Event banner
Event details
56 Comments
- Heather_Poulsen
Community Manager
Welcome to Windows Office Hours. We are in the office and ready to help with your questions.
Any news on when Windows 11 25H2 will be released for those running the 'Windows Insider - Release Preview' Servicing channel?
Previous years have been around May/June with general release then Oct/Nov, but there seems to be a delay this year for some reason.
Also, those that are running Windows Insider - Release Preview' channel stop getting "D" release preview OS patches each month once they are configured to use Windows Hotpatch. They revert back to "B" release I think is the patch Tuesday release band. I wonder if anyone else has experienced this? We are holding some devices from Hotpatching due to this.
- Joe_Lurie
Microsoft
nlmitchell Windows 11, version 25H2 is available today in the Insider Preview - Dev channel. We expect it to show up soon in the Release Preview channel. We can't publicly offer a date of its expected release, but we expect it soon.
- EricMoe
Windows 1125H2 is available now in Windows Insider Preview! Back in July, we posted the blog Get ready for Windows 11, version 25H2 - Windows IT Pro Blog that introduced 25H2 and notified that it was coming to Insider Preview. I can confirm that it's available today because I'm running Insider Preview on the Dev channel. You can confirm the version in System -> About. 25H2 has no significant visual differences from 24H2 so you will need to confirm in the version.
We have a bunch of us that are running on Insider Preview as defined in the Windows Update Ring policies that is applied to our devices via Intune. Our accounts are also enabled for it, have been for ages. No sign of 25H2 showing up yet though. Usually sits there in Windows Update Settings waiting for us to hit install
Are there any plans for a way to assign Intune policies a priority alike "Link Order" in Group Policy please 🙏
- Jason_Sandys
Precedence of policies is something in the "backlog" but not currently being actively pursued for a variety of reasons. It's certainly something that could benefit complex targeting scenarios and multi-layered organizations and we understand the desire, but the complexity involved with implementing has impacted its overall priority as well. Please file feedback directly in the Intune admin console for this and include as much detail as possible include concrete examples of how this would help your organization and what the business impact is to your organization for not having this.
Thank you Jason 🙂
What is your recommended/best practice process for dealing with a lost/stolen laptop that's registered in Autopilot, Entra ID, on-prem AD (yes we're hybrid...), Configuration Manager etc. please.
(ps great Intune session yesterday guys, thank you 👏)- Jason_Sandys
For Intune managed devices, wiping the device by sending a reset to it is the best path. ConfigMgr has direct capability to do this though although with a little creativity and assuming you have a CMG implemented, you could send a device reset command using a package.
Wiping is a reactive action though (and requires that the device is online at some point which is generally unlikely with a lost or stolen Windows device). Ensuring that BitLocker is enabled on devices is the proactive path as this prevents malicious users from accessing data on the device.
Is there a specific angle or caveat that you are curious about here?
I didn't ask the original question but wanted to add our angle here - in the past we've attempted to use Intune to wipe a Windows device that a terminated employee has not returned. As far as I can remember it has never succeeded, because the logged-in user account has been disabled, because they are no longer an employee. Is there any way for Intune to successfully wipe a Windows device in this scenario, or am I misunderstanding the reason for the failure?
ConfigMgr question - the Product Lifecycle section lists support dates for MECM Client versions as well as Windows OS's (EUD's and Servers). This section used to contain the same information for versions of SQL Server, however that appears to now be missing?? Is the removal of this intentional? Perhaps as part of an upgrade?
We are running MECM Version 2503
- Jason_Sandys
Hi nlmitchell, can you expand on exactly where you are looking? The product lifecycle info for SQL Server can be found at Search Product and Services Lifecycle Information - Microsoft Lifecycle | Microsoft Learn and this is applicable to SQL Server whether it is used for ConfigMgr or not.
Sorry Jason_Sandys , I was specifically on about the views in MECM - 'Assets and Compliance \ Asset Intelligence \ Product Lifecycle'. All SQL versions used to be listed in there with their support end dates. Just wondered if it had been removed on purpose as part of an update.
Noticed it today when looking at end of service dates for some server OS's :-)
Given that the Expedited Update feature in Intune is still not working reliably, does anyone have advice on an alternative solution in case we need to get an update installed quickly on all our Windows workstations?
For background, you can reference my Tech Community post here: Did expediting the 2024-08 Quality Updates fail for anyone else? | Microsoft Community Hub. For the past year, I've been expediting each month's B release to a small test group, and each month we see the same issue: the computers aren't rebooted after the update installs; instead, the update is repeatedly installed and reverted for days on end until the computer eventually restarts (or is restarted by an end user).
My support case was closed in May after I was told that the product team had found and fixed the issue, but the issue wasn't actually fixed.
I'm not from MS and since you've gone through their support, I assume this has been covered, but just in case, have you confirmed the Windows Update Health Tools is deployed to all devices? I thought it was included by default, but found that some of our machines were missing this.
Great question. Yes, I used an Intune remediation script to ensure the Update Health Tools was installed on all our workstations, and to install it on the few where it was missing.
Under what circumstances is the "Reinstall now" button in the Windows Settings app enabled?
I'm referring to the button under System > Recovery > Fix problems using Windows Update. In the past, I have tried using this feature on workstations that have their updates managed with Windows Update for Business, but the button is greyed out and it says "This option is currently unavailable". I have worked around that by adding the device to a "Windows Update for Business excluded" group which is excluded from the update ring policies, which re-enables the button.
Is there any way to keep this button enabled for WUfB-managed machines? Or some other way to initiate the reinstall (without having to package and deploy the OS installation media)?
Interestingly, I just checked on my own machine which is managed with WUfB and the button is not greyed out. I am on build 26100.5061; is this a new feature in the Release Preview channel? (I skimmed the blog posts in the Windows Blog but didn't find anything referencing this.)
- EricMoe
Per Fix issues by reinstalling the current version of Windows - Microsoft Support,
Information for IT professionals
Fix problems with Windows Update isn’t available on devices that have their updates managed. Devices won’t have the option if they are enrolled in Autopatch, leverage the deployment service, or have any of the following Windows update policies configured...
I see the same non-greyed-out behavior on my Windows 11 25H2 dev device and cannot find any public documentation either, so I don't know if it's intentional or not.
The July Update for Windows caused issues enrolling devices in Windows Hello as noted here - https://admin.microsoft.com/AdminPortal/home#/windowsreleasehealth/knownissues/:/issue/WI1121302
A workaround is suggested in the post to deploy the settings using a device scope. We are managing our deployment via Intune. In testing, this workaround does allow the user to enroll in Windows Hello and register a PIN, however, it doesn't seem to allow biometric registrations. We receive a message stating that "This option is currently unavailable."
Is there any further information on when this issue might be resolved? Or recommendations that would allow a user to set up both PIN and biometric options?- Jason_Sandys
Hi Terry_J, from memory, the article or public information on this issue listed a KIR that you can use to disable the hotfix that is causing this issue. Have you attempted to use this KIR?
I'm not from MS, but I'll note that we had a user targeted policy that we switched to device targeted. It resolved the issues with Hello registration and didn't cause any issues with biometrics. So, I'm guessing you'll need a support ticket for this if you can't find a setting that restricts biometrics in your Windows Hello configuration profiles.
We use AutoPatch and overall, it's a really great product with a high success rate. But when it doesn't work, trying to figure out "why" is a huge chore and quite a pain. For example we have modern workstations that meet all the requirements of Windows 11, are enrolled in AutoPatch and show as Ready, are part of the update rings and feature update rings, yet they do not get Windows 11. There is no clear single pane of glass that says why, and even after we hunt, we have little to no information. For example a device might show as having an alert of "RestartIssue" - but the user in question is getting quality updates and restarts on the regular, so what exactly does this mean and how do we remediate? The other big one is "SafeGuard Hold". Can the interface be updated to tell us what the hold is? It's not clear at all and not mentioned in logs, the only way to get the information is to actually reach out to the user, connect remotely to their machine and interactively run setupdiag.exe or mount win11 ISO and begin the process. Using those methods it will finally tell us what exactly is the issue (driver version etc...). Why can't this data just be available in InTune portal when looking at a machine? If we could view the reason for a SafeGuard Hold remotely that would be HUGE as we could then remediate remotely and not have to bother the users.
I'm not from MS, but we also experienced pain with SafeGuard Holds and trying to find out what they actually mean.
Intune \ Devices \ Monitor \ Feature update policies with alerts \ Select policy - for ones in there that have an Alert Message of 'Safeguard Hold' and an associated Deployment Error Code then we found this PS script online that translates it pretty well remotely, changing the ID at the end to suit: -
$SafeGuardJSONURL = 'https://raw.githubusercontent.com/gwblok/garytown/master/Feature-Updates/SafeGuardHolds/SafeGuardHoldDataBase.json'
$SafeGuardData = (Invoke-WebRequest -URI $SafeGuardJSONURL).content | ConvertFrom-Json
$SafeGuardData | Where-Object {$_.SafeguardID -eq "56031903"}
The one above for example would output like this: -
Hope this helps
Agreed, Gary Blok's Safeguard Hold database is a very useful resource. In addition to the JSON file, there is a web interface you can query here:
As we are in the final months and cannot wait any longer, I hope the Windows 11 team is preparing to resolve some of the missing functions of the Win 11 Taskbar and system tray. Please provide an update on these, which multiple of our Windows 11 pilot users have complained about:
- Vertical taskbar (priority for our CEO)
- Toolbars on taskbar (e.g. Desktop access)
- Always show all icons in system tray
- System tray and calendar access on all external monitors
- Two row task bar
I'd love an option to simply use the Windows 10 Start Menu and Taskbar in Win 11. This was one of the biggest obstacles in deciding to update. Pilot users report it hard to find the "all apps" option, and expect them when clicking the Start menu. In the absence of an option to completely restore the Windows 10 Start Menu, please provide an update on the four items above, and share any update about the possibility of a Windows 10 Start Menu returning in the future (without 3rd party tools).
- EricMoe
The only ask on the list that I can provide an update on is #3. In the Windows Roadmap you should see an item called "Taskbar icon resize" with the following description: "The taskbar now resizes icons to fit more apps when space runs low, keeping everything visible and easy to access. You can adjust how icons appear in settings—reduce icon size only when the taskbar is full (default), keep icons at their original size at all times by selecting Never, or use smaller icons all the time by selecting Always. To change this setting, right-click an empty area on the taskbar, select Taskbar settings, expand the Taskbar behaviors section, and choose your preference under Show smaller taskbar buttons." This began rolling out gradually to Windows 11 24H2 started in late June/early July. I see it on my device running 24H2 with August updates,
That actually isn't the variable I'm looking for. I'm talking about the system tray icons. Windows 10 has an option to always show all icons in the system tray. There is no such option in Windows 11. New icons are hidden by default, which can present a security risk.
