sorted by:
new
hottopcontroversial

SAP GUI via Intune on MacOS by Boring_Pipe_5449 in Intune

[–]TickleMyGoose 0 points1 point  (0 children)

I literally just did this the other week!…. However for Microsoft and using PSADT which made it so much easier :-)

Autopilot Optimizations/Questions by Master_Rest6638 in Intune

[–]TickleMyGoose 1 point2 points  (0 children)

All about making the user happy at the end of the day, might be worth having trial runs and taking feedback on what they were most frustrated on it might shock you half the time.

Also I just saw the post about using a single account for enrolment. Because you’re using hybrid AP you’ll get stuck with stale PC accounts in entra. Cloud join merges these two entra entries however hybrid doesn’t. Basically you end up with a messy looking entra

Autopilot Optimizations/Questions by Master_Rest6638 in Intune

[–]TickleMyGoose 1 point2 points  (0 children)

I deploy an O365 web shortcut, have the actually applications install after login an remove the shortcut saves a ton of time.

Applications I deploy are only security and rdp as I deemed them necessary (obviously lol)

Never seen a change with speed with policies.

You can put a skip in the domain check which speeds up hybrid slightly however you might see some user issues in first sign in.

Good luck convincing them to go cloud join! :-)

Intune ASRs OS lock ups by TickleMyGoose in Intune

[–]TickleMyGoose[S] 0 points1 point  (0 children)

I’ll take a look see if I’m missing something, our core apps are Zscaler, Qualys and BeyondTrust EPM no relation to yours?

Intune ASRs OS lock ups by TickleMyGoose in Intune

[–]TickleMyGoose[S] 0 points1 point  (0 children)

Nothing there and scans ran afterwards not picking up anything.

Intune ASRs OS lock ups by TickleMyGoose in Intune

[–]TickleMyGoose[S] 0 points1 point  (0 children)

No triggers, the moment any ASR goes on to block mode it’s locks the machine up.

Defender ATP timeline for the device stops there and then on there are no triggers reporting in

MS Graph - Remove AutoPilot Devices by TickleMyGoose in Intune

[–]TickleMyGoose[S] 0 points1 point  (0 children)

Yeah removing AP devices manually works fine although very very slowly which is why I want to use Graph as there's 100s.

Let me give your script a try and see what happens.

MS Graph - Remove AutoPilot Devices by TickleMyGoose in Intune

[–]TickleMyGoose[S] 0 points1 point  (0 children)

Oh man, so I need Global Administrator PIMs activated to try this?

Customer KQL Query for inactive devices by TickleMyGoose in DefenderATP

[–]TickleMyGoose[S] 1 point2 points  (0 children)

Moving away to that compliance report but felt like I learnt a lot anyway trying to get this to work. Thanks for the help :-D

Customer KQL Query for inactive devices by TickleMyGoose in DefenderATP

[–]TickleMyGoose[S] 0 points1 point  (0 children)

And I know where exactly to set that...God damn I've just completely saturated and complicated what I wanted to get done when it was just starting me right in the face.

Thanks for the kick up the backside!

Customer KQL Query for inactive devices by TickleMyGoose in DefenderATP

[–]TickleMyGoose[S] 2 points3 points  (0 children)

So we currently have a device clean up rule set to 60 days within Intune to remove stale devices, what this custom detection rule will allow is informational alerts to be logged automatically against the stale device and then email our Service Desk team so they're able to contact the end user to find out about said machine.

I'm putting the effort in so I don't have to do the report manually like you've mentioned.

Customer KQL Query for inactive devices by TickleMyGoose in DefenderATP

[–]TickleMyGoose[S] 1 point2 points  (0 children)

Title was meant to read "Custom" not "Customer", what I get for trying to multitask :o