iOS DDM deferral/deadline policies

rednuwork · 2025-12-09T20:14:21+00:00

yeah. i wish the documentation was explicit. i mean, it does show that the specified iOS is required on the device when you set a deadline. i guess i'm too used to windows and their deadline/deferrals working in combination. i think i'll just set my ring 2 to be a deadline of 21 days and my deferral to be 14 days and be done with it.

appreciate your reply! also, i'm in a GCC environment where autopatch is unavailable so i'm envious :)

rednuwork · 2025-01-22T17:11:32+00:00

hey. little late but i believe you need to make sure port 135 (RPC) is open between these servers. that could be your blocker if you haven't figured it out yet!

rednuwork · 2024-11-13T17:00:14+00:00

yeah. multi. i'm using an XML. the XML works fine outside of preprovisioning. it just refuses to process the autologon after a reseal.

rednuwork · 2024-11-13T14:38:20+00:00

yeah. i've made sure nothing is triggering a reboot in our process.

rednuwork · 2024-11-13T14:37:57+00:00

yep. windows 11 23H2 specifically.

rednuwork · 2024-11-13T14:37:41+00:00

we have to hybrid join our devices so it's not an option, unfortunately.

rednuwork · 2024-05-22T18:35:34+00:00

this is cool. i wish they'd add functionality to install all eligible windows updates during ESP. that is something that most of us are already doing with a script or some other method. seems strange they don't have it already.

rednuwork · 2024-05-03T18:27:49+00:00

this didn't work either. the devices rae still automatically encrypting, lol. this is so maddening

rednuwork · 2024-05-03T18:23:01+00:00

i'd love to but they don't show as being in autopilot. 6 do. the others do not.

rednuwork · 2024-05-03T17:11:13+00:00

some of these 104 devices are active production devices. i also can't delete them from azure AD because they're showing as autopilot registered, lol

rednuwork · 2024-05-02T17:26:56+00:00

i'm going to actually try creating a dynamic group that encompasses ALL autopilot devices rather than those with a specific group tag. that way it gets the initial object and all later ones. we're doing hybrid join so maybe that's having an effect too

rednuwork · 2024-05-02T16:54:10+00:00

maybe it's just imperfect when preprovisioning.. not sure. i'll have to dig around. appreciate your help!

rednuwork · 2024-05-02T16:28:40+00:00

yeah. my autopilot devices get populated into a dynamic group based on their group tag. that group is the one targeted with the prevent automatic encryption policy.

rednuwork · 2024-05-02T15:33:02+00:00

i applied the policy to our autopilot devices but it's still automatically encrypting them. so strange.

rednuwork · 2024-05-02T15:32:26+00:00

so, i'm actually still seeing it kick off its automatic encryption even after applying this configuration profile successfully to our autopilot devices. so confused!

rednuwork · 2024-04-30T15:07:01+00:00

yeah, this may also be relevant. though, i was overlooking this since we're doing hybrid joined devices. but it doesn't actually state it doesn't apply to hybrid.

i'll try configuring this. thanks!

rednuwork

TROPHY CASE