Event banner
Event details
88 Comments
- Joe_Lurie
Microsoft
Thank you for joining us today for Windows Office Hours! We'll be back next month and every third Thursday. Visit https://aka.ms/Windows/OfficeHours for details. Have a great day.
- Intune - could we have an option to either auto gather, or just select between primary users/primary windows devices contained in a group so if we need to deploy to a given group of users, but the app/licensing it per device, rather than having to use a PS query to "get the users pri device for this ObjID" we can just have the users in a group, but tick an option "deploy to their primary device" thanks
- Jason_SandysWhat's the bigger scenario here that you are attempting to address?
- Our workstations get enrolled into to Intune by SCCM, but a handful of machines fail to enroll with error "incorrect function". Leaving and re-joining Entra ID with dsregcmd hasn't solved the issue. Is there any existing guidance for troubleshooting this error, or do we need to open a ticket with Intune support?
- In case anyone comes across this later, I found the solution. Since enrollment had failed once, I needed to delete a registry key from under HKLM\SOFTWARE\Microsoft\Enrollments as described here: https://learn.microsoft.com/en-us/windows/client-management/mdm-diagnose-enrollment#troubleshoot-group-policy-enrollment
- Jason_SandysWhere exactly is this error surfaced? Assuming hybrid join, have you validated that this has completed successfully?
- SCCM > Monitoring > Co-management has a dashboard showing enrollment status, along with any enrollment errors. About 1% of our machines show a status of "failure, hybrid Azure AD-joined", with the enrollment error for all of them being "Incorrect function".
- Why does Windows Hello Face recognition not check for open eyes? You can hold a laptop up to a sleeping/unconscious person, and the device will unlock. Can we get some rudimentary checking for consciousness before unlocking?
- Phil_Urban
In addition to Joe's comment on accessibility, if there are security concerns around face (or other biometric) unlock, consider adjusting your technical policies/configurations to align to your business's security requirements.
- I did - multiple times over the last few years. Usually, it simply disappeared. Fingerprint sensors check based on their individual capabilities, such as "being alive". (I used to work in DPS/DTS under Nicole Dezen at MSFT, this was a key topic for us) Some do, some don't. But face recognition is entirely done by Windows. Seems like it should be easy to implement an "eyes open" check, no?
- Any chance we'll get some Bluetooth audio enhancements? Our clients have asked for: 1) Dual/simultaneous output to two devices 2) Qualcomm AptX support?
- Phil_Urban
This is great feedback. As with all feature requests, Feedback Hub is the best way to help the team prioritize development efforts. Be sure to include business impact aligned to the request.
- Actually, let me expand this question somewhat: What about streaming to two audio outputs simultaneously - regardless of their connection? I can imagine that USB connected output devices are easier to handle, since all that mucking around with BT is eliminated. Can we get streaming to USB audio devices at least? Or built-in + USB?
- Is that a limitation of the current BT Class architecture model.. , or Driver Vendors not taking advantage of those features
- I discussed this with folks on the audio team back in my MSFT days. This is not trivial at all. For example: Devices will have different latencies that need to be taken in to account. Add different codecs to the melange and it gets real tricky real fast. However, Samsung seems to have solved it as their premium phones will let you stream to two audio devices at once.
Modern Standby on recent W11 seems to be changing in the way it works - or apps are "using" it differently. Example: New Outlook will not chime and turn on the display reliably for reminders anymore. The legacy modern inbox apps did that VERY reliably. Same goes for new Teams. Is this by design? Or external to new Outlook and Teams (ie Edge)? Also: If Modern Standby is changing, can we still rely on Windows Update to download and install Updates during off-hours in future?
We also see network connections dropping more frequently under ModS recently.
btw. We/I LOVE ModS and would love to have more options of leveraging it. For video streaming, keeping OneDrive up to date, etc.
- We are in the process of transitioning from Classic Teams to New Teams. One issue we are having is that the add-in for Outlook is still pointing to the Classic Teams and some of the default app protocols are not set to New Teams. Does anyone know the registry keys or process for making a powershell script to uninstall classic and move to New Teams?
- Heather_Poulsen
Community Manager
If the removal of classic Teams fails, here is guidance for uninstalling the classic client manually: How to uninstall the classic Teams client - Microsoft Teams | Microsoft Learn
- This upgrade was utterly seamless for us and our clients. If remnants of classic teams are disrupting your devices, I'd open a support ticket.
- Since it has been released, is it planned to integrate Chat GPT-O into Copilot (former Bing/chat) or Copilot for M365 by any chance? Published on the MS roadmap? Thx
- Joe_Lurie
Jeremy_Remy This would be several levels above anyone available in this Office Hours chat. Best option is to talk to your account team, if you have one, and keep your eyes open on our blogs and Copilot pages: Microsoft Copilot for Microsoft 365 | Microsoft 365
- We have some computers that are updating from Windows 11 Pro, to Windows 11 Business. The license seems to change from Windows 11 Pro to Windows 11 Business when we sign in to Office 365 using our Windows Business Premium license. Some computesr we cannot get to upgrade to Windows 11 Business or change to Active. How can we get all of our computers updated to Business. Also now we have MFA each time we reboot the computer in Windows 11. It is kind of an issue, and we would like to know why. Why does it show connecting to the Microsoft Store. Is this a recent Windows Update?
Natalie_Palmisanostevensgroi Sorry to hear you are having trouble with getting some devices upgraded/activated. I would definitely echo what Dom_Cote has said about assigning your Windows Business licenses to your user account and not devices. You can certainly do it to devices if you wish, and it is supported, but from an Admin perspective, it's easier to keep track of doing it on a user basis.
I would encourage you to go to take a look at our documentation for Network endpoints for Microsoft Intune | Microsoft Learn. Full disclosure, this documentation will make references to features your Business Premium licenses may not have access to. The core idea here is that you want to ensure your devices are able to communicate with Intune as license activation can very much be affected by the device's inability to communicate properly.
As far as your MFA question, that would be a better question to ask our Support team and would encourage you to submit a support request.
You Microsoft Store question we'd need a little more information to better understand the ask. I would encourage you to look at the documentation bout controlling access to the Store if you don't want them to have access to it. Configure access to the Microsoft Store app - Configure Windows | Microsoft LearnWe do assign Windows Business Premium licenses per user. We are not assigning them per device. Also some machines are upgrading to Business, some are not. But each user is assigned a Windows Business Premium license.
After joining an M365 Business Premium Entra Tenant, they should upgrade from Pro to Business when the first user with a Business Premium license signs in. It is a USER-based license, right? For us, this works VERY reliably. Are the devices joining properly? I don't think you'll get consistent results for registered devices (if any). Are the users signing in licensed for BP?
Opposite is also true: If users without a BP license sign in, the device will eventually drop back to Pro. (I forget what the courtesy period is, but i think it is one month. Could that be happening?
- We are testing Autopatch with 45-50 devices. On most machines everything works fine. But we have some machines that get zero notifications, that updates have installed and need a reboot. And when the deadline approaches nothing happens. And the deadline passes, and nothing happens. So we have zero notifications and no forced reboot on some machines. What should we be looking for? Because the same notification polices are on all devices.
David_GuyerAdding to Eric's comments, the other thing to check is if there are other policies, or old sources of policies still on the device, that could be causing conflicts. For Windows Update, Group Policy wins over MDM, for example, so a left over GPO policy for deadline or other setting could override Autopatch. Hope that helps.- EricMoeBrian - please open a case with Autopatch for our engineers to help deep dive into the issue. It sounds like those devices are not properly receiving the update policy, but you will need support assistance to help identify what is going on.
