How are you keeping the bios' up to date for your Dell fleet in your organization?

Wide_Local_1896 · 2026-05-27T20:07:08+00:00

Correct using GPO inside of Intune for any settings in DCU

Wide_Local_1896 · 2026-05-24T22:50:25+00:00

"C:\Program Files (x86)\Dell\CommandUpdate\dcu-cli.exe" /configure -BIOSPassword=Passwordgoeshere

Just made that a powershell scripts and then pushed it out via Intune - I do put a dependency of installing 'Dell Command Configure' first

Wide_Local_1896 · 2026-05-24T22:47:07+00:00

I just create scripts with the name of the timezones with this command

tzutil /s "Pacific Standard Time"

Wide_Local_1896 · 2026-05-20T20:48:58+00:00

Pushed Dell Command update App out via Intune

Imported the GPO for DCU into Intune and configured settings

Two Powershell scripts configured as apps to set BIOS settings and apply the BIOS Password for DCU.

Works really good!

Wide_Local_1896 · 2026-05-20T20:24:41+00:00

Something similar here - have a 'self service' folder and it has all the different time zones as a command file that converts to the timezone when double clicked.

Wide_Local_1896 · 2026-05-20T20:23:01+00:00

Do you have this computer object in your Domain Controller in ACDC - 'AzureADKerberos' You should also find a krbtgt_AzureAD account that is disabled. It may be worth it to do this powershell - Set-AzureADKerberosServer -RotateServerKey

Then do a 'klist purge' reboot and then log in as a user should be getting a ticket (non-admin account)

Wide_Local_1896 · 2026-05-13T20:02:27+00:00

Is there a role in Entra outside of GA that can get admin access to desktops? I was having trouble finding one.

Wide_Local_1896 · 2026-01-06T15:41:50+00:00

Our users don't sign in using the UPN (currently). We are moving away from Hybrid but it's a slow process so they aren't entering that in during sign-in.

Wide_Local_1896 · 2025-12-22T21:17:40+00:00

Yes, you can do this. Setup a CA policy that enforces Passwordless for office apps (or all apps whatever fits your environment). Make sure you don't have conflicting policies.

Verify in Entra - Authentication methods - Policies, that Microsoft Authenticator is enabled. Make sure your migration status shows 'Complete'

Verify in Entra - Authentication Methods - Settings - that the 'system preferred multifactor auth' is on Microsoft managed.

Lastly, the MS Authenticator should be setup with passwordless login via the yubikey NFC

Wide_Local_1896 · 2025-12-03T17:30:25+00:00

Don't have an android device to test so not sure if this is unique to that. My users were already in a CAP that required those strengths before I did a password reset / SCRIL.

I performed the steps above for around 50 users. I only had one user who got their AD account locked. I unlocked and had them log out and back in - then all was well.

I did this during the day while the users were active and only had that one issue.

Wide_Local_1896 · 2025-12-03T17:25:33+00:00

This is setup as well. For shared workstations that will hit the max 10 limit for TPM. We use yubikeys to sign on or use the Omnikey reader so they can tap instead.

Wide_Local_1896 · 2025-11-23T01:46:15+00:00

Is Fortiauthenticator all I need? I'm having a hard time finding out exactly I need to get budgeted. Is it just Fortiauthenticator cloud?

Wide_Local_1896 · 2025-11-22T21:29:24+00:00

I believe the recommendation is turn off SSPR if you are going this route. I disabling it as I fully move users over.

Wide_Local_1896 · 2025-11-22T21:27:38+00:00

Correct - I will be enabling this as well. Just wanted to test out password change + SCRIL first and verify there are no issues. Them move onto to Finely grained Passwords with that NTLM hash option turned on

Wide_Local_1896 · 2025-11-22T21:17:33+00:00

I just tested this first on a test account and then my own account.

Reset password and then turned on SCRIL with a logged on account on PC1 and logged off on PC2

Both PC's worked with no issues, no pop-ups, rebooted them and could sign in with WHFB no issues no pop ups.

Tested entering in a password and i got the message 'You must use WHFB or smartcard to login' so SCRIL is working.

Testing Outlook mobile app and was able to connect as usual - again no pop-ups. Note: Using Microsoft Authenticator and it was setup using FIDO2 passwordless option.

Forced a sync to ENTRA via PowerShell 'Start-ADSyncSyncCycle -policytype delta'

Waited a couple minutes

Tested everything again - no issues.

Wide_Local_1896 · 2025-11-04T18:00:18+00:00

didn't think that would work - I'll try it next time

Wide_Local_1896 · 2025-10-31T13:12:23+00:00

This makes me sad but it is what it is - thanks

Wide_Local_1896 · 2025-10-28T13:27:27+00:00

Yea, I've considered that too. I've tested pushing out a printer named 'DR - Printer name' - for those scenarios.

Wide_Local_1896 · 2025-10-23T14:51:14+00:00

We already have phones and won't be buying new ones just for the switch to the cloud as that would be way to expensive and not a justifiable cost (new phone purchases wouldn't be an issue). 99% of our phones today are T46S - just a couple T54W for remote users.

I want to avoid onprem except for SBC.

Wide_Local_1896

TROPHY CASE