Event banner
Windows Office Hours: February 16, 2023
Event Ended
Thursday, Feb 16, 2023, 08:00 AM PSTEvent details
Get answers to your questions about adopting Windows 11 and managing the Windows devices used by remote, onsite, and hybrid workers across your organization. Get tips on keeping devices up to date effectively! Learn how to cloud attach your on-premises workloads!
Windows Office Hours is our continuing series of live Q&A for IT professionals here on Tech Community.
How does it work?
We will have a broad group of product experts, servicing experts, and engineers representing Windows, Microsoft Intune, Configuration Manager, Windows 365, Windows Autopilot, security, public sector, FastTrack, and more. They will be standing by here -- in chat -- to provide guidance, discuss strategies and tactics, and, of course, answer any specific questions you may have.
Post your questions in the Comments early and throughout the one-hour event.
Note: This is a chat-based event. There is no video or live meeting component. Questions and answers will appear in the Comments section below. |
Heather_Poulsen
Published Jan 26, 2023
- skishBrass ContributorHas Office Hours for Windows been discontinued? When is the next one scheduled and how does one register for it?
- Joe_FriedelBrass ContributorI've begun using Shared PC mode and am liking it for specific scenarios. The documentation (https://learn.microsoft.com/en-us/windows/configuration/set-up-shared-or-guest-pc?tabs=intune) indicates in addition to EnableSharedPCMode there is also an option for EnableSharedPCModeWithOneDriveSync, but this option is not available in the Intune Settings Catalog. Do you know when it will be there?
- Joe_Lurie
Microsoft
Thanks for the question. I recommend using the Feedback button in the Intune management console. You can also import a custom ADMX file to enable this setting.
Custom ADMX: Import custom and third party partner ADMX templates in Microsoft Intune | Microsoft Learn
Feedback:
Feedback icon in Microsoft Endpoint Manager admin center
- lalanc01Iron ContributorHi is there a way to dynamically block mdm enrollment for End of Life/unsupported OS for both mobile and wks so that we don't have to go an edit the setting each time? Thks
- Joe_Lurie
Microsoft
You can use Enrollment Restrictions, as you know, to specify a min version of each platform. This can't be set dynamically. And you probably want to enroll them so that they can get their updates.
Recommend letting them enroll, but use Compliance Policies and Conditional Access to ensure they cannot access resources until they have been updated.
- Amarjeet5Iron ContributorWe're seeing Windows 10 devices not switch the firewall profile to domain, the issue isn't reproducible with Windows 11. Using following CSP to configure HTTPS intranet sites and confirmed they respond via HTTP200 when on domain network. https://learn.microsoft.com/en-us/windows/client-management/mdm/policy-csp-networklistmanager Issue seems to be this one. https://learn.microsoft.com/en-us/troubleshoot/windows-client/networking/firewall-profile-not-switch-to-domain Will this be fixed on Windows 10 for the CSP? Or apply the workaround in the troubleshooting steps?
- Joe_Lurie
Microsoft
Though some features and CSPs that are written for Windows 11 have been / will be backported to Windows 10, some features and policies will not be. I can't answer specifically about this CSP. I recommend using Feedback Hub and requesting this policy, or opening a ticket. However, if this CSP works on your Windows 11 devices, is there something blocking you from upgrading to Windows 11?
- lalanc01Iron ContributorHi, for UUP/sccm support, we understand the one time 10gigs download, but for now are you really sure that we won't get another high payload in the next months? Thks
- SigurdWernerIron Contributor
From the UUP preview: Monthly Quality Update UUP Deployment Package size for W11 + W11 22H2 for x64 and arm64 platform English only is 34 GB
- Jason_Sandys
Microsoft
Hi Stéphane. We don't have any way to tell what's coming in the future for sure, however, we don't anticipate anything of this size specific to UUP. Note though that for UUP on-prem that the current one-time 10GB update is specific to Win 11 22H2 as it exists today and future feature updates will also have an additional "one-time" download.
- David_Guyer
Microsoft
As a result, monthly cumulative udpates take advantage of the optimization in UUP so that in most cases the client downloads for quality updates will be smaller than before.
- joerngadeottogroupFrequent ReaderHi everyone, we manage Windows 11 clients in Intune and wait for an update of the Security Baselines. Is there already a timetable for when a new version of the Security Baseline will be added?
- Roy Barton
Microsoft
I wanted to follow up here. I did some research and there are changes coming to Security Baselines and their update cadences. I cannot give timelines, but please be on the lookout for new features/updates in your Microsoft Admin Portal.
- Roy Barton
Microsoft
Thanks for the question joerngadeottogroup, we are checking with the team that handles Security Baselines and when they will next be released. As a note, security baseline templates will be available via this Tech Community site Windows 11 Security baseline - Microsoft Community Hub, before they will be in the Intune console.
- Ian_RosenfeldCopper ContributorIs Azure within the scope of this discussion? We want to set up some Azure Windows 11 VMs for employees to access anywhere in the world, but we don't want to have them open to the Internet. What are the best practices for setting up Azure Win 11 VMs in a secure way - is there a way to broker them after the user logs into Azure?
- Christian_Montoya
Microsoft
Not specifically, but we do have knowledge on this!
There's actually a few different ways you can do this, depending on use case:
- Azure Virtual Desktop or Windows 365 - If you're wanting to have admins (centrally) provide desktops to users.
- Azure Bastion - If you centrally manage a network and your users can create their own machines on that network.
- Azure ExpressRoute (or other Site-to-Site VPN) - If you centrally manage a network and your users can create their own machines on that network, PLUS if your users are coming from a centarlized corporate network.
Many options! If you have a Microsoft rep, would suggest talking to them to narrow it down.
- lalanc01Iron ContributorHi, if a WUFB managed device doesn't have user logged in for weeks/months, will the device still be updated with cumulative updates? Asking because we are noticing some of them not getting updated. Thks
- David_Guyer
Microsoft
Hi Stephane, Yes, and the good news is that they will only need to get 1 Windows update to get current since the Quality Updates are cumulative, and the latest includes all previous month's fixes.
- alenatCopper ContributorHi, I was wondering if Always On VPN can be started before user logon to be sure user logon script will be deployed? Thank you!
- Sean_McLaren
Microsoft
Hi Alex, I'm curious what you are trying to accomplish in your logon script given your user is remote? Feel free to DM me with more details if you'd rather not put them here as well.