Event banner
Event details
56 Comments
- Heather_Poulsen
Community Manager
Thanks for joining Office Hours today. We'll be back next month! Visit https://aka.ms/Windows/OfficeHours for future dates.
Microsoft Admin Portal Question:
Admin Portal > Health > Software Updates
How can we actually use this data, it does not show us which devices are out of date nor what apps are out of date? There is no context here to address this.
Windows 11 Question:
We have upgraded our Windows 10 systems to Windows 11. We are using KMS licensing for the same and we are intermittently seeing our users licenses getting changed from Windows 11 Enterprise to Windows 11 Professional.
We have been working with Microsoft Unified Support on this issue for many months and still not able to find out the root cause for the same.
We don't see any KMS client-side events getting logged in the Windows 11 Event logs.
The Microsoft Engineer working on this case is also able to reproduce the issue in his labs (not able to see the KMS client events in the logs) and still not able to find what is the issue here.
We have opened at least support cases for the same and have not got any fruitful results on this issue, rather being asked to open new support case again and again.
We are not getting any confidence that this issue will be resolved by Support. Hence as a last resort sharing the experience here.
Current Case No #2505220030007188 - Still being worked on.
Closed old case #2412030040008263 - Case was opened for more than 5 month without root cause identification.
Hope someone from the product group looks in to it.
- EricMoe
Microsoft
Unfortunately, our team is unable to assist with cases. That said, please do the following:
- Engage your CSAM to escalate the case
- Continue to work with the Support Engineer (who works with product engineering) to explore other options to workaround while a root cause is investigated
We are sorry to hear about these struggles. Continue to work with your unified support team to get to a resolution.
We had many corporate devices get Windows 11 24H2 installed without user interaction. What is the current policy about forcing machines connected to a corporate domain, managed by SCCM getting this pushed down? I understand we can put guardrails but this feels a bit over reach or acting like a hacker would.
- EricMoe
Managed devices should not get offered the consumer Windows 11 24H2 upgrade. Domain joined + SCCM managed devices should not get offered the consumer upgrade. Device-side logging should indicate what the source of the upgrade was and when it was applied to the device.
- WUAHandler.log: Shows Windows Update Agent activity.
- UpdatesDeployment.log: Tracks deployment of updates.
- UpdatesHandler.log: Details update installation status.
- PolicyEvaluator.log: Evaluates client policies.
I have seen scenarios where a device was not configured with any update policies whatsoever, so it defaulted to the "consumer" experience. But those scenarios required an Entra-joined device that was enrolled in Intune but had zero Intune WUfB/Autopatch policies configured on the device.
Thank you, Eric. That would have been my understanding but our experience was we got 24H2 because we had: Do not connect to internet location set to zero.
If there is a loophole lets make sure it does not become the new norm going forward.
We are investigating an issue where some users see “Other user” as the default login option on the Windows sign-in screen, even though they are the primary user. This occurs when both Windows Hello for Business (WHfB) and a physical security key are enabled.
Observed scenarios:
With both WHfB and a security key plugged in, the system defaults to “Other user” and prompts for the security key PIN.
If WHfB is enabled and no key is inserted, the expected user is shown and WHfB methods (PIN/biometric) are available.
If WHfB is disabled but a key is inserted, the expected user is shown and the key PIN prompt appears.
Key insight:
The issue only occurs when both WHfB and a security key are present. Windows prioritises the security key flow, which triggers the “Other user” screen.Question:
Is this behaviour expected by design, and is there a recommended policy or configuration to prevent Windows from defaulting to “Other user” when both WHfB and security keys are available- Joe_Lurie
Carol254 Thanks for the question. This is expected behavior. When Windows Hello for Business and a security key (like FIDO2, for example) are both enabled, Windows prioritizes its credential providers (like PIN or biometrics, etc...) and may not immediately associate the plugged-in FIDO2 key with a specific user. However, when WHfB is disabled (or not enabled) then Windows relies on standard credential providers, including the security key, and therefore associates the key with the user immediately.
You can use the PolicyCSP or Settings Catalog (preferred) to configure the default credential provider. The credential providers are in the registry: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\Credential Providers or you can use a local GPO if you want to test it first: Computer Configuration > Administrative Templates > System > Logon.Hope this helps.
WuFB and Intune reporting - Is there a method of reporting on what drivers were installed on a specific device? I found the method of reporting on a specific driver, but I am looking for reports on drivers updated on a specific device.
- EricMoe
Tim, currently there is not an Autopatch or Intune report that provides the information you are looking for. The Autopatch team is exploring how to provide this type of reporting, but there is nothing to announce at this time.
An Intune question: When will Intune get a true application reinstall solution similar to MECM?
If I install it using MECM when I click on reinstall it goes through the entire application reinstallation process.
If I install an application using Intune and it eventually becomes corrupt for some reason, if the user attempts to reinstall the app looks at the success condition first, sees that it's showing success from the initial install and won't reinstall the app. This results in calls to the help desk for someone to remove the success condition.
- Jason_Sandys
Hi Terry_Rutter, it sounds like you are looking for a "repair" function. Today, the best path for this is to allow the end user to uninstall the app and then they can reinstall it. This is not truly sufficient and we are aware. An actual app "repair" function is in the backlog but we have nothing to share on when this will be delivered. Please make sure to add feedback to the Intune admin console on this.
Message ID: WI1138854
Microsoft is investigating social media reports that solid-state drives (SSD) and hard-disk drives (HDD) might disappear from the OS or become unreadable after installing the August 12, 2025 Windows security update KB5063878
Is this confirmed and do we have a remediation ETA?
- EricMoe
The message indicates that the issue is under investigation. If you are experiencing the issue, contact Support for Business or use Feedback Hub as indicated in the message. We will update the post with newer information when it becomes available.
How do I join the session? is it a webinar?
Never mind I read the NOTE again: It's a chat eventI'm trying to utilize the Windows feature update device readiness report in Intune. The report will not display in the browser (Edge v139.0.x) but I can download the results and view in Excel. The report in the browser would help with drill down I assume. Is this a known issue?
Everything works as it should in Chrome but that's not our firm standard.
