Event banner
Windows Office Hours: October 17, 2024
Event details
Get answers to your questions about adopting Windows 11 and managing the Windows devices used by remote, onsite, and hybrid workers across your organization. Get tips on keeping devices up to date effectively! Learn how to cloud attach your on-premises workloads!
Windows Office Hours is our continuing series of live Q&A for IT professionals here on Tech Community.
How does it work?
We will have a broad group of product experts, servicing experts, and engineers representing Windows, Microsoft Intune, Configuration Manager, Windows 365, Windows Autopilot, security, public sector, FastTrack, and more. They will be standing by here -- in chat -- to provide guidance, discuss strategies and tactics, and, of course, answer any specific questions you may have.
Post your questions in the Comments early and throughout the one-hour event.
Note: This is a chat-based event. There is no video or live meeting component. Questions and answers will appear in the Comments section below. |
- ThomasTrombleyMicrosoft
Thanks for joining us for Office Hours today! We'll continue to work on any open questions from today -- and we'll be back next month on November 21st! Save the date!
- HeyHey16KSteel ContributorThank you for your help guys, much appreciated
- Heather_PoulsenCommunity Manager
Love to see all the early questions! We'll be "in the office" for Windows Office Hours at 8:00 AM PT. See you soon!
- Piyush325Copper ContributorIs there a way to change the primary user of a device automatically from Intune based on how frequently they log in over a specified timeframe ?
- ThomasTrombleyMicrosoftGood Morning/Afternoon/Evening Piyush, I'm working on landing an answer for you!
- Max_SteinMicrosoft
Hi Piyush325, Intune automatically assigns and adds a primary user to devices during enrollment. There are a few considerations to keep in mind when changing a device's primary user. For more information, check out: Primary user of an Intune devices to learn more.
Could you also provide more details about your scenario and use case? Would a kiosk/dedicated or shared multi-user device setup be suitable for your needs?
- Henk_-_Simac_IT_NLCopper Contributor(When) will the possibility to deploy to user's primary device only become available in Intune?
- jpitch1Copper ContributorWhen deploying a W11 feature update through Config Manager Windows Servicing plans you have the flexbility to deploy as available unlike when creating an ADR rule. But dealbreaker is that its recommended not to allow the update to download from MS Update. Is there any plans allow support for this? Be nice to allow clients to be able to dowload the update without needing to pre-cache or be on the coporate network.
- Tim_MenzelCopper ContributorIs it possible for Endpoint Analytics to show performance over time (over a 3 to 6 month period)? Looking at ways to see if/how performance is affected after deploying policies/apps.
- Max_SteinMicrosoft
Hi Tim_Menzel! Would something like: Endpoint Analytics - Baseline management accomplish what you're looking for?
- Laser235Copper ContributorIs there a GPO policy to block or disable CoPilot via Computer Policy, the current GPO policy to remove, disable CoPilot is only a user policy, is there plans for a computer policy to completely disable or remove CoPilot from Windows 11.
- EricMoeMicrosoft
Gary, in September the Copilot team published this blog Enhanced data protection with Windows and Microsoft Copilot - Windows IT Pro Blog that describes the impending changes for Copilot that are currently rolling out with the October monthly update. Please familiarize yourself with this blog, giving particular attention to the bottom where it discusses what IT Admins should consider, which links to Updated Windows and Microsoft Copilot experience | Microsoft Learn.
- Laser235Copper ContributorWindows 11 24H2 has broken PowerShell commands running PowerShell with Invoke-Command, with Get-AppxPackage and other ways of running PowerShell with Get-AppxPackage fails with a new error message, The type initializer for '<Module>' threw an exception. + CategoryInfo : NotSpecified: (:) [], TypeInitializationException + FullyQualifiedErrorId : System.TypeInitializationException
- EricMoeMicrosoftGary, you may need to open a support case. I am running Windows 11 24H2, opened a regular (non-elevated) PowerShell command prompt, and could run both invoke-command and get-appxpackage without errors. I opened an elevated PowerShell command prompt, and could run both invoke-command and get-appxpackage without any errors.
- reastman1966Copper ContributorI am using a Windows 10 and later update ring. This is a feature update policy with an AD group assigned to it for Windows 11, Version 23H2, immediate start, required update, default tag. This has been working fine but I have some Windows 10 devices that are not getting the feature update. Is there some kind of report or logging to identify if there was an issue with feature updates not applying?
- EricMoeMicrosoft
One of the most common reasons the update won’t be applied to a set of Windows 10 devices is that the hardware does not meet minimum requirements for Windows 11. Windows Update for Business won’t offer the update to a device that doesn’t meet eligibility requirements. As to the reporting you can use, Windows Update for Business offers reporting for Feature Updates that should get you pointed in the right direction. The knowledge base article is here, Use the workbook for Windows Update for Business reports - Windows Update for Business reports | Microsoft Learn, and look specifically for the “Device status group for feature updates” which will include the Windows 11 readiness status to show devices that are capable, not capable or unknown for Win 11 readiness. If the devices not receiving the update are showing as capable, your next step is to see if the update attempted to apply but failed. You can find this documented here Use Windows Update for Business reports for Windows Updates in Microsoft Intune - Microsoft Intune | Microsoft Learn – so if the update attempted to apply (so the device received the offer) but failed, it should have a failure status in this report. One common failure is there is not adequate disk space on the device for the update to apply. If you end up in a scenario where your devices are capable, but nothing is showing in your error reports, confirm that you are still receiving monthly quality updates on those devices as well. If not, then you may have a communications error to the Windows Update for Business backend service, which are the ports documented within our troubleshooting article: Windows Update issues troubleshooting - Windows Client | Microsoft Learn which also contains additional steps you can perform to troubleshoot update errors. Good luck!
- reastman1966Copper ContributorThanks that looks like what I needed.
- reastman1966Copper ContributorWith the Intune Administrator role is there a way to limit what devices can be managed? We have 2 IT departments, and they will most likely need to have some users with Intune Administrator in the same tenant. The goal is to keep the IT departments from being able to manage each other's devices. Is this possible with Scope tags, Admin units or both? Or is it something else or not possible? Thanks.
- ThomasTrombleyMicrosoft
Good Morning/Afternoon/Evening,
You can leverage role-based admin controls (RBAC) to help in this scenario. This page should hopefully provide the details you need: https://learn.microsoft.com/en-us/mem/intune/fundamentals/role-based-access-control.
I believe you can also employ device limit restrictions to help determine which devices are managed by specific users.
- edd080Brass ContributorHello, is there any guidance or a step by step procedure on what the proper upgrade path is for (SCCM managed) machines already having Windows 11 23H2 ? Since a full OS swap is mentioned, and not an enablement update (upgrading from 22H2 to 23H2 was a breeze) does this mean the installation is treated as an in-place upgrade? We have over 300 machines with Win 11 23H2; all the updates , etc are managed using SCCM. Our concern is, how smooth would this transition be? Thank you for any guidance.
- EricMoeMicrosoft
Edward, this is a great question! Windows 11 24H2 can absolutely be deployed as an in-place upgrade feature update. Simply follow the same process you used to upgrade 22H2 to 23H2. The transition should be smooth. If your users are expecting a short restart (like what they saw with an enablement package) you may want to provide some communications that the restart will take a bit longer this time around. Perform the upgrade on some test devices first to get a feel for how long the upgrade will take on your devices, as your mileage could vary based upon disk speed, processor speed, etc.
As long as you meet the prerequisites (Prerequisites | Microsoft Learn) you should strongly consider moving to Autopatch (What is Windows Autopatch? | Microsoft Learn) and get off SCCM for updates. We are going to continue investing in Autopatch features and capabilities and you don’t want to be left behind!
- edd080Brass ContributorHello Eric, Thank you for your reply, however the upgrade from 22H2 to 23H2 was through an enablement update which was pushed through an ADR rule. If this is an in place upgrade, I am guessing there is much more involved. We used in place upgrades to upgrade Windows 10 workstations to Windows 11; should we expect the same process? Thank you for your help.
- HeyHey16KSteel ContributorAs 24H2 is effectively a new OS (without mentioning Windows 12...) there are the usual "new OS" gotchas with it. For example, the RSAT tools need reinstalling etc.