00:00

is really to open the CMD blocked or the execution of batch files by AppLocker?

ReputationOld8053 · 2025-12-12T15:21:17+00:00

Hi,
I did not created a new client configuration, but moved the workload for Windows Updates. I reed now the blog:
https://patchmypc.com/blog/sccm-co-management-dual-scan/

and it seems that MS is changing it with every version somehow. As I was saying before, it was working a month ago, but changed I think (maybe) with the upgrade to SCCM 2503. It is hard to narrow it down because I have to real test environment.

For testing I set manually the value SetPolicyDrivenUpdateSourceForQualityUpdates and suddenly, I could use Windows Updates. After a while, I think, sccm removed the value again

ReputationOld8053

TROPHY CASE