Event banner
Event details
88 Comments
- Heather_Poulsen
Community Manager
Welcome to our May 2024 edition of Office Hours! Today marks the fourth year of this monthly series and we want to thank you for including us in your Windows journey!
- Will Multi-App Kiosk mode be natively supported by Intune on W11 like it currently is for W10? If not, why not please? Appreciate there is a "workaround solution" proposed by a third-party using custom policies but struggling to understand why MA Kiosk isn't natively supported on W11? Thank you π
- Jason_Sandys
Microsoft
We fully expect this to be added at some point yes, but we have no timeline to share at this time. This primarily comes down to prioritization; while this is important, so are many, many other work items in the pipeline. Just to be clear though, using the custom profile and an XML is fully supported. I agree having a native UI is better, but for now, it is what it is. We're always happy to take feedback on why we should up the priority on a work item though.- Amazing! Thank you Jason π
Do you know when the Laptop 5 W11 23H2 SRI's will be released please? Still only 22H2 at aka.ms/sri π
- Phil_Urban
We don't have a date to share on availability of the Windows 11 23H2 SRI for the Surface Laptop 5.
When available, it will appear in the Surface IT Toolkit. If you use the Windows 11 22H2 image today, you can leverage your normal update processes to upgrade to 23H2.
- Thank you Phil. We created a 23H2 SRI using the SDA but it puts the Laptop 5s into tablet mode, we have a support ticket open atm. Was hoping when MS release the public SRIs all our problems will be solved π
- When we pre-provision a device for Autopilot, our users still need permissions to register a device to Azure. Even though the autopiloted device is registered to Entra and Intune already during the pre-provision process. Is this necessary / a security practice or can this be avoided for smoother user experience?
- Jason_SandysHi James. Can you be a little more specific here. What exactly do you mean that the "users still need permissions" to register a device to Azure?
- Users need to be a member of the "Users may join devices to Microsoft Entra" permission in Entra under Device settings.
Do you know when the Copilot app will be available on W10 Enterprise managed devices please? This is what Copilot said "I donβt have the exact date when the Copilot app will be available on Windows 10 Enterprise. I recommend checking the official Microsoft website or contacting Microsoft Support for the most recent information" π
- Joe_Lurie
HeyHey16K It's a good question. With the impending EOL of Windows 10 (Oct 14, 2025) we are still investigating whether or not we'll include Copilot in Windows 10. If this is something that's important to you, you can file official feedback wither via Microsoft Support or Feedback Hub.
PS: you should start your upgrade to Windows 11 soon if you haven't started yet π
- Don't worry Joe, we're upgrading our remaining W10s to 11 as I type (well Intune is...). But for those on W10 for now, some of those users are keen as mustard for the Copilot app, even though they can use Copilot in Edge...
Does Microsoft publish in advance anywhere a list of (Group Policy and Intune) policy settings you're planning to make obsolete please? So we have a heads-up and can plan any required mitigations etc.? If not, could you consider publishing one please... π
- Joe_Lurie
Hello HeyHey16K We don't typically preannounce when something will be deprecated, but depending on the service, app, feature, or setting, you'll typically have 6 months to a year (or more) once the announcement is made. You can keep an eye on our What's New pages and the Important Notices pages. Also, we may post in the M365 Message Center. Note that sometimes these posts are targeted only to the customers using the feature. app, or setting being deprecated. So you may not see all notices if it does not pertain to you.
--Joe.
- Hey Joe, thank you for replying. Microsoft publish a list of new Intune policies (https://learn.microsoft.com/en-gb/windows/client-management/new-in-windows-mdm-enrollment-management) so we're just looking for the reverse as a few times now some Group Policy settings have dropped into "Extra Registry Settings" and other times Intune settings are marked deprecated with no warning (that we see). We monitor the M365 Admin portal Message Center several times a week...
- Are the Android Security Configuration Framework and iOS/iPadOS Security Configuration Framework still a thing? The links in both Tech Community posts now just go to learn.microsoft.com pages about enrollment: https://techcommunity.microsoft.com/t5/intune-customer-success/announcing-the-android-enterprise-security-configuration/ba-p/1496752 https://techcommunity.microsoft.com/t5/intune-customer-success/announcing-the-ios-ipados-security-configuration-framework/ba-p/2275960 The Microsoft Github hasn't been touched in ~2 years: https://github.com/microsoft/Intune-Config-Frameworks It seems like Ross Smith IV left Microsoft and no one has picked this up to maintain it. It would be nice to have a framework baseline to get started with and refer to for security and compliance.
- I am stuck on how to get the managed home screen to display the applications I am assigning to the devices. Also, what it the trick to exit kiosk mode? I have my settings below. Enrollment profile type Dedicated device Kiosk mode Multi-app Home screen Lock home screen Item name Item type Package name Publisher Citrix Workspace App com.citrix.Receiver Citrix Systems, Inc StageNow App com.symbol.tool.stagenow Zebra Scanner Bluetooth App com.symbol.btapp Zebra Intune Company Portal App com.microsoft.windowsintune.companyportal Microsoft Corporation Microsoft Teams App com.microsoft.teams Microsoft Corporation Zebra - Data Wedge App com.symbol.datawedge Zebra 123RFID Mobile App com.zebra.rfidreaderAPI.demo Zebra Technologies Remote Help App com.microsoft.intune.remotehelp Microsoft Corporation Screen orientation Portrait Leave kiosk mode Enable Leave kiosk mode code ######
- I figured out how to leave kiosk mode by hitting the back button several times. Now I am trying to figure out why it is telling me that the pin # to exit hasn't been set.
- Hitting the back button ~15 times brings up the menu to exit kiosk mode. I did find the issue with the password error. The password has to be set in 2 places device configuration policy and Application configuration policy. The link below has screen shots but the setting needed is Exit lock task mode password. https://imgur.com/a/gTz3i3k
- Does applying a retention period of "forever" for content in Microsoft 365 have any influence on storage? Do we have to pay storage fees? We're using O365 E3 and Microsoft Entra ID P1. Thanks!
- Joe_Lurie
Hello Akari . Thanks for the question. Unfortunately, the SMEs and PG monitoring here are all from the Windows and Intune teams. You'll have more luck getting an answer in the Microsoft 365 forums like this one: Microsoft 365 - Microsoft Community Hub.
Good luck
- What happens to a device when the primary device user leaves the company. If you want another user to take over the device what are people doing? Wipe will factory reset it and have to image it again. What is the difference between reset and delete? The devices in question are common end user devices so when they leave there will be another user to take over the device.
- As an MSP, we have our clients do the "wipe". Either through Intune (they may as us to do this for them), or users do it themselves through the company portal app. This solves all challenges: removes all company (and possible personal!) data and brings the PC back in to factory default, a known and defined state. Some clients use Autopilot, which then re-deploys for the new user. But even without Autopilot, new employees typically have a fresh work environment within 20-30 minutes after going through OoBE. None of our customers re-image and I would HIGHLY recommend against it - especially on mobile devices. OEMs invest a lot in mobile PC images so they are tuned for energy efficiency and security. Any image you provide will likely break something and/or ruin the user experience. If you're concerned about the bloatware many OEMs pre-install on their devices: wipes often remove that, because they don't include it in their recovery partitions. (thank goodness). Alternatively, use the "Fresh Start" option in Intune if your Supplier includes their bloatware in the recovery image. Ask your PC supplier for business PCs with "vanilla" Windows images. All OEMs offer it as an option, sometimes for free. But remember, removing bloatware costs money because it subsidizes the purchase price. Or get Surface. π
- Joe_Lurie
reastman1966 I agree with Dom_Cote that an Autopilot Reset is the best way to handle repurposing a Windows device, or a wipe/reset for a mobile device. One thing to consider is that the primary user in Intune is typically the person that enrolls the device (this depends on the enrollment method, but its a good rule of thumb), whereas the owner of a device is Entra (formerly Azure AD) is the person that registered the device. These may be different people. If you need to repurpose a device and reset the owner in Entra, you may need to delete the device before resetting it. But for newly-enrolled Entra devices, the Microsoft Entra ID Owner property is automatically set at the same time that the Intune primary user is set.
