Event banner
Event details
37 Comments
Windows 11 Multi-App Kiosk configuration is not entirely functional as of 24H2. In particular, the ability to pin apps to the taskbar (start menu pin works OK, just task bar is broken.) Additionally, we find erroneous pop ups from AppLocker due to 15+ default Microsoft Store apps attempting to update/install in the background. The documentation on how to solve this is insufficient, or maybe the functionality is truly missing/broken in its current state.
Here is the specific documentation we reference:https://learn.microsoft.com/en-us/windows/configuration/assigned-access/configure-multi-app-kiosk?tabs=intune
https://learn.microsoft.com/en-us/windows/configuration/assigned-access/configuration-file?pivots=windows-11
Here are other threads where people have similar struggles, and no one has a clear solution.
https://www.reddit.com/r/Intune/comments/1imr9qo/how_to_pin_an_app_to_taskbar_in_multiapp_kiosk/
https://www.reddit.com/r/Intune/comments/1jwv43z/are_taskbar_pins_in_multi_app_kiosk_mode_on/
https://www.reddit.com/r/Intune/comments/1gr8wlv/is_there_a_simple_way_to_configure_the_multiapp/
We too are undergoing the exact same issue, where Windows 11 Multi-App Kiosk config has hindered the user experience across all of our Kiosk devices. The Windows 10 experience was much more user friendly, and the setup was dramatically more fleshed out via the documentation.
Can we get some confirmation of Taskbar pinning capabilities in the works?
We're using Windows Update for Business to upgrade our remaining Windows 10 workstations to Windows 11 24H2. One recurring issue has been machines failing to upgrade due to Safeguard Hold 52754008, which pertains to "third-party wallpaper apps". According to Windows 11, version 24H2 known issues and notifications | Microsoft Learn, this hold was being "gradually lifted" as of April 11.
In every case I have investigated so far, the offending app has been the Bing Wallpaper app. As it is installed from the Microsoft Store, it is updated automatically.
My question is two-fold. First, when will the hold be completely lifted? Second, why is the hold still being applied to machines with a recent version of this app, when presumably the issue impacting Windows 11 has been fixed?
Thanks!
- EricMoe
Microsoft
RyanSteele-CoV I'm tracking this down with our Safeguard Hold team. Once we have something we can share, I'll let you know.
We are looking to migrate our firewall rules/settings from Group Policy to Intune, but several seem to be missing or do not have Intune equivalents e.g.
Windows Defender Firewall: Allow authenticated IPsec bypass
Windows Defender Firewall: Allow inbound Remote Desktop exceptions from certain IP addresses
Windows Defender Firewall: Allow inbound UPnP framework exceptions
Windows Defender Firewall: Allow local port exceptions
Windows Defender Firewall: Allow local program exceptions
Windows Defender Firewall: Do not allow exceptions
Windows Defender Firewall: Prohibit notifications
etc.
Is this correct? If so, when will all the Group Policy firewall settings be available to configure in Intune please?Is there a way to view locally on the computer what OCPS settings are applied yet please? Even if it's just somewhere in the Registry...
- Joe_Lurie
HeyHey16K I'm not aware of any way to view the policies that have been set specifically via OCPS, but I found this older blog on Tech Community that points to specific reg keys. I think the 2nd reg key mentioned might help: Troubleshooting Office Cloud Policy Service (OCPS) on Windows
Hi experts! Intune is a great tool but unfortunately has a big list of network endpoints it requires; in addition this list is even larger when adding the endpoints for Windows 11, Defender etc.
In a Zero-Trust world with several different cloud proxy providers, it is hard to see if required connectivity (unauthenticated proxy access) to all these endpoints is working: there is no Microsoft tool to test Intune connectivity in DEVICE/SYSTEM context (while this is the most used context); this is a shortcoming. What do you recommend ?
- Phil_Urban
We publish all of the required network connectivity on https://learn.microsoft.com. MartinHimken wrote a tool to automate testing of connectivity to a lot of the required endpoints. You can read about his testing process (and tool) here Intune Network Requirements - everything I learned – mAnimA.de.
Since 'cloud-first' is our strategy for device management, or company is planning decommissioning of ConfigMgr/SCCM on short term. However not all SCCM functionality is available in Intune yet, like a detailed hardware inventory or even a mechanism to target devices based on (hardware or software) specific device properties. When can we expect this ?
- Jason_Sandys
Hi Johan_Vanaken, In general, Intune is not intended to be a lift and shift replacement for ConfigMgr. Instead, Intune has been designed to simplify device management and address business challenges and requirements related to device management. This does mean in a check box by check comparison exercise, some checkboxes may not be filled on the Intune side. As noted though, our intent is not to fill every checkbox.
For inventory specifically though, have you reviewed the capabilities of the recently added MDQ: Device query for multiple devices in Microsoft Intune | Microsoft Learn? Additionally, have you reviewed the capabilities of Explorer which was released on Monday: Explore Intune data with natural language and take action | Microsoft Learn?
+1 for this. Intune
1. Doesn't record current/last logged on user
2. Doesn't have software monitoring
3. Cannot do bare metal provisioning
4. Cannot install a vanilla (bloatware free) OS/latest OS during device build
5. Reporting is lacking compared with CM (esp the custom reports)
6. Cannot pause individual Windows Updates (you can either deploy all Windows Updates or pause all of them, there seems to be no inbetween)
7. Cannot export device hardware hashes
I hope I am wrong on all of the above, and someone will tell me it can though!! 🤞
- Jason_Sandys
Hi HeyHey16K, Our goal is not to recreate on-prem and legacy functionality but instead provide a simple and forward-looking, cloud-centric service for managing devices. Each of the items you have listed above is more or less a separate discussion in and of themselves. Ultimately, the best way to start these discussions with us is to define the scenario and what business result cannot be achieved without the function/feature as often (not necessarily always) the result can be achieved in another way with Intune or our solution set.
This is in no way meant to discourage feedback on these items as we are always seeking to improve and ensure we cover as many customer requirements as possible. I strongly suggest joining the Microsoft Customer Connection program to better connect with the product group and have your voice heard: Announcing the Microsoft Management Customer Connection Program | Microsoft Community Hub
I am enabling Windows Update for Business reports today. I am looking for the Power BI templates that can be used with it but not having a lot of luck. Since I am new to Windows Update for Business reports I am wondering what your favorite use of it is.
- Phil_Urban
There are lots of Partner designed templates out there. Aakanksha_Saxena wrote a blog in 2023 that has some great content Tailor Windows Update for Business reports with Power BI | Windows IT Pro Blog (and she provided a template).
