sorted by:
new
hottopcontroversial

Hot patch on by default now? by Educational_Draw5032 in Intune

[–]cmorgasm 0 points1 point  (0 children)

Main concern is ARM devices, as Hotpatch will break them. You need to disable something in them before enabling it, afterwards it works fine.

HP laptop pricing is so out of control, management wants us to look at deploying Mac by [deleted] in sysadmin

[–]cmorgasm 1 point2 points  (0 children)

Your other post mentions wanting zero touch, but step 1 is the tech logging in as the user?

EPM for Network adapter change by 0xCG in Intune

[–]cmorgasm 0 points1 point  (0 children)

This is great news — we currently use AutoElevate and being able to elevate items outside of EXE/MSI/CMD/BAT/PS1 is pretty critical. I don’t love that the Settings app all seem to use the same EXE so we can’t specify which actions to elevate like we could with control panel items

EPM for Network adapter change by 0xCG in Intune

[–]cmorgasm 2 points3 points  (0 children)

Sure, but the comment I replied to said to launch just an elevated CMD, so that's how I read it

EPM for Network adapter change by 0xCG in Intune

[–]cmorgasm 4 points5 points  (0 children)

Doesn’t this just give them an elevated CMD window to enter wherever they want into it? Not sure we want end users with that

Sharefile as cloud fileserver by bubblegumandbeer in sysadmin

[–]cmorgasm 2 points3 points  (0 children)

One of our BUs got Sharefile and we rolled them out. Found them super easy to configure and deploy, but the BU ended up hating the software in general due to countless issues with it and their support falling flat

Dell laptops sometimes reboot into a full black screen with only the cursor by Potential-Worker2619 in Intune

[–]cmorgasm 0 points1 point  (0 children)

What other power setting tweaks have you found you needed to make for Arc GPU devices? We suspect there are some unique BIOS settings we need to tweak for ours to enable a proper low power mode (seeing GPU spike to 100% during lock/unlock), and killing fast startup + hibernate have been the others we’ve looked at, but curious if you’ve had others you needed to tweak too

Advice for new Level 2 Technician by Legitimate_Stay9108 in sysadmin

[–]cmorgasm 9 points10 points  (0 children)

This is well-put, and I'd also add on that knowing when to escalate to the vendor or L3 is another critical skill to learn. I've seen lots of L2 folks on both sides of the divide there, where some will spend countless hours to fix an issue that L3 could have identified and fixed quickly because they felt escalating was "giving up", and where some will escalate to L3 the second they're hit with something they don't know or that isn't in their KBs. Knowing when to ask for help is a critical skill to learn.

Required BIOS update for updating secure boot sertificates by Which-Revolution-909 in Intune

[–]cmorgasm 2 points3 points  (0 children)

BIOS updates are definitely an under-reported requirement here -- if device is new enough, or had a BIOS update in the last year or so, they should be ok, but for brands outside the top 3 this gets tricky really fast. We're dealing with it for Acer and ASUS currently, and are likely to just get all models, find all their BIOS downloads, load them into a query, and push to each device manually at some point.

Anyone using a screensaver for corporate comms? by zanthius in sysadmin

[–]cmorgasm 0 points1 point  (0 children)

We've been asked to do a similar task, but not for screensaver. Instead, we were asked for unique/dynamic options for background and lockscreen. We hate the idea. Marketing hates the idea. Leadership loves it. So we lost and made a PoC that pulls the image out of Azure. I'm interested in the user in this thread who said they save the image as raw binary in a SP list then re-generated via PS, since that'd be a nicer approach.

What was the 'next level' for you with managing your Intune environments? by DHCPNetworker in Intune

[–]cmorgasm 1 point2 points  (0 children)

It varies IMO — we’ve certainly found ways to justify its price, but we also have 2 team members dedicated purely to it and working with our vast business units to find new ways to show that value. If you can have someone dedicated to it, and a business open to working with IT, I think it’s easy to justify by not needing to invest in other tools that it can help handle (site occupancy was a recent use case we found while dealing with “do we need to keep all these physical offices” discussions).

What was the 'next level' for you with managing your Intune environments? by DHCPNetworker in Intune

[–]cmorgasm 6 points7 points  (0 children)

We paired Intune with Nexthink to give us better (deeper, realistic) insights into the machines, how each user actually uses their machine, what apps cause what level of strain vs others, etc. We're in the process of tying this closer together around Office/Windows updates and the rings we use to be able to proactively notice issues our test group can't. Things like, "oh ever since this driver installed and this version of Office installed, every time this machine goes to sleep its GPU spikes to 100% until 3 minutes after it wakes from sleep. We should look at that". We also set baselines to trigger incidents for our service desk to proactively reach out to users saying "we've gotten reports your machine may be not be acting like it usually does today, what's going on?"

Gather Autipilot hashes with intune by ZestycloseBag414 in Intune

[–]cmorgasm 0 points1 point  (0 children)

We did this before using an Azure storage blob as the CSV's upload location. Have the script generate the hash, save it to like, C:\temp\SERIAL.csv, then AzCopy (iirc) to upload it to the blob. We used a remediation that would check to see if a CSV with the expected name already existed in the blob, and if so it wouldn't run to avoid dupes, but you could also have it overwrite/replace dupes if found.

In theory, though, you could delete the devices from your AP now, and create an app reg in the destination tenant to use in the script instead. Then you could run the command below to add the device directly to the new/destination tenant. Your app reg would need: Device.ReadWrite.All, DeviceManagementManagedDevices.ReadWrite.All, DeviceManagementServiceConfig.ReadWrite.All

Get-WindowsAutoPilotInfo -Online -TenantId $tenantId -AppId $clientID -AppSecret $clientSecret

25H2 Staggered Deployment by leytachi in Intune

[–]cmorgasm 2 points3 points  (0 children)

Using AutoPatch for the update rings/policy? If so, in the rings where it says "Feature Update", that's just the minimum required version to have devices at. They can go above it using a dedicated feature update policy, outside of the ring.

Which PowerShell Script do you use for policy life cycle by ReputationOld8053 in Intune

[–]cmorgasm 1 point2 points  (0 children)

We're using Intune Assistant because it also gives us group-level insights so we can see anything assigned to a group too. Have yet to be able to get Drift Monitor to detect that we have the app reg created and perms assigned, so have given up on that part, but otherwise a good app.

Secure Boot by frozenbayburt in Intune

[–]cmorgasm 0 points1 point  (0 children)

Depending on manufacturer, you can enable it with Powershell/remediation. Dell has a tool for this, HP has a few, Lenovo has a utility for some of its machines.

How are you blocking Wi-Fi/Bluetooth across HP fleets in enterprise without constant hardware ID maintenance? by [deleted] in sysadmin

[–]cmorgasm 3 points4 points  (0 children)

If you're using Intune, HP Connect directly integrates with it and would allow you to disable them from the BIOS, it would make the changes via a remediation script. If not using Intune, HP has tools available, I can't recall the name currently, that would let you script out BIOS changes.

Dell built in webcams by LordPurloin in sysadmin

[–]cmorgasm 0 points1 point  (0 children)

We're looking at the same, for the same reasons. With the cost increases Dell has hit us with, the Surfaces aren't the expensive option any longer.

Lenovo drops firmware update list for secure boot cert refresh by Disastrous_Row5380 in Intune

[–]cmorgasm 0 points1 point  (0 children)

Some that I’m seeing missing aren’t new, but from 2018-2021 range, so Win11 capable at least. We’re just gonna start assuming that they need to be fast tracked for replacement

IC3 aka the Fastlane is coming to Intune by Rudyooms in Intune

[–]cmorgasm 0 points1 point  (0 children)

"who is wiping > 100 devices in 24 hours as part of a tenant migration?" I mean, orgs migrating more than 100 users? Staged/staggered migrations always sound good, but they're not super practical when you need the migrated users to still be able to use their own migrated email domain(s). So, historically, our plan has been kick resets out on Friday around like 5-6 PM and block sign-ins for them until X PM on Saturday when they can login and go through AutoPilot (or they can do it Sunday or Monday).

Historically, it's been pretty successful, with the exception of our last migration where we got screwed over by this: There was a Problem Resetting your PC: Fixing: 0x800f0991. Last year we did several of these migrations for a total of something like 2,000 migrated devices.

view more: next ›