Event banner
Event details
38 Comments
- Dave Randall
Microsoft
Thanks for all those that attended! Great session, wonderful feedback. Please feel free to add more questions here, and we'll be monitoring and responding until end of day Friday! Decommissioning devices would be an area we would like to be automated by Microsoft.
For us, this is merely deleting all of its objects after it has been wiped. While we have been migrating to fully cloud managed devices, I have scripted the deletion of any remaining Intune, Autopilot, Entra, Configuration Manager, and AD objects. To make this simple for our techs, they simply add the Entra object to a special Entra group. Once our 150 remaining physical PCs are migrated and we only have to delete the Intune, Autopilot, and Entra objects, I would love to move this on-prem scheduled task automation to the cloud. Any hints on where to begin?
- We have build our own solution for this with Azure Logic Apps (but it can be accomplished with some Azure Automation as well). In short local IT adds the serial number to a SharePoint List, which triggers our flow. The flow checks Intune, Azure AD and the Autopilot service for the existing objects for the serial number and deletes the objects in these service. If interested, I shared this in a blog post (sorry for the self promotion :)) https://www.inthecloud247.com/windows-autopilot-lifecycle-automation-with-logic-apps-part2/ You can always reach out to me on socials if you have questions related to this.
- Dave RandallTotally agree with this - we'll share this feedback with the core PMs for device lifecycle!
- Would it be possible to have better pro-active signals in the future and then based on those signals run automations or workflows to "solve" those issues? Reporting often lacks good signals in my opinion, with for example, Logic Apps some information ca be send to a Teams channel with Autopilot errors or device configuration adjustments. So eventually the goal in de future should be to have more pro active management done.
- Dave RandallThanks for the feedback. We are approaching this from a webhook perspective. We know that "newly enrolled device" and "compliance state changed" are common needs. Are there any others that you would like to see as change events to monitor?
That concludes today’s Feedback wanted! IT made easy with low-code workflows. If you missed the live broadcast, don’t worry – you can watch it on demand. And we’ll continue to answer questions here in the chat through the end of the week. There's more great content in store at the Microsoft Technical Takeoff! What do you like about the event so far? Share your feedback and help shape the direction of future events on the Tech Community!
- We use power automate to manage a number of different use cases. We manage a number of flows that perform admin tasks that are not available in the Endpoint Console. - Notify when user disabled and has enrolled device (mobile). - Notify when service health / connector unhealthy - Renew AOSP QR Codes - Export Endpoint Analytics Data from Graph to format accessible through Power BI. We dont regularly add policies so we dont automate policy creation.
- Dave RandallThanks for that feedback. These are great use cases and perfect for PowerAutomate!
Recently, I had to create some intermediate Intune Administrator roles, but then also had to add Directory Read on the Azure AD side just for the intermediate admin to be able to manage their devices in their groups. It was not a guess and check since we did not know why they were in the Intune Portal only.
Thanks for participating in today's Feedback wanted! IT made easy with low-code workflows! For reference, the panel covered this topic at around 25:55.
- For security, we are testing and investigating using Azure API Management to point all our API triggers to. We can setup multifactor authentication with API Key and Device certificate and require it before any data gets sent to any Azure Automation/Function app/etc. Do you have any other recommendations to help secure our APIs/Function Apps/Azure Automations/etc?
- Dave RandallMy other suggestion would be to ensure you're using RBAC/permissions and very deliberate about only allowing minimum permissions required for the scenario.
I wish Microsoft would disable devices in Entra once they are "Wiped" in Intune, returning it to the same state before it was first enrolled in Intune.
As it is, the device is removed from Intune once it begins the wipe. If the device fails to wipe, the user only has to click past an error message to have a functioning, yet unmanaged device. We have asked all techs to always perform a secure wipe. However, they often forget to check the box, or intentionally avoid it, because secure wipes take longer AND require the user to hit F12, because most OEMs have a sanity check before wiping the TPM. In the meantime, I have automated disabling the Entra object for any Windows devices not found in Intune.
- If you are wiping in Intune, there is, in my opinion, ZERO reason to keep a device active in Entrata no matter if it is Android, Windows, or Apple. The account just sits out there forever for no purpose.
Thanks for participating in today's Feedback wanted! IT made easy with low-code workflows! For reference, the panel covered this topic at around 23:40.
- Another area for automation is around in-house developed end-user apps. We currently have an integration from Azure DevOps Server to Configuration Manager, so at the end of the app build the application will be added to Configuration Manager and deployed to a pre-configured collection. Now we are planning to bring that to cloud so Azure DevOps Service to Intune and deploy to an Entra ID group.
- Dave RandallThis is great feedback, this is a great optimization for app management!
- We would love to be able to run workflows with approvals around software installation from Company Portal to allow us better controls for licensed software without redirecting the user to a web portal. Integrating into something like Service Now on the back end.
- We use Entra Identity Governance for this need.
Thanks for participating in today's Feedback wanted! IT made easy with low-code workflows! For reference, the panel covered this topic at around 17:50.
