Event details
In Configman we use Device Collections with dynamic queries for app deployments upgrades (gather devices with certain software version and collection updates on a daily basis). If we move completely to Intune (no co-management at all), how can we create an EntraID dynamic group that will mimic our dynamic Device Collections? Unless I am missing something on EntraID dynamic group syntax, it does not look like we can create these dynamic groups as we do for dynamic Device Collections.
- We run Intune/Autopilot for our builds and our techs still have to boot from USB for many scenarios including: 1. Autopilot does not have the ability to natively install the latest Feature Update, so we have to manually install that first 2. Bare metal builds As an aside I'd like to know why Microsoft do not provide up to date (i.e. the latest OS version) Surface Recovery Images for their own hardware?? There is no W11 SRI for the Surface Laptop 3, Surface Pro 7 or Surface Pro 7+ (there are only W10 SRIs). These devices are still under warranty. If you use an OEM W11 ISO all the basic drivers (keyboard, mouse, touchscreen...) do not work, so then you have to plug in external hardware just to build the computer. Bit of a PITA when you're building 1,000s :((
- I also think there is still a need for some On-prem infrastructure for OSD. Autopilot solves a lot, but you are still going to find use cases for imaging a system where you have replaced a hard drive or the OS is beyond repair so you will need a MDT server or ConfigMan for that purpose.
"imaging a system where you have replaced a hard drive " Amen; I'd love to know what the recommendation is here.
I feel like this is a huge gap with AutoPilot that was completely forgotten about.
- A lot of vendors OEM’s have cloud solutions to organize the OSD management with bios boot to cloud solution…
- Hi Flavio, Unfortunately, currently there is no such thing available in Entra ID. A workaround is creating an inventory of the installed applications and based on that information, fill the group(s) with some automation. And example is found here https://www.inthecloud247.com/create-an-application-based-azure-ad-group-with-logic-apps/
- yes, it's different with Intune / Entra ID groups, but in Intune, you have other options like filters, or remediation scripts with different detection methods, etc. it's not the same, but opens new ways to do things...
- I'd like to know this answer too. Many people complain about the Settings Catalog missing so many settings, but when you look at what is possible with Configmgr, it's just not there with Intune. Being able to build out better dynamic groups or filters would be huge.
- We use the CSP what we need, basicaly it comes from GPOs request, but most of the time we don't need those GPO's anymore
- In my option you have to take advantage of the best of both worlds. For dynamic collections like you have mentioned ConfigMan is still stronger on queries then Azure group queries for dynamic groups. An option would be to cloud sync your collections to Azure groups and do the actual app deployments from Intune to the cloud sync'd groups I think ConfigMan doesn't just go away, it complements the cloud offering.
- I agree, with co-management devices, we use cloud-sync as well as a workaround. We just need to find a solution for EntraID joined only devices using EntraID dynamic groups because these devices will not have the sccm client installed.
- There's a common misconception that Entra I'd devices can't talk to CM. They perfectly can and they use their Entra AD credentials to do so.
