Event banner
Event details
64 Comments
- What challenges will we face when trying to manage Windows 10 LTSC with Intune?
- As far as I know, LTS versions of Windows are not supported. Anyone can correct me there if I am wrong. Running into this as well.
- Docs call out Win 10 LTSC 2019 as supported with exceptions: https://learn.microsoft.com/en-us/windows/whats-new/ltsc/whats-new-windows-10-2019#microsoft-intune
- That WebAuthn within a Cloud PC demo... I've noticed that dialog no longer offers a PC's Windows Hello options (PIN, Face, Finger), only PassKey and FIDO2. Did something change?
Hey JohannesKristjansson, Thank you so much for the presentation!
Do you have a recommendation on best practices for managing SCCM "collections" in Intune? That's one of the final legs SCCM is standing on because Intune has no parity to manage collections/groups in the same manner. There are a few pieces to this puzzle, from the lack of advanced query creation in AAD groups to the lack of "hardware inventory" (minimal WMI information stored in the client record in Intune).How are you doing it?
Cheers!
kim oppalfens JohannesKristjansson
I'm familiar with Cloud Sync, and it works well. I really want to board the spirit train of "a pro to cloud-native is that you can get rid of SCCM," but I'm gathering that there is no good way to accomplish this in Intune, and maintaining an entire SCCM infrastructure just for the collections seems a bit unreasonable.
Thank you for the response.
We appreciate you. - I used to rely on collection sync to entra https://learn.microsoft.com/en-us/mem/configmgr/core/clients/manage/collections/synchronize-collections-aad-group its very simple to setup. It enables you to sync any collection in configuration manager to a group in entra. which can then be targeted with any policy/app in intune. This bridges the feature parity gaps between intune and sccm really well, its robust and syncs rapidly. I have discontinued using this feature in my environment since we are planning to get rid of sccm next year, gotta practice what i preach đŸ™‚
By just keeping CM around and setting up cloud collection sync. I am not in the habit of making changes just for the sake of changes. If you have CM, have the knowledge than by all means use something that you and a ton of other people understand.
When I came into this business their was a large push for buy vs build. People seem to have forgotten about that. And buy doesn't get much better than included in what you already pay for.
Thanks for joining us! We hope you enjoyed this session. If you missed the live broadcast, don’t worry – you can watch it on demand. And we’ll continue to answer questions here in the chat through the end of the week. There's more great content in store at the Microsoft Technical Takeoff! What do you like about the event so far? Share your feedback and help shape the direction of future events on the Tech Community!
- We are a university and Intune Suite is far too expensive for us since we would have to pay per user and students are not included for free. My question is, why is Microsoft focusing on per-user licensing instead of per-device? For instance, we would use Cloud PKI to issue Wi-Fi certificates to our devices, not our users. So this licensing does not make sense to us.
- We would be in that same boat as well.
- But Servers still need ConfigMgr for now because Intune does not manage Servers, right?
- MichaelHildebrand
Microsoft
Config Manager can certainly still be used to manage servers. However, we have a cloud connector for on-prem VMs and phys servers - as well as VMs on other clouds - take a look at Azure Arc. Once they're connected to your Azure fabric, they can be managed via the Azure fabric/plane/services (Automanage is one Azure service that comes to mind). - Correct, Intune does not manage servers
- If you like to Manage Server only for Security reason, you have some MDE options like: https://learn.microsoft.com/en-us/mem/intune/protect/mde-security-integration?pivots=mdssc-ga For any other setting, no intune...
- In Configman we use Device Collections with dynamic queries for app deployments upgrades (gather devices with certain software version and collection updates on a daily basis). If we move completely to Intune (no co-management at all), how can we create an EntraID dynamic group that will mimic our dynamic Device Collections? Unless I am missing something on EntraID dynamic group syntax, it does not look like we can create these dynamic groups as we do for dynamic Device Collections.
- We run Intune/Autopilot for our builds and our techs still have to boot from USB for many scenarios including: 1. Autopilot does not have the ability to natively install the latest Feature Update, so we have to manually install that first 2. Bare metal builds As an aside I'd like to know why Microsoft do not provide up to date (i.e. the latest OS version) Surface Recovery Images for their own hardware?? There is no W11 SRI for the Surface Laptop 3, Surface Pro 7 or Surface Pro 7+ (there are only W10 SRIs). These devices are still under warranty. If you use an OEM W11 ISO all the basic drivers (keyboard, mouse, touchscreen...) do not work, so then you have to plug in external hardware just to build the computer. Bit of a PITA when you're building 1,000s :((
- I also think there is still a need for some On-prem infrastructure for OSD. Autopilot solves a lot, but you are still going to find use cases for imaging a system where you have replaced a hard drive or the OS is beyond repair so you will need a MDT server or ConfigMan for that purpose.
"imaging a system where you have replaced a hard drive " Amen; I'd love to know what the recommendation is here.
I feel like this is a huge gap with AutoPilot that was completely forgotten about.
- Hi Flavio, Unfortunately, currently there is no such thing available in Entra ID. A workaround is creating an inventory of the installed applications and based on that information, fill the group(s) with some automation. And example is found here https://www.inthecloud247.com/create-an-application-based-azure-ad-group-with-logic-apps/
- Is there any reference that shows feature parity to on-prem with ConfigMgr?
- No, because it's very hard to define parity. Depends on what items you put in that document. They both do app deployment, inventory, reporting, settings management and software update management for instance, but I wouldn't say parity exists for either of those features and that non parity goes both ways. That's why Co-management still is a big deal to us.
- I don't believe anything like that exists currently, is there anything in particular you are looking for?
- Do you need to allow password write-back from Entra ID to AD to allow users to change their password on a cloud native machine? Or is there another way?
- MichaelHildebrandHow is the password change initiated from the cloud-native machine?
- Basicaly it’s user managed on the AADJ device with the SSPR or myaccount.microsoft.com web browser, the policy is still a GPO on the DC for local AD and/or managed trough CSP to the devices.
- For that case you have to enable SSPR (Self Service Password Resert) that you also can show the User on the Logognscreen the "forgoth Password" then you have to enable the Write back from EntraID ot AD. Personally I recommend to do so.
- When will Auto Patch be available for GCC tenants?
- Joe_Lurie
FlavioP365 Please check out the Autopatch session from Monday. This question was answered in the comments here: Re: Windows Autopatch: Simplifying the update management story - Page 2 - Microsoft Community Hub
- Unfortunately not. I asked the same question yesterday, and @Aria responded, said not yet.
