Event banner
Event details
65 Comments
- Self-deploying is in preview for quite some time. Is there any reason for this? Except the current TPM attestation problems with Intel 12gen CPU's (fixed in 21H2 WITH KB5007253) and AMD TPM attestation problem because its looking at the amd root tpm)?
- Jason_Sandys
Microsoft
At this point, it's just not a 100% complete feature and we are still gathering evidence on its current use. Keep in mind that preview features are 100% supported for production use.
- WUFB Question: It's my understanding that if a device is targeted with Windows 11, but isn't compatible, they won't do any feature updates. Are there plans to add more control for something to the effect of, "If compatible: Win 11, else upgrade to Win 10 21H2"? Otherwise there will need to be more rings with various inclusions/exclusions based on hardware readiness.
David_GuyerHi Joseph, Your understanding is correct that only compatible devices will update. It's a good idea to have controls that make it easier to only assign compatible devices to Windows 11 policy, and the rest to a Windows 10 policy, and something we are looking into.
- Use Power Automate to drop a device into the Windows 11 update group, as a backend for Self-Service Opt-In.
- Do you have an example of how to do that?
- Is there an easy way to delay a provisioned ConfigMan task sequence from starting once the client is installed? We're installing the ConfigMan client during Autopilot enrollment, but ran across issues where the TS would run while the user was still on the ESP. I ended up writing a script to wait until the user is on their desktop before it would begin the client installation.
- Jason_SandysNo, there is no way to do this today although there is a new feature in the works to better enable the scenario; this feature is appropriately called "Autopilot into Co-management". This feature only supported Azure Active Directory join though and also note that if you are using hybrid Azure Active Directory join then it is not supported to deploy the ConfigMgr client agent during Autopilot.
JoeLentz Thank you for the question! We'd highly recommend that you follow the documentation found here for deployment of your Endpoint Manager Configuration Manager client Co-manage internet-based devices - Configuration Manager | Microsoft Docs
- When you fresh start a device is there a way to change the timezone to that of the user ?
Mark! Thanks for the question. You can set a policy to enable Location services Windows 10 location service - Microsoft Managed Desktop | Microsoft Docs and enable NTP Windows Time service tools and settings | Microsoft Docs in Windows to help with setting the proper time for your customers.
- Is this where you enable location? Your original link is microsoft managed desktop and doesn't really explain how to configure/enable the policy https://docs.microsoft.com/en-us/windows/client-management/mdm/policy-csp-System?WT.mc_id=Portal-Microsoft_Intune_Workflows#system-allowlocation
- Can you point me in the right direction to fix this error to use Desktop Analytics ~ I'm the only one getting this ~ it shows me no data at all and clicking Retry doesn't fix it. "Couldn't retrieve data for some of the controls. Refresh the page in a few minutes. Use 'ac410bef-22ae-4049-89a9-c8d6ed35a063' to report this issue to Microsoft."
- Jason_SandysHi Natalie, Assuming the error is persistent, your best path here is to open a support case.
- Moving workloads is dangerous if using MBAM as it will disable the MBAM portion so you can't use boot up pin. Just a heads up 🙂
- Jason_SandysHi Mark, I'm not sure of the exact scenario that you are describing here but this should not be the case to my knowledge assuming you have nothing configured in Intune for BitLocker. If you've had issues, you should open a support case. We are investigating creating an additional workload configuration for BitLocker thus separating it from the Endpoint Protection workload. No commitments or timeframe to share.
- If we have Update Rings (and Feature Updates) assigned to a corporate Imported/Autopilot device group, and I want to offer an early self service opt in for Windows 11 for users, can I target a user group for the W11 feature update, while also targeting devices for my other ones? Or should I migrate my standard update/feature update rings to user groups with filters prior to offering this?
- David_GuyerWhen you configure either Update Rings or Feature Update profiles to update devices to Windows 11, when they meet the minimum hardware requirements (which Endpoint Analytics can provide great info about), they will upgrade to Windows 11. There isn't an option for end user opt-in, it's based on the settings in Intune whether to update or not. If you want to choose which devices or users are updated to Windows 11, you'll need to update your groups or filters accordingly to manage that.
- The opt in I'm referring to is creating a form or flow of some kind for a user to fill out and then they will automatically get added to a group that's targeted to the W11 feature update.
- Cloud Attach: as soon as you enable it and enroll the clients to Intune with it, you can run PowerShell scripts from Intune on them through the cloud;-) Doesn't require workload shifts Important to check your assignment for already existing scripts on Intune side ....
- Jason_SandysHi Olaf, Is this a question or statement? Also, I assume you are referring to co-management here.
- it's a statement or hint ;-) cloud attach, aka co-management co-management wording isn't used anymore in latest MECM release, another renaming in Microsoft world.
- Is there any way out there to convert from a hybrid PC to an Azure AD only PC without resetting the system? (or will there ever be on the road map?)
- Jason_SandysHi David. Today, there are no Microsoft tools or supported methods to directly convert an existing Windows endpoint from domain-joined/hybrid Azure Active Directory join to Azure Active Directory join. The current strategy is that, assuming you've fully embraced cloud-native Windows endpoints, the reset has zero true implications as the endpoint and user's configuration including apps and data are fully portable and fully restored after the reset. We understand that's potentially easier said than done and so are investigating the possibility of a tool. AT this point though, this is just an investigation so there's nothing more to share.
- Whilst unsupported, what are the potential implications of doing a Hybrid to AAD migration for an endpoint without reset? Technically you could script leaving AD & AAD and follow it up by applying a provisioning package to re-enroll to AAD with auto enrollment to Intune Group policy settings potentially still being applied on the device?
