Event banner
Event details
104 Comments
- My new ARM powered Surface 9's need a special A/V built for ARM and cannot use the standard x64 application. Will I be able to create a dynamic group in Entra ID to target the ARM processor type already in GRAPH to be able to target the ARM specific application and conversely exempt them from x64 application that do not work for them?
- Filter doesn't help here since the Intel and the ARM based device both show-up as 'Surface Pro 9'. So, the general demand is to be able to create dynamic groups and/or filters based on all inventoried data of a client. Natively in Intune. As we have w/ collections in MCM
- ericschreiber
Microsoft
From the live event, Peter Richards suggested using Assignment Filters, which doesn't currently support processor architecture but does support manufacturer and device model, which should provide the functionality you need.
- PeterRichardsUnfortunately, as Sigurd points out in the other reply the ARM and Intel based Surface Pro 9 devices both show up as 'Surface Pro 9' so the assignment filters approach I suggested in the video won't work. One alternative approach that may apply depending on how you are deploying your A/V would be to set the Operating System Architecture requirement on the app in Intune to ARM that way the ARM version of your A/V will be marked as Not Applicable on any Intel devices. I would also encourage you to add a request at https://aka.ms/intunefeedback for processor architecture support in assignment filters
Thanks for participating in today's Windows + Intune Office Hours LIVE at Technical Takeoff! For reference, the panel covered this topic at around 17:05.
- Will Endpoint security ever support setting up a pin via the policies like with GPO. We require to have a pin set, so for now we rely on custom solutions to enforce it, because our understanding is that Endpoint security doesn't allow that. Thks
- Jason_SandysUltimately, the challenge here is that setting a single PIN across the board is not very valuable and thus there's very little to no benefit to implementing something like this within Intune. Settings a pre-boot auth for BitLocker in Windows has many possible shortcomings and is one of the reasons we've introduced Personal Data Encryption (PDE) in Win 11 22H2 and in general, this is the path we are beginning to recommend to customers instead of using pre-boot auth with BitLocker.
Thanks for participating in today's Windows + Intune Office Hours LIVE at Technical Takeoff! For reference, the panel covered this topic at around 01:30.
I am just here to hear venkata talk about whats top of mind … and everything Intune related 🙂 . Love to hear him and everyone talk about how ddm (windc) for windows devices is one of the best things that arrived this year…
Thanks for participating in today's Windows + Intune Office Hours LIVE at Technical Takeoff! For reference, the panel covered this topic at around 06:00.
- Hi, when using Universal print, if we have different locations across the world, does that we that we have to use separate Universal print subscription because of where the data is stored? Thks
- Hi, will we ever have a way to use/set servicing profile and more importantly the reporting part of it so we don't have to use a separate portal to manage this? We use WUFB part of Autopatch, so we can't fully use Autopatch to manage all updates. thks
Thanks for participating in today's Windows + Intune Office Hours LIVE at Technical Takeoff! For reference, the panel covered this topic at around 36:00.
- Hi, will we ever see in settings catalog a way to control the service state (manual/automatic) so we don't need to rely on GPO or proactive remediation scripts to set those. Thks
- Jason_SandysThere is an infinite set of possible configurations, settings, and policies we could implement within Intune for Windows management, and we just can't do them all. This is the reality of Windows and not specific to Intune. Thus, we prioritize based on ROI and impact to customers if they don't have this. Given that there are very good paths to address this; i.e., proactive remediations and very simple scripts, I don't anticipate that this is something that will get prioritized any time soon. We've certainly discussed this item specifically, but there are many others we've discussed as well. If you feel strongly about this, please submit the feedback via the console.
- Hi, what is the technical limitation that is preventing from removing the limitation to use scoping with Tenant attach Intune roles? https://learn.microsoft.com/en-us/mem/configmgr/cloud-attach/use-intune-rbac#limitations Also when do you think we can expect it to be fixed so we can start to use it because we need to limit what each teams are seeing by using cloud only accounts. Thks in advance.
- Jason_SandysThere's not a specific limitation here other than it wasn't designed to account for scope tags and RBAC and thus requires time, effort and investment once we decide to prioritize this work. At this time, I don't anticipate that we'll ever prioritize this work though as the recommendation is to implement co-management which will get you this functionality or to move to full Intune (which should be everyone's goal anyway).
- A lot of great names are on this list 🙂 ...
I was just introduced to your blog https://call4cloud.nl/2022/06/enrollmenterrorsintune/#part5. This is a fantastic resource. On the famous 0x8018002b error if all the steps including the PowerShell script at the end does not work if there anything new I can try? thanks.
- Hehe thanks… doing my best… sometimes abit to much but :)… nice to hear you like it
- I'd like to hear the status on additional Office 365 channels in autopatch.
