Event banner
Event details
254 Comments
- Azure AD Authethication. How to enable Kerberos tickets to work for mounted storage azure file account. When on-prem controler is on sight. It is working for us only when not in on prem.
- SteveThomas
Microsoft
Have you taken a look at this information? https://learn.microsoft.com/en-us/azure/storage/files/storage-files-identity-auth-azure-active-directory-enable
Since we are migrating our GPOS to Intune Configuration Profiles, what is the recommended way to keep track of changes to those Intune Configuration Profiles? Basically, looking for Version Control for Config Profiles.
In the absence of native policy versioning, we backup our Intune policies periodically using Graph. In PS: Install-Module -Name Microsoft.Graph.Intune, Install-Module -Name IntuneBackupAndRestore, Import-Module Microsoft.Graph.Intune, connect-msgraph, import-module intunebackupandrestore, Start-IntuneBackup -Path XXXX
- Just to further explain the question here are few reasons for the question: - The main reason is that we have many different people updating config profiles so if there is an issue, we would like to know what has changed so that we can quickly revert back to the previous version if necessary. - There are also instances where we need to know when a configuration setting was added months or even years back. We know this will occur from experience with GPOs although this is not common. - Lastly, we are an agile shop now and this would be helpful to keep track of work/changes being done in our Intune Environment.
- Although not that user friendly, there is an audit entry when you modify a configuration profile, it lists the old and new settings when you make a change. not sure how long the audit log lasts
- Where is CMpivot for Intune only devices?
- MSFT_IntunePrgramMgrCMPivot for Intune is only supported with Tenant-Attach scenarios.
Is there standalone Connected Cache server on the roadmap ? Currently we need SCCM for this.
- Jason_SandysWhile we are actively working on a stand-alone connected cache solution, when this question comes up, it does beg the response of "why"? What is needed that peer-to-peer delivery optimization does not provide?
- Stand-alone eliminates a need of SCCM server and I hope that the casche efficiency will be improved with new sollution. Because it is challenge pushing CAD Software where the size of .intunewim is 4 GB or more. That was already mentioned in other posts. I think "optimizing the caching logic" it is really very important topic for large companys that are moving to cloud only, including WufB, Software, Firmware deployments.
- Old mitigations that were reg key updates have caused some registry corruption when attempting to add them via Remediation script is there any guidance on this is there a recommended way to add these? Additonally, do you have any tools for CIS Benchmarks for the Cloud only setup?
- I can't speak to your corruption issues but there are some CIS benchmarking tools in Microsoft Defender Vulnerability Management Add-on you would find useful.
- Although our current plans are to go Co-managed (currently Tenant Attach) I would like to see us get to Intune only someday. A few things that will keep MECM going in my environment based on our testing currently. 1. Users can uninstall available applications via software center as needed if deployed from MECM , can’t seem to do that from Intune ( justreinstall or force required uninstalls as a deployment) 2. Tenant Attach allows remote control of MECM applications (install, Uninstall, etc.). There is no equivalent in Intune currently. (Our support process relies on this heavy for shared systems which out way user deployed systems) 3. Running scripts on demand – Support workflows 4. Of course, continued expansion to Dynamic Security Groups would be welcome – although there are some interesting ways to solve this with scripts and azure functions
- Jason_SandysFor #1, Uninstall is coming "soon". For #4, make sure you are using filters.
- #4 Filters are great, but we do have times where we need to target based on other inventory information not available via filters., No timeline to #2 and #3 at this time? #2 seems so odd as that feature seems to only exist via tenant attach not even MECM console
- In a recent greenfield implementation, the systems needed to be Cloud only as a data center wasn't setup yet for some required on premise. AD GPOs were still required so in the end it required hybrid even though it started Cloud only.
- SteveThomasI would be curious to know what GPOs were needed that weren't included in the Settings Catalog.
- Hey guys, ours is a little complex environment. :) Some devices are behind firewall and will always be on office network (meaning connected to onprem AD). We currently have a great imaging process using PXE at our offices. And we are going through a transition phase of moving our imaging process to Autopilot. Now, this works great if the devices are "standard" and getting these to be managed by intune purely is not a problem at all. But for this special devices, we are still exploring if Autopilot is still an option. Is there any simple automated process of getting a AAD joined device to join on prem AD during Autopilot Process ?
- Jason_SandysWhile Autopilot fully supports HAAD joining Windows endpoints, we generally recommend not doing this. The question here is why join the on-prem AD domain at all? Accessing on-prem resources does not in any way require an endpoint to be joined to the on-prem domain?
I manage a school district with 6,000 win computers. All nodes are 10Gig connected closet to closet. 1 Gig to the desktop. Why would I switch to a cloud managed system? Especially considering OS deployments taking place VERY often. 6.000 computers connecting through our Internet Pipe seems like a major bottleneck to management.
- Delivery optimization to get updates from local devices.
- You can use SCCM as cache for the Intune
- To solve, Security Vuln implementation they are available in settings catalogue or as a registry value = Proactive Remediation fix would be good enough.
