Forum Discussion
How to troubleshoot onboarding devices to the new Apps Admin Center
- Mar 16, 2021
Hi josephlamb
Great question and attention to detail. This behavior is intended. The TAK should exist under the cloud key. If Serviceability Manager is unable to pull the TAK and write it to this location we fallback to the GPO key. This is why the script remediation writes to the GPO location. If you attempt to manually write the TAK to the cloud key it will be overwritten during the next checkin. TAK delivery will be receiving some fixes in a future release to address this.
In addition, the baseline has been updated to address the TAK CI. The detection logic now properly checks both registry keys for the TAK. Previously it was only looking at the cloud key, resulting in the CI remaining non-compliant.
Hi josephlamb
Great question and attention to detail. This behavior is intended. The TAK should exist under the cloud key. If Serviceability Manager is unable to pull the TAK and write it to this location we fallback to the GPO key. This is why the script remediation writes to the GPO location. If you attempt to manually write the TAK to the cloud key it will be overwritten during the next checkin. TAK delivery will be receiving some fixes in a future release to address this.
In addition, the baseline has been updated to address the TAK CI. The detection logic now properly checks both registry keys for the TAK. Previously it was only looking at the cloud key, resulting in the CI remaining non-compliant.
Another quick question for you -- We are seeing two different TAK keys. As we are onboarding these devices we are finding that devices that register have a different TAK key than what is defined here - https://config.office.com/officeSettings/settings
We can easily recreate this by deleting the TAK key from: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\cloud\office\16.0\Common\officesvcmanager and it will recreate the TAK that is not listed in the Apps Admin settings.
Hopefully that makes sense! Would you know why that would be the case?
Also, is there a better place for us to ask about questions or issues? Is there a Yammer created for the Apps Admin console yet?
Thank you again for all of your help!
- BobClementsMar 17, 2021
Microsoft
There is a decimal point towards the end of the string with another set of characters following. Do the keys match up to this point?
We are currently using TechCommunity to discuss the new preview features, so feel free to continue the discussion here.
- josephlambMar 17, 2021Copper ContributorThere is a decimal towards the end. A co-worker noticed that these were a JSON Web Token and showed me how to decode them.
The Tenantid is the same, but the appid is different:
Portal TAK contains: 3cf6df92-2745-4f6f-bbcf-19b59bcdb62a
Mystery TAK contains: d3590ed6-52b3-4102-aeff-aad2292ab01c
Any idea what might be causing this?
Thank you!
Joey- BobClementsMar 17, 2021
Microsoft
With regards to onboarding, the TAK is only used to identify the tenant. If you are in a scenario where the TAK is not being pulled down automatically the recommendation is to use the one from the portal (and corresponding appid). Devices that do automatically retrieve the TAK will end up with a unique appid, but it does not affect the onboarding process.