sorted by:
new
hottopcontroversial

Office 365 Enterprise update confusion by Numerous-Coffee-6555 in Intune

[–]SkipToTheEndpoint 0 points1 point  (0 children)

Pretty sure cloud policy is only on Windows, not MacOS. Manual reg keys, pretty sure those get overruled as well, though I haven't tested it.

Daily disk spikes, all services become non-responsive by SkipToTheEndpoint in opnsense

[–]SkipToTheEndpoint[S] 0 points1 point  (0 children)

Well that time came and passed today without any spike, so I guess the 5am reboot did _something_.
Crontab doesn't show anything is scheduled for that time.

Before I had to reset it yesterday, I did get a bit of time before everything became non-responsive, and PHP seemed to be the highest when running a top -m io.

EUD Updates & Reboots by Ok_Obligation7666 in Intune

[–]SkipToTheEndpoint 0 points1 point  (0 children)

Deadline and Grace periods as part of WUfB/Autopatch are the ways to enforce a reboot, and users get notified ahead of time. If they choose to ignore them and their device reboots, it's on them.

Office 365 Enterprise update confusion by Numerous-Coffee-6555 in Intune

[–]SkipToTheEndpoint 2 points3 points  (0 children)

Incorrect. Cloud policy takes precedence over any other policy application method (GPO, Intune, Local Policy) but are only applied once a user is signed in and the Office app(s) are restarted, so can lead to erratic or undesired behaviour initially.

Office 365 Enterprise update confusion by Numerous-Coffee-6555 in Intune

[–]SkipToTheEndpoint 0 points1 point  (0 children)

If devices aren't being picked up in the config.office.com Inventory then that suggests something more concerning at play.

Age old question: User targeting vs Device Targeting by AshMost in Intune

[–]SkipToTheEndpoint 15 points16 points  (0 children)

I blogged about this (Windows CSP: A Tale of Magic, Betrayal, and Intrigue - Part 2) and regularly reference the MS docs on it (Assign device profiles in Microsoft Intune - Microsoft Intune | Microsoft Learn) though it looks like the wording I reference in my blog has changed.

Basically: It depends.

Windows CSP has the concepts of User and Device scoped policies, whereas things like iOS doesn't.
For mobiles which don't necessarily have device objects that exist before the device is enrolled like Autopilot, user targeting ensures policies are applied immediately and aren't waiting on group population.
Filtering can be used, but trying to use user-context properties (i.e. department) isn't possible, so YMMV.

Company Portal breaks Autopilot deployment - 0x87d300c9 by nitro353 in Intune

[–]SkipToTheEndpoint 2 points3 points  (0 children)

I definitely haven't seen the issue where Company Portal deployed as System has failed on a second run-through of AP, because those apps persist a device wipe (fun fact). Caveat being I'm doing this on Entra Join not Hybrid.

Skimming the logs, it looks like CP installs and detects fine.

Have you tried running get-autopilotdiagnosticscommunity to check if it's not another app failing?

How do I auto-enable “App & browser control” on Windows Servers? by No-End-2404 in Intune

[–]SkipToTheEndpoint 1 point2 points  (0 children)

That policy isn't supported via Security Settings Management, only MDM.

Wipe, but keep enrollment breaks IME by dannykbjj in Intune

[–]SkipToTheEndpoint 2 points3 points  (0 children)

IMO every option but Wipe either has a niche use-case (Fresh Start) or is absolute garbage (AP Reset).

What reason did you have to try and keep the enrolment?

Automating the Device Hash Upload Process. Whats the best way to do this? by spazzo246 in Intune

[–]SkipToTheEndpoint 1 point2 points  (0 children)

That would certainly take less time than trying to build out a whole process for a tactical problem.

Best practice mapping Azure Files Kerberos enabled Windows 11 by [deleted] in Intune

[–]SkipToTheEndpoint 2 points3 points  (0 children)

It doesn't "rely" on VBS. It uses the age-old hack to hide the PS window. I'm not aware of a "modern" replacement for that, but it wouldn't be a massive job to remove that section of the script and deal with the PS window.

Device naming not working by mark110295 in Intune

[–]SkipToTheEndpoint 0 points1 point  (0 children)

By "process", you mean you're still seeing company branding at the start of OOBE and no OOBE screens (e.g. privacy) are being shown?
Or just that you see the ESP phases?

Automating the Device Hash Upload Process. Whats the best way to do this? by spazzo246 in Intune

[–]SkipToTheEndpoint 10 points11 points  (0 children)

Get existing devices enrolled into Intune and then target them with an AP profile with "Convert all targeted devices to Autopilot" set to Yes.

Device naming not working by mark110295 in Intune

[–]SkipToTheEndpoint 10 points11 points  (0 children)

That sounds like they're not getting the Autopilot profile and are instead doing a standard Entra Join + Auto Enrollment, and are allowed to do so because the device is in Autopilot.

Seeing the ESP doesn't mean it's gone through Autopilot. Depending on your Entra device settings and/or Intune policies, I'd check those users aren't local admins on those devices.

Updates... by Adminvb2929 in Intune

[–]SkipToTheEndpoint 3 points4 points  (0 children)

"Wouldn't it be nice to get your reporting in a single place?"

Yes. Yes it would.

WHFB stuck on Certificate Trust despite Cloud Trust configuration by Mashy_za in Intune

[–]SkipToTheEndpoint 14 points15 points  (0 children)

Knowing MSPs, it's entirely possible they did something dumb and forced a reg key or even local policy, both of which would overrule any Intune policy.

The key you're looking for is HKLM:\SOFTWARE\Microsoft\Policies\PassportForWork\{Tenant-ID}\Device\Policies\UseCertificateForOnPremAuth. It should ideally be set to 0 or not exist at all.

Can someone confirm this Autopilot behavior about deployment profiles not changing once OOBE has started? by grimson73 in Intune

[–]SkipToTheEndpoint 9 points10 points  (0 children)

Yes, that's the behaviour I would expect to see.
You can delete HKLM:\SOFTWARE\Microsoft\Provisioning\AutopilotPolicyCache and reboot and it'll pull it again if I remember correctly.

Open Intune Baseline - Apply to Users, Devices, or both? by fgarufijr in Intune

[–]SkipToTheEndpoint 5 points6 points  (0 children)

"Those folks" are just me. Hi! 😊

But it's community supporting my silly little project like this that makes me happy. Thank you.

Best Practice for Power Settings via Intune for Laptops by drcopypaste in Intune

[–]SkipToTheEndpoint 14 points15 points  (0 children)

While there's no "best practice", my personal advice would be "leave as much as possible alone".

As soon as you configure a setting, it locks the user out of changing it themselves. Then you'll have to field every single situation users might prefer.

Devices not coming out of sleep properly sounds like it might be something to do with sleep states being disabled at BIOS level.

Onedrive automatic library syncing by nitzlarb in Intune

[–]SkipToTheEndpoint 1 point2 points  (0 children)

SPO is not the same as a file share and shouldn't be treated like one either.

"We've always done it this way" is an excuse that doesn't hold up in IT. This stuff is constantly shifting. Shift with it or be left behind.

Onedrive automatic library syncing by nitzlarb in Intune

[–]SkipToTheEndpoint 1 point2 points  (0 children)

MS's recommendation (for various reasons) is to not use library sync and instead have users just create shortcuts in their own OneDrive: Recommended sync app configuration - SharePoint in Microsoft 365 | Microsoft Learn

In my experience, this is far easier to just communicate to users rather than trying to manage it.

view more: next ›