Event banner
Event details
82 Comments
Thanks for joining us today for an AMA on Unpacking endpoint management. We appreciate your questions and feedback—and look forward to continuing the discussion on the Windows community!
- Will you be working on solving the issue of Autopilot hanging if you deploy both Win32 and LOB applications? -> This is a common issue that is easily replicable and makes using Autopilot stressfull over just Intune enrollment during setup
- Jason_Sandys
Microsoft
This was answered in another reply on this AMA. Basically, the root cause here is outside of Autopilot's control and there is a fairly easy work around: only use Win32 apps. While this adds some overhead and time, it adds capabilities and prevents the possibility of any conflicts. This is our recommended path to address this.
- Adoption of Cloud and Web app is problematic from a compliance perspective and validating that users are using corporate identity on SaaS services. What features does Windows 11 have to manage and monitor new cloud based apps that are used.
- Jason_SandysWith respect to Windows, stayed tuned for future documentation and announcements. For monitoring and controlling web and SaaS apps, check out MCAS: https://www.microsoft.com/en-us/security/business/cloud-app-security
- I might have missed this information but will Autopilot enable us out of the box to also install the latest windows updates (including drivers) to the clients especially in the whiteglove process ?
- Jason_SandysThis is a delicate balancing act between admin desire/security and end-user experience. For this reason, the path to achieving this is non-trivial and is still in the investigation phase. We do understand ask and in general share the concern here, but we need to find the best path forward as well.
- I could imagine that a good middle way is that the normal user-driven mode continues as usual without Windows updates and only when you start Whiteglove as an IT admin or service provider the Windows update process is started. Because my expectation is that when a device is prepared with Whiteglove, I basically don't care if it takes 5, 15 or 60 minutes. Whiteglove is there to perform these time consuming actions before the device is at the user, but it would probably be good to be able to enable/disable this feature via the Autopilot profile (similar to the keyboard configuration). This would still ensure that when a user needs to go through the Autopilot process on their own, it happens as quickly as possible but at the same time when the device is being prepared for them in the normal process, the admin / security requirements can be met.
- Does Intune license requires for MAM to be deployed on devices? and does enrollment into Intune requires to enable MAM on devices? is MAM user based or Device based? How do we deploy application to use MAM?
- Jason_SandysThere are no additional licensing requirements for using MAM in Intune. MAM can be used with or without device enrollment. Deployment of apps to devices not enrolled requires the user to login to the web-based company portal. See https://docs.microsoft.com/en-us/mem/intune/apps/mam-faq and https://docs.microsoft.com/en-us/mem/intune/apps/app-management for details on MAM aka APP.
- We need to use co-management today because we need ConfigMgr for software metering. Are there plans to transfer the software metering capabilities to MEM?
- Danny_GuilloryWhat are you using metering for? This is an awesome question and something I would love to investigate. Feel free to ping me via DM. I don't know of anything exactly related to the metering capabilities we are working on so yes doing it through ConfigMgr might be the best option.
- Jason_SandysIn addition to Danny's answer here, there are capabilities that simply don't lend themselves well to being delivered from a pure cloud service like Intune as they require a lot of costly overhead. For this reason, co-management is still a preferred solution and will be for the foreseeable future.
- Endpoint Analytics question: First off - Love this feature. Thank you. Are there plans to include additional out-of-box remediation templates?
- Zach DvorakHey David, thanks for your question! We're constantly working to improve EA, including Proactive Remediations! (For instance, we just enabled export for script results a few weeks back! https://docs.microsoft.com/mem/intune/fundamentals/whats-new#export-option-for-proactive-remediations-). Are there specific remediations you'd like to see natively in the tool? I'm happy to pass your feedback along to the team! And in the meantime, don't forget that you can create your own custom remediations as well (and there are countless examples you can use as templates available on IT Pro blogs 🙂).
- Absolutely Zach! Thank you. There are three scripts we have developed and include in all deployments. They cover items like: 1. Duplicate Edge & Teams Desktop Shortcuts (context: all our clients are required to maintain OneDrive KFM - this can cause duplicates across their Windows devices), 2. Ensuring Flash is disabled in Adobe Products 3. Fixing the auto-restart switch for Application guard updates These three have been very successful for us and we would love to see them built-in OOB
- Jason_Sandys
Hi David_Swenson, the short answer here is yes, that's our intention. The currently provided remediations are based on internal Microsoft experience and there are others we are evaluating to add to this set as well. There are no public details on what these are or will be though.
- Windows firewall used rules based on Domain, private and public networks. Is there a way to specify the "Domain" Subnets for azure ad joined only PC? or is it is just one ore thing requiring a device to be domain-joined.
- Jason_Sandys
Hi jjgrein, there is nothing built-in to automatically accomplish this, however, the standard path for most orgs is to deploy a script to configure the interface as Private and utilize that profile in your firewall rules as necessary.
- I considered such an approach but worried about the user switching or answering the Prompt to allow the machine to be discoverable wrong.
- Will we get LAPS for cloud devices ?
- Jason_Sandys
Hi Dennis_Ewald, there are ongoing investigations for a cloud-based LAPS solution and we, in general, understand the requirement and desire for this solution. There is nothing to share or announce at this time though.
- Will we have the ability to set a different Display Name (Company Portal) for an Intune App then what I as a Admin see from the Endpoint Portal ?
- Jason_Sandys
Hi Dennis_Ewald,
I've not specifically heard of this as a request before but it can certainly add value. Please add this as feedback directly in the MEM admin console to ensure it has greater visibility.
