Windows Office Hours: November 16, 2023

Hi, I have some users who work out of the office so they sometimes require administrator access to complete something on their computer. What would be a great way to allow them access for a one time event? I currently have Device Administrators set up in Azure AD.

We want to configure Autopilot through Intune. We have a Hybrid Azure AD with local AD without an AD FS. We want that the Autopilot devices also join the local AD. I have set up an OU with the required permissions and set up a Gateway between Intune and local AD. The gateway shows online and Active, but no matter what we tried so far, we can't get the Autopilot device to join the local AD. It fails and we have only the Option to start over. Are there any special requirements if we don't have an AD FS or what do I need to configure so we can use Autopilot in our Hybrid tenant?

With Intune enrolled Windows devices they are scanned for Malware threats and that is reported up through the MDO home page. Is there an alert/report that is triggered somewhere that would let me know via email that devices are being found with active threats?

If the registry key for Office 365 enterprise cloud update (below) is deleted, is there a way to force it to sync again? HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\cloud\office\16.0\Common\officesvcmanager\officeupdate

What is the recommended ADMX group policies if running a blend of Windows 10, 11, with the majority Windows 10 clients?.

Windows Autopilot: I am looking for a way to make the handling of the motherboard change issue more efficient. We have more than 7000 laptops in our tenant. All the devices are from the same production batch. That means that with time, we get more refurbish motherboards as replacement parts. With laptops, changing of the motherboard is the most common type of repair. In our organization, now that the devices are about 3 years old, changing of motherboards is something that happens every week. Changing of a motherboard calls for the re-registering of the device in Autopilot as the HW identifier for the motherboard is unique. This is a school organization where we host IT services for about 70 schools and other institutions in the district. The only way I have, to handle those issues is by getting the devices here to head office after repair where I can re-register them in Autopilot. This is a tedious process which is taking a lot of resources from clients and me. With refurbished boards the issue of boards that are still registered in other tenants and thus cannot be imported to Autopilot (error 806) is getting more and more common. Right now, it looks like we are having this issue with every 3rd board. Every time it means opening a case at Microsoft, uploading different materials, proof of ownership etc. I have been working in this business for about 20 years now and I have never had the need to open so many support cases. With every case handling taking between 1 to 4 weeks to resolve, this is not a good way to run a service. I am looking for a way for making the re-registration of the boards more effective where I would no need to get the machines over here, and where I won’t need to run all those cases with Microsoft support. I guess, that if I wont find a better way, I will have to conclude that Microsoft Autopilot is simply not suitable for organizations like ours and drop the use of it in the near future.

What is the difference between Windows CoPilot that is showing up on the Taskbar in Preview Mode and Windows CoPilot in Edge?

I have read that there is a Microsoft 365 CoPilot - I do not see it anywhere in any of our Office Applications - how do we get it and where it is found?