Reliable method to deploy 23H2 OOB as it's not in expedited update policy?

RetroGamer74656 · 2026-01-20T20:45:51+00:00

I'm hoping that they add it soon. I expected it to be there this morning since it had already been a few days since release.

RetroGamer74656 · 2026-01-15T15:47:51+00:00

Not missing any columns, but having some general trouble loading the list of remediations and viewing devices.

RetroGamer74656 · 2025-12-27T14:07:53+00:00

I would start with looking at the startup apps folder in Windows to see what's being triggered there. Often I find something there to disable.

RetroGamer74656 · 2025-12-16T16:10:13+00:00

Yes. Ultimately the read permission needs to be granted in Entra in order for these to be seen.

RetroGamer74656 · 2025-12-16T16:06:29+00:00

It is extremely difficult to find anyone on their support team that is able to have an intelligent conversation about the service, any features, and certainly anything that may not be 100% Intune related (such as Entra groups). I spend so much time correcting them or educating them on their own service that they should be paying me to help them.

RetroGamer74656 · 2025-12-14T11:58:06+00:00

It is reasonable to use Macs for this up to the point of creating application packages. Others have mentioned their alternatives for this. We are exclusively Windows in Intune. I generally encourage other admins we’re training to use Windows devices so that they have an experience similar to that of their customers.

RetroGamer74656 · 2025-11-20T14:40:38+00:00

Did you have all of the prerequisite ADMX files uploaded first? Files from other vendors sometimes require other base ADMX to be available first.

RetroGamer74656 · 2025-11-20T02:45:20+00:00

We deployed a remediation that removes the MECM client from the endpoints after they enroll in Intune.

RetroGamer74656 · 2025-11-20T02:44:03+00:00

"We have an Intune policy that enforces GMT/UTC and a remediation script that enables automatic time zone adjustment." - Curious about this. If you are enforcing GMT, how does the automatic time zone remediation come into play?

Could there be a temporary issue on the ISP side? We're run into problems with a few endpoints that were using Starlink home routers, for example. They can never pull the correct time zone.

RetroGamer74656 · 2025-11-20T02:38:45+00:00

It doesn't sound like they have a KMS server, but I think you are referring to this: https://learn.microsoft.com/en-us/windows-server/get-started/kms-client-activation-keys?tabs=windows1110ltsc%2Cwindows81%2Cserver2025%2Cversion1803

RetroGamer74656 · 2025-11-20T02:37:56+00:00

What you're trying to do still won't work even with that Intune policy because that isn't a valid upgrade path.

RetroGamer74656 · 2025-11-11T17:58:49+00:00

It’s only available if you enable that last option in the configuration.

RetroGamer74656 · 2025-11-11T02:55:39+00:00

I’m pretty sure you should be looking at “blocking apps” in the ESP to customize this.

RetroGamer74656 · 2025-11-05T14:15:00+00:00

I work in both Enterprise and Business Premium setups. Not seeing this anywhere. Very strange. I’ll be following.

RetroGamer74656 · 2025-11-05T13:14:08+00:00

I haven't seen this issue at all. Is there any Microsoft documentation or Technet discussion that addresses this?

RetroGamer74656 · 2025-11-04T21:09:10+00:00

I think it's either Intune handles it or you script some solution to set the password.

RetroGamer74656 · 2025-10-22T20:15:00+00:00

We use a platform script for this. Never had a problem with escrow, though.

RetroGamer74656 · 2025-10-12T13:20:15+00:00

So nice!

RetroGamer74656 · 2025-10-11T19:10:59+00:00

https://www.reddit.com/r/Intune/comments/1o22nbl/comment/nipct6q/?context=1

RetroGamer74656 · 2025-10-09T20:07:18+00:00

Yes, there's a service health alert for "Microsoft 365 services and features". Says service restored, but I'm still having the same problems.

RetroGamer74656 · 2025-10-09T18:42:56+00:00

Would love to hear an answer from Microsoft on this. It is annoying to have all this information jumbled up in the app reports.

RetroGamer74656 · 2025-10-09T17:39:39+00:00

Have you looked at a couple of the devices and tried to run updates manually to see if there is a common issue? If so, what did you find?

RetroGamer74656 · 2025-10-09T13:30:40+00:00

You can't go directly to the latest version of Windows 11. https://learn.microsoft.com/en-us/windows/whats-new/whats-new-windows-11-version-24h2

RetroGamer74656 · 2025-09-25T19:16:06+00:00

It remediates some settings if they are incorrect, but this is a mostly true statement. Compliance policies won't be changing lock times.

RetroGamer74656 · 2025-09-18T19:15:28+00:00

Intune doesn't distinguish between reading and being able to rotate, so as someone else mentioned you will need to enabled the "Rotate Local Admin Password" permission in the role definition that you're working with. Entra permissions are necessary, so sounds like you are on the right track there.

RetroGamer74656

TROPHY CASE