Event banner
Windows Office Hours: November 21, 2024
Event details
Special Microsoft Ignite edition of Windows Office Hours!
Get answers to your questions about adopting Windows 11 and managing the Windows devices used by remote, onsite, and hybrid workers across your organization. Get tips on keeping devices up to date effectively! Learn how to cloud attach your on-premises workloads!
Windows Office Hours is our continuing series of live Q&A for IT professionals here on Tech Community.
How does it work?
We will have a broad group of product experts, servicing experts, and engineers representing Windows, Microsoft Intune, Configuration Manager, Windows 365, Windows Autopilot, security, public sector, FastTrack, and more. They will be standing by here -- in chat -- to provide guidance, discuss strategies and tactics, and, of course, answer any specific questions you may have.
Post your questions in the Comments early and throughout the one-hour event.
Note: This is a chat-based event. There is no video or live meeting component. Questions and answers will appear in the Comments section below. |
- shin0933Copper Contributor
Is there a possibility of the Intune Remote Help program having the ability to allow unattended remote control like Remote Control in SCCM?
- Jason_SandysMicrosoft
This is an item in our backlog that we've received a lot of feedback on. It is ultimately something that we want to add but we have nothing to share at this time regarding timeline for delivery.
- Heather_PoulsenCommunity Manager
Welcome to Windows Office Hours! IT pros - we're here to answer your questions for the next hour so please post them here in the Comments. Experts from Windows, Intune, and customer experience teams are here to help. :)
- HeyHey16KSteel Contributor
Hey Heather :)
- Dylan_SnodgrassCommunity Manager
Exciting!
- SivakumarRamanathanCopper Contributor
Hello Microsoft team,
What is the best recommended path for the upgrade on the following Windows Client OS:
Windows 10:
1. Windows 10 22H2 PC to Windows 11 22H2
2. Windows 10 22H2 PC to Windows 11 23H2
3. Windows 10 22H2 PC to Windows 11 24H2
Windows 11:
1. Windows 11 22H2 PC to Windows 11 23H2
2. Windows 11 22H2 PC to Windows 11 24H2
I have Windows 10 22H2, Windows 11 22H2, Windows 11 23H2. I am trying to find the best recommended path to get them upgraded to the latest Windows 11 24H2. Please provide some clarity (if possible, can you guys come up with an article for upgrade strategy).
Thank you in advance.
- ThomasTrombleyMicrosoft
Hi!
Our team is presently putting the finishing touches on a complete revamp of learning modules below. They will include specific objectives, tactics, and deliverables that should help you move forward. I believe we'll have it completed by the end of November, but will follow up with my team:
- Plan to deploy updates for Windows 10 and Microsoft 365 Apps: Here you'll learn to use the Windows servicing process to help your organization implement a plan to stay current with the latest Windows 10 feature and quality updates.
- Prepare to deploy updates for Windows 10 and Microsoft 365 Apps: In this module, we share more on validating critical apps, implementing changes to reduce time and effort around feature updates, updating supporting infrastructure, selecting devices for pilot deployment, and more.
- Deploy updates for Windows 10 and Microsoft 365 Apps: In this module, we share more about implementing pilot and broad deployments, accelerating velocity, and improving the overall process.
I know this may look like a marketing approach, but we sit in engineering, and have been working with SMEs (some here in Office Hours today!) to overhaul. Feel free to ping me directly and I can share more on the overhaul in progress.
- Christina365Occasional Reader
I'm also looking at moving to WIN 11, but I think it'll be 23H2. I'm still hearing issues with 24H2.
- HeyHey16KSteel Contributor
We're currently upgrading everything straight to W11 23H2 but will switch straight to 24H2 once we have finished testing it :)
- pc-88Brass Contributor
Looking at driver update profiles in Intune, how can we determine which hardware components they actually apply to? The driver list has many names like "Surface - Firmware - 10.102.139.0", "Surface - Firmware - 160.37.13.57", or "Intel - SoftwareComponent - 2338.6.1.0" without any information about which Surface model or component they would apply to, or which piece of hardware is actually affected. This makes it difficult to know what should be approved, or which updates should be paused if we run into issues.
- RyanSteele-CoVIron Contributor
Is Microsoft Update Health Tools supposed to be installed on Windows 11 24H2? I noticed my Intune remediation script (which runs if the "Microsoft Update Health Service" service does not exist) has recently run on every machine that has upgraded. That tells me that it was removed as part of the upgrade, which makes me wonder whether it is meant to be installed on this Feature Update.
(If you're not aware, the Microsoft Update Health Tools update is required for expediting security updates through Intune, as documented here).
- PedroCasadinhoCopper Contributor
Hello Microsoft Team,
In my company we have already a ring based system, where we manage our devices automatically and split them between different on-prem AD security groups.
We have enrolled our tenant with Windows Autopatch and created different Autopatch groups.
For each Autopatch group we have assigned our own custom ring based AD security groups, and within Autopatch settings we are only using the deployment test ring (which is empty) and the deployment last ring (assigned with our own custom group).Autopatch Group | Deployment Ring | Assigned AD Security group
Autopatch RING.0 | Autopatch RING.0 - Last | RING.0 - Test ServiceDesk Users
Autopatch RING.1 | Autopatch RING.1 - Last | RING.1 - Test IT Global
Autopatch RING.2 | Autopatch RING.2 - Last | RING.2 - Test Pilot Users
Autopatch RING.3 | Autopatch RING.3 - Last | RING.3 - All Production UsersFrom time to time we have the need to move some of the devices between different security ad groups (rings).
Is there a way (remediation script or another method) for Autopatch to check if the devices have been moved from the original autopatch group and if so, to un-register them and re-register the devices again in the current and correct new autopatch group?- EricMoeMicrosoft
Hi Pedro, with some of the latest updates we have applied to Autopatch, you can simply move devices from one group to another and Autopatch should take care of the rest. If you remove a device entirely from your Autopatch assigned groups, the device should get deregistered from Autopatch. Remember to ensure your AD groups do not have overlapping memberships, as that will create conflicts.
- lalanc01Iron Contributor
Hi,
is there a way to use the autopatch reports without having to put devices into rings.
We only use WUFB, but we would like to use the Autopatch reports since they seem to be better in some aeras.
Thks- EricMoeMicrosoft
Autopatch reports requires that you go through Autopatch feature activation - Windows quality and feature update reports overview | Microsoft Learn. If you are using WUfB today, we make it really easy to import your existing WUfB ring configurations into Autopatch using Manage Update rings | Microsoft Learn. WUfB relies on update rings, so you should already have some sort of ring-based configuration set up. Definitely explore the power of what you can do with Autopatch groups, because you can get some very easy ring definitions (dynamically assign across rings by percentage for instance) without a lot of overhead.
- lalanc01Iron Contributor
Hi, is there a way to set Windows Services as Automatic via Intune (config profiles and other means?)
thks- Jason_SandysMicrosoft
There's nothing to natively do this today, however, using a PowerShell script called using a Remediation can easily accomplish this. We do fully appreciate that this isn't as elegant as having a native switch, knob, or control for this and do receive feedback from time to time on this and are always happy to receive more to help us prioritize requests and engineering work.
- EMarrero1720Occasional Reader
I am moving from Trellix Disk Encryption to Bitlocker. I decrypted the machine from Trellix and then encrypted with Bitlocker. The Drive gets encrypted, however after a restart the machine is always asked for the Bitlocker key. I did notice in the System Information with Secure Boot enabled, PCR7 binding is not possible and PCR7 is not supported. I updated, TPM version, BIOS version and all drivers. Also ensured Modern Standby is enabled and secureboot too. Any ideas on how to resolve this issue? I see this on all machine in the environment.
- Jason_SandysMicrosoft
The best resource to start with is Windows Server shows PCR7 configuration as "Binding not possible" - Windows Server | Microsoft Learn. If this does not help, I suggest opening a support case.
- EMarrero1720Occasional Reader
Thank you. One more question. For Bitlocker is SecureBoot a requirement?
- shin0933Copper Contributor
Will Autopatch be fully available for A3 and A5 licensed users? As of now it seems like it's only partially available.
- EricMoeMicrosoft
Not all Autopatch features are fully available for A3/A5, each page on aka.ms/autopatchdocs should call out which features are and are not available for A3/A5 licenses. At this time, we have nothing to announce concerning any additional changes.