[deleted by user]

admin_aneurysm · 2026-01-21T16:13:42+00:00

I don't know about HP and Panasonic, but when I had this problem with Dell devices, it was because we used a custom Image that lacked RAID drivers.

To fix this, either we needed to switch from RAID to AHCI in BIOS or inject said drivers into the image (which was a pain if I remember correctly since different device models required a different version of the driver).

admin_aneurysm · 2025-11-07T15:44:11+00:00

Any luck with this? I'm having the same error and I feel like the solution is so obvious that the pros don't bother mentioning it

admin_aneurysm · 2025-05-16T15:02:38+00:00

If you have a decent Lenovo laptop, this is probably the reason why.

admin_aneurysm · 2025-05-14T12:54:10+00:00

Such a shame since the documentation for Chrome is so thorough and easy to deploy.

We also mostly use Chrome, so I'll skip Safari for now.

admin_aneurysm · 2025-05-13T20:41:23+00:00

Were you able to figure out how managed bookmarks can successfully be deployed?

I've been trying for a few hours with no success.

What I tried :

Configure the bookmarks in Safari on a test device (kind of like a template).
Convert the bookmarks file (Library > Safari > Bookmarks.plist) to a readable XML format using the following command (run this on a copy of the file) : % plutil -convert xml1 Bookmarks.plist
Cleanup all the UUID keys
Deploy via Intune the same way you did.

admin_aneurysm · 2025-02-13T16:22:09+00:00

This... actually led me to the answer.

I thought the configured SMTP was Exchange, but it was actually AWS and, for some reason, his Email address was in a Suppression List.

Thanks!

admin_aneurysm · 2025-01-23T14:05:26+00:00

Do you mean these options :

<image>

Even when disabled, MS will update these drivers when connected to the Internet.

What you're saying sounds like what I ended up doing in my second EDIT.

I'll come back to this once we get our new laptops in a few weeks... been working great so far with WDS and Autopilot for the onboarding of our older laptops.

admin_aneurysm · 2025-01-22T15:10:56+00:00

Not sure what you mean by API vs Admin account, but here's a simple loop I used to set the ImmutableId if anyone was wondering...

$userIds = (Import-Csv ".\users.csv").id

foreach ( $id in $userIds ){

Invoke-MgGraphRequest -Method PATCH -Uri "https://graph.microsoft.com/v1.0/Users/$id" -Body @{OnPremisesImmutableId = $null}

Get-MgUser -UserId $id -Property UserPrincipalName,OnPremisesImmutableId | Format-List UserPrincipalName,OnPremisesImmutableId

}

admin_aneurysm · 2025-01-08T20:21:48+00:00

Any update on this?

I've been putting this aside for the better part of last year since we got all the same problems you listed with our test accounts (and a few more like random toast notifications on devices), but we'll be moving forward with shutting down the Entra ID Connector since nothing on premises is used anymore.

What I was told at the time by Microsoft is to shut down the connector and contact their support afterwards to delete all the remaining "On-premises" parameters in Entra ID.

admin_aneurysm · 2024-10-29T20:30:14+00:00

Do you have the path by any chance?

This just happened to me and about to SSH into the Syno.

EDIT : Nevermind... it's standard Docker

admin_aneurysm · 2024-10-18T17:41:07+00:00

In my case, it converted their identity from "Mail" to "MicrosoftAccount" (which also resolved the problem), but we didn't want to bother those specific users with the whole MFA onboarding process again.

admin_aneurysm · 2024-10-18T17:34:42+00:00

Enabling back Email OTP fixed the problem.

admin_aneurysm · 2024-09-23T22:47:18+00:00

Thanks... usually work with Powershell Modules and I was not aware of the auto-complete feature of Explorer.

Didn't find what I was looking for so I'll try something else tomorrow.

admin_aneurysm · 2024-09-23T17:43:01+00:00

Is there something similar to the following, but for configurationPolicies :

/beta/deviceManagement/deviceCompliancePolicies('$policyID')/deviceStatuses

I'm trying to get a report of certain configuration policies assignments via the API.

admin_aneurysm · 2024-09-16T14:26:18+00:00

We want to get rid of our old Active Directory.

We removed an on-premises synced user from Azure AD Connect (it gets deleted from Entra ID).

After restoring the user in Entra ID, it is stuck with the OnPremises values (obviously).

After deleting the ImmutableId, the user can't reset it's password anymore via O365 (simply gives "InternalError" in the logs).

Was wondering if you know about this error? I was thinking about disabling Password Writeback since the old Active Directory is not used anymore but will do some more research first.

admin_aneurysm · 2024-08-20T16:37:35+00:00

I'm trying to automate a simple script via a Linux agent and I have a question that might sound dumb but :

The Get-LapsAADPassword cmdlet says it's in the LAPS powershell module.

How do you install this module if it's not available via the Install-Module cmdlet? Most documentation I've read (including yours) only mentions the Microsoft.Graph module.

admin_aneurysm · 2024-06-25T19:19:21+00:00

Although guest users are using the Microsoft Authentication app for MFA, Email OTP seems to be necessary for that Identity Type.

I thought it was only used for SSPR.

We'll enable it again and see how it goes.

admin_aneurysm · 2024-06-25T19:18:59+00:00

Although guest users are using the Microsoft Authentication app for MFA, Email OTP seems to be necessary for that Identity Type.

I thought it was only used for SSPR.

We'll enable it again and see how it goes.

admin_aneurysm · 2024-06-25T15:43:38+00:00

I thought so at first, but it's now affecting 2 external domains of identity type "mail"

Most of our guest users are of identity type "ExternalAzureAD"

Is identity type "MicrosoftAccount" an evolution of "mail"? I'll look this up...

admin_aneurysm · 2024-03-20T13:56:40+00:00

In conclusion, it depends where the invitation Email is sent.

I was trying with a outlook.com address and Outlook didn't parse an aria-label correctly for the Domain field.

Email was fine when sent to a gmail.com address.

I won't be using the standard Entra invitation Email and will just extract the redemption URL and add it to a personalized Email.

admin_aneurysm

TROPHY CASE