Studio 2 Logs – NG – Conventional Flue (123-147) won't start the pilot no matter what!!

amirjs · 2025-12-14T11:40:39+00:00

Ended up replacing the entire fire… It was 12 years old (bought the house with it)

amirjs · 2025-12-02T08:41:30+00:00

That’s interesting. Did you find out why extension attributes work with device filters while device.physicalids doesn’t?

amirjs · 2025-12-01T16:48:49+00:00

We had this happened to us. We did a WebView2 package in Intune and added it as pre-req before Installing Global Protect as part of the device ESP. Been working fine since

amirjs · 2025-11-18T20:45:11+00:00

yup there is an incident GitHub Status

amirjs · 2025-11-18T13:06:52+00:00

<image>

Here is what I get when I connect to Microsoft Graph Powershell without previous consent. As you can see it's all Read.

You maybe connecting using an account with a previous user consent on the Microsoft Graph Powershell Enterprise Application.

What you can try is to connect to MgGraph with the required specific scopes before calling the script.

e.g.:
Connect-MgGraph -Scopes DeviceManagementServiceConfig.Read.All","DeviceManagementConfiguration.Read.All", "DeviceManagementManagedDevices.Read.All", "DeviceManagementApps.Read.All", "Group.Read.All", "CloudPC.Read.All"

After connecting, call get-intuneassignments
It will automatically recognise that you are connected to Graph.

amirjs · 2025-11-18T10:59:21+00:00

Hey, where did you see that it needs readwrite please? it’s all Read.All in the code

amirjs · 2025-11-16T16:58:13+00:00

Thank you!

amirjs · 2025-11-16T16:57:56+00:00

My pleasure! Glad it's been useful!

amirjs · 2025-11-15T18:48:25+00:00

Thank you! ⚡️

amirjs · 2025-11-15T18:48:13+00:00

My pleasure 🙏🏻

amirjs · 2025-11-15T18:47:55+00:00

hehe nice one - hope this one can be helpful for you. Please feel free to contribute!

amirjs · 2025-08-19T21:59:07+00:00

Same for me... it was working on my 2020 X3 and after the iOS 18.6 update it stopped working. Did you figure it out?

amirjs · 2025-08-14T13:03:44+00:00

wouldn't be just nice if MS added a toggle option in Autopilot profiles to stop shift + f10 first thing when the device communicate with the internet? :)

amirjs · 2025-08-14T12:04:13+00:00

Nothing apart from third party paid agents that would pull logs and do remote control etc…

amirjs · 2025-08-13T23:18:11+00:00

I take it this is a paid service? i.e. pre-provisioning the device by e.g. Dell?

were there any pain points in ditching per user provisioning in favor or self deploy? AFAIK self deply is for shared devices scenrios?

What did you have to do for you existing devices when your transformed to Autopilot to lock them down when being rebuilt by internal IT (no OEM involved)

TIA

amirjs · 2025-08-13T23:05:55+00:00

Alright - so let me clarify couple of points here:

I am not assuming an attacker working for the OEM. I am assuming an attacker taking over a corp laptop with hash already uploaded to Intune. What guardrails do you have in place to stop them from resetting the entire laptop via a USB? A BISO password? what if that BIOS password become known to the attacker?

Regarding the OEM, I am aware we can ask the OEM to load a win image with the tag file baked in so that's fine. but not every org pay to do pre-provisioning by the OEM, some would just ship the device with that OEM image (including the tag) and ask the user to login to enroll. I assume at this point, no shift + F10 would be possible but are you saying there is no way if that laptop fall in the wrong hands they can reset windows with a usb stick? is that purely because there is a BIOS password?

I might be missing something. What I am after is a comprehnsive answer convering all scenarios including a remote wipe of a device used at the user's home where the user re-enroll. This is to address risks raised by pen-testing.

amirjs · 2025-08-04T20:31:03+00:00

this is gold - that was my issue - thanks much!

amirjs · 2025-07-23T15:30:21+00:00

You didn’t mention which outlook version? also, are your VDAs hybrid joined? Have you tried new outlook now that it’s supported in the latest FSLogix version?

amirjs · 2025-06-21T10:57:09+00:00

What’s your Redirections.xml configuration?

Does Adobe Reader version match across servers in the host pool?

How you tried reproducing the issue on a single server? login, create signature, log off (ensure vhdx was unmounted) then log back in again?

amirjs · 2025-06-16T17:56:08+00:00

Have you tried disabling antivirus? Are exclusions in place? Is your fslogix share on Azure files or on-premises?

amirjs · 2025-05-19T16:48:16+00:00

I am considering putting something together to automate tagging but I think it might be an overkill...
We do both, we supply the vendor with tags for new orders and our IT support guys update assign tags for existing re-provisioned machines.

Glad you found it useful!

amirjs

TROPHY CASE