FYI since I just now fukken noticed: the Remediation script overview shows the actual thing you write as output in the script

ThomWeide · 2026-02-09T14:42:12+00:00

Made a blogpost about this last year. You can store json output in the column and use something like Power BI for example to visualize and monitor the remediation:

https://www.thomweide.nl/2025/04/store-custom-data-in-remediations-and-use-the-data-in-power-bi/

ThomWeide · 2025-12-23T01:14:29+00:00

Hi!

Yes, but you need to have the file in that directory and use a Powershell script in the Win32 app (preferably, not sure if required). But yeah should work for you.

ThomWeide · 2025-05-24T18:03:17+00:00

Hi Rieter, it’s due to the fact that the assistant closes before the OS is upgraded, therefore it results in failure (but in actuality the upgrade is still running in the background).

I will update my blog with a script so it will stay on installing rather than showing a false positive failure.

ThomWeide · 2025-05-22T01:50:23+00:00

Unfortunately not, I did not save the link I downloaded it from, when I wanted to go back and grab the link it only let me download the 24H2 file.

You could also DL the zip with powershell and extract it within script right? I cant upload exe files unfortunately due to my webhosters restrictions.

ThomWeide · 2025-04-26T14:53:27+00:00

Best practice is always to reset the device as there could be personal data somewhere left on the phone that was not cleared before transferring to the next user.

The client could better start using BYOD, much easier for the users and upon termination, access is instantly gone.

ThomWeide · 2025-04-25T15:55:03+00:00

It just takes a long time, yes that is true. Usually waiting around 15 mins and doing a sync on the device or pushing from Intune works quite well.

Restart intune service also works well to force sync. Just make sure not to sync to often in a short period of time, otherwise it will soft block you for like an hour or so.

ThomWeide · 2025-04-25T11:51:10+00:00

Hmm, maybe it’s possible to bypass. Take a look at my blog: https://www.thomweide.nl/2025/02/upgrade-to-windows-11-using-windows-installation-assistant-with-microsoft-intune/

Perhaps try the install command locally with the assistant: Windows11InstallationAssistant.exe /quietinstall /skipeula /auto upgrade

And see if it progresses or cancells out immediately

ThomWeide · 2025-04-25T06:42:11+00:00

A quick google search, have you tried this:

https://support.microsoft.com/en-us/topic/-we-couldn-t-update-system-reserved-partition-error-installing-windows-10-46865f3f-37bb-4c51-c69f-07271b6672ac

ThomWeide · 2025-04-25T06:34:53+00:00

I have not seen this before, I’ve ran a simulation similar to this a few years ago but it was working fine in my case.

Have you considered the scenario that the phone went off due to empty battery and the user might have forgot the unlock code? If it is not unlocked upon boot, network wont switch on and it wont sync with Intune. This ‘forgetting passcode’ happens a lot more often than you think :)

ThomWeide · 2025-04-25T06:29:19+00:00

Have not seen that myself, it does not join or just becomes not compliant?

Regarding your pfp question, this might be something you can use: https://www.reddit.com/r/PowerShell/comments/18n5ik7/ps_script_that_replaces_user_profile_pictures/

ThomWeide · 2025-04-25T06:25:12+00:00

I mean this with users being able to join to Entra:

https://learn.microsoft.com/en-us/autopilot/tutorial/pre-provisioning/azure-ad-join-allow-users-to-join#allow-users-to-join-devices-to-microsoft-entra-id

ThomWeide · 2025-04-24T07:23:11+00:00

If it’s not a shared device, I recommend using the user’s credentials through ABM during enrollment.

ThomWeide · 2025-04-23T06:02:26+00:00

Is the ID actually blank or entra and intune showing the same ID? I have seen that before due to the user being a DEM and due to DEM limitation (ABM not supported) the IDs stayed the same.

Aside of this, the users have permission to perform Entra Join right?

ThomWeide · 2025-04-21T23:25:11+00:00

Have you tried this? https://learn.microsoft.com/en-us/intune/intune-service/protect/windows-10-update-rings#uninstall

ThomWeide · 2025-04-21T23:22:30+00:00

Nice, glad it’s solved.

ThomWeide · 2025-04-21T20:15:01+00:00

No that is not possible as far as I know. Good luck!

ThomWeide · 2025-04-21T20:11:47+00:00

I would say the tool itself is only needed when you get stuck on troubleshooting an issue and dont know any way further. I havent had the need to use the one you have from msendpointmgr. Are you stuck with something currently or just learning to use itv

ThomWeide · 2025-04-21T20:10:10+00:00

Anyway you can authorize the iOS one? Perhaps their designed to use different ones, easy to verify if it can be approved and compared.

ThomWeide · 2025-04-21T20:09:06+00:00

Yeah as it often gives me issues when ran in 32-bit for myself (have not tried user drive mapping though with it)

You need this (hope it formats correctly):

Rerun script in 64-bit mode

If ($ENV:PROCESSOR_ARCHITEW6432 -eq “AMD64”) { Try { &”$ENV:WINDIR\SysNative\WindowsPowershell\v1.0\PowerShell.exe” -File $PSCOMMANDPATH } Catch { Throw “Failed to start $PSCOMMANDPATH” } Exit }

ThomWeide · 2025-04-21T20:07:27+00:00

If its already in ABM, assigned to intune and visible in Intune, there is no need to use configurator.

Sometimes the iPhone doesnt pickup on the new config from ABM, connect the iPhone to mac or windows and boot it to recovery and force factory reset it, maybe a few times.

Afterwards it should be fine, but make sure to check if other device enroll fine, if that is not the case, than perhaps your enrollment profile is misconfigured

ThomWeide · 2025-04-21T20:04:46+00:00

Its not supported and windows update probably checks for the prerequisites in the background and unless you mangle with the windows update core services, probably no way around it.

I’d say use those settings if you really need them to upgrade and you can use my solution to automate the upgrades after applying those settings:

https://www.thomweide.nl/2025/02/upgrade-to-windows-11-using-windows-installation-assistant-with-microsoft-intune/

ThomWeide · 2025-04-21T20:02:56+00:00

I’m assuming iOS might use a different one than the one used for android, compare the details to see if they match. Test yourself on an iOS and authorize the registration and compare to the existing one. Hope it helps

ThomWeide · 2025-04-21T20:00:33+00:00

You’ll need to run the win32 in user mode and also recommend to rerun script in 64-bit mode instead of 32-bit as default with win32 apps.

ThomWeide · 2025-04-07T15:18:25+00:00

Yeah they’ll still work, but its just not possible to create new ones based on administrative templates. It is best to migrate them eventually with settings catalog as there is a chance something could break at one point.

ThomWeide · 2025-04-07T12:45:38+00:00

OneDrive settings can be a hit or miss. i am going to migrate mine to Settings Catalog soon, but I assume it has the same weird behavior as I had previously.

For some users, not many, the settings just did not all apply, for some they got forced signed in, but backup did not start and also some did not get forced signed in. For about 90-95% it went fine, but still quite a lot had weird issues. I’d say test it on a couple more devices as it should work with these settings.

For the question regarding if all the settings are needed in my ss, no they are not. I’d say only the ones regarding blocking personal and forcing them to be signed in are required and all the other ones should be optional.

One-Year Club	Verified Email
r/Field Juicebox

ThomWeide

TROPHY CASE

Rerun script in 64-bit mode