Event details
34 Comments
Hey guys đź‘‹, thank you for continuing to host these sessions.
Why is Intune reporting so unreliable?
We have a MS support ticket open for a problem with one of our policies, which Intune was reporting failed on 700 computers. After six months of investigation (and still ongoing...) one of the MS support guys asked us to "change something on the policy to force the backend data to refresh". After six months of reporting 700 failures, two days later the reported failure numbers dropped from 700 to 70. But how can we know even that is true? It could be 70, 700 or 7,000.
MS support's response was to direct us to a five year old MS blog article (link below) admitting Intune reporting cannot be relied on. If this was an issue five years ago, why hasn't it been resolved? How do we know the state of our environment if we cannot trust what the Intune reports tell us? We do not have capacity to be changing every policy every day, just to force the backend data to refresh...https://techcommunity.microsoft.com/blog/intunecustomersuccess/support-tip-known-issues-with-intune-policy-reports/2676483
Context: Active Directory / Entra hybrid joined environment with E5 licenses, MDE and Autopilot used to onboard devices. Currently when we onboard devices they create duplicates in both Entra and MDE. But at least in Entra the duplicate devices wind up with the same device name. But when the duplicate devices show up in MDE their name begins with the generic "Desktop-*****", which I then need to constantly verify via reverse lookup using their MAC address and then follow the next step of excluding these from MDE as duplicates.
Please advise. Thanks.- NateNielsen
Microsoft
Hi stdcsb​ - What you’re seeing is known Hybrid + Autopilot behavior, not a misconfiguration. From Defender’s point of view, MDE ingests telemetry before the final rename / hybrid join completes and the initial Windows-generated name (Desktop-xxxxx) is what Defender sees first. When the device later renames and hybrid‑joins, MDE creates a second record. Entra eventually reconciles this, but Defender preserves both instances.
Even though you cannot fully eliminate the duplicates, there are some ways to address this behavior. For instance, you can leverage Hardware UUID as the key identifier as it will be the same for both entries. Defender, Entra, and Intune all expose that value. You can also create rules to exclude the inactive/older Desktop-xxxx devices within Vulnerability Management and setup up rules to reduce the noise from alerts related to them.Thank you for confirming this is not a misconfiguration issue. However, this undocumented feature initially resulted in an inordinate loss of time while trying to determine the source of these potential rogue devices showing up on our network. I even opened a case with Microsoft Support who went round in circles and never got anywhere. I eventually just gave up and only began to suspect the behavior correlated with Autopilot over time. It would be greatly appreciated if this issue was highlighted in the onboarding documentation.
- Heather_Poulsen
Community Manager
Hi stdcsb​ - We are checking with our colleagues in MDE and will follow up with you as soon as we can.
We are a K-12 school with ~120 surface go 2 & 3 used as shared laptops. Recently we are having trouble with smart charging in exam situations. Picture this true use case. You have laptops with some battery wear 10-15% each because they are a year or two old. You have smart charging saying they can only charge to 80%. You have a long online exam. Now as you can imagine, the batteries almost ran out during the exam on the ones that were used. We really want a way to manage smart charging using intune so we can turn it off on all our laptops for the exam period (about two weeks). Currently, there is only one manual button in the surface app that you can change that will turn it off for a few days. No one wants to do this on 120 laptops a few times during the two week exam period. How can we turn off smart charging using powershell or intune? I have looked everywhere for a solution but have not found one a workable one (someone suggested to drain the battery to < 20% before the exam period). We would like a bit more of a reliable solution.
Also, talking about battery, how can you put a battery percentage on the screen before the login screen (or even the login screen). We tried to remove laptops with low battery (between 50-70%) before the exam but that battery icon before the login screen made it so difficult to tell anything that we had to login just to check the battery percentage. We know there is some battery icon changes recently but I could not find any information about if it changes the login screen or the screen before the login screen.
Thanks. (P.S I am in +8 GMT so wont be able to attend online)
- EricMoe
ThomasAtFRSA​ the Smart Charging settings are managed in the Firmware, not via powercfg or other Windows configurable settings, which is why you don't see an Intune policy for it. I don't see any management layer available to modify the Smart Charging settings. The only guidance I could find was Smart charging on Surface - Microsoft Support which I can see does not scale for your environment. Please provide this feedback in the Feedback Hub for our Surface team to look into.
- EricMoe
ThomasAtFRSA​ in answer to the second question, with KB5067036 the battery icon was restored to the lock screen (24H2/25H2) October 28, 2025—KB5067036 (OS Builds 26200.7019 and 26100.7019) Preview - Microsoft Support
- [Lock screen] New! The new battery icons, which include color indicators and battery percentage, now appear in the lower-right corner of the lock screen. This feature makes it easier to check your device’s charging status and battery level at a glance. To learn more about the battery icon feature, see Taskbar.
Hello!
I'm a sysadmin for a Health care provider in Sweden and we have an issue with users with an E5 license loading into Office apps in view-mode. As far as I know we are a coupe of organisations providing health care that have this same issue.
Background: We have a mix of F3 and E5 licenses and sometimes the F3 licensed users need to view documents that contains info that isn't allowed to be saved in the cloud. To minimize the popups that show up when a user starts word unlicensed we have a GPO (viewer mode) that says that it should open i view-mode. Per my understanding this GPO is device based and not user based.
However, this also affects the users of E5 license who regularly change workstations, easily 5-10 devices in a day. Since they should be able to view and edit documents in office apps it causes frustration and confusion when they load into view-mode and have to log out and then in again (or update license) and restart the program.
Our computers devices are Microsoft Entra hybrid joined and shared computer licensing is enabled.Are there any solutions or viable workarounds for this issue? It's not complicated for users to handle but frustrating and causes a lot of tickets to the support team.
Unsure if I'll be able to participate due to the time zone difference but will appreciate any and all help.
/Per Ekholm
- EricMoe
PerEkholm​ Please post your question to our friends in the M365 Community Microsoft 365 Apps for enterprise | Microsoft Community Hub where the right SMEs can take a look at it.
