Following the installation of the June 2025 Windows security update (https://support.microsoft.com/help/5060842) or later updates, we encounter issues with Windows Hello PIN setup on Microsoft Entra joined devices.
Tried applying a new Intune policy to devices instead of users, but still got the error.
What is the fix and for which Windows versions does it work ?

Hi,

one question to the application management in Windows 11 and Intune. We have many applications that works alone. But some user groups (e.g. developers) use multiple of that applications. Our problem is that we provide the most of that applications as available. If there is a new version we use the "Auto-Update" feature to update our clients. To checkins and the application starts updating. Thats fine but our developers are note amused if we kill them different applications without any warning multiple times in a week. 

So my question is - is it possible that the Intune team implement a deathline for the "Auto Update" feature so that the there is no static (hard) limit with two checkins? Our users would be happy if the could define an installation time. And we would be happy if we can force that update due an update deathline.

Several key firewall settings currently available in Group Policy do not seem to be available in the Intune firewall settings? e.g.

Windows Defender Firewall: Allow authenticated IPsec bypass

Windows Defender Firewall: Allow inbound Remote Desktop exceptions from certain IP addresses

Windows Defender Firewall: Allow inbound UPnP framework exceptions

Windows Defender Firewall: Allow local port exceptions

Windows Defender Firewall: Allow local program exceptions

Windows Defender Firewall: Do not allow exceptions

Windows Defender Firewall: Prohibit notifications

When will these be added please?

When will it be possible to download scripts that have been uploaded to Intune please?

Is it possible to export HW Hashes from Intune yet please (like we can do with Configuration Manager)? If so, how please? 🙂

Hi guys 👋,

Just wondering if there is still an issue with Autopilot and timezones please. Currently we run a PS script in OOBE to check/set region/timezone etc. to ensure the computer has the correct region/timezone (e.g. if it's been shipped from abroad) before Autopilot runs (because if it's not right, then corrects itself halfway through Autopilot, Autopilot has a tantrum). Is this step still necessary or can Autopilot handle this now, perhaps include an automatic region/timezone check/set itself before it starts please? It would be amazing if we could ditch the OOBE PS script 🙏

Hello, I have a question regarding the Secure Boot certificates that are set to expire in July 2026, as outlined in this Act now: Secure Boot certificates expire in June 2026 - Windows IT Pro Blog We’ve already taken the recommended steps to obtain the updated certificates. Could you please clarify when the new certificates will be deployed to our devices, and how we can verify that they’ve been successfully installed? Thanks.

MC1160180 and MC1152323 say that the M365 Companion Apps and Copilot app will be "automatically installed" on devices with Windows 11 and M365 Desktop client apps on them.  How will these apps be automatically installed?  Is it being pushed through Windows store?  M365 Apps for Enterprise update?  Windows update?  Something else?

Out of several hundred devices, most have migrated from Windows 10 to Windows 11 but about 40 laptops still haven't been offered the upgrade. All our devices are subject to the same Windows Update for Business policies in Intune / AD / Configuration Manager and as far as I can tell, the devices stuck on Windows 10 are hardware compatible with Windows 11 and don't have any high risks that are blocking upgrades. The installation assistant works fine, but it's a massive inconvenience when users are working remotely and there's no maintenance window. Is this a common scenario and do I need to repair the Windows Update mechanism on these machines or is there something else I need to do?

We have began rolling out Windows 11 25H2 to our ICT department. Other test phases are planned before rollout to all devices on our estate.

My query is around Hotpatching. We utilise Hotpatching and have done since the beginning of this year. From what I've read, if you upgrade to 25H2 during a non-baseline release month (Feb/Mar/May/Jun/Aug/Sep/Nov/Dec) then it will break hotpatching until the next baseline release.

To retain consistent Hotpatching functionality you need to upgrade during a baseline release month (Jan/Apr/Jul/Oct). Does it matter if you upgrade before or after that months cumulative OS updates on Patch Tuesday (B Release) get applied to devices?

Basically, the ICT devices that have been upgraded this week, pre Patch Tuesday, will Hotpatching continue to function? Ones that are upgraded post Patch Tuesday (planned for the 22nd Oct), will Hotpatching continue to function?

Our global rollout is planned at the end of November (assuming no major issues are reported in testing phases), from what I'm reading that means that they won't receive Hotpatching in December, they'll revert back to the 'normal' process where users will have to reboot to finalise the monthly updates. They'll then start Hotpatching again in February next year once they've received the baseline release in January??

By the time this event happens on the 16th Oct I guess we'll have our answer about the IT devices, just wondered if you had any further guidance? Thanks