Event banner
Event details
43 Comments
- Heather_Poulsen
Community Manager
That concludes Windows Office Hours. Thanks for joining us today!
Is there any device specific information being sent, when enabling Endpoint Analytics checkbox for consenting to aggregated metrics for all organizations? We'd like to enable the feature for updated recommendations in EA, but wanted to make sure that it is analyzed from a security standpoint
- Sean_McLaren
Microsoft
Hi Patrick, Our data handling policies are described in the Microsoft Trust Center (https://www.microsoft.com/en-us/trust-center/privacy). We only use your customer data to provide you the services you signed up for. As described during the onboarding process, we anonymize and aggregate the scores from all enrolled organizations to keep the All organizations (median) baseline up-to-date. More information on Endpoint Analytics data collection is here: https://learn.microsoft.com/en-us/mem/analytics/data-collection. At any time you can choose to stop sharing data as well, see the section titled "Consent to share data" in this article for how we handle consent - https://learn.microsoft.com/en-us/mem/analytics/settings. - Joe_LurieHere is the data that is collected by Endpoint analytics: https://learn.microsoft.com/en-us/mem/analytics/data-collection You can also look at the Microsoft privacy pages: https://aka.ms/privacy
- Heather_Poulsen
We're halfway through today's Office Hours. Keep your questions coming. Thanks!
- How to set Blackout Window in Intune?
David_GuyerIf you are looking for daily "don't reboot" timeframes, you can set Active Hours in Update Rings. We actually recommend setting the Automatic update behavior to "Reset to default" which will enable "Intelligent Active Hours" on devices, which are also then configurable by the end user. That way each user can adapt to their work habits. For machines where you need to set it specifically, you can set Automatic Update Behavior to "Install and restart at maintenance time", which will show the active hours start and end times. If you are actually asking about being able to essentially "stop updates" for a period of days, say for testing week in a school, or the week before quarterly financial reports for the finance org... that is a feature we would like to be able to bring to Windows Update for Business sometime. In the meantime, you can use "Pause" updates to accomplish this, albeit a bit more manually.- More of an observation than a question, but has any thought been given to the idea of creating a "Use recommended configuration" button in Intune that would create a policy using all of the "recommended" settings such as this one? It would remove a lot of guesswork and still give admins a chance to choose to deviate and go down a different path if needed.
- How could we manage vulnerabilities/patching/updating on Intune for Azure Virtual Machines?
- SteveThomasI'll also throw in that there is Azure Arc available if we are talking about server workloads in Azure - https://techcommunity.microsoft.com/t5/manufacturing/automate-your-patching-using-azure-arc-and-azure-automation/ba-p/3214141
- AriaUpdatedI'd recommend checking out this blog: https://azure.microsoft.com/en-us/blog/managing-updates-for-your-azure-vm/
- Christian_Montoya
William_Coreiron347 - The recommendations will be the same as other Windows devices running Windows 10 and Windows 11. Take a look at https://learn.microsoft.com/mem/intune/fundamentals/windows-10-virtual-machines for differences of behavior with virtual machines.
- Is anyone else still having AOVPN issues on Windows 11 even after the 22H2 release which promised to fix them?
- SteveThomasIf you are still encountering issues with a known issue after a documented update remediation has been applied, I would definitely recommend opening up a support ticket for investigation.
- Thank you Steve, we have opened a support ticket, was just wondering if anyone else was having issues. AOVPN works, it just doesn't auto-connect every time (e.g. at device power on), which is a showstopper for us.
- Where is the Windows 10, version 22H2 update history? I can see that 2022-10 Cumulative Update for Windows 10 Version 22H2 for x64-based Systems (KB5020435) was released and you can find it in the Microsoft Update Catalog, but the build is not represented at the KB support page: https://support.microsoft.com/en-us/topic/october-17-2022-kb5020435-os-builds-19042-2132-19043-2132-and-19044-2132-out-of-band-243f34de-2f44-4015-a224-1b68a4132ca5.
- Heather_PoulsenHi Oleg - The update history for Windows 10, version 22H2 will be available with the first monthly servicing release for version 22H2. KB2020435 is an out-of-band release for Windows 10, version 21H2 and prior.
- Thank you! Looking forward to November 8th. 🙂
- This is a very specific question to Intune Update Compliance, but is the Azure Update Compliance Configuration Script the best way to accelerate the rate of devices being enrolled? We have a configuration profile set correctly, but the enrollment has been super slow, like 100 per day, and we have 20,000+ machines. I know a device census needs to take place, but is that script the best way to force it immediately?
- David_Guyer
I would recommend looking at Windows Update for Business reports public preview, which is anticipated to reach GA in just a few week. Configuration for that is a tenant setting, rather than per-device, which makes configuring devices much easier. More information can be found here:
Announcing Windows Update for Business reports - Microsoft Community Hub
- What is the best method for converting GPO's in a Windows Domain to an Intune environment?
- KevinMineweaser_MSFTHi Brandon, Thank you for leaning in and looking at modern management with Intune. We now have the ability to analyze your on-premises GPOs using Group Policy analytics in Microsoft Intune (public preview). https://learn.microsoft.com/en-us/mem/intune/configuration/group-policy-analytics There's additional information on managing the process and handling conflicts here. https://learn.microsoft.com/en-us/mem/intune/configuration/group-policy-analytics-migrate?source=recommendations We'd love to hear your feedback as we continue to work on a few areas like Preferences. Cheers, -Kevin
- I am aware about group analytics however i am looking the setting which not able to locate
MEM > Devices > Group Policy analytics
- The best method is to not convert them! Start new. Most orgs discover that they have years worth of settings that aren't needed. Use the GPOs as a reference, of course, but don't just copy them.
- I understand...we have some very specific GPO's for our public environment. For example, when the screen saver runs a powershell script runs to update a database announcing that a computer is available for use. When the screen is deactivated another powershell script runs to say the computer is in use.
- Windows 10 22H2 was just released a couple of days ago. However, there is scant information on MS website. Do you have a link to what is new (for IT folk)?
- Heather_Poulsen
22H2 is a scoped release focused on quality improvements to the overall Windows experience in existing feature areas such as quality, productivity, and security. There are numerous changes to support security for enterprise customers in the Windows 10, version 22H2 security baseline. Learn more here: https://techcommunity.microsoft.com/t5/microsoft-security-baselines/windows-10-version-22h2-security-baseline/ba-p/3655724.
- For consistency, there really should be at least a basic document like this for 22H2. https://learn.microsoft.com/en-us/windows/whats-new/whats-new-windows-10-version-21h2
