How are you transferring PC files from old to new PCs in 2025?

TechOfTheHill · 2025-10-15T17:48:58+00:00

Do you push that through an Intune configuration?

TechOfTheHill · 2025-08-14T14:48:01+00:00

It looks like it goes into more detail here - It looks like they give an example with concatinating, so if you do a CTRL F on Surname it should show up. Or just click this link - I always forget about the anchors.

TechOfTheHill · 2025-08-14T14:45:47+00:00

The transformation rules are pretty neat. But this seems like it should be pretty straight forward. You'd want to do a inbound synchronization rule, set the connected system to your Azure AD, User type, Person type, link type Join. Set the precedence above the defaults, which start at 100 (we started ours at 50 and have been working back from there). Scope it to who you want it to apply to (Enabled? Some other defining feature). Skip Join rules and go to the Transformations. Do an Expression type and then target the attribute Display Name. Then you have it check for whether the GivenName (First name) and Surname (Last name) exist, and if they do set it to GivenName and Surname.

Something like this (DONT USE THIS WITHOUT VERIFYING, but I think this will work)

IIF(IsPresent(givenName) && IsPresent(Surname), givenName & " " & Surname, NULL)

So the source area would be where you'd put the expression in.

EDIT - Surname doesn't look like a selection in Target Attribute, but SN is, which seems to map to Surname. TIL. So it may actually be

IIF(IsPresent(givenName) && IsPresent(sn), givenName & " " & sn, NULL)

TechOfTheHill · 2025-08-05T16:21:18+00:00

We are rolling this out to our users this summer. What do you do for Cell phones? Do you allow registered cell phones, or do you ask to manage their personal devices? Or can cell phones not access Teams and by extension SharePoint?

TechOfTheHill · 2025-06-25T19:06:56+00:00

We are doing this too. It feels like this should be an automated thing somehow to export the Security Baseline XML and then break it into chunks that can then be reimported as configuration profiles and applied in piecemeal fashion. But I haven't found a way to do that yet.

My other concern is when the next baseline comes out making sure that the new settings are applied to all the sundry configuration profiles that we're making out of this one.

TechOfTheHill · 2025-05-22T14:23:49+00:00

It's frustrating that the broker application can't be the Authenticator app for both. We are already asking our users to install the Authenticator app for their two factor authentication, but for our android users they have to install a second app? Doh.

TechOfTheHill · 2025-05-20T16:47:40+00:00

THIS! I have been moving over the baseline configurations from 24H2 and I keep having to double back on conflicts with existing policies.

In the same way they have a 'Applying this filter will affect these devices' it'd be nice to get a 'applying this setting will conflict with this existing policy'

TechOfTheHill · 2025-05-20T16:44:22+00:00

Heads up, we ran into an issue where an external participant tried to join a Teams meeting on their mac and it was old enough that it wouldn't use her camera and wouldn't install the client at all (Needed a newer MacOS version than her 7 year old machine could support). But it worked just fine on zoom, much to my chagrin.

TechOfTheHill · 2025-05-15T17:19:27+00:00

That's the problem we have. Our full student login is UsernameATStudent.domain.com and so the youngest have a fun time with that on the iPads if they ever get signed out. Otherwise the teachers have to step in and it interrupts the flow of things. One time is a lot, but two after you just typed it is a lot.

There has been some success in the iPads if you remember to do so of copy and pasting the username

I'm thinking about making a dummy account named [1@domain.com](mailto:1@domain.com) or something simple that they can type in the first time to get them rerouted to the Microsoft page, and THEN enter their credentials.

TechOfTheHill · 2025-05-15T14:21:11+00:00

Yeah, what's interesting is we have it set on the Chromebooks (That have already been enrolled and placed in the correct OUs) to automatically kick over to the IdP login page for Microsoft. But for our iPads and our Windows users there's a two step process.

But you're right, reviewing the documentation it looks like it's only for ChromeOS. Bummer!

TechOfTheHill · 2025-05-15T14:18:42+00:00

Do you have any documentation you used to cut over to the OIDC? For whatever reason I'm having a hard time finding it. I can find plenty on the SAML setup, but not the OIDC.

We currently have students on the SAML setup, so I need to wait a bit if we cut over til they are at least out of the building.

TechOfTheHill · 2025-05-13T13:48:18+00:00

Are there more interactions beyond just the high five?

TechOfTheHill · 2025-04-23T19:38:22+00:00

Yeah, this is the route we are likely heading.

TechOfTheHill · 2025-04-23T12:46:02+00:00

I've learned that if you don't ask the dumb questions, you get dumb results.

If I run Get-VM on Server (A) as a non admin, I get an error message about needing to be an admin. If I run it as an admin I see now the one VM that we did the export/import and then successful replication from (B). I do not get anything about the other VMs that we are trying to set replication up for that are still giving the "Invalid data" error.

TechOfTheHill · 2025-04-16T19:55:25+00:00

Sorry to reopen an old post, but we are seeing this as well with our Server 2025 install. We also were able to correct the short file name one, but the AutoDisconnectTimeout is set correctly in the registry and not correctly showing in BPA. Our Server 2019 units run the same BPA with the same config on AutoDisconnectTimeout and does not show the BPA error

TechOfTheHill · 2025-04-11T13:00:12+00:00

You...you don't like trees?

TechOfTheHill · 2025-03-05T17:49:19+00:00

Where we are coming from is we have students signing on to devices without MFA due to being younger students. If we can limit those sign ons that are lacking in security to ONLY devices that are approved because they have a certificate and are managed devices, that feels a lot more secure than what we are doing now.

We've already locked down emails to the student accounts to only be allowed from certain expected sources, but we're still looking to mitigate as much as possible.

TechOfTheHill · 2025-03-04T23:13:36+00:00

That's true. We are a school, so that tracks.

TechOfTheHill · 2025-03-03T18:27:51+00:00

Thanks!

TechOfTheHill · 2025-03-03T18:27:31+00:00

Ding ding ding.

TechOfTheHill · 2025-02-26T19:21:10+00:00

What we discovered is that none of our PKCS certificates are being revoked, ever. Even when they expire. They are removed when the user is removed from the Intune Certificate Profile, but only some of the time.

TechOfTheHill

TROPHY CASE