Recent Discussions
Local Admin Rights
Hi Experts, I have a customer running a Hybrid Azure AD Join environment with all Windows devices enrolled in Intune. Currently, Domain Users are being added to the local Administrators group on all devices via an on-premises Group Policy from the Domain Controller (Restricted Groups / Local Admin configuration). This effectively gives all users local admin rights. I want to remove Domain Users from the local Administrators group on endpoints while not modifying the Domain Users group itself in Active Directory. What is the recommended / best-practice approach to handle this in a Hybrid + Intune setup? Specifically: What is the safest migration strategy to avoid device or admin lockouts? Any Hybrid-specific gotchas when transitioning from on-prem GPO to Intune? Looking for advice from those who’ve implemented this in production environments.
Outlook Autodiscover Caching, MAC OS
Environment: - Microsoft 365 tenant - New Outlook for Mac - macOS Tahoe Scenario: An email address (email address removed for privacy reasons) previously existed as an alias on a mailbox whose primary address was on Domain B (email address removed for privacy reasons). Today, that alias was removed from the Domain B mailbox, and a new licensed mailbox was created using the same SMTP address on Domain A (email address removed for privacy reasons). Behavior: - Sign-in to the new mailbox works immediately in Outlook Web (OWA) - Mailbox is accessible and functional online - Adding the account in New Outlook for Mac fails with: “This account has already been added” - Account reset, sign-out, removal of all accounts, reinstall, and keychain cleanup do not resolve the issue Observation: This appears to be related to Autodiscover or mailbox GUID caching in New Outlook for Mac when an SMTP address previously existed as an alias on a mailbox under a different primary domain. Questions: Is there any supported method to force New Outlook for Mac to re-resolve the mailbox identity after alias removal? Is this a known limitation or bug specific to New Outlook for Mac? Additional note: The issue occurs even though the mailbox is fully functional in OWA immediately after alias removal and mailbox creation.
Microsoft Authenticator help
keep getting Microsoft Authenticator attempts on my Hotmail account every 15 mins or so from an overseas location that im not aware of. I have changed my password, however im still getting attempts. I deny the request every time, and when i look at security section under my account > view my sign-in activity. it doesn't appear here .
Neujahrsgrüße und Wertschätzung an die Microsoft‑Ingenieurteams
Liebes Microsoft‑Team, ich möchte Ihnen meine aufrichtigen Neujahrsgrüße und meine große Wertschätzung für Ihre Arbeit im Bereich der Informationstechnologien aussprechen. Als langjähriger Nutzer von Microsoft‑Produkten und ‑Diensten sehe ich, wie viel Engagement, Intelligenz und Verantwortung hinter Ihren technischen Entscheidungen stehen. Ihre Arbeit prägt die digitale Welt, in der Millionen von Menschen täglich leben, arbeiten und kreativ tätig sind. Vielen Dank für Ihren ständigen Anspruch an Verbesserung, für Ihre Verpflichtung zu Qualität und für Technologien, die Menschen weltweit stärken. Bitte nehmen Sie meine besten Wünsche für das neue Jahr entgegen — für Klarheit, Inspiration und weiteren Erfolg in allem, was Sie entwickeln. Mit Respekt und Dankbarkeit, Hermann Thomas DeutschlandNew Year greetings and appreciation to the Microsoft engineering teams
Dear Microsoft Team, I would like to express my sincere New Year greetings and my deep appreciation for your work in the field of information technologies. As a long‑time user of Microsoft products and services, I see how much dedication, intelligence, and responsibility stand behind your engineering decisions. Your work shapes the digital world in which millions of people live, work, and create every day. Thank you for your continuous pursuit of improvement, for your commitment to quality, and for the technologies that empower people around the world. Please accept my warmest wishes for the new year — for clarity, inspiration, and continued success in everything you build. With respect and gratitude, Hermann Thomas Germany
STOCKHISTORY function
The STOCKHISTORY function intermittently returns #CONNECT! errors in Microsoft Excel 365. The same formulas sometimes return valid historical monetary data and other times return #CONNECT! without any changes to the workbook. Recalculating, refreshing, or reopening Excel may temporarily resolve the issue. The problem affects multiple symbols simultaneously, suggesting a service-side or backend problem rather than a formula syntax issue. Example formula: STOCKHISTORY("EUR/USD", start_date, end_date). Is this a known issue or a service degradation? Are there any recommended workarounds? Is there any known issue preventing access from Spain or Office 365 accounts? It was working without problems until two days ago.
Designing patch management in a fully restricted intranet (no internet access on user machines)
Hello, I am designing a Windows patch management solution for a restricted intranet environment where direct access to Microsoft Update / Windows Update endpoints from client machines is strictly prohibited. Environment constraints: Windows 10 / Windows 11 (Enterprise) Client endpoints have no internet access Access to Microsoft Update endpoints is blocked by policy Only explicitly approved servers may ever have outbound access Feature upgrades are controlled and infrequent Goals: Centralized control of Windows OS updates (security + cumulative) Ability to stage, approve, and deploy updates in waves (rings) Support for air-gapped or near air-gapped operation Use Windows’ native servicing stack (no unsupported installers) Integrate with a custom in-house endpoint agent for orchestration/reporting Questions: 1. Since Windows Update for Business (WUfB) requires direct access to Microsoft Update endpoints, is WSUS the only supported option for environments where endpoints cannot access Microsoft servers? 2. Is the following architecture considered supported and best practice? A WSUS server (or staging WSUS) with controlled/temporary internet access Offline export/import of update metadata and content using wsusutil Internal WSUS serving all client machines 3. Are there official Microsoft recommendations for: Disconnected WSUS synchronization Offline approval and transport of updates Highly regulated or air-gapped environments? 4. Can WSUS + Group Policy be used to effectively replicate WUfB concepts such as: Update rings Deferrals Deadlines Pausing updates? 5. Are there any modern alternatives (beyond classic WSUS) that are supported in environments where Microsoft CDN access is completely blocked? 6. For enterprises building custom orchestration layers: Is it recommended to rely solely on WSUS for Windows OS updates And restrict custom repositories to third-party application patching only? Any guidance, official documentation, or architectural recommendations would be greatly appreciated. Thank you.
Introduction – Microsoft Certified Trainer and Solution Architect
Hello everyone, I’m Patrizio Tardiolo Bonifazi, a Microsoft Certified Trainer (MCT), Solution Architect, and Senior Engineer. I work extensively with Microsoft Azure, Microsoft 365, Microsoft Graph, Power Platform, Microsoft Teams Premium, Microsoft Entra ID, and DevOps practices, combining hands-on engineering with training delivery. I joined the Microsoft Tech Community to learn from others, share real-world experiences, and contribute with practical insights and best practices. Nice to meet you all!W11 Black screen on Desktop. Explorer issue
Hello. first post in this community as I am having a dreadful issue. I was transferring some files form a my PC to a smartphone and Explorer crashed, without warning. I rebooted my PC and after the W11 Opening screen where you enter your password, I got stuck on a black screen. My mouse was working and I could get to the Task Manager with my wireless keyboard too. Looking at similar issues on the net, I believed that my System files got corrupted during the files transfer I was doing, lucky me....... Anyway, I managed to open a CMD and get SFC/ scannow and the 3DISM commands to run fully. I was optimistic it would fix the issue. It didn't. If I open Task Manager I can see Explorer "running" but without any CPU activity. And trying to access the Exe location got me stuck at Not responding prompt. what are my Options before a Windows reinstall? I am on W11 PRO H2/2025 if that helps at all. thanks so much
Running Windows 11 on Hyper‑V with 8 GB RAM: My Workaround
Hello everyone! I am a beginner and I wanted to run a Windows 11 VM on Hyper‑V to test Windows in a virtual environment. Since my device only has 8 GB RAM (with Windows itself using ~50%), it took some effort to get the VM up and running. Windows 11 requires 4 GB startup memory, and I kept hitting the “not enough memory” error. This post is my contribution so you don’t have to go through the same struggle! Windows 11 Requirements on Hyper‑V 4 virtual processors 4096 MB (4 GB) RAM 64 GB storage Secure Boot with Trusted Platform Module (TPM) enabled Things You’ll Need Hyper‑V Manager https://learn.microsoft.com/en-us/windows-server/virtualization/hyper-v/host-hardware-requirements?pivots=windows Windows 11 ISO https://www.microsoft.com/en-us/software-download/windows11 Step 1: Creating the VM In Hyper‑V Manager: Actions → New Virtual Machine Set Name and Location Choose Generation 2 Set Startup Memory: 4096 MB Configure Networking: Default Switch Create Virtual Hard Disk: minimum 64 GB Under Installation Options, select “Install an operating system from a bootable image file” and browse for the Windows 11 ISO. Finish setup. Step 2: Configuring the VM Right‑click the VM → Settings Under Security, ensure Secure Boot is checked (default). Enable Trusted Platform Module (TPM). Apply changes. Step 3: Getting the VM to Start Here’s where the issue begins. On an 8 GB host, starting the VM with 4 GB allocated often fails with a memory error. Windows setup requires 4 GB RAM initially. After installation, you can safely reduce the VM’s memory to 2048 MB (2 GB) and enable Dynamic Memory for efficiency. This way, the VM boots with less pressure and grows as needed. Workaround: Freeing Memory To make sure Hyper‑V has enough contiguous RAM (~4100 MB), I did the following: Closed all apps on the taskbar except Hyper‑V. Opened Resource Monitor (instead of Task Manager). Closed apps in the system tray (except Defender). In Resource Monitor → Memory tab, sorted processes by Working Set (KB). Ended non‑essential processes until at least 4100 MB available RAM was shown. Unsafe to End (avoid terminating these) System processes: svchost.exe, lsass.exe, wininit.exe, csrss.exe Hyper‑V services: vmms.exe, vmcompute.exe Antivirus/security: MsMpEng.exe (Windows Defender) Drivers and background services (audio, network, GPU helpers) Windows Update components Generally Safe to End (if not needed) Web browsers: chrome.exe, msedge.exe, firefox.exe Office apps: winword.exe, excel.exe, powerpnt.exe Media players: spotify.exe Game launchers: steam.exe, epicgameslauncher.exe Updaters: Adobe/game patchers Cloud sync clients: onedrive.exe, dropbox.exe, googledrive.exe Chat apps: teams.exe, skype.exe, discord.exe msedgewebview2.exe (WebView2 runtime for apps like Teams/Outlook) explorer.exe (you’ll lose desktop/taskbar until restarted) Booting Connect to the VM first before clicking Start. If you see >>Start PXE over IPv4 and keys don’t respond Turn off the VM then click Start, make sure to hold a key after you click start. You can most likely proceed now onto setting up Windows If stuck at a background with “ENG, Accessibility, Power” icons but no login box: In the VM connection window → View → uncheck Enhanced Session. This reveals the login screen. After setup: Shut down the VM. In settings, reduce memory to 2048 MB. Restart your host. Now Windows 11 runs in Hyper‑V on an 8 GB RAM without constant memory errors!urgent! i need help on how to copy & paste number ID from a webpage to excel
hi i need urgent help!!! I have been sitting in front of my desktop trying to copy and paste only numbers ID from a webpage to excel but to no avail regardless spending exceeding 2 hours experimenting how to set it right in excel. after pasting in the column, when i click away, that particular column's pasted number would auto change to 5.80948E+17. pls pls help me guiding me step-by-step tutorial thanksTask Scheduler
I'am new to this forum. I'm trying to use Task Scheduler to print a document on every Friday at noon. My document is located on > my computer >WindowsSSD (C:) > Program File (x86) > Microsoft Office > Office12 > Print A Test Page Every Friday At Noon.docx. My printer is located here on http://192.168.12.154:80/WSD/DEVICE. I'm not sure if this is where I'm supposed to post this. Any help would be grateful."Authorization has been denied for this request"
Hello, We’re encountering an issue with sending proactive messages to Microsoft Teams. We have multiple tenants, and in one of them the REST API works correctly. The app registration is multi-tenant, and we obtain the access token from https://login.microsoftonline.com/botframework.com/oauth2/v2.0/token, which works without any problems. However, in another tenant the same flow fails with "Authorization has been denied for this request", even though we are still able to retrieve the access token. After decoding both tokens, everything matches except for the tid. I also tried switching the app to single-tenant and requesting the token from https://login.microsoftonline.com/<my-tenant-id>/oauth2/v2.0/token. This returns a valid token, but using it to send a proactive message results in the same authorization error. My understanding from recent documentation is that multi-tenant bot creation has been deprecated and bots should now migrate to a single-tenant model. Does this also apply to bots created in the Developer Portal? The Bot Framework REST API documentation doesn’t explicitly mention any changes: https://learn.microsoft.com/en-us/azure/bot-service/rest-api/bot-framework-rest-connector-authentication?view=azure-bot-service-4.0&tabs=multitenant#bot-to-connector I could also see multiple users facing the same issue, so is there a bug that is currently preventing some tenants from using the service?
Recent Blogs
- We’re excited to share the latest updates designed to improve your experience on the Microsoft Tech Community! This quarter, we’ve focused on modernising the interface, enhancing event features, and ...Oct 08, 2025
- We appreciate your continued engagement and invaluable feedback. Your insights and suggestions are instrumental in shaping our updates and enhancing your experience. Continue to report any issues on...Dec 09, 2024
