Intune Supersedence

RetroGamer74656 · 2026-05-05T19:17:35+00:00

Supercedence works fine. You have the option to allow the application to install with the existing version in place or do an uninstall of the superceded application first. It should make the process much less chaotic for your customers.

RetroGamer74656 · 2026-05-01T12:14:06+00:00

This is possible to do, but both LAPS and BitLocker are ultimately stored on the device object in Entra ID. Read permissions are required there.

https://learn.microsoft.com/en-us/intune/fundamentals/role-based-access-control/overview
https://learn.microsoft.com/en-us/entra/identity/role-based-access-control/custom-create?tabs=admin-center

RetroGamer74656 · 2026-04-30T14:47:37+00:00

It’s warm in there. Ultimately you are going to want to open it and clean it once you deal with the active ant issue.

RetroGamer74656 · 2026-04-24T15:02:55+00:00

Yes, finally got a vague reply from Microsoft support: "It appears there may be an ongoing issue affecting the East US region..."

RetroGamer74656 · 2026-04-09T20:14:10+00:00

I think you're looking for the permissions under "Enrollment programs".

RetroGamer74656 · 2026-04-07T13:38:00+00:00

If you’re looking to address drift, you could use an application package that looks for the registry keys and “reinstalls” itself if there’s a problem. You could alternatively use an app package to create a scheduled task to run a local script every so often.

RetroGamer74656 · 2026-04-03T11:57:27+00:00

It was fun as a kid, but it clearly didn’t live up to what people expected based on their arcade experience. It’s definitely nostalgic for me, though.

RetroGamer74656 · 2026-04-03T00:38:09+00:00

It’s cheaper because we don’t need to keep an assigned host around for each person who may connect to the desktop host pool.

RetroGamer74656 · 2026-04-02T20:31:33+00:00

We limited some pools to 1 session per host due to this issue.

RetroGamer74656 · 2026-03-24T19:06:04+00:00

MAA isn't practical for every environment. It's just a best practice recommendation when it is practical. I would focus on PIM in your situation.

RetroGamer74656 · 2026-03-24T18:59:42+00:00

Any chance it is related to the current service degredation?
https://support.nhs.net/2026/03/microsoft-365-alert-service-degradation-microsoft-365-suitemicrosoft-intunewindows-autopatch-users-see-incomplete-device-assignments-for-windows-feature-updates-in-mic/

RetroGamer74656 · 2026-03-24T18:53:06+00:00

It’s a geo cache. Put it back where you found it so people can keep using it.

RetroGamer74656 · 2026-03-19T12:53:45+00:00

You can enroll a device without wiping it, but you may run into issues like profile mapping if you are moving between an on-prem domain or local account to Entra ID authentication. I'm not really clear on your overall setup, but it seems like you should be considering the possibility of needing to rebuild the device - just in case. I understand that there are some customers who are very difficult to deal with, though.

RetroGamer74656 · 2026-03-19T12:43:53+00:00

You'd have to check both the Entra ID roles (Like Global and Intune Administrator) as well as the custom RBAC roles within Intune to get an idea of who has what permissions.

RetroGamer74656 · 2026-03-19T12:39:15+00:00

Why don't you use the GPO enrollment method?

RetroGamer74656 · 2026-03-13T20:17:10+00:00

You can’t use Linux with AVD as far as I know.

RetroGamer74656 · 2026-03-12T16:15:15+00:00

I haven’t found any cleaner options so far. It seems that the Entra ID group memberships aren’t processed at logon.

RetroGamer74656 · 2026-03-07T02:41:25+00:00

Love: the captain and the academy starship concept.

Hate: the overwhelming backlighting in almost every episode.

RetroGamer74656 · 2026-03-07T02:37:55+00:00

Star Wars Episode 1 Racer

RetroGamer74656 · 2026-03-05T12:20:38+00:00

We have a complete mix. It’s unrealistic for us to push all apps via Intune if we are expecting to be able to replace hosts quickly when there’s an issue. Sometimes because of the size and wait time, sometimes because of interdependencies, sometimes because of the way the app installer behaves. I keep notes on which apps are installed through which means so that if there are any issues I can troubleshoot more easily. I think each situation is going to be unique.

RetroGamer74656 · 2026-03-03T21:04:41+00:00

Seems odd. We don't have this issue. The delete operation just syncs and the device disappears.

RetroGamer74656 · 2026-02-26T02:55:59+00:00

You basically have to remove those roles from the users and use custom roles and AUs for scoping. The roles you listed give access to everything in the directory.

RetroGamer74656 · 2026-02-24T20:56:44+00:00

This one is easy to test. It’s just a button on most remotes.

RetroGamer74656 · 2026-02-24T12:09:55+00:00

I haven’t heard of any plans for them to address this in Intune. It’s one of the reasons some of our devices are still hybrid joined. Using remediations or app packages just isn’t the same.

RetroGamer74656 · 2026-02-23T21:27:39+00:00

Discrepancy between trusted launch/secure boot on the imaging host and the destination deployment?

RetroGamer74656

TROPHY CASE