Event banner
Event details
192 Comments
- What's the best way to force an immediate sync from the client side? Making changes to Intune is always slow to effect changes on a specific machine. When I have a user on the line, I prefer immediate results.
- In my experience, the sync button in the CP client is not always effective. I suspect that the recent changes to the admin portal are not fully populated across the backend infrastructure, but the Version doesn't always refresh on the screen when getting new apps, even after the new version has been installed. There seems to be a lot of silent waiting involved, with no indication of progress. I just don't know what I'm waiting for; backend or client end.
- If you can...open Powershell as Admin and run get-service IntuneManagementExtension | Restart-Service
- I often go through a ritual of Sync in the Admin portal, restart the IntuneManagementExtension, and then Sync within CP. Then I cross my fingers, wait, lather, rinse and repeat. Then go get a coffee, try again. Solve another user's problem, then come back and try again. Then reboot, keep waiting, and try again, etc.
Thanks for participating in today's session of AMA: Windows management with Intune! For reference, the panel covered this topic at around 46:05.
- Is there a way to use endpoint privilege management to allow a user to modify hardware configurations such as local ports speeds, baud rates, etc.? Also, when is this coming to GCCH?
JaminAlmondMicrosoft
Hello Troy, I'm pleased to inform you that enabling Microsoft Intune Suite features in GCCH is a priority on our roadmap and is swiftly approaching implementation. As for your query about using Endpoint Privilege Management (EPM) to allow users to modify Windows settings, this functionality is also on our roadmap and is planned for inclusion in a future release. We appreciate your patience and are excited about the upcoming enhancements to our services.
- Is there a documented way to expedite drivers (or drivers package) during Autopilot to ensure the device is ready before we can start deploying the application/packages?
- Can we get more a readable log file for the Intune Management Extension service?
- Joe_Lurie
MaenXe It's readable with the right tools 😂😂
You can give feedback on the readability and usefulness of the existing logs. https://aka.ms/IntuneFeedback.- LOL, I should say that I can read it! I just don't find it useful. I suppose I'll go provide some Feedback now.
- I have seen an issue happen several times now where our naming convention is not being applied during the OOBE when users are going through autopilot, is this indicative of something going wrong during the autopilot process? When looking at the device after it shows in intune everything else looks correct on the device.
- Joe_Lurie
Thomas_Shirley The naming template only works for Entra joined (Azure AD joined) devices, not hybrid joined. Assuming the devices are Entra joined, since the Autopilot profile allows you to configure a template, I'd expect the name to work, unless you were using a %% that it doesn't understand. You should only use %RAND% or %SERIAL%. If you're using something like %MACADDRESS% (I know you aren't using that specifically) then it won't work.
If you are hybrid joining the device, there could be other issues with the naming. Alternatively, you can use a PowerShell script to set the name during OOBE.
If there will be more options for policies to require multiple administrative approvals? Like for configuration profiles, update rings, new apps etc?
- Joe_Lurie
Kammilewski That's a good question. Though I can't give specifics on any possible roadmap item, we are always looking for feedback and use cases where we can expand our features. Please use https://aka.ms/IntuneFeedback to add this suggestion, but also use the Send a Smiley/Send a Frown in the Intune Admin Center.
- In what situations would you require an Intune device-only license SKU instead of assigning licenses to users? What about co-managed devices?
Thanks for participating in today's session of AMA: Windows management with Intune! For reference, the panel covered this topic at around 44:00.
- Joe_Lurie
LeeBenjaminD Some examples of why to use device-only licenses and limitations of device-only can be found here: Licenses available for Microsoft Intune | Microsoft Learn
- I have an Entra joined machine, managed by Intune and enrolled in WHfB. On any given day when I power on my machine, there’s a 50/50 chance that I’m met with the password prompt to sign in, rather than be prompted to authenticate with one of my WHfB methods. I can easily switch to sign in with my PIN and complete the sign-in process, but once I’m logged in and working, and my machine goes idle and locks, again there’s about a 50/50 chance that I’m once again presented with the password prompt to unlock my machine instead of the PIN prompt that I originally logged into Windows with. I would imagine this is not the desired scenario, but it makes "forgetting my password" difficult if I'm constantly tempted to authenticate with my password instead of WHfB. Could there be a setting, configuration, or scenario I could be missing somewhere?
- Mike-DanoskiI can't think of a setting that might impact this behavior. If I were you, I would potentially try to set a new pin and open a support case if the behavior continues.
- After running through some scenarios and deep Googling, I determined that the credential provider our VPN client added to Windows was interfering with the ability for the OS to prompt for PIN and was causing the persistent password prompt. I actually added a comment to the linked Spiceworks post below. Once I deployed a configuration profile to hide the credential provider, PIN sign-in was restored and working exactly as designed. Obviously, I do not expect Microsoft to test WHfB on operating systems with non-Microsoft credential providers registered, but what are the chances that we can get some sort of note/warning in the documentation that the presence of a third party credential provider may interfere with the ability for WHfB to work properly?
- How do we mange local user account that already exists on device ? is it possible to remove extra users from device and only keep cloud IDs and backup admin account
Thanks for participating in today's session of AMA: Windows management with Intune! For reference, the panel covered this topic at around 49:50.
remediation powershell script possibly where you poll bultin\adminstrators maybe with net localgroup or the ps equivalent. Probably start with some kind of report as to what was found on what system (dump a csv to a share or to an azure storage? Just spitballing here. Maybe this helps? (https://www.anoopcnair.com/create-a-local-admin-account-intune/)
Panel did a great job covering a much simpler way. Hard part, or at least what I don't know is identifying all the existing local users that are on a device. Say you acquire a company and now you enroll all of those users and devices, you have no idea what is already there for local users and/or what to remove but you do want to add your standard users and admins so while useful, a way to report on what you find so you can then go in and create policies to remove those might be helpful.
- Is there a Data Map that people can reference to find fields when creating Power BI reports?
- Mike-DanoskiAre you referring to creating a power BI report out of Intune data?
