Event banner
Event details
78 Comments
For strong cert mapping changes does it impact devices that are Microsoft Entra joined only? The blog post discusses hybrid joined for Windows devices being impacted.
- For device certificates, only Microsoft Entra hybrid joined devices will have SID information, so strong mapping changes are applicable only to Windows devices that are Microsoft Entra hybrid joined. For other device types, like iOS or Android, strong mapping is not supported for device certificates, and user certificates should be used instead.
From blog post: Support tip: Implementing strong mapping in Microsoft Intune certificates
This MS article also suggests it only affects HAADJ computers:
https://learn.microsoft.com/en-us/mem/intune/fundamentals/in-development#plan-for-change-implement-strong-mapping-for-scep-and-pkcs-certificates- Jason_Sandys
Microsoft
This is correct since the strong mapping changes are for on-prem AD only and Entra joined devices and any certificates that are issued to them are not related to on-prem AD.
- Heather_Poulsen
Community Manager
Welcome to Office Hours! We're hopping straight into the questions posted below. Feel free to keep them coming!
With AzureADSSO tools going away in place of MS-Graph, will there be an updated document on how to do Azure decryption key rollover with MS-Graph instead?
Why are many OS inbuilt Store Apps not available in the Intune Store App catalogue? We want to uninstall them...
Our packaging team advise they cannot find Solitaire, Messaging, Sport in the Intune App Catalogue. Skype (9WZDNCRFHVFW) is in the Intune App catalogue but when configured to uninstall it shows as successfully run but doesn't seem to remove?
- Danny_Guillory
We made some updates to the service a few months ago. You should be able to get these applications now. If not please PM me and lets have a 1:1
Is there a way to import a list (perhaps in CSV format) of device names to the Intune Bulk Actions function please?
When can we expect to see WUfB driver applicability to show devices/models its applicable to? Currently Windows 10 and later driver updates "driver name" selection doesn't match what is actually approved via "Automatic approval driver update policy".
Ex: "Dell, Inc. - Firmware - 0.1.10.0" exists twice in approved drivers. One release date of 12/06/2023 and
11/20/2024
However, the "Windows 10 and later Driver updates" search for the same driver name shows 5 different unique driver update to choose from with same name and the release dates only matches for 3 driver names.
Devices being targeted are not consistent with 4 different models being applicable depending on which update you choose.
This is causing more confusion for support staff looking at which driver is applicable/pending for a specific device.
The "Windows Update for Business reports" don't have same data and devices that show up as successfully installed in the "Windows 10 and later driver updates" reports don't usually have the updated status in the workbook report.
How can we improve this data is sent in timely fashion from the device? Intune hardware and inventory data gets updated as expected. However, not being to know which devices are actually compliant with our driver deployments is causing headaches.
David_GuyerWhew, so many great questions, I'll try to address them all.
The list of devices a driver is applicable is work in progress. I still don't have a solid ETA I can share, but it is the top ask for driver policies and something we want to deliver.
It looks like you have come across one of those cases where the driver vendor has released two drivers with the same name. I've seen this happen and it looks like for a new device model, they start the versioning at the same point, and use the same generic driver name. This is just another scenario where the applicable devices would help, since you'd be able to see that one of those drivers is for one set of device models, and the other is another.
When you refer to the "workbook" report, do you mean the WUfB Reports in Log Analytics? I don't get to play with that much, but I know the data Intune reports on comes from the exact same processors, but sometimes Intune gets it a little faster. Does it work out in the next day?
I hope that covers all the questions and thank you for taking the time to write these up.-David Guyer
Intune Product Management
First off thank you for the honest answer :)
Yep, WUfB Report in Log Analytics workbook, the data definitely updates however, I have not looked at the audit logs closely enough to see when it happens vs Intune side.
However, we like the built-in reports within Intune as the UI is more familiar for more staff. The WUfB report is good for generating overall compliance/similar extensive reports.
The Intune built-in ones are good for quick search if a device got a specific driver installed.
Hi, is there a way to recuperate a co-managed hybrid pc that we mistakenly removed from Intune?
thksHi, what is the frequency for which online WUFB devices send their compliance/update status to the Autopatch reports?
Asking because even after a week post deadline, we still have a lot of devices that show as not having updated even if the device check-in into Intune everyday
Also, it seems that the compliance data is different than with the WUFB report, which seem faster.
Is that normal?
Thks- EricMoe
The data latency for Autopatch reporting is reducing to 4 hours, Windows quality and feature update reports overview | Microsoft Learn If you have devices a week after deadline still not updating but have been checking into Intune, open a support case with Autopatch to get some troubleshooting assistance.
Hi, is it normal that 'Not applicable' devices via Intune filters for an update rings show up in the Autopatch reports?
This makes it very hard to see our compliance for a particular ring.
Is there a way to exclude them from the reports or should we do a feedback to ask for it to be fixed/changed?
Thks- David_Guyer
Hi @lalance01, which specific report are you seeing those devices? My first thought is that they are more generic reports that aren't associated with the update rings policies, and so aren't aware of the filters. At the same time, making filters available on reports sounds like a really good idea.
I have devices showing the following error when we attempt to have them install windows updates. How do I resolve this?
HResult : 0x80080005
Message Id : CO_E_SERVER_EXEC_FAILURE
Message Text : Server execution failed
Update Source : Microsoft
- EricMoe
0x80080005 is a general access denied error, there is not enough from the error alone to determine what caused the update to fail. You will need to open a support case to get troubleshooting assistance here.
