Event details
108 Comments
- Love Yvette's Idea about where to keep new feature info.
- Yes Yvette! Would be great to have that !
- feature page in product would be great IMO. Maybe as a tile on a dashboard if folks want it?
simiokpeseyiMicrosoft
Hi Richard, thanks for your suggestion. We will make a note of it.
1. Much of the documentation and case studies for Intune seem to focus on single user single device scenarios, however multi-user devices are not very well catered for in Intune. Particularly user configurations can apply to some users when they've logged on, but not apply to a later user. What developments are in the pipeline for Windows Multi-user device configuration and support?
2. Configuring on-premise trust for support is very vague for Entra and Intune implementations, this is also where the enabling of known/legacy support tools can come into conflict with Cybersecurity teams, who do not want you to reenable these tools because they create vulnerabilities. What are the plans for real-time remote support tools and access to devices, via remote tools and scripts, etc especially for on-premise device scenarios?- We'd love to see more scheduling options for when a computer is forced to reboot after a Feature or Quality update is sent via Intune. Right now, if the deadline and grace periods have passed, a computer may be forced to reboot at any time, even during active work hours. This is obviously not ideal as the user only has 5 mins to save anything they need and could be in the middle of a call. If we could instead specify a time for a forced reboot like at 2am local time, that'd be ideal.
- Will more support for Hybrid Entra (HAADJ) be added, for example 'co-mgmt. authority' and 'Autopilot device prep (aka Autopilot 2.0)'? I've heard it said in MS another AMA video that HAADJ is like 120 on the speedometer, it's not recommended, but a lot of big customers really need this in order to be able to make the transition.
- Jason_SandysHi Michael Perez. Hybrid Entra Join and Co-management are meant as transitional states for devices within an org on the path to full cloud native (Entra Join + Intune managed). With that in mind, there are zero plans to improve functionality for either of these constructs (outside of security related fixes that may be required). This includes anything related to Autopilot which we strongly discourage orgs to use for hybrid join scenarios. Note though that hybrid join for existing devices (those previously provisioned) is completely fine though until those devices reach their end-of-life hardware wise or need to be reset/reimaged for another reason. What exactly do you require hybrid join for on newly provisioned devices and why are they required for transitional purposes?
- On one side we need something on-prem to manage servers, and on the other side for endpoints, Intune config profiles as well as many other features do not have enough feature parity to make the transition without lowering the security posture we are currently getting from on prem tools such as settings in our GPOs.
When creating a dynamic group, the validate rules should be available to anyone with the permissions to create groups. Currently I have to use an elevated account (i think Intune Administrator) in order to validate Dynamic rules i create with my day to day Admin account that is a group Administrator. could Validate rules be made available for Group Administrator accounts?
- Jason_SandysHi Alastair. This is great feedback that we can pass on to our Entra colleagues (as it is outside the scope of Intune).
- Is any effort being made to partner with the CM dev team to try and resolve Intune Autopilot Deployment with CM client install in Hybrid Join scenarios? We want to have immediate CM client functionality and not rely on other methods like GP based install which can still break Intune deployment depending on timing. You can't deploy the CM client in Windows Autopilot for hybrid Azure AD join without interrupting deployment.
- Jason_SandysHi Michael. The ConfigMgr and Intune dev teams are one in the same for most intents and purposes. For your challenge, this is one of many reasons we strongly discourage customers from using Autopilot for hybrid join scenarios. Our strong recommendation is that all new Windows device provisioning uses Entra join. For this reason, we have no intent to change or improve Autopilot to account for friction during Autopilot. Here's a blog I wrote about three years ago -- note that the strong undertone even then was not to do this (this being hybrid join + Autopilot): https://techcommunity.microsoft.com/t5/intune-customer-success/success-with-remote-windows-autopilot-and-hybrid-azure-active/ba-p/2749353.
- Changing the enrolled by user is also a pain point on Windows side for device compliance, once the first user to login leaves the company the device will be marked as non-compliant and MS support as said "enrolled by user" is a constant and cannot be changed, meaning we might have to reprovision devices unnecessarily, is there a way to handle this?
- For security/compliance reason you probably would want to wipe the device before handing it to a new employee and go thru a OOBE process.
- Jason_SandysHi Michael Perez. This is an area of interest and internal investigation right now so I don't have an explicit answer for you but rather a question: why wouldn't you just Autopilot Reset (or fully reset) these devices?
- For example, shared environment devices (labs for us internally) where the device lives beyond the original user that was used to enroll it.
- Application installation Approval system is going to added to the upcoming intune version?
- you can use Apps in intune and company portal to package apps and distribute them to a user. there is also EPM, Endpoint Privilege Management that allows you to do that
- That is not relevant my question.
- Jason_SandysWe have nothing to share at this time except that this is a request we've heard many times previously and have aspirations to provide some functionality that should meet requirements around user app requests and their subsequent approvals.
