Event details
170 Comments
- Can't express how much we need this, but any chance to add the ability for end-users to uninstall apps from Company Portal? Sometimes people install apps they want to test, or want to uninstall an app they installed in order to troubleshoot an issue It would also be really nice to have an app supersede option where it will update an available application for devices which have the old version installed. It's in place where the deployment is required but won't execute if the application is available only. Consider the scenario of the Microsoft Store - if someone installs an application it will automatically update itself
- Scott Duffey
Microsoft
Hey Bradley, Yes! Uninstall from the Company Portal is on our roadmap. Dates are yet to be announced. Also noted feedback on supersede and passed it on to our Win32 apps PM.
- Our biggest issue is that the Tenant-Wide Windows Hello For Business settings can't be individually blocked by roles or scopes. We have scoped administrators who manage their own Autopilot devices, but we have to block them from the entire Enroll Devices screen to keep them from accidentally turning on Hello For Business at enrollment tenant-wide. As a result, our admins have to save the direct URLs to pages they'd otherwise click through Enroll Devices to get to. Every other function under "Enroll Devices" can have its access limited using intune roles or scopes, but this one exception causes a frustrating experience.
- Scott DuffeyThanks for flagging this to us Craig!
- It would help us to have the ability to create Azure AD security groups of devices based on a query of installed application.
- Scott DuffeyThanks for the feedback Chad. Certainly not the first time I've heard this ask but often the reason for needing that sort of group is different. If you could share some more details about the why here in the comments that would be a huge help!
- Please create PowerShell cmdlets for the client. The commands might include: Force Sync, Force Compliance Check, List Configuration Profiles similar to gpresult (MdmDiagnosticsTool.exe only lists settings not which Intune policy they came from), Remove and Reapply all CSPs, Run scripts or proactive remediations that are assigned to the device, and Install applications assigned in Company Portal.
- I would add better policy conflict visibility around which policies conflicting settings are in and perhaps an interface that would be akin to RSOP so that conflicts can be discovered and resolved before they are applied to devices.
- Autopilot + Fresh start . Is there any way to have Autopilot kick off a "fresh start" wipe when OEM bloatware is detected? I understand that would add a significant amount of time to provisioning, but it would help on our use case. For example, we purchased a bunch of laptops from a vendor. That vendor messed up and didn't apply their vanilla/bloat free version of Windows on it. Now we had a bunch of laptops with bloatware. I was able to workaround this by essentially reimaging all of those devices with ConfigMgr with our Autopilot task sequence (huge time waste). Fresh start works, but it would require initial setup, Intune enrollment, then kick off the Fresh Start wipe from Intune.
- I'd love for Autopilot to have the ability to do this. Dealing with trash OEM images is a huge headache.
- Interested in this too
- Co-mgmt questions: Intune already knows the last time the CM client communicated to the MP as it's listed in the general device blade. How do we report on this? I'd like to identify machines that have possibly fallen off of CM management due to various reasons (usually certificate). My plan is to make a security group off of these reports and send the CM agent reinstall app to it. It would be easier if MS had a fix it button for us, but giving us the ability to report on this would be a great start.
Bitlocker recovery key question: We have a Bitlocker config profile scoped to a security group via Intune. On some occasions, Bitlocker will activate, the machine will encrypt, but the key will not escrow to Intune for whatever reason. How can we prevent a computer from activating BL in an event where it cannot escrow? What type of reporting do we have for computers that have Bitlocker enabled, but are missing recovery keys in Intune? We have to be the bearer of bad news and tell users that their data is gone when keys do not exist.
We use the Intune > Endpoint Security > Disk Encryption policy which has the option for "Require device to back up recovery information to Azure AD" - if enabled it doesn't allow BitLocker to complete until the Recovery key is backed up. Does the key store in AAD but not Intune? We had problems with the keys populating in one system but not the other in the early days, so deployed a PS script to force a key rotation as a workaround.
- When a machine is not compliant but then is repaired it can take more than a day for it to change to compliant in the Intune console. Can you provide a way to force a full compliance sync so the machine will change to compliant more quickly?
what is the possibility to have these features and capabilities in Microsoft Intune console in future?
1. Enable/Disable location services for android corporate-owned devices
2. country column (based on the enrolled primary user) in intune export data for all managed devices report
3. device model column in installed application report
thanks.
