Event banner
Event details
77 Comments
- Is there is a way to create dynamic device group based on the enrolled date in Intune ?
- EricMoe
Microsoft
The dynamic device group attributes are defined here, Manage rules for dynamic membership groups in Microsoft Entra ID - Microsoft Entra ID | Microsoft Learn. Unfortunately, Enrolled Date is not an attribute available for dynamic device queries today.
- Thank you Eric!
- Heather_Poulsen
Community Manager
Welcome to Windows Office Hours for October 2024! We're diving in to your questions now and will be here for the next hour to help.
- Sorry one more... last one, I promise :)) In Autopilot (v1), the screen doesn't sleep during Device ESP. Is there a way to stop the screen sleeping/locking during User ESP too please?
- Hung_DangYou'd have to run a script early in user ESP to disable sleep, and have some task fired when the desktop is reached to re-enable sleep.
- Thank you Hung - yes we investigated using scripts and policies etc. but it got complicated! Was hoping there was an Autopilot setting somewhere we had missed that just disabled sleep temporarily for User ESP same as Device ESP. Thank you
- We're reaching out to our peeps in Autopilot to help with this one! Standby!
Thank you Thomas
- In Intune, is there a way to view the last logged on user (which may not be the Primary User) please?
- Hi Michelle, if your company is using Defender for Endpoint u can use this to see the last logon user in the Defender for Endpoint portal.
- Thank you Henk
- Max_Stein
Hi HeyHey16K, great question! While the Intune admin center allows you to see the primary user and last device check-in information, it currently doesn't display the last logged-on user in real time.
However, we've heard of similar requests from other customers, and some have been using Azure sign-in logs to get this information as a workaround.
We'd love to get your feedback! Feel free to add your vote and comment to this existing feedback idea: Request to be able to report on the last logged user of a device. · Community (microsoft.com), for our future consideration. Hope this helps!
- Thank you Max
- We're also reaching out to our Intune folks. Busy morning over here with competing efforts! 🙂
Is there a way to set an Intune deployed app as required for a device/user but not have it install during Autopilot please? We have some pretty hefty apps that can/will cause issues with AP if they try to install during AP...
- Hung_DangAssuming you're using the Enrollment Status Page policy in Intune, there are two ways to track apps on the ESP: 1) track all apps marked required that are targeted to the device/user, or 2) track selected apps that are targeted to the device/user. You can specify #1 or #2 on the ESP policy in one of its settings. It sounds like you'd want #2. Hope that helps.
- Hey Hung, thank you for your reply - but don't quite follow, sorry! It sounds from what you are saying Autopilot can either track all the apps or none? I was hoping we could mark ones we want AP to track (i.e. our core five apps that we want every device to install during Autopilot) but for Autopilot to not track the apps assigned to only a few users (e.g. AutoCAD) as that significantly delays Autopilot. Is there a way to have this granularity please? Thank you
- In Intune, when the primary user is deleted from Entra (e.g. when they leave the company), why does various information (such as Management Name, Device Name and Serial Number) disappear from their associated Intune device record please?
- Max_Stein
Hi HeyHey16K! It seems that the user or device wasn't offboarded as expected, which might be affecting the device information.
We have a few suggestions and best practices for effectively offboarding users, as well as using Intune device cleanup rules to prevent this from happening in the future. Check out the blogs below to learn more:
- Thank you Max, totally hear you on this. Unfortunately the team responsible for our ULM process aren't doing it properly at all, will remind them with your first link, thank you!
For example in the above...
- Heather_Poulsen
Love to see all the early questions! We'll be "in the office" for Windows Office Hours at 8:00 AM PT. See you soon!
- Hello, is there any guidance or a step by step procedure on what the proper upgrade path is for (SCCM managed) machines already having Windows 11 23H2 ? Since a full OS swap is mentioned, and not an enablement update (upgrading from 22H2 to 23H2 was a breeze) does this mean the installation is treated as an in-place upgrade? We have over 300 machines with Win 11 23H2; all the updates , etc are managed using SCCM. Our concern is, how smooth would this transition be? Thank you for any guidance.
- As 24H2 is effectively a new OS (without mentioning Windows 12...) there are the usual "new OS" gotchas with it. For example, the RSAT tools need reinstalling etc.
- EricMoe
Edward, this is a great question! Windows 11 24H2 can absolutely be deployed as an in-place upgrade feature update. Simply follow the same process you used to upgrade 22H2 to 23H2. The transition should be smooth. If your users are expecting a short restart (like what they saw with an enablement package) you may want to provide some communications that the restart will take a bit longer this time around. Perform the upgrade on some test devices first to get a feel for how long the upgrade will take on your devices, as your mileage could vary based upon disk speed, processor speed, etc.
As long as you meet the prerequisites (Prerequisites | Microsoft Learn) you should strongly consider moving to Autopatch (What is Windows Autopatch? | Microsoft Learn) and get off SCCM for updates. We are going to continue investing in Autopatch features and capabilities and you don’t want to be left behind!
- Hello Eric, Thank you for your reply, however the upgrade from 22H2 to 23H2 was through an enablement update which was pushed through an ADR rule. If this is an in place upgrade, I am guessing there is much more involved. We used in place upgrades to upgrade Windows 10 workstations to Windows 11; should we expect the same process? Thank you for your help.
- With the Intune Administrator role is there a way to limit what devices can be managed? We have 2 IT departments, and they will most likely need to have some users with Intune Administrator in the same tenant. The goal is to keep the IT departments from being able to manage each other's devices. Is this possible with Scope tags, Admin units or both? Or is it something else or not possible? Thanks.
Good Morning/Afternoon/Evening,
You can leverage role-based admin controls (RBAC) to help in this scenario. This page should hopefully provide the details you need: https://learn.microsoft.com/en-us/mem/intune/fundamentals/role-based-access-control.
I believe you can also employ device limit restrictions to help determine which devices are managed by specific users.
- I am using a Windows 10 and later update ring. This is a feature update policy with an AD group assigned to it for Windows 11, Version 23H2, immediate start, required update, default tag. This has been working fine but I have some Windows 10 devices that are not getting the feature update. Is there some kind of report or logging to identify if there was an issue with feature updates not applying?
- EricMoe
One of the most common reasons the update won’t be applied to a set of Windows 10 devices is that the hardware does not meet minimum requirements for Windows 11. Windows Update for Business won’t offer the update to a device that doesn’t meet eligibility requirements. As to the reporting you can use, Windows Update for Business offers reporting for Feature Updates that should get you pointed in the right direction. The knowledge base article is here, Use the workbook for Windows Update for Business reports - Windows Update for Business reports | Microsoft Learn, and look specifically for the “Device status group for feature updates” which will include the Windows 11 readiness status to show devices that are capable, not capable or unknown for Win 11 readiness. If the devices not receiving the update are showing as capable, your next step is to see if the update attempted to apply but failed. You can find this documented here Use Windows Update for Business reports for Windows Updates in Microsoft Intune - Microsoft Intune | Microsoft Learn – so if the update attempted to apply (so the device received the offer) but failed, it should have a failure status in this report. One common failure is there is not adequate disk space on the device for the update to apply. If you end up in a scenario where your devices are capable, but nothing is showing in your error reports, confirm that you are still receiving monthly quality updates on those devices as well. If not, then you may have a communications error to the Windows Update for Business backend service, which are the ports documented within our troubleshooting article: Windows Update issues troubleshooting - Windows Client | Microsoft Learn which also contains additional steps you can perform to troubleshoot update errors. Good luck!
- Thanks that looks like what I needed.
