Event banner
Microsoft Intune & Configuration Manager: best practices to help you prepare for Windows 11
Event details
We've assembled some massive Microsoft Endpoint Manager muscle to support this hour of Ask Microsoft Anything (AMA). If you have questions on what you can implement and optimize now to better prepare you and your environment for Windows 11 upgrades, post them here! Want to troubleshoot Windows endpoint management in general? We can help with that too. Have feedback on how we can improve Microsoft Intune and Configuration Manager to better work for your organization? We'd love to hear your ideas.
Submit your questions for our engineering and product experts to answer live--or post your questions early in the Comments below and catch up when it's convenient for you.
- Dylan_SnodgrassCommunity Manager
Welcome to the Microsoft Intune & Configuration Manager: best practices to help you prepare for Windows 11 Ask Microsoft Anything (AMA)! This live hour gives you the opportunity to ask questions and provide feedback to the engineering and product teams building Windows. Introduce yourself by replying to this thread. Post each question in the Comment on this event… box above.
Here's who's on deck today to answer questions about preparing for Windows 11 with Intune and Configuration Manager:
Joe Lurie, Jason Sandys, Harjit Dhaliwal, David Guyer, Yunduan Bao, Harjit Dhaliwal, Max Stein
- Michael-CMIron ContributorWill there be a Windows Package Manager Integration in ConfigMgr in the future? The article from today announced it only for MEM (Intune): https://techcommunity.microsoft.com/t5/windows-it-pro-blog/evolving-the-microsoft-store-for-business-and-education/ba-p/2569423
- Joe_LurieMicrosoftWe are investigating this integration and will have more to share when more info is available. Sorry to be vague, but we are still looking into this.
- Michael-CMIron ContributorThats great, Thanks!
- emyloaCopper ContributorHello there! Will there be ways to clean up inactive devices both in MEM and Azure? MEM (Intune) has a built-in inactive device clean-up - But Azure AD does not. Will there be built in methods in Azure to clean-up inactive devices that syncs with the MEM inactive device clean up?
- Jason_SandysMicrosoft
Hi emyloa, thank you for the question. Similar to on-premises Active Directory, there is no built-in capability for this in Azure AD. I don't of any specific plans to add anything either. Also, similar to cleaning up on-prem AD, most organizations use a custom script that leverages the Graph API to accomplish this goal.
We're interested in what you'd like to see though and why using a custom script does not meet your needs?
- EmyLoanzonIron ContributorIs there a way to automate the Azure AD Graph API script to clean up inactive devices - now and\or in future updates? Could you provide a reference to web links here? Thanks!
- AremahCopper ContributorIs this going to be a streamed event or a text-only AMA?
- Joe_LurieMicrosoftThis is a text only AMA. Feel free to post your questions here!
- David_GuyerMicrosoftText!
- Michael-CMIron Contributorwould be very interesting to know when all the MSIX Goodness (except the simple already included MSIX deployment) come to Configuration Manager TPs and Releases. I hope very soon for MSIX App Attach, Config Packages, Updates, Bundles etc.
- Harjit_DhaliwalMicrosoftThe MSIX session is starting soon at 12PM PDT. https://techcommunity.microsoft.com/t5/windows-events/what-s-new-and-what-s-next-with-msix/ev-p/2557312
- Michael-CMIron Contributor
- David_GuyerMicrosoftMichael, that's very interesting, can you please share a bit more about how you'd like to use such a feature and what capabilities you would like to see?
- Michael-CMIron ContributorSupport for Integrating MSIX App Attach for example integrate it into ConfigMgr and roll out Apps based on User Groups (AD based etc) to Windows 10/11 desktops, Support for MSIX Configration Packages and Bundles etc.
- GlenntjaBrass ContributorI've been trialing out Windows 11 with Intune management Currently I experience issues with Always On VPN. Deploying it using the conventional Configuration Policy seems to create a VPN profile requiring me to input a Username + Password, even though the VPN client should be using a certificate When deleting the VPN client and syncing the device a new one should be created within a few minutes but it never is Attempting to create the VPN tunnel using a XML file doesn't work as well as Intune says the device is "Not Applicable" under Deployment Status Enrolling the device manually (a VM) using a Powershell Script pointing to the Profile XML seems to work and it then authenticates with the correct certificate Are you aware if this should work in Windows 11 or not?, I've not filed a bug report yet as I've been busy doing other tasks but I'd like to see that our setup works smooth on Windows 11 prior to the official launch date
- David_GuyerMicrosoftPlease file feedback, and if you can do so from the feedback hub, logs care uploaded that help the engineering team understand and fix the issue. Thank you for trying out Windows 11!
- EmyLoanzonIron ContributorWe currently migrated our work computers to Hybrid Join - when we deploy Windows 11, what do we need to do so that the Windows 11 computers are also in hybrid join mode?
- Jason_SandysMicrosoft
Hi EmyLoanzon, short answer here is nothing. The device state will be preserved during an in-place update/upgrade to Windows 11. Keep in mind though that hybrid Azure AD join is only meant as an interim path for existing devices that require a cloud identity. You should be pursing [full] Azure AD join for new devices going forward.
- EmyLoanzonIron ContributorYou mean making Azure AD as the Source of Authority for our devices? We have apps that rely on on premise domain.
- Harjit_DhaliwalMicrosoftSame procedures applies to Windows 11 as it is with Windows 10 today.
- ChrisWilliamsBrass ContributorWill there be more cross management capabilities between Config Manager and Intune moving forward to make a better single pane management point for both cloud managed devices and those which are still on prem.
- Joe_LurieMicrosoftWe are constantly adding co-management features into Configuration Manager. If there's something specific you're looking for please let us know!
- Jason_SandysMicrosoftBe sure to check out tenant attach as well as this is technically a separate feature set and capability that offers synergistic value that we are continuing to iterate on as well. See https://docs.microsoft.com/en-us/mem/configmgr/tenant-attach/ for more details.
- Carol DeMuthBrass ContributorWe have been using Co-Management with SCCM and Endpoint Manager. Devices are showing up in Endpoint Manager as Hybrid Azure AD joined machines, but not always in Azure AD under the user profile. Is there a reason why. If it should be in both places, is there a way to fix it?
- Jason_SandysMicrosoft
Hi Carol DeMuth, thank you for the question. To clarify here, do the devices show in Azure AD at all, just not with the desired user set as the owner?
- Carol DeMuthBrass ContributorThey show in Azure AD, but not with the registered owner. We are using Azure AD Connect to enroll devices
- EmyLoanzonIron ContributorWe have employees who access some of our M365 apps from their personal Windows 10 workstations - what info can we share about their questions on updating or upgrading their personal computers to Windows 11?
- David_GuyerMicrosoftEmy, I think you are asking about computers the employees own and how they would upgrade to Windows 11. If that's the case, then Windows 11 will be offered via Windows Update to devices that meet the requirements once we are ready to release it. If they'd like to get an early look, then they can join their computers to the Windows Insider Dev or Beta channels.