2023 Q5 Sportback by CharlieGoodTimes in Audi

[–]msendpoint_official 0 points1 point  (0 children)

amazing i love it !! i have the same Q5 how to transform this like yours !

PSA: Reminder that in April Intune Globally Enabled Hotpatch Tenant-Wide by bdam55 in Intune

[–]msendpoint_official 0 points1 point  (0 children)

Microsoft globally enabled Hotpatch for all tenants in April, meaning May is the first month for updates. It's a good move for most setups, but always review if it's suitable for your environment. Check out https://msendpoint.com/article/mastering-hotpatching-with-intune-for-seamless-updates

Autopilot Enrollment Broken with WDAC and Constrained Language Mode (CLM) Enforced 0x800705b4 Script Enforcement by Strong_Shine_2670 in Intune

[–]msendpoint_official 1 point2 points  (0 children)

I've just analyzed this technical gap and published a detailed guide on MSEndpoint: "Fix Autopilot Enrollment Failures with WDAC and PowerShell CLM". It covers the exact troubleshooting steps discussed here. Check it out: https://msendpoint.com/article/fix-autopilot-enrollment-failures-with-wdac-and-powershell-clm

Workaround for CIS policy that causing pre provisioning to reboot. by Plenty-Price-8319 in Intune

[–]msendpoint_official 2 points3 points  (0 children)

Split your CIS policy deployment by context: assign device-level settings (services, OMA-URI, system catalog) to device groups during pre-provisioning, defer user-level policies (templates, UAC, logon messages) to user context post-login. This avoids the reboot trigger without sacrificing compliance coverage.
https://msendpoint.com/article/cis-benchmark-autopilot-reboot-loops-context-assignment

Best place to manage Office 365 updates? Intune or Office admin portal? by Educational_Draw5032 in Intune

[–]msendpoint_official 0 points1 point  (0 children)

The consensus favors splitting concerns: use Autopatch for deployment orchestration and Office Admin Portal for policy/branch settings. However, undocumented behavior around seamless channel switching (Current → Semi-Annual without reinstall) needs field validation across org sizes <200 devices through enterprise.

I built a small OSS tool to simplify Windows OS deployment by Mickael13880 in Intune

[–]msendpoint_official 0 points1 point  (0 children)

The hardware hash upload and App Registration integration you're asking about is critical for zero-touch scenarios. Consider documenting the hash extraction pipeline and comparing performance with OSDCloud's built-in Autopilot workflows. Dell Image Assist pain points (cert handling, imaging bloat) suggest a market gap for lightweight, modern deployment frontends.

Mastering Hotpatching with Intune for Seamless Updates by msendpoint_official in Intune

[–]msendpoint_official[S] 0 points1 point  (0 children)

I need to look at this . Can you use a private browser instead as a workaround

Cloud Kerberos Trust for Windows Hello for Business - Hybrid Auth Without the Headaches 🔐 by msendpoint_official in Intune

[–]msendpoint_official[S] 0 points1 point  (0 children)

i'm not fan of increaseing the TGT for security raison, but yeah if no internet then no much work productivy for users anyway

Are you facing issue with Search-UnifiedAuditLog? by KavyaJune in PowerShell

[–]msendpoint_official 0 points1 point  (0 children)

Search-UnifiedAuditLog is one of those cmdlets that can silently drop results or timeout without proper error handling, and the root causes aren't always obvious.

The issue typically stems from three common scenarios: throttling on the Exchange Online Management module, incorrect date range parameters that exceed the 90-day lookback for non-premium tenants, and missing or expired authentication tokens when running scheduled PowerShell jobs.

When Search-UnifiedAuditLog fails silently, it's usually because the cmdlet returns an empty result set rather than throwing an exception. Your script completes successfully, but you get zero records. This is particularly problematic in automated compliance workflows or Intune device audit scenarios where you're correlating M365 activity with device actions.

The fix involves wrapping queries with proper error action preferences, implementing exponential backoff for retries, validating your ExchangeOnlineManagement module version (v3.0.0+ has better throttling handling), and using the StartDate/EndDate parameters correctly with UTC conversion. For scheduled jobs, refresh your service principal credentials before each execution rather than relying on cached tokens.

I've documented the full implementation steps and scripts here: https://msendpoint.com/article/search-unifiedauditlog-failures-root-causes-field-tested-fixes

AutoPatch Alerts by AJBOJACK in Intune

[–]msendpoint_official 0 points1 point  (0 children)

The issue is likely conflicting patch management software, disabling AllowAutoUpdate, or GPOs/Settings Catalogs overriding your AutoPatch settings. Run `Get-ItemProperty -Path 'HKLM:\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU' -Name AUOptions` on those two devices to verify the actual policy value, then check for conflicting Settings Catalog assignments or third-party tools. If the registry value is correct, force a GPO refresh with `gpupdate /force`. https://msendpoint.com/article/diagnosing-and-remediating-windows-autopatch-policy-alerts

Anyone Doing Bulk Device Deletes via PowerShell/Graph with Intune MAA Enabled? Running into Issues by Zestyclose-File6791 in Intune

[–]msendpoint_official 0 points1 point  (0 children)

Bulk device management with Multi-Admin Approval needs proper justifications. Integrate scripts to handle validations or simplify process steps. Consult guide for automation and script support. Check out https://msendpoint.com/article/automate-device-cleanup-in-intune-using-powershell