Event banner
Windows Office Hours: May 16, 2024
Event details
Get answers to your questions about adopting Windows 11 and managing the Windows devices used by remote, onsite, and hybrid workers across your organization. Get tips on keeping devices up to date effectively! Learn how to cloud attach your on-premises workloads!
Windows Office Hours is our continuing series of live Q&A for IT professionals here on Tech Community.
How does it work?
We will have a broad group of product experts, servicing experts, and engineers representing Windows, Microsoft Intune, Configuration Manager, Windows 365, Windows Autopilot, security, public sector, FastTrack, and more. They will be standing by here -- in chat -- to provide guidance, discuss strategies and tactics, and, of course, answer any specific questions you may have.
Post your questions in the Comments early and throughout the one-hour event.
Note: This is a chat-based event. There is no video or live meeting component. Questions and answers will appear in the Comments section below. |
- Heather_PoulsenCommunity Manager
Welcome to our May 2024 edition of Office Hours! Today marks the fourth year of this monthly series and we want to thank you for including us in your Windows journey!
- Joe_LurieMicrosoft
Thank you for joining us today for Windows Office Hours! We'll be back next month and every third Thursday. Visit https://aka.ms/Windows/OfficeHours for details. Have a great day.
- HeyHey16KSteel Contributor
Does Microsoft publish in advance anywhere a list of (Group Policy and Intune) policy settings you're planning to make obsolete please? So we have a heads-up and can plan any required mitigations etc.? If not, could you consider publishing one please... 🙂
- Joe_LurieMicrosoft
Hello HeyHey16K We don't typically preannounce when something will be deprecated, but depending on the service, app, feature, or setting, you'll typically have 6 months to a year (or more) once the announcement is made. You can keep an eye on our What's New pages and the Important Notices pages. Also, we may post in the M365 Message Center. Note that sometimes these posts are targeted only to the customers using the feature. app, or setting being deprecated. So you may not see all notices if it does not pertain to you.
--Joe.
- HeyHey16KSteel ContributorHey Joe, thank you for replying. Microsoft publish a list of new Intune policies (https://learn.microsoft.com/en-gb/windows/client-management/new-in-windows-mdm-enrollment-management) so we're just looking for the reverse as a few times now some Group Policy settings have dropped into "Extra Registry Settings" and other times Intune settings are marked deprecated with no warning (that we see). We monitor the M365 Admin portal Message Center several times a week...
- Dom_CoteBrass ContributorAny chance we'll get some Bluetooth audio enhancements? Our clients have asked for: 1) Dual/simultaneous output to two devices 2) Qualcomm AptX support?
- Mike_King680Copper ContributorIs that a limitation of the current BT Class architecture model.. , or Driver Vendors not taking advantage of those features
- Dom_CoteBrass ContributorI discussed this with folks on the audio team back in my MSFT days. This is not trivial at all. For example: Devices will have different latencies that need to be taken in to account. Add different codecs to the melange and it gets real tricky real fast. However, Samsung seems to have solved it as their premium phones will let you stream to two audio devices at once.
- Dom_CoteBrass ContributorActually, let me expand this question somewhat: What about streaming to two audio outputs simultaneously - regardless of their connection? I can imagine that USB connected output devices are easier to handle, since all that mucking around with BT is eliminated. Can we get streaming to USB audio devices at least? Or built-in + USB?
- Phil_UrbanMicrosoft
This is great feedback. As with all feature requests, Feedback Hub is the best way to help the team prioritize development efforts. Be sure to include business impact aligned to the request.
- reastman1966Copper ContributorI am working on setting up admin permissions for some help desk users to manage a small group of devices. I have down the group, but I am struggling on what is really necessary in the custom role I am creating. These are Zebra Android based scanners if it matters. They will need to be able to do the enrollment and some other basic tasks. No need to adjust any profiles as that will be handled by another team.
- Dom_CoteBrass ContributorWhen we export policies from M365, they are usually exported with their Entra OID. In which situations would it be helpful or detrimental to re-import those policies with their original OIDs in to new tenants? Use case: we are an MSP with a baseline config with over 800 settings in it and need to deploy this to new tenants with minimal risk and effort. Thanks!
- Tim CrosbyCopper ContributorWe are currently preparing for Autopilot in a hybrid joined setup. With hybrid you have very limited options in naming your devices according to a company standard. Is there any work planned to expand this with additional logic that would allow something like including the device serial number in the name during the hybrid join process?
- Joe_LurieMicrosoft
Hi Tim Crosby thanks for joining us today. No, we don't plan to add this functionality to Autopilot Hybrid joined profiles. Our official recommendation is to not use hybrid-join with Autopilot, but to use Entra-joined/Intune-managed (what we call cloud-native). Hybrid is fine for your existing devices, but once they are replaced or refreshed/repurposed or new devices are purchased, we recommend starting that cloud-native journey. For the devices that are being repurposed and must remain hybrid-joined you should continue using your current imaging solution.
If you have to do hybrid-join, and still feel Autopilot is the right solution for you, there are scripts you can find online to help you name the device during the Autopilot process. Note that they aren't written or supported by Microsoft so please test them thoroughly before using them in production.
- reastman1966Copper ContributorWhat happens to a device when the primary device user leaves the company. If you want another user to take over the device what are people doing? Wipe will factory reset it and have to image it again. What is the difference between reset and delete? The devices in question are common end user devices so when they leave there will be another user to take over the device.
- Dom_CoteBrass ContributorAs an MSP, we have our clients do the "wipe". Either through Intune (they may as us to do this for them), or users do it themselves through the company portal app. This solves all challenges: removes all company (and possible personal!) data and brings the PC back in to factory default, a known and defined state. Some clients use Autopilot, which then re-deploys for the new user. But even without Autopilot, new employees typically have a fresh work environment within 20-30 minutes after going through OoBE. None of our customers re-image and I would HIGHLY recommend against it - especially on mobile devices. OEMs invest a lot in mobile PC images so they are tuned for energy efficiency and security. Any image you provide will likely break something and/or ruin the user experience. If you're concerned about the bloatware many OEMs pre-install on their devices: wipes often remove that, because they don't include it in their recovery partitions. (thank goodness). Alternatively, use the "Fresh Start" option in Intune if your Supplier includes their bloatware in the recovery image. Ask your PC supplier for business PCs with "vanilla" Windows images. All OEMs offer it as an option, sometimes for free. But remember, removing bloatware costs money because it subsidizes the purchase price. Or get Surface. 😉
- Joe_LurieMicrosoft
reastman1966 I agree with Dom_Cote that an Autopilot Reset is the best way to handle repurposing a Windows device, or a wipe/reset for a mobile device. One thing to consider is that the primary user in Intune is typically the person that enrolls the device (this depends on the enrollment method, but its a good rule of thumb), whereas the owner of a device is Entra (formerly Azure AD) is the person that registered the device. These may be different people. If you need to repurpose a device and reset the owner in Entra, you may need to delete the device before resetting it. But for newly-enrolled Entra devices, the Microsoft Entra ID Owner property is automatically set at the same time that the Intune primary user is set.
- AkariCopper ContributorDoes applying a retention period of "forever" for content in Microsoft 365 have any influence on storage? Do we have to pay storage fees? We're using O365 E3 and Microsoft Entra ID P1. Thanks!
- Joe_LurieMicrosoft
Hello Akari . Thanks for the question. Unfortunately, the SMEs and PG monitoring here are all from the Windows and Intune teams. You'll have more luck getting an answer in the Microsoft 365 forums like this one: Microsoft 365 - Microsoft Community Hub.
Good luck
- Machi1145Copper ContributorWhen we pre-provision a device for Autopilot, our users still need permissions to register a device to Azure. Even though the autopiloted device is registered to Entra and Intune already during the pre-provision process. Is this necessary / a security practice or can this be avoided for smoother user experience?
- Jason_SandysMicrosoftHi James. Can you be a little more specific here. What exactly do you mean that the "users still need permissions" to register a device to Azure?
- Machi1145Copper ContributorUsers need to be a member of the "Users may join devices to Microsoft Entra" permission in Entra under Device settings.