Forum Discussion
How to troubleshoot onboarding devices to the new Apps Admin Center
- Mar 16, 2021
Hi josephlamb
Great question and attention to detail. This behavior is intended. The TAK should exist under the cloud key. If Serviceability Manager is unable to pull the TAK and write it to this location we fallback to the GPO key. This is why the script remediation writes to the GPO location. If you attempt to manually write the TAK to the cloud key it will be overwritten during the next checkin. TAK delivery will be receiving some fixes in a future release to address this.
In addition, the baseline has been updated to address the TAK CI. The detection logic now properly checks both registry keys for the TAK. Previously it was only looking at the cloud key, resulting in the CI remaining non-compliant.
We have been following this guide and do have a question about the Tenant Association Key (TAK):
These baselines appear to search for the TAK registry key and if it doesn’t exist it creates it. It reads from one location and writes to another. Can you please verify where the TAK should live?
Checks this location:
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\cloud\office\16.0\Common\officesvcmanager
If it doesn’t exist, it writes it to this location:
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\office\16.0\common\officesvcmanager
- BobClementsMar 16, 2021
Microsoft
Hi josephlamb
Great question and attention to detail. This behavior is intended. The TAK should exist under the cloud key. If Serviceability Manager is unable to pull the TAK and write it to this location we fallback to the GPO key. This is why the script remediation writes to the GPO location. If you attempt to manually write the TAK to the cloud key it will be overwritten during the next checkin. TAK delivery will be receiving some fixes in a future release to address this.
In addition, the baseline has been updated to address the TAK CI. The detection logic now properly checks both registry keys for the TAK. Previously it was only looking at the cloud key, resulting in the CI remaining non-compliant.
- josephlambMar 17, 2021Copper ContributorThank you for the quick response! I really do appreciate it!
Another quick question for you -- We are seeing two different TAK keys. As we are onboarding these devices we are finding that devices that register have a different TAK key than what is defined here - https://config.office.com/officeSettings/settings
We can easily recreate this by deleting the TAK key from: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\cloud\office\16.0\Common\officesvcmanager and it will recreate the TAK that is not listed in the Apps Admin settings.
Hopefully that makes sense! Would you know why that would be the case?
Also, is there a better place for us to ask about questions or issues? Is there a Yammer created for the Apps Admin console yet?
Thank you again for all of your help!- BobClementsMar 17, 2021
Microsoft
There is a decimal point towards the end of the string with another set of characters following. Do the keys match up to this point?
We are currently using TechCommunity to discuss the new preview features, so feel free to continue the discussion here.