Event banner

Windows Office Hours: March 23, 2023

Event Ended
Thursday, Mar 23, 2023, 08:00 AM PDT
In-Person

Event details

This event has been moved from March 16th to March 23rd. Please note the new date!
Get answers to your questions about adopting Windows 11 and managing the Windows devices used by remote, onsite, and hybrid workers across your organization. Get tips on keeping devices up to date effectively! Learn how to cloud attach your on-premises workloads!

Windows Office Hours is our continuing series of live Q&A for IT professionals here on Tech Community.

How does it work?
We will have a broad group of product experts, servicing experts, and engineers representing Windows, Microsoft Intune, Configuration Manager, Windows 365, Windows Autopilot, security, public sector, FastTrack, and more. They will be standing by here -- in chat -- to provide guidance, discuss strategies and tactics, and, of course, answer any specific questions you may have.

Post your questions in the Comments early and throughout the one-hour event.

Note: This is a chat-based event. There is no video or live meeting component. Questions and answers will appear in the Comments section below.

 

Heather_Poulsen
Updated Mar 23, 2023
Office Hours

24 Comments

Sort By
  • Heather_Poulsen's avatar
    Heather_Poulsen
    Icon for Community Manager rankCommunity Manager
    Mar 23, 2023

    That concludes today’s Windows Office Hours. We’ll be back next month – click here to RSVP and add it to your calendar!

    While this is a chat-based event, there are definitely real people behind the scenes standing by to help! In the virtual office today were myself, Aaron Czechowski, Aria Carley, Jason Sandys, Jay Simmons, Joe Lurie, John Vintzel, Jon Andes, Kevin Mineweaser, Rob York, Sean McLaren, and Thomas Trombley. We'll see you next time!


  • Bala50's avatar
    Bala50
    Copper Contributor
    Mar 23, 2023
    We are planning to upgrade our Windows 10 workstations to W10 22H2, looks like we are missing machines in our MEM Reports like feature update readiness, compatibility risks, are there any other ways to generate these compatibility data natively from SCCM/MECM.
    • Sean_McLaren's avatar
      Sean_McLaren
      Icon for Microsoft rankMicrosoft
      Mar 23, 2023

      The Intune compatibility and risks reports, upgrade readiness reports are all part of the cloud analytics services and they use Windows diagnostic data. Unfortunately, there is no on-premises equivalent since the analysis happens in the services. If you have machines not showing up in Intune reports, you can check the settings and policies for diagnostic data and ensure you have allowed Windows data collection. There were some changes to data collection and policies which you may want to review here.  

  • ms_edrusi's avatar
    ms_edrusi
    Brass Contributor
    Mar 23, 2023
    We are noticing strange behavior with patches this month (February). They are automatically installing and not waiting for SCCM. Machines have not checked in with SCCM but already have reboot prompt from Windows Update. We have seen it happen on Read-Only vdi machines and regular laptop/desktops. Windows 10 and Windows 11 would have a toast notification.
    • ms_edrusi's avatar
      ms_edrusi
      Brass Contributor
      Mar 23, 2023
      Since we noticed the behavior we have disabled Automatic Updates and will wait for next patch Tuesday to validate that it will have the desired result. Our fear is that this way we will lose out on Windows Store apps self updating.
      • Jason_Sandys's avatar
        Jason_Sandys
        Icon for Microsoft rankMicrosoft
        Mar 23, 2023
        Automatic Windows Updates being enabled or disabled has no bearing on app updates from the Microsoft Store; Store app updates use a different mechanism and different policies to control them.
    • AriaUpdated's avatar
      AriaUpdated
      Icon for Microsoft rankMicrosoft
      Mar 23, 2023
      Are these getting all of their Windows updates from WSUS? Can you clarify what version you're running?
      • ms_edrusi's avatar
        ms_edrusi
        Brass Contributor
        Mar 23, 2023
        Hello Aria, yes the machines are supposed to get all the patches with WSUS and SCCM. We are running Windows 10 primary and about 10% are Windows 11.
  • Heather_Poulsen's avatar
    Heather_Poulsen
    Icon for Community Manager rankCommunity Manager
    Mar 23, 2023

    We're almost halfway through today's Office Hours. Keep your questions coming, big and small, about managing your Windows devices. :smile:

    • Joe_Lurie's avatar
      Joe_Lurie
      Icon for Microsoft rankMicrosoft
      Mar 23, 2023

      Windows Autopilot is a Cloud Service to automate OOBE in a Windows, while also enrolling the device into Management. So it's a PaaS Windows service that can be managed in Intune, but also works with other MDM providers. But technically this is a Windows service.
      If this is a licensing question, take a look at this FAQ: Windows Autopilot FAQ | Microsoft Learn

  • Heather_Poulsen's avatar
    Heather_Poulsen
    Icon for Community Manager rankCommunity Manager
    Mar 23, 2023
    From Lil Diablo Sauce on Twitter: “I thought Intune was for MDM. So what’s SCCM for now?”
    • Jason_Sandys's avatar
      Jason_Sandys
      Icon for Microsoft rankMicrosoft
      Mar 23, 2023
      Microsoft Configuration Manager and Intune have a lot of overlap in purpose and capabilities when it comes to Windows endpoint management. They are also complementary in many different ways and in general, I would characterize them as "better together for Windows endpoint management". Ultimately, which you choose should be based on your organization's requirements and which fits those requirements best. As noted, this may include both as well as "cloud attach" enables just this in a coordinated manner.
  • Heather_Poulsen's avatar
    Heather_Poulsen
    Icon for Community Manager rankCommunity Manager
    Mar 23, 2023

    Welcome to Windows Office Hours. Let's get started! Please post your questions here in the Comments. We’ll be here until 9:00 a.m. Pacific Time!

  • ChrisAtMaf's avatar
    ChrisAtMaf
    Steel Contributor
    Mar 23, 2023

    As an organisation we work primarily in less developed countries with poor quality, unreliable, high-latency and low-bandwidth Internet connections. This means our on-premises servers are frequently available, but cloud connectivity may not be on occasions.

    We have on-premises domain controllers linked to Azure Active Directory. Which of the following deployment model for Windows Hello for Business model would you recommend in these scenarios?

    • Cloud Kerberos trust
    • Certificate trust
    • Key trust

    https://learn.microsoft.com/en-us/windows/security/identity-protection/hello-for-business/hello-identity-verification

    • Sean_McLaren's avatar
      Sean_McLaren
      Icon for Microsoft rankMicrosoft
      Mar 23, 2023

      If your environment is all Windows 10 21H2 or newer, we recommend Cloud Kerberos Trust. It will require the least amount of setup work and you will also want to ensure you have completed all of the SSO for Azure AD Joined devices setup requirements for access to your server resources when connected over the VPN or in an office.  You will have to have full connectivity for the provisioning process, but once you have successfully provisioned Windows Hello, your Windows clients will cache your credentials allowing you to sign into the machine even if the network service connectivity is offline or your servers are unreachable.

      Eligible customers with 150 or more qualifying licenses, you may also request help from our FastTrack services for Windows Hello setup guidance.  

      • ChrisAtMaf's avatar
        ChrisAtMaf
        Steel Contributor
        Mar 23, 2023
        OK - what user experience can we expect if a user signs in for the first time without cloud connection, under Cloud Kerberos Trust?
  • ChrisAtMaf's avatar
    ChrisAtMaf
    Steel Contributor
    Mar 23, 2023
    We are experiencing an error in res://C:\WINDOWS\System32\gppref.dll/IDR_POLICY_VIEW.htm when opening the Group Policy Management Console in Windows 11 to edit any of the Group Policy Preferences. Are you aware of the issue and please can it be fixed? It only occurs in Windows 11. Here are some other reports of the same issue. https://borncity.com/win/2022/12/06/bug-causes-script-error-in-group-policy-preferences-gpp-e-g-for-task-scheduler/ https://community.spiceworks.com/topic/2469050-error-in-gpmc-when-trying-to-edit-registry https://learn.microsoft.com/en-us/answers/questions/1141635/gpo-extension-edit-problem-after-windows-upgrade-t
    • Remira's avatar
      Remira
      Occasional Reader
      Aug 18, 2023

      Hello Joe Joe_Lurie ,

       

      We are experiencing the same kind of problem when opening the Group Policy Management Console in  Windows server 2022 (21H2).

      If the gpo contains lots of parameters, we're getting an error (stop running this script? a script on this page is causing your web browser to run slowly...). When we do a dump on the mmc process, we see this: 

      MAGE_NAME:  gppref.dll

FAILURE_BUCKET_ID:  BREAKPOINT_80000003_gppref.dll!apmIsThisADfsPath

      Do you know if a patch is going to be release soon concerning the version 21H2 server 2022?

      Thank you

    • Joe_Lurie's avatar
      Joe_Lurie
      Icon for Microsoft rankMicrosoft
      Mar 23, 2023
      I believe this is fixed in the 3D patches. If you don't install 3D (March 2023 4th Tuesday "optional" updates) you'll see the fix in the April patch Tuesday updates.
  • Heather_Poulsen's avatar
    Heather_Poulsen
    Icon for Community Manager rankCommunity Manager
    Mar 23, 2023

    Welcome! Windows Office Hours will start at 8:00 a.m. Pacific Time. What questions do you have for our Windows, Intune, Windows 365, and security engineering experts?

Date and Time
Mar 23, 20238:00 AM - 9:00 AM PDT